Thanks for the reply,

Dell R200, Xenon Quad Core 2.8 GHz,, 3GB RAM, 160GB SAS Drive,
FreeBSD 7.0, Developer package, no XWin, mod_security installed,
Apache 2.2.4, Suexec enabled, HTTPS enabled,
Proftp 1.3 (if memory serves),
Exim 4.6,
vm-pop3d, triggered from Inetd,
Spamassassin 3.2 (if memory serves),
MySQL 5.1,
PHP 5, with Sohosin patch,
BSD Firewall, (IPFW),
PERL 5.8.something,

All software installed from port,
INET 6 not enabled,

Server is setup as a virtual server, each domain has its own IP (apache3 using virtual hosts), no Jails installed.

Each Domain owner has thier own ftp login, no SSH or Telnet access granted.

What I am looking for is to secure ftp from cross site scripting; disable any php.ini options that may be flakey (security wise); possibly setup php suexec. <- most of all, ensure any scripts installed cannot intrude on other sites or be used as rootkits....


----- Original Message ----- From: "Phpster" <>
To: "Grant Peel" <>
Cc: <>
Sent: Tuesday, June 02, 2009 5:53 PM
Subject: Re: [PHP] PHP Security

Hmmmm, how about some details on OS, etc


Sent from my iPod

On Jun 2, 2009, at 17:26, "Grant Peel" <> wrote:

Hi all,

I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues.

Any one with knowledge and expierience please feel free to reply :-).


PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to