Hi Everyone,

Anyone who is managing a couple of shared hosting servers knows: getting things secure is quiet a hassle. And as much how I like interworx, it is NOT very secure by default. Ofcourse this also counts for other CP software. Changes we are adding to make stuff more secure: patching php with suhosin, tweaked php.ini files, mod_security, suPHP & Maldet.

Our staff is quiet busy with dealing abuse problems on our servers such as:

  1. server abused by some spammer guy
  2. sites defaced/exploited of what so ever

We all know security and information leaks getting more and more serious. The same hosting setups from a couple of years ago are not sufficient anymore.


What does lack currently in interworx IMHO:

  • suPHP is added but it missing automaticly php.ini creation under the siteworx user. We are doing it this way now: http://forums.interworx.com/showpost...02&postcount=8
  • Selinux support. Yes we really need it. SElinux has made big steps and itīs very cool. It can stop a LOT of evil things within the Apache domain: root exploits, backdoors etc etc. It will be tricky but EVEN Parallels has managed to get it working with Plesk 11. I see a lot of parties migrating to Plesk 11 only for this reason.
  • Limit the outgoing e-mails to limit the damage after a spammer
  • On a personal note: I would like to get the mod_dnsbl module in proftpd, so we can whitelist/blacklist countries :-)



Please Interworx make the life of our staffs fun again.....also for our customers I hope some other tips/tricks will follow and I hope Dan or something will react on this one.