View Single Post
  #3  
Old 24th September 2010, 13:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,509
Thanks: 815
Thanked 5,268 Times in 4,130 Posts
Default

Quote:
I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?
You seem to ahve used wrong settings for your site as there are no changes of the website owners etc. nescessary, neither to get joomla working nor for security. The correct settings for a joomla site are:

1) Select security level "High" in ISPConfig under System > server Config on the web tab.
2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.

This ensures that all scripts are run in a security wrapper under the website user.

Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote