From owner-freebsd-questions@FreeBSD.ORG Wed Jul 17 21:11:28 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 70F2946F for ; Wed, 17 Jul 2013 21:11:28 +0000 (UTC) (envelope-from wodfer@gmail.com) Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) by mx1.freebsd.org (Postfix) with ESMTP id 0EF28BCD for ; Wed, 17 Jul 2013 21:11:27 +0000 (UTC) Received: by mail-wg0-f51.google.com with SMTP id e11so2202453wgh.18 for ; Wed, 17 Jul 2013 14:11:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=wCU+KsVHUX080gQNIDlMhheRY25Ks0jtklnBc2kjkd8=; b=A4ShCvECvWYDVkt+OMJLHB6Izgu7vB6hXFvrqEC+ZjMlHzeIi0uNVexmuZzWDwTcV+ xFRGcRXzTgQ6Rcn/mecMZOSAeSCcDpiZ97NKFdSpTHMuZEo27LF0S3iI1Bb3rzLxYLfW LxacwiyAIdZ1aLpG/ToCHMP+rPgSOMQC6g9kxDuYQ+XtEjbUeJfxsvBVfdsWGged4BbS 2gu3NPEbbUjFO/1v5Z/xpdyZrHj0ljdBaLlEEDOZXRXx2C1wAmkRMlC0yOayFDiNGFKG 6j0/mnGoetz/fICgggyUpyzGOcCnjGz2HCtmKwTrbywb4IJTSZJgzfkRnqULZPKUGCVa zegQ== MIME-Version: 1.0 X-Received: by 10.180.11.146 with SMTP id q18mr5952578wib.50.1374095487283; Wed, 17 Jul 2013 14:11:27 -0700 (PDT) Received: by 10.194.87.199 with HTTP; Wed, 17 Jul 2013 14:11:27 -0700 (PDT) Date: Wed, 17 Jul 2013 23:11:27 +0200 Message-ID: Subject: Help to secure my FreeBSD/Apache installation From: Andy Wodfer To: freebsd-questions Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jul 2013 21:11:28 -0000 Hi everybody! I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50, php 5.3.3) and I server some websites from it, most of them using Joomla or Wordpress CMS. I recently had a security breach where someone used a hole in an older Joomla version and was able to install a php script called webadmin.php. >From that the person was able to browse all folders and view all files - and change them... not nice! Apache runs using the www user (std installation) and all virtualhosts share the same user, but are placed in different directories. I need some help and pointers to what I can do to strengthen security and to atleast prevent someone from writing to the filesystem and browse all directories and files. (allthough joomla needs some folders to be chmod 777) I'm thinking about installing apache2-mpm-itk or similare to jail each site into its own directory and run each virtualhost as its own user. Is this a good idea? Thankful for answers and pointers! All the best - Andy