Dear valued customers,
To minimize security vulnerability, it is extremely important to secure your PHP and to keep your PHP version up to date.
Here are the security enhancements we recommend you to apply:
1) Install and configure ModSecurity.
ModSecurity is an open source for web applications intrusion detection / prevention engine. In other words, Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security. Protecting web applications from known and unknown attacks.
Step of installation for ModSecurity:
1) Download yum repo and install the ModSecurity using yum
# wget -q -O –| sh
# yum install mod_security
2) Download apply the ModSecurity rules.
# cd /etc/httpd/modsecurity.d && wget
# tar –xvvzf modsec-2.5-free-latest.tar.gz
3) Remove unwanted rules
# cd /etc/httpd/modsecurity.d && rm -Rf 00_asl_rbl.conf 00_asl_whitelist.conf
4) Restart apache service
2) Install PHP HardenedPHP patch
The hardenedPHP patch is a patch that adds security hardening features to PHP to protect your servers from a number of well-known issues in PHP applications and potential unknown vulnerabilities within those applications or the PHP core itself.
3) Keep your Plesk version and application version up to date
** NOTE: mod_security and Suhosin were not fully tested with Plesk Sitebuilder. If you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.
Installation steps for Suhosin
1) Download suhosin and install it
#tar -zxvf suhosin-0.9.18.tgz
#make && make install
2) Add a load directive to php.ini
3) Restart apache service
<< PLESK Users >>
Mod_security and Suhosin were not fully tested with Plesk Sitebuilder. If you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.
<< CPANEL/WHM Users >>
For server pre-installed with cPanel, you will only need to enable the ModSecurity module and Suhosin module from the EasyApache and recompile the Apache.