How to protect my sites from accessing other sites on the same linode?
I've followed the Linode guides, set up my site, and all is well. Now I want to make some more sites, some wordpress. Is the default configuration enough, so that in the event the hacker is able to have access to the website, and upload some malicious file, that he won't have access to my other sites hosted on the same linode?
How do I prevent someone from accessing anything else other than the folder where that website is stored at?
If one of my sites does get infected, I don't want my other sites to get infected.
Any help is greatly appreciated.
Thanks
Also, I ran this command to help me update my Wordpress sites right on the dahboard. Will this command put me at risk in any way?
> chown -R www-data:www-data /var/www/html/domain.com/public_html
1 Reply
For example, I never use the old method of hosting under all sites under /var/www/html, instead I prefer the method of isolating each site within a real user account under /home/example.tld/www/
Another example, is to setup Apache to run per user account privileges, I use httpd-itk for that.
CentOS provides SELinux security, which is excellent at mitigating internal attacks and helps restrict what a user account can do.
On the PHP level, it is easy to disable almost all the sensitive functions, like exec() from the /etc/php.ini file, definitely worth doing because almost all hack scripts use those to remotely download and execute malware code. If your websites are built by you, then you can easily remove tons of functions, like curl, but you need to know what you are doing because you may break things for wordpress.
I use an automated script to setup everything, which is AetolosAnsible