Comments on: The Challenge With Securing Shared Hosting

By: SEGURIDAD EN HOSTINGS COMPARTIDOS « Command Line

SEGURIDAD EN HOSTINGS COMPARTIDOS « Command Line — Fri, 29 Jan 2010 12:59:17 +0000

[...] en PHP explicaci�n b�sica hosting compartido Seguridad en hostings compartidos: [1], [2], [3],[4] hardened php [...]

By: Zilvinas

Zilvinas — Sun, 14 Sep 2008 21:23:45 +0000

Hello,

We currently run a PHP/FastCGI + suexec setup. Our main problem now is safe_mode_exec_dir configuration that is going to be removed in PHP6. It allows to only use exec, system from a specified directory. And we can make sure that that directory is safe and only root can write there so scripts there are safe to execute.

And the only available solution to this afaik is chroot. But to chroot your web application you must copy some of the libraries .. mysql, dns, libm, libz and so on. The problem is it’s very hard to know which required libs are needed. So you copy them all. You use a lot more disk space. And you need some kind of updates system to update your libraries when system libraries get updated. So it doesn’t seem elegant and clean.

Do you know a better solution for this problem? If not .. It is really sad safe_mode_exec_dir is getting removed.

By: Centos 5 and mpm-itk | hostby.net

Centos 5 and mpm-itk | hostby.net — Sat, 12 Jul 2008 14:21:17 +0000

[...] is such that its impossible to make it secure in a per user way. After reading Stuart Herbert discussion of the pros and cons of different solutions to this problem, i decided to look into it further.On [...]

By: Stuart Herbert On PHP - » Using mpm-itk To Secure A Shared Server

Stuart Herbert On PHP - » Using mpm-itk To Secure A Shared Server — Sat, 19 Apr 2008 13:00:59 +0000

[...] The challenge with securing a shared hosting server is how to secure the website from attack both from the outside and from the inside. PHP has built-in features to help, but ultimately it�s the wrong place to address the problem. Apache has built-in features too, but the performance cost of these features is prohibitive. [...]

By: Using mpm-peruser To Secure A Shared Server | Stuart Herbert On PHP

Using mpm-peruser To Secure A Shared Server | Stuart Herbert On PHP — Thu, 20 Mar 2008 17:34:53 +0000

By: Using suphp To Secure A Shared Server | Stu On PHP

Using suphp To Secure A Shared Server | Stu On PHP — Fri, 18 Jan 2008 08:10:43 +0000

By: Using suexec To Secure A Shared Server | Stu On PHP

Using suexec To Secure A Shared Server | Stu On PHP — Tue, 18 Dec 2007 09:10:45 +0000

By: developercast.com » Stuart Herbert’s Blog: PHP’s Built-In Solutions For Shared Hosting

Tue, 27 Nov 2007 16:50:31 +0000

[...] up on a previous article, Stuart Herbert has posted some of the things that PHP can do to help solve the previously [...]

By: PHP’s Built-In Solutions For Shared Hosting | Stu On PHP

PHP’s Built-In Solutions For Shared Hosting | Stu On PHP — Tue, 27 Nov 2007 09:12:54 +0000

[...] my last article, I covered the fundamental security problem that exists when you have multiple websites owned by [...]

By: Samir M. Nassar

Samir M. Nassar — Tue, 27 Nov 2007 03:13:11 +0000

Will you be looking at mpm_peruser? It probably has some of the same drawbacks that mpm_itk has, but it would be interesting to get more information about it.