Security risks ( a bit OT )

Hi folks,

I’m just about to build up a server to take over about 100 smallish
drupal sites. I’ve found that it is better to share a lot of resources
between sites if possible, rather than allocate small slices to each.

I am talking about the php-fpm backend that I’ll be using here, not
nginx directly. What security implications do you see when sharing a php
backend across some / all of the sites - I will also be using APC.

Apologies for asking it here, but here is so much noise on the php sites
I know, and I find that there’s a far more knowledgeable bunch here!

Thanks for your forbearance in advance!


Steve H. BSc(Hons) MIITP

Skype: sholdowa

Hi, Steve.

I use a lot of sites, like you: joomla, opencart, etc.
I have 2 security principals:

  • virtualization. I use FreeBSD “light” jails + vnet. Each CMS in own
    jail, e.g. joomla-jail with all sites written on joomla cms,
    opencart-jail and so on.
  • php pools. Each site in own pool with right access to sockets.

One nginx instance per-jail.


— Original message —
From: “Steve H.” [email protected]
Date: 12 February 2014, 05:29:11