The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do I need to use phpSUEXEC ?

Discussion in 'General Discussion' started by DReade83, Dec 11, 2008.

  1. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    I have two servers, both private, in other words they only host and run code developed by me. So is there any point in having phpSUEXEC? Also what about Suhosin, is that meant for shared hosting, or will it benefit me too? I'm running ModSecurity but wondered if Suhosin would have any benefits?

    Thanks in advance!
     
  2. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    phpSUEXEC basically protects your CGI scripts, so you can decide if you need it, I assume it would depend on what scripts you are running.

    SuHosin can stop some injection attempts as well as a lot of other vunerabilites. Even though your server is private, if you can access it via an IP or host name someone will find it and try to inject a script or look for other weaknesses to exploit.

    We ran without SuHosin for a very long time without issues, but we had phpSuExec and CSF firewall and extensive mod_security rules. We do now run SuHosin and SuPHP just to make the server a little more hardened against attacks.
     
  3. DReade83

    DReade83 Well-Known Member

    Joined:
    Oct 20, 2006
    Messages:
    196
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cheshire, UK
    I'm running PHP as a module and there are no CGI scripts at all. That said would it make a difference if I ran phpSUEXEC?

    As for Suhosin, does it log injection attacks and other intrusion attempts?
     
Loading...

Share This Page