Security risks ( a bit OT )

musicdenotation · February 12, 2014, 4:29am

Hi folks,

I’m just about to build up a server to take over about 100 smallish
drupal sites. I’ve found that it is better to share a lot of resources
between sites if possible, rather than allocate small slices to each.

I am talking about the php-fpm backend that I’ll be using here, not
nginx directly. What security implications do you see when sharing a php
backend across some / all of the sites - I will also be using APC.

Apologies for asking it here, but here is so much noise on the php sites
I know, and I find that there’s a far more knowledgeable bunch here!

Thanks for your forbearance in advance!

Steve

Steve H. BSc(Hons) MIITP

Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

steveybaby · February 12, 2014, 10:14am

Hi, Steve.

I use a lot of sites, like you: joomla, opencart, etc.
I have 2 security principals:

virtualization. I use FreeBSD “light” jails + vnet. Each CMS in own
jail, e.g. joomla-jail with all sites written on joomla cms,
opencart-jail and so on.
php pools. Each site in own pool with right access to sockets.

One nginx instance per-jail.

Cheers,
w

— Original message —
From: “Steve H.” [email protected]
Date: 12 February 2014, 05:29:11