Hey gerg, nice to see you

methode — Fri, 04 Jul 2008 20:58:48 +0000

Hey gerg, nice to see you again
Maybe I just chose a subject which is less popular than a snail's as*.

What about throttling per virtual host, lets say with mod_bw. Any experience with it, a why yes or why not to do it?

Hey Methode, welcome to TWF

greg — Fri, 04 Jul 2008 15:58:00 +0000

Hey Methode, welcome to TWF

Does anyone have any ideas about this at all?
Mainly this bit:

Ensuring that no-one can access other users websites or the files or temp details such as the session etc, especially our own that are also hosted on the cluster?

As currently with testing creating Cpanel accounts we had some nasty surpises with what info we could obtain from site-wide sessions etc, and only using basic PHP scripts loaded in a cpanel accounts domain folder (so basically anyone with an account on the server could do the same).

Obviously with allowing the general public to create an account it has to be secure so no-one can access the tmp sessions or other dir's for the main hosting website and other people's websites.

So looking for general security tips for creating cpanel accounts for setup in apache/php etc. But mainly the above. What do we have wrong that allows a dir listing for the entire server?