Locking down a server for shared internet hosting.

Posted by Wil on Server Fault See other posts from Server Fault or by Wil
Published on 2010-11-10T21:47:11Z Indexed on 2011/01/12 5:55 UTC
Read the original article Hit count: 275

Filed under:
|
|
|
|

Basically I control several servers and I only host either static websites or scripts which I have designed, so I trust them up to a point.

However, I have a few customers who want to start using scripts such as Wordpress or many others - and they want full control over their account.

I have started to do the basics - like on php.ini, I have locked it down and restricted commands such as proc, however, there is obviously a lot more I can do.

right now, using NTFS permissions, I am trying to lock down the server by running Application Pools and individual sites in their own user, however I feel like I am hitting brick walls... (My old question on Server Fault).

At the moment, the only route I can think of is either to implement an off the shelf control panel - which will be expensive and quite frankly, over the top, or look at the Microsoft guide - which is really for an entire infrastructure, not for someone who just wants to lock down a few servers.

Does anyone have any guides that can put me on the correct path?

© Server Fault or respective owner

Related posts about Windows

Related posts about security