1 Replies - 755 Views - Last Post: 22 September 2013 - 01:50 PM Rate Topic: -----

#1 mutago234   User is offline

  • D.I.C Regular

Reputation: 1
  • View blog
  • Posts: 260
  • Joined: 08-September 13

Securing Php and Apache Server

Posted 22 September 2013 - 12:32 PM

Securing Php and Apache Server in Shared Host

I know that by default, Apache runs under user nobody
and this paves way to both internal and External attack.

I have had about SUEXEC,FAST CGI and many more.
In security context, I discovered that people prefered
using Apache MPM-PerUser or MPM-itk with
MPM-itk being the best among all serving millions of web pages
and its also compatible with workability of .htaccess files contents(please Correct me if am wrong)

QUESTION

1: My solid question is; how do i securely run My apache server
in a shared host environment.Should I configure MPM-itk or MPM-peruser to run under the
venerable MOD_PHP

2: If yes how and where do i configure it. Am a window user with little knowledge on Linux.

3: If not, What else do I have to do to

Thank You.

Is This A Good Question/Topic? 0
  • +

Replies To: Securing Php and Apache Server

#2 Atli   User is offline

  • Enhance Your Calm
  • member icon

Reputation: 4241
  • View blog
  • Posts: 7,216
  • Joined: 08-June 10

Re: Securing Php and Apache Server

Posted 22 September 2013 - 01:50 PM

View Postmutago234, on 22 September 2013 - 08:32 PM, said:

how do i securely run My apache server in a shared host environment.

View Postmutago234, on 22 September 2013 - 08:32 PM, said:

Am a window user with little knowledge on Linux.

The short answer to your question: You don't.

Not to sound discouraging, but the topic of server security is not simple, and there is no "follow these simple steps!" type of thing to setting up a "secure" server. Especially not on a shared hosting environment. - Companies running secure services online have teams of dedicated security experts to handle these matters. Even a seasoned Linux admin would not find it altogether easy to maintain a secure server.

My suggestion, if you are interested in running your sites on a secure host, is to hire a company who has the security already in place to host it for you. Otherwise prepare yourself or a long and difficult learning period. (An infinite learning period, in fact, since the security landscape changes very rapidly, and to maintain a secure server you need to constantly keep up with it.)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1