1 |
Dan Cowsill wrote: |
2 |
> Actually, I'd be pretty interested in what you have to rant about PHP. |
3 |
> I run apache with php_mod installed and have the http port open. Is |
4 |
> there a security risk I should be aware of? |
5 |
> |
6 |
|
7 |
It really depends on how badly the PHP application you're running has |
8 |
been written. Assuming you're keeping up to date on PHP and your webapps |
9 |
and have funky applications .htaccess'ed off you're reasonably safe. |
10 |
|
11 |
However I'd highly recommend adding hardenedphp to your php USE flags as |
12 |
it stops a number of things. I've never had a problem with the hardened |
13 |
patch over the past year or so and frankly would not use any application |
14 |
that it broke. |
15 |
|
16 |
Another simple trick is to have an empty vhost as your primary and your |
17 |
real applications sites only accessible by name. This way little script |
18 |
kiddies scanning by IP or hostname hits Apache they are dumped to the |
19 |
first loaded vhost, your empty one, instead of your actual site. Then |
20 |
thay come up with nothing when they hit |
21 |
/var/www/localhost/htdocs/wordpress/ instead of the actual site tree. |
22 |
Doesn't stop a determined person, but has the added benifit of keeping |
23 |
x20x20x20x20 type crap out of your real logs. :-) |
24 |
|
25 |
kashani |
26 |
-- |
27 |
gentoo-user@g.o mailing list |