Knowledgebase

Portal Home > Knowledgebase > Articles Database > PHP Files FastCgi, SuPHP or Mod_PHP?


PHP Files FastCgi, SuPHP or Mod_PHP?




Posted by httpCORE, 02-15-2013, 03:58 PM
If you're running a server just to host a single site lets say WordPress, should you secure your server with any of these handlers? I'm just wondering because at default settings some PHP files need 777 to function. Not to sure if 777 is safe, anyone care to shine some light? found this from 2005, not sure if it holds anymore weight today? "as far as i understand it, *everyone* having permission doesn't include the average joe on the internet, but only everyone who has an account or access to that machine. if the machine is: * on a shared hosting solution * has anon ftp access or a number of other entry points the general public can use * is a workstation that many people log into then 777 is a bad idea. but if you've got a reasonably locked down dedicated server with no user accounts other than your own, 777 shouldn't pose any more security risk than anything else. there'd have to be some other vulnerability for a malicious user to take advantage of that, and at that point, the 777 permission is probably moot anyway."
Posted by serve-you, 02-15-2013, 04:34 PM
A web server needs to be secured regardless of how many sites it hosts and how many users. WP is easily (and often) exploited just like most other PHP apps. The number one way that these apps are exploited is by taking advantage of poorly secured servers. 777 means read/write/executable by "everyone". It means that not only the user and group owners have full access to a file/dir, but that the web server (apache) does as well. It is always a risk, and should only be used in situations where you need to web server to be able to write to that dir. For example, an uploads directory would need write permissions to the web server.
Posted by TravisT-[SSS], 02-15-2013, 04:49 PM
Don't chance it. We setup several dedicated servers for just one site and we push clients to go with nginx+php-fpm and lock permissions down and run grsecurity kernel. The problem with 777 permissions is it open up doors to any user to try and grab access to other locations.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Host closed / Can't get access to my data (Views: 523)
WHM adding a package (Views: 442)
CPanel with Multiple Ethernet Adapters (Views: 464)
A few words about DNS cache poisoning? (Views: 460)
Reseller hosting for selling a script (Views: 496)

Language: