Welcome! Log In Create A New Profile

Advanced

Virtualhost Isolation

Posted by Nitrous 
Virtualhost Isolation
December 07, 2015 02:22PM
With an Apache server I had a number of Wordpress sites on it. When one got hacked they all got messed up. I then added this code to Isolate each site and after that if one got messed up the other ones were still good:

In the virtualhost config:
DocumentRoot /home/www/public_html/website.com/www
<Directory /home/www/public_html/website.com/www>
php_admin_value open_basedir "/home/www/website.com/www:/tmp:/home/www/CommonSite/www"
</Directory>

I'm not running an NGINX server as the performance is definitely improved but one of the sites got hacked and it spread to all the other ones. How would I add some isolation between the sites so that if one gets infected it isn't spread throughout them all?

Thank you
Re: Virtualhost Isolation
December 07, 2015 04:33PM
Your best isolation is to not allow any write access to nginx other then its logfiles.

With PHP it is more or less the same except you need to allow some write access for php code that needs this such as session folders, explicitly allow access there but no where else.
2) set open_basedir in php.ini (and don't allow write access) and do not set its value by passing it on.

---
nginx for Windows http://nginx-win.ecsds.eu/
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 125
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready