Re: security guidelines for a shared hosting server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 19 Jul 2014 16:58:47 +0300
s7r <s7r@xxxxxxxxxx> wrote:
> I need some help in securing a server for shared hosting accounts

It sounds to me like you are confusing "need some help" with "need
someone to do my job".

> Among others, I would like to restrict .cgi, py, pl scripts from being

Do you want your site secured or do you want it to not allow CGI
scripts to be run?  These are not exactly the same goals.  What exactly
are you trying to protect?  Do you want to protect yourself from your
users or the users from each other?  There's nothing inherently
insecure about CGI scripts.

> run or served by the server, so I think I should put a .htaccess file
> in /var/www for restricting, but can't a customer simply put another
> .htaccess file in his home folder (a subfolder of /var/www) and
> rewrite my rules?

Don't use .htaccess in the root.  That file is meant to overwrite
configurations from your httpd.conf file which is also where you get to
specify what .htaccess can override.

> What other things do I need to disable in apache and php (besides
> sendmail and curl fopen) in order to make a secure shared hosting
> server?

Hold on, you want a secure server so you want to disallow CGI, Python
and Perl scripts but you are going to allow PHP, the biggest security
hole in the universe?  If I had a choice (I don't clients being what
they are) I would do the exact opposite.

> Thank you in advance, any help is highly appreciated - pls provide
> with the exact syntax to input and where to input.

There are two ways to do this.  One is to bring up your gooey, click
and drool, system admin for dummies interface and press the button that
says "Do what I think I want."  If you can't find that button then you
need to go with option two and read the literature and documentation,
try various things that you learned, research when you run into
problems and then come back here with specific questions when you run
into a roadblock.  Before you do that last step you should read this.

http://www.catb.org/~esr/faqs/smart-questions.html

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@xxxxxxx
VoIP: sip:darcy@xxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux