Thanks for the reply,
Dell R200, Xenon Quad Core 2.8 GHz,, 3GB RAM, 160GB SAS Drive,
FreeBSD 7.0, Developer package, no XWin, mod_security installed,
Apache 2.2.4, Suexec enabled, HTTPS enabled,
Proftp 1.3 (if memory serves),
Exim 4.6,
vm-pop3d, triggered from Inetd,
Spamassassin 3.2 (if memory serves),
MySQL 5.1,
PHP 5, with Sohosin patch,
BSD Firewall, (IPFW),
PERL 5.8.something,
All software installed from port,
INET 6 not enabled,
Server is setup as a virtual server, each domain has its own IP (apache3
using virtual hosts), no Jails installed.
Each Domain owner has thier own ftp login, no SSH or Telnet access granted.
What I am looking for is to secure ftp from cross site scripting; disable
any php.ini options that may be flakey (security wise); possibly setup php
suexec. <- most of all, ensure any scripts installed cannot intrude on other
sites or be used as rootkits....
-Grant
----- Original Message -----
From: "Phpster" <phpster@xxxxxxxxx>
To: "Grant Peel" <gpeel@xxxxxxxxxxxxx>
Cc: <php-general@xxxxxxxxxxxxx>
Sent: Tuesday, June 02, 2009 5:53 PM
Subject: Re: PHP Security
Hmmmm, how about some details on OS, etc
Bastien
Sent from my iPod
On Jun 2, 2009, at 17:26, "Grant Peel" <gpeel@xxxxxxxxxxxxx> wrote:
Hi all,
I am currently setting up the next generation web server for our company
and am in need of general consulting/advice on php set up security
issues.
Any one with knowledge and expierience please feel free to reply :-).
-Grant
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
