On 28/12/06, Voytek Eymont <[EMAIL PROTECTED]> wrote:
On Thu, December 28, 2006 10:37 am, Penedo wrote: > On 28/12/06, Voytek Eymont <[EMAIL PROTECTED]> wrote: > I suspect you are looking at this in the wrong way - try to contain the > CMS > systems (e.g. maybe run them under a limited user and chroot or some other > segregated environment) instead of trying to identify and hide all > potential tools used by holes in the CMS. perhaps, but, it certainly would have prevented two infiltration I had in the last few month I suspect any kind of segregated environment would require bigger hardware ?
I don't know - bigger than what? (i.e. what have you got now)? As far as I understand you (Voytek) are in the business of hosting multiple domains on a single Linux image. Something which seems to be relatively light on hardware and give very good segregation are linux vservers (http://linux-vserver.org). I've seen a hosting company providing such a service based on such technology (Virtuozo, back before it was opened up, see http://en.wikipedia.org/wiki/OpenVZ for a start), Wikipedia seems to try to compare the different solutions in that space so maybe you want to start digging there (and I'd be curios if you got back to us with your conclusions). Good luck, --P -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
