Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS.
I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. >From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"