Secure mod_php on a shared hosting environment

[freshmint]

I'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.

So what should I do to best secure the server?

So far now I did:

- Apache:
Installed mod_security and mod_evasive.

- PHP:
Set register_globals=OFF
Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close
Set safemode=ON
Set open_basedir to user's directory on virtualhost

Is that would be a secure environment for my users?

 

[freshmint]

Come on, no one? Is it even possible to secure a mod_php for shared users?

Do you all run PHP as CGI?

If that's the case, does fastcgi replaces suPHP or are they different in some aspects?

 

[Maniak]

Hi,

In addition, I would add some further changes, such as :

- ServerSignature Off
- ServerTokens Prod

Try some crappy scripts and trying to browse the complete harddisk, looking to gain root, reading other users files, etc...

I would also make a little audit, and check if I don't have some other stuffs to fix.