View Single Post
Old 24th September 2010, 14:20
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,036
Thanks: 841
Thanked 5,655 Times in 4,464 Posts

I used apache instead of root, and everything seems to work.
Does that seem reasonable in an effort to minimize possible escalations?
You seem to ahve used wrong settings for your site as there are no changes of the website owners etc. nescessary, neither to get joomla working nor for security. The correct settings for a joomla site are:

1) Select security level "High" in ISPConfig under System > server Config on the web tab.
2) In the website settings, enable the suexec checkbox and select "php-fcgi" as php method.

This ensures that all scripts are run in a security wrapper under the website user.

Do not use mod_php. Also useing user "apache" is a security risk as this allows attacks from other sites on the same server.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote