securing unpatched websites

Posted by neuron on Server Fault See other posts from Server Fault or by neuron
Published on 2012-08-29T09:00:18Z Indexed on 2012/08/29 9:40 UTC
Read the original article Hit count: 279

Filed under:
|
|
|
|

I have a client with a lot (read several thousand) websites in several old cms solutions that are no longer maintained. Now moving all of them to a maintained solution isn't really an option at this point. So I'm thinking about ways to secure the solutions without patching them.

The solutions are mostly joomla 1.0/1.5 and wordpress. What I'm thinking is something like this:

  • mod_suexec to lock everyone into their own home directory
  • apparmor to deny any and all file writes by default. (exclude by default, include things like "images" directories).
  • use htaccess to prevent anything in writable directories from being executed. (aka disable php_engine for images/ directory).
  • mysql triggers to check the "users" tables to prevent adding new admins/superadmins.

Does this make sense? Is it viable? Am I missing something obvious?

© Server Fault or respective owner

Related posts about apache2

Related posts about mysql