Dedicated server for 1 account, DSO or even in this case suPHP?

[phoenixweb]

Hi everybody,

we have a dedicated server that have just 1 account and all our simple DNS Zones.

So this server is almost used by 1 user (that are us).

If it's not a shared server, i think the best solution is to use the DSO handler instead of the more secure mod_suPHP.

I just want to know if the mod_suPHP help even if there aren't problem about fraudelent use of the user NOBODY.

Over this server there is the MAIN DOMAIN that control all other server, and we really need to get this server secure.

So.... can suPHP help to make the server secure even in this case, or it's totally useless in this case?

Of course we are strongly interested that DOMAIN run as fast as possible.

Thank for all your hints and suggestions in advance.

Best Regards,
Max

 

[skcoyote]

Personally, if you want speed and security for a single domain, I wouldn't run WHM at all. However, this is the WHM forum...

I would just run your own hardened, chroot'ed, and thoroughly tested Apache server, without using the WHM config at all. Don't bother with suPHP. Create a "www" user and group on the system, and set User and Group accordingly in httpd.conf. chown(1) the web files accordingly, don't give www access to anything else, and use chroot as another layer of security.

 

[phoenixweb]

Personally, if you want speed and security for a single domain, I wouldn't run WHM at all. However, this is the WHM forum...

I would just run your own hardened, chroot'ed, and thoroughly tested Apache server, without using the WHM config at all. Don't bother with suPHP. Create a "www" user and group on the system, and set User and Group accordingly in httpd.conf. chown(1) the web files accordingly, don't give www access to anything else, and use chroot as another layer of security.

Yeah i know that we can do better without WHM, however the script is tested completely on the WHM structure in order to create new DNS zones that run also over this dedicated server.

So WHM is usefull mostly for the DNS Zone of the simple domains, and not for the main domain. However it have still a great configurator of Apache so we don't use it all?

:D