How to limit scope of php scripts to own domain (basedir) in openserver for windows?

A

Aligatro2018-01-25 23:41:30

PHP

Aligatro, 2018-01-25 23:41:30

Hello, I'm a little layman in server administration, because the subject.

Recently I picked up a malware and this bastard fled to all directories inside the domain folder. Therefore, the question arose of how to limit the scope of php scripts to their own root domain, preferably without loss (significant loss) of performance.

Thank you.

PS is there any other way besides setting open_basedir?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

Constantine, 2018-01-26
@Aligatro

1) Create a user and group under which openserver runs.
2) Create users for individual domains.
3) Set up the domain=user folder. Owner read-write, group per folder (under which openserver runs) read-only.
It turns out that the script will not be able to write to other folders, since there are no rights.
For Windows there is an IIS server and it is preferable.

X

xmoonlight, 2018-01-26
@xmoonlight

For Windows ONLY!
I recommend Folder Guard .
Read-Only:
1. On all files in home directories, except for the openserver process and file-manager'a (which you use to edit code, etc.).
2. Folders of trusted applications (openserver and file manager) for any executable code - extensions *.exe,*.dll,*.bat,*.cmd, *.scr, etc.