Erm didn't find the right words for topic.. anyway, since most of the big php portal scripts have loads of security holes i am in a process to limit them even more. Most of the hacks happen using wget or similar programs that can download scripts with bad bad code from net to server. So i'm chmod-ing these programs to 700 aka only root can run them. So far my list is: wget gcc cc make scp Anything else that we could add to this list?
Might also be a good idea to chroot your users: http://www.howtoforge.com/chrooted_ssh_howto_debian mod_security is also interesting: http://www.howtoforge.com/apache_mod_security
SSH is not allowed only for my IP. mod_security already running.. Was just thinking that programs that are able to download files are not needed for users cause this way most of the auto scripts hack portals and stuff.. extra security if you will.. Any more ideas about programs that can download files from internet and are not important to users?
