Locking down a server for shared internet hosting.
Posted
by
Wil
on Server Fault
See other posts from Server Fault
or by Wil
Published on 2010-11-10T21:47:11Z
Indexed on
2011/01/12
5:55 UTC
Read the original article
Hit count: 275
Basically I control several servers and I only host either static websites or scripts which I have designed, so I trust them up to a point.
However, I have a few customers who want to start using scripts such as Wordpress or many others - and they want full control over their account.
I have started to do the basics - like on php.ini, I have locked it down and restricted commands such as proc, however, there is obviously a lot more I can do.
right now, using NTFS permissions, I am trying to lock down the server by running Application Pools and individual sites in their own user, however I feel like I am hitting brick walls... (My old question on Server Fault).
At the moment, the only route I can think of is either to implement an off the shelf control panel - which will be expensive and quite frankly, over the top, or look at the Microsoft guide - which is really for an entire infrastructure, not for someone who just wants to lock down a few servers.
Does anyone have any guides that can put me on the correct path?
© Server Fault or respective owner