Chapter 10. Solidifying Unmanaged
Managed hosting ought to hold the fort that is server security but those of us with unmanaged plans take full responsibility, maintaining moats and all.
For the latter group, while we've already done a fair bit to repel invaders, we remain primarily concerned with the risk of malicious intrusion via the web and via other network services. There's more. Erring on the side of caution, we must assume the worst and allow for penetration by segregating anything and everything that moves, server-side. By isolating users and their files, should a wall fall, we are at least better positioned to contain internal damage. We are at least less likely to lose our sites and data.
Let's crack into some hardcore network defense, therefore, backing that up with damage limitation:
Hardening OpenSSH to deny like crazy
Creating a chrooted SFTP area using OpenSSH
Tightening up PHP with an
.iniguide and the Suhosin patchSecuring sites with privilege separation tools such as SuPHP...
