securing unpatched websites
Posted
by
neuron
on Server Fault
See other posts from Server Fault
or by neuron
Published on 2012-08-29T09:00:18Z
Indexed on
2012/08/29
9:40 UTC
Read the original article
Hit count: 279
I have a client with a lot (read several thousand) websites in several old cms solutions that are no longer maintained. Now moving all of them to a maintained solution isn't really an option at this point. So I'm thinking about ways to secure the solutions without patching them.
The solutions are mostly joomla 1.0/1.5 and wordpress. What I'm thinking is something like this:
- mod_suexec to lock everyone into their own home directory
- apparmor to deny any and all file writes by default. (exclude by default, include things like "images" directories).
- use htaccess to prevent anything in writable directories from being executed. (aka disable php_engine for images/ directory).
- mysql triggers to check the "users" tables to prevent adding new admins/superadmins.
Does this make sense? Is it viable? Am I missing something obvious?
© Server Fault or respective owner