Help to secure my FreeBSD/Apache installation

Andy Wodfer wodfer at
Wed Jul 17 21:11:28 UTC 2013

Hi everybody!

I'm running a server on FreeBSD 8.1 STABLE (apache 2.2.16, mysql 5.1.50,
php 5.3.3) and I server some websites from it, most of them using Joomla or
Wordpress CMS.

I recently had a security breach where someone used a hole in an older
Joomla version and was able to install a php script called webadmin.php.
>From that the person was able to browse all folders and view all files -
and change them... not nice!

Apache runs using the www user (std installation) and all virtualhosts
share the same user, but are placed in different directories.

I need some help and pointers to what I can do to strengthen security and
to atleast prevent someone from writing to the filesystem and browse all
directories and files. (allthough joomla needs some folders to be chmod 777)

I'm thinking about installing apache2-mpm-itk or similare to jail each site
into its own directory and run each virtualhost as its own user. Is this a
good idea?

Thankful for answers and pointers!

All the best -

More information about the freebsd-questions mailing list