Dan Cowsill wrote:
Actually, I'd be pretty interested in what you have to rant about PHP. I run apache with php_mod installed and have the http port open. Is there a security risk I should be aware of?
It really depends on how badly the PHP application you're running has been written. Assuming you're keeping up to date on PHP and your webapps and have funky applications .htaccess'ed off you're reasonably safe.
However I'd highly recommend adding hardenedphp to your php USE flags as it stops a number of things. I've never had a problem with the hardened patch over the past year or so and frankly would not use any application that it broke.
Another simple trick is to have an empty vhost as your primary and your real applications sites only accessible by name. This way little script kiddies scanning by IP or hostname hits Apache they are dumped to the first loaded vhost, your empty one, instead of your actual site. Then thay come up with nothing when they hit /var/www/localhost/htdocs/wordpress/ instead of the actual site tree. Doesn't stop a determined person, but has the added benifit of keeping x20x20x20x20 type crap out of your real logs. :-)
kashani -- gentoo-user@gentoo.org mailing list
