I suddenly inherited Mac OS X MiniServer with AMPPS on it. It used to be a development server, switched to a production role. So I created MySQL users for each site with this site's DB access only, specified PHP-directive "open_basedir" for each site and composed .htaccess to the best of my knowledge (which is poor).
But I'm still uncertain about security.
I'm planning on setting up several websites on the same server, by using the Virtual Hosts feature of Apache. My question is whether I should also create a separate Linux user for each of them? And if so, what privileges should be given to these users? What group should they be assigned to?
Would be interested in hearing the specific steps I should take, as I'm pretty much a newb here.
On a large drupal site, the database server is on a separate server connected directly to the web server. The web server uses apache and memcached. The problem is that whenever the post is a large, say larger than 10KB, the server does not return correctly. I checked both apache and mysql logs but could not find any trace of errors being logged.
We have a guest book page that being hit by spam bot.
Currently we've dispose the page, but the spam bot was keep hitting that page, that cost us a lot of Apache thread and processes. Though it's only showing Apache's default forbidden page, but still it takes/needs Apache threads.