php security on a system with only known php software (or: need alternative non-PHP CMS)

listed in answer

0.00 / 5 5
1 / 5
2 / 5
3 / 5
4 / 5
5 / 5

0 votes, 0.00 avg. rating (0% score)

ANSWER:

You mention that you have a restricted firewall in place – don’t forget you can block outgoing connections by UID.

If you’re running PHP under its own user ID you can (& should!) deny that user outgoing HTTP/HTTPS connections unless you need to allow for update checking or RSS feed fetching. This will prevent any exploited code from being able to download a rootkit.

by Steve Kemp from http://serverfault.com/questions/381965

Tags: php, user-outgoing, will-prevent

No Comments »

← need to my server’s ip changes when it needs to connect port ‘x’ on ip ‘y’

My MySQL database is getting hacked nonstop →

M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13

User Answer To Computing Errors

Who's Online

Language Translation

New Answers