On Thursday 28 May 2009, Alan McKinnon wrote: > On Thursday 28 May 2009 21:51:26 Stroller wrote: > > > So I recommend option 4: > > > > > > Pony up the money for server #2 > > > > Just for the sake of satanic advocacy, could you indulge me, please? > > > > Let's say Mick is the administrator for all domains in question. He > > decides to run the two sites on different machines, one for > > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is > > insecure, what makes you think he will administer MicrophoneShoppe any > > more securely? > > I suffer from a healthy dose of paranoia :-)
Well, it is commonly said that the fact you are paranoid doesn't necessarily mean they are not out to get you! > Added to that, my employer is an ISP and not shy with budgets, so a > purchase order for new hardware in a case like this will not raise any > eyebrows. For me, it's a low level of risk high impact scenario and the $ > cost is low. > > In a budget-constrained environment, it would obviously work very > differently Well, I am in a very cost constrained environment I'm afraid. Good advice given here - I am now thinking that a virtual server is the next stage. Any idea how it would run on a single CPU machine - or must we bite the bullet and go for some multicore monster? > And yes, I do indeed not trust php code at all. I've seen the audit results > of too many php projects that were diligently hardened and what it took to > get them from working state to an acceptably secure state. I haven't your specific experiences of course, but have read about and seen a few horror stories of cracked phpBB implementations that I know I would not be able to sleep at night ... especially as one of the hosted websites is running some home brew of php+perl. Still, at least formally it is weak passwords that are usually blamed for most compromised servers. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
