On Sun 22 Nov 2009 07:34:52 AM IST, abhishek jain <[email protected]> wrote: > Thanks for the reply, > I know quite a bit on Apache, my question is what are the precautions i > need to take to create a secured shared hosting environment. By that i mean > how to limit the number of emails one can send and how to create a kind of > system where the users of the server are not able to read the files of the > other users. I know we have control panels like Cpanel which does the task > but i need to do that on myself to save money.
For a CPanel replacement you can try out ISPConfig. It maybe helpful to see what all options it provides and accordingly implement it on your own. You can search the net for best practices in setting up a hosting environment. Some pointers would include - securing a PHP/Apache setup (safe mode, PHP SuExec), noexec fstab parameters on your partitions such as /tmp, /home, /var/www so that shell scripts cannot execute from there - .htaccess restrictions - what if a user FTP account is compromised and the malicious user installs a number of .htaccess parameters to exploit your server such as sending out spam - FTP setup and chroot the users - mail server setup in a chroot along with smtp authentication being mandatory and disallowing mails to outside domains without authentication, even if they're from 127.0.0.1 - database server restrictions and allowing only limited privileges to a user - If you plan to use PHP, then PHP based third party applications can create havoc if they are not updated regularly. If you use PhpMyAdmin, put it in a path which is not easily guessable. Same goes for webmail apps such as roundcube. Design your "contact us" forms on the website in a way that the spammer cannot exploit them. Avoid mail() functions. Spend time on doing extensive research on securing each application type (web, db, mail, ftp, im, voip etc.) and you would be comparatively safe. -- Best Regards Vivek Kapoor http://exain.com _______________________________________________ ilugd mailinglist -- [email protected] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[email protected]/
