Foros del Web » Administración de Sistemas » Cloud Computing »

Afinando un Server

Estas en el tema de Afinando un Server en el foro de Cloud Computing en Foros del Web. Mi consulta es, teniendo un server recien entregado por un DC, y con la instalacion y configuracion standard que ellos brindan (que en mi caso ...
  #1 (permalink)  
Antiguo 19/05/2007, 12:14
 
Fecha de Ingreso: diciembre-2006
Mensajes: 439
Antigüedad: 18 años
Puntos: 1
Afinando un Server

Mi consulta es, teniendo un server recien entregado por un DC, y con la instalacion y configuracion standard que ellos brindan (que en mi caso es CentOS 4 y Cpanel) , que afinamiento se deberia darle al server para obtener de el un mejor rendimiento/desempeño.

- Que opciones activar/ desactivar para obtener un mejor rendimiento/desempeño?

Como primera medida , veo q el DMA del disco no esta activo, asi q habra q activarlo.

Que otros afinamientos hay que darle a un server ??

Salu2
  #2 (permalink)  
Antiguo 19/05/2007, 13:24
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Debes aprender a configurar debidamente cPanel, Apache, MySQL, PHP en primera instancia, luego puedes optimizar también el archivo sysctl del kernel y otros aspectos del sistema. Hay mucha información desde los foros de cPanel, también en WebHostingTalk.

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #3 (permalink)  
Antiguo 19/05/2007, 14:46
 
Fecha de Ingreso: mayo-2006
Mensajes: 614
Antigüedad: 18 años, 7 meses
Puntos: 0
Re: Afinando un Server

Creo que podrias contratar a alguien que al mismo tiempo realice la configuracion y te vaya explicando algunas cosas, estoy seguro que en este mismo foro lo encontraras
__________________
Miguel Roca
InterServicios Informáticos Ltda.
  #4 (permalink)  
Antiguo 19/05/2007, 16:18
Avatar de piero19  
Fecha de Ingreso: marzo-2003
Ubicación: Lima - Perú
Mensajes: 322
Antigüedad: 21 años, 9 meses
Puntos: 1
Re: Afinando un Server

en este Enlace hay algunos How-to básicos para la administración de tu server pero lo más recomendable sería como dicen todos que contrates a alguien que te lo administre.
__________________
I-Media Network :: Hosting Perú ::
Hosting, Resellers y Streaming. Realmente Económicos
  #5 (permalink)  
Antiguo 19/05/2007, 16:45
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Estoy de acuerdo en que contrates a alguien que haga el setup de las configuraciones y seguridad del server si necesitas poner un servidor en producción cuanto antes para clientes o inversiones.

Pero si quieres solo aprender a administrar un servidor, y tienes uno sin uso, estudia, investiga y experimenta todo tu mismo. No contrates a nadie, desperdicias tu dinero, cualquier SysAdmin independiente o una empresa que haga este tipo de trabajos nunca te dirá todo lo que hicieron detalladamente para que tu lo aprendas.

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #6 (permalink)  
Antiguo 19/05/2007, 17:38
cascompany
Invitado
 
Mensajes: n/a
Puntos:
Re: Afinando un Server

A ver un resumen....

asegura tmp
instalate un firewall, como apf por ej
instalate programas de aviso y bloqueo (de procesos, de logins) como bfd por ej.
configurate bien la seguridad desde el mismo whm, bloqueando los programas,poniendo las protecciones de php,etc.
desactiva los programas y servicios que no uses.
instalate el pro de cpanel, con el antivirus y el modsecurity al menos.

y como bien dijeron alli, buscando en google encontraras varios lugares donde te dan un how to o paso a paso de "securing your cpanel", hay varios en varios lugares (en ingles mayomente), y con eso tiene mas o menos la configuracion inicial.

Asi mismo... luego de eso tienes que monitorear tu server siempre, viendo que no se envie spam que no suban gusanos o no quieran explotar los sitios, etc.actualizarlo siempre, revisar logs periodicamente, etc.

Saludos.
  #7 (permalink)  
Antiguo 30/05/2007, 18:47
Avatar de wiz
wiz
 
Fecha de Ingreso: agosto-2006
Ubicación: Argentina
Mensajes: 48
Antigüedad: 18 años, 4 meses
Puntos: 0
Re: Afinando un Server

Aqui algunos consejos, pero en ingles (tips! je):

parte 1

IMPORTANTE - SI UD NO DOMINA LA TEMATICA O NO ESTA SEGURO EXACTAMENTE DE QUE ESTA MODIFICANDO EN CADA PASO DE ESTA GUIA, POR FAVOR NO LO HAGA, O CONSULTE CON EL ADMINISTRADOR AMIGO DE SU BARRIO


Cita:
How-To: The Complete Server Optimization Guide (2007)

Greetings,
This guide is composed of material found from various other web hosting, control panel, and script forums related to optimization, hardening and securing. This is also cPanel oriented however can be used for other servers running different control panels just to name a few Plesk, DirectAdmin, Webmin.

Now before we begin I cannot stress enough that you NEED to read my post thoroughly taking every last word into detail as you are applying these methods on your own risk as a VPS is not all sunshine and lollipops. If you don’t know what you are doing, it is strongly suggested to do a bit of research before attempting it, these methods have been tested on several different servers and I personally have conducted benchmarking with these methods on several VPSes right here at PowerVPS. And of course you will learn to love the "cp" command (copy) as I'm going to be mentioning it quite a bit and again I cannot stress enough that you BACK UP EVERYTHING YOU CHANGE don't be one of those people that say "Oh, that will never happen to me!" don't be fooled.. Karma will get you one day =)

Now let's start with the basics:


WHM/cPanel Modifications:


First off, jump into your serveru sing a SECURE connection (https://55.55.55.55:2087) of course changing the 55.55.55.55 part to your servers IP - this is so the data sent across your internet connection to your server is encrypted and undecodable.

Navigate your browser to Server Configuration -> Tweak Settings then making sure the following items are ticked (double check they are if they are not ticked, TICK THEM) unless I specify otherwise (they will be color coded for easy reading - Green = GOOD and Red = BAD):
-----------

(Below is an example on how I will layout my guide)

Under Domains:

(TICK) When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone.
(TICK) Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
(TICK) When adding a new domain, if the domain is already registered, ignore the configured nameservers, and set the NS line to the authoritative (registered) ones.

And now make sure the following is NOT ticked:

(UNTICK) Allow users to Park/Addon Domains on top of domains owned by other users. (probably a bad idea)
(UNTICK) Allow Creation of Parked/Addon Domains that resolve to other servers (ie domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.]
(UNTICK) Allow Creation of Parked/Addon Domains that are not registered

Under Mail:

(TICK) Default catch-all/default address behavior for new accounts. blackhole is usually the best choice if you are getting mail attacks.
(TICK) Set this to "fail" for general use and as stated above "blackhole" if you're getting mail fooded (over 1000 emails in the mail queue)
(TICK) Silently Discard all FormMail-clone requests with a bcc: header in the subject line
(TICK) Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)

Here's a tricky setting, "The maximum each domain can send out per hour (0 is unlimited):" set this number to something you think is reasonable my personal preference is 60.. basically this setting will limit each account (not just the domain) on how many emails it can send out per hour, basically if you have a spammer on your machine and you can't find him.. set this to 60 and you will definitely stop him in his tracks.

Now this next one is also tricky ""Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)"" tick this if you want to disable any account on your machine from sending mail as "Nobody" it's really up to you in the end, if you're very strict (like me) you will enable this and force all your accounts to use the local SMTP server (which is probably better as when you receive emails from forums and stuff they don't come as "[email protected]" they come as "[email protected]" which in my sense looks more professional.

(TICK) Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)

And the same thing applies with this next one " The number of times users are allowed to check their mail using pop3 per hour. Zero is unlimited. (cppop only):" basically set this limit to again something around 60 or so if you're getting mail attacked.. it will again stop the attack right in it's tracks.

(TICK) Attempt to prevent pop3 connection floods

Now this setting "BoxTrapper Spam Trap" is strongly recommended to disable as having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it.

Under MySQL:

If you aren't required to use MySQL5, don't. Use MySQL 4.1 with the option " Use old style (4.0) passwords with mySQL 4.1+ (required if you have problems with php apps authenticating)" nearly always enabled it will stop certain applications using older methods of authenticating with MySQL.

Under System:

(TICK) Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
(TICK) Use jailshell as the default shell for all new accounts and modified accounts

Under cPAddons:

(TICK) Prevent installation of addon scripts not provided by cPanel
(TICK) Prevent installation of cPanel addon scripts that have be altered (Turning this off may be useful when testing custom addons.)
(TICK) Use native SSL support if possible, negating need for Stunnel

(UNTICK) Allow cPanel users to reset their password via email (This option has been vulnerable in the past, so you should keep it disabled)

=========================================
Security
=========================================

Security -> Fix Insecure Permissions (Scripts)
-----------

Fix Insecure Permissions (Scripts) (Run this at least once a month to make sure there are no inscure permissions on scripts running on your server.)

Security -> Manage Wheel Group Users
-----------

Remove all users except for root and your main account from the wheel group. unless you directly need another account there for SUing purposes, never ever have apache or any other system service listed in the wheel group.

Security -> Modify Apache Memory Usage
-----------

You should set a value RLimitCPU to prevent runaway scripts from consuming server resources - DOS exploits can typically do this. Run this at least once a week to reassure the limit is up to date

Security -> Quick Security Scan
-----------

You'll only need to run this once, but make sure you do. (Running this will ensure that bad services are not running on your server)

Security -> Shell Fork Bomb Protection
-----------

Enable Shell Fork Bomb/Memory Protection. (You should enable shell resource limits to prevent shell users from consuming server resources - DOS exploits typically do this.)

Security -> Tweak Security
-----------

Enable PHP's open_basedir Tweak. (To prevent PHP scripts from straying outside their cPanel account, and possibly executing or modifying other accounts files)

Enable Apache's mod_userdir Tweak. (To prevents users from stealing bandwidth or hackers hiding access/accounts to your servers)

Disable Compilers. (This tweak will disable the system's c and c++ compilers for unprivileged accounts on your VPS. Many canned exploits require working compilersc on the system to operate. You can also choose to allow some users to use the compilers while they remain disabled by default.)

=========================================
Service Configuration
=========================================

Service Configuration -> Enable/Disable SuExec
-----------

Enable SuExec. (To reduce the risk of hackers accessing all sites on the server from a compromised CGI web script, you should keep this enabled.)
(UNTICK)Always set the "Sender:" header when the sender is changed from the actual sender. Unchecking this will stop "On behalf of" data in Microsoft(R) Outlook, but may limit your ability to track abuse of the mail system.
(TICK) Verify the existence of email senders.
(TICK) Use callouts to verify the existence of email senders.
(UP2U) Discard email for users who have exceeded their quota rather than keeping it in the queue. (This again is up to you really, if you don't wish to have accounts that are suspended due to exceeding their quota loose all their new mail then leave this unticked)

Now jump into the "Advanced Editor" and in the first white box paste the following;

Quote:
log_selector = +all

smtp_load_reserve = 4

queue_only_load = 2

deliver_queue_load_max = 5
The above settings will allow exim to use extended logging for all accounts on the server, and the functions with the numbers tell exim not to use all the resources on your server if you're processing a lot of mail all at the same time.

Service Configuration -> FTP Configuration
-----------
Disable Anonymous FTP access (Used as an attack vector by hackers and should be disabled unless actively used by your accounts)

Última edición por wiz; 30/05/2007 a las 19:23
  #8 (permalink)  
Antiguo 30/05/2007, 18:48
Avatar de wiz
wiz
 
Fecha de Ingreso: agosto-2006
Ubicación: Argentina
Mensajes: 48
Antigüedad: 18 años, 4 meses
Puntos: 0
Re: Afinando un Server

parte 2

Cita:
Service Configuration -> Service Manager
-----------
Making sure all services are enabled and monitored as it is vital that you know the status of all the services on your machine, however please take note to disable the Java Melange Chat Server as it has been deprecated by cPanel and as such should be considered a security concern.

=========================================
System Health
=========================================

Service Configuration -> Background Process Killer
-----------

You should enable each item in this menu, which will disable the process from running on all accounts.

(TICK) BitchX
(TICK) bnc
(TICK) eggdrop
(TICK) generic-sniffers
(TICK) guardservices
(TICK) ircd
(TICK) psyBNC
(TICK) ptlink
(TICK) services

=========================================
Add-Ons
=========================================

Add-Ons -> Setup Spamd Startup Configuration
-----------

These are the recommended settings for a Power 1 and above VPS:

Maximum Children: 2
Allowed IPs: 127.0.0.1
Maximum Connections Perl Child: 200


Apache Modifications:

=========================================
Configurations File
=========================================

Identification output for Apache. (This is to hide version numbers from potentional hackers)

Quote:
pico /etc/httpd/conf/httpd.conf
Type CTRL + W then type ServerSignature then hit enter, once you've found it replace the "On" with "Off"

Quote:
Restart Apache /etc/rc.d/init.d/httpd restart
=========================================
Optimizing Apache for Low Memory Usage
=========================================

Apache can consume quite a bit of memory, if you’re not careful. This part of the guide discusses how to reduce the amount of memory it uses without killing performance. The caveat, of course, is that you’re not going to be able to run a site with a large database and large amount of traffic with these settings. I’m going to try to explain the WHY more than the WHAT. All of this is in conjunction with my goal of reducing the amount of ram. Before I begin, I’d like to say that you should also look at various system utilities that consume ram. Services like FTP and SMTP can and should be passed off to xinetd. Also, you should look at shells besides bash, such as dash. And, if you’re really serious about low memory, you might look at using something like BusyBox, which brings you into the realm of real embedded systems. Personally, I just want to get as much as I can out of a standard linux distribution. If I need more horsepower, I want to be able to move to bigger, faster virtual machines and/or dedicated servers. For now, optimizing a small virtual machine will do.

First off, Apache. My first statement is, if you can avoid it, try to. Lighttpd and thttpd are both very good no frills webservers, and you can run lighttpd with PHP. Even if you’re running a high volume site, you can seriously gain some performance by passing off static content (images and javascript files, usually) to a lightweight, super-fast HTTPd server such as Lighttpd.
The biggest problem with Apache is the amount of ram it uses. I’ll discuss the following techniques for speeding up Apache and lowering the ram used.

* Loading Fewer Modules
* Handle Fewer Simultaneous Requests
* Recycle Apache Processes
* Use KeepAlives, but not for too long
* Lower your timeout
* Log less
* Don’t Resolve Hostnames
* Don’t use .htaccess

Loading Fewer Modules

First things first, get rid of unnecessary modules. Look through your config files and see what modules you might be loading. Are you using CGI? Perl? If you’re not using modules, by all means, don’t load them. That will save you some ram, but the BIGGEST impact is in how Apache handles multiple requests.

Handle Fewer Simultaneous Requests

The more processes apache is allowed to run, the more simultaneous requests it can serve. As you increase that number, you increase the amount of ram that apache will take. Looking at TOP would suggest that each apache process takes up quite a bit of ram. However, there are a lot of shared libraries being used, so you can run some processes, you just can’t run a lot. With CentOS 4.4 and Apache1, the following lines are the default:

Quote:
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0
I haven’t found documentation on this, but prefork.c seems to be the module that’s loaded to handle things w/ Apache1 and CentOS 4.4. Other mechanisms could or could not be much more memory efficient, but I’m not digging that deep, yet. I’d like to know more, though, so post a comment and let me know. Anyway, the settings that have worked for me are:

Quote:
Timeout 180
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 3
MinSpareServers 1
MaxSpareServers 5
StartServers 1
MaxClients 5
MaxRequestsPerChild 300
What I’m basically saying is, “set the maximum amount of requests that this server can handle at any one time to 5.” This is pretty low, and I wouldn’t try to do this on a high volume server. However, there is something you can and should do on your webservers to get the most out of them, whether you’re going for low memory or not. That is tweak the keepalive timeout.

Recycle Apache Processes

If you noticed, I changed the MaxRequestsPerChild variable to 500, from 0. This variable tells Apache how many requests a given child process can handle before it should be killed. You want to kill processes, because different page requests will allocate more memory. If a script allocates a lot of memory, the Apache process under which it runs will allocate that memory, and it won’t let it go. If you’re bumping up against the memory limit of your system, this could cause you to have unnecessary swapping. Different people use different settings here. How to set this is probably a function of the traffic you receive and the nature of your site. Use your brain on this one.

Use KeepAlives, but not for too long

Keepalives are a way to have a persistent connection between a browser and a server. Originally, HTTP was envisioned as being “stateless.” Prior to keepalive, every image, javascript, frame, etc. on your pages had to be requested using a separate connection to the server. When keepalives came into wide use with HTTP/1.1, web browsers were able to keep a connection to a server open, in order to transfer multiple files across that same connection. Fewer connections, less overhead, more performance. There’s one thing wrong, though. Apache, by default, keeps the connections open for a bit too long. The default seems to be 15 seconds, but you can get by easily with 2 or 3 seconds.

This is saying, “when a browser stops requesting files, wait for X seconds before terminating the connection.” If you’re on a decent connection, 3 seconds is more than enough time to wait for the browser to make additional requests. The only reason I can think of for setting a higher KeepAliveTimeout is to keep a connection open for the NEXT page request. That is, user downloads page, renders completely, clicks another link. A timeout of 15 would be appropriate for a site that has people clicking from page to page, very often. If you’re running a low volume site where people click, read, click, etc., you probably don’t have this. You’re essentially taking 1 or more apache processes and saying, “for the next 15 seconds, don’t listen to anyone but this one guy, who may or may not actually ask for anything.” The server is optimizing one case at the expense of all the other people who are hopefully hitting your site.

Lower Your Timeout

Also, just in case, since you’re limiting the number of processes, you don’t want one to be “stuck” timing out for too long, so i suggest you lower your “normal” Timeout variable as well.

Log Less
If you’re trying to maximize performance, you can definitely log less. Modules such as Mod_Rewrite will log debugging info. If you don’t need the debugging info, get rid of it. The Rewrite log is set with the RewriteLogUser-Agent or the Http-Referer. I like seeing those things, but it’s up to you. command. Also, if you don’t care about looking at certain statistics, you can choose to not log certain things, like the

Don’t Resolve Hostnames

This one’s easy. Don’t do reverse lookups inside Apache. I can’t think of a good reason to do it. Any self respecting log parser can do this offline, in the background.

Quote:
HostnameLookups Off
Don’t Use .htaccess

You’ve probably seen the AllowOverride None command. This says, “don’t look for .htaccess files” Using .htaccess will cause Apache to 1) look for files frequently and 2) parse the .htaccess file for each request. If you need per-directory changes, make the changes inside your main Apache configuration file, not in .htaccess.

Última edición por wiz; 30/05/2007 a las 19:24
  #9 (permalink)  
Antiguo 30/05/2007, 19:05
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Sería excelente que pusieras la fuente, aunque si no me equivoco, pertenece a este post, no?

Creo que le servirá a muchas personas este aporte, pero si bien estas guias y how-tos con títulos de "como securizar/optimizar tu servidor al 100%" pueden ser útiles, NO las recomiendo para usuarios inexpertos y que no tienen conocimientos suficientes sobre administración de sistemas y que hace cada cambio.

Se mencionan muchos cambios en diferentes áreas del sistema, que no siempre serán positivos para todos los servidores.

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #10 (permalink)  
Antiguo 30/05/2007, 19:13
Avatar de wiz
wiz
 
Fecha de Ingreso: agosto-2006
Ubicación: Argentina
Mensajes: 48
Antigüedad: 18 años, 4 meses
Puntos: 0
Re: Afinando un Server

Cita:
Iniciado por WebTech Ver Mensaje
Sería excelente que pusieras la fuente, aunque si no me equivoco, pertenece a //este// post, no?
Exactamente amigo esa es la fuente, no la quice citar por miedo a que paresca que hago publicidad, ademas de que aun no puedo poner enlaces pues. Los moderadores me tienen aterrorizado jaja ;)

bien por tu aclaracion, aunque creo que un inexperto sabe hasta donde se anima y hasta donde no :)

Mientras mas especializas una configuracion menos sirve para usos generales. Hay ciertos parametros que para un sitio va a ser una mejora y para otro puede que no tanto. Se recomienda un minimo de experiencia, no es para hacer TODOS los puntos. Muchas veces quienes tienen problemas de exceso de uso de memoria por ejempo, simplemente optimizando un poco mysql y spammassasin se logra milagros ;)
  #11 (permalink)  
Antiguo 30/05/2007, 19:16
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Ya me parecía que pertenecía a esos foros

Si, es cierto, cada uno marca sus límites pero igual no están mal las advertencias, igual una persona inexperta que no sepa inglés, con esta guía, creo que no debería ni empezar.

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #12 (permalink)  
Antiguo 30/05/2007, 19:25
Avatar de wiz
wiz
 
Fecha de Ingreso: agosto-2006
Ubicación: Argentina
Mensajes: 48
Antigüedad: 18 años, 4 meses
Puntos: 0
Re: Afinando un Server

Añadi una advertencia en rojo al inicio del how-to, gracias por la sugerencia!
  #13 (permalink)  
Antiguo 30/05/2007, 19:53
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Excelente, jajajaja "consulte con el administrador amigo de su barrio"

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #14 (permalink)  
Antiguo 30/05/2007, 22:16
cascompany
Invitado
 
Mensajes: n/a
Puntos:
Re: Afinando un Server

Wiz, concuerdo que para pegar un texto, hubieras dado el link de donde esta esa informacion y listo.

Por supuesto que MUCHOS aqui, te agradecerán si lo traduces, y ahi si merecería estar aqui posteado, ya que muchos de los que participan no entienden tanto el ingles.

Saludos!
  #15 (permalink)  
Antiguo 31/05/2007, 19:16
 
Fecha de Ingreso: diciembre-2006
Mensajes: 439
Antigüedad: 18 años
Puntos: 1
Re: Afinando un Server

Aqui envio un par de link para Afinar en Seguridad a PHP

http://aymanh.com/checklist-for-secu...-configuration
http://sentidoweb.com/2006/10/06/con...rma-segura.php


Salu2
  #16 (permalink)  
Antiguo 31/05/2007, 21:10
Avatar de WebTech
Hosting Moderator
 
Fecha de Ingreso: octubre-2005
Ubicación: East Coast
Mensajes: 5.399
Antigüedad: 19 años, 2 meses
Puntos: 162
Re: Afinando un Server

Buenos tips, pero no hay que olvidar que en ambientes compartidos, por ejemplo register_globals en off te puede traer muchos dolores de cabeza, si bien es una variable peligrosa y conviene dejarla desactivada, muchos de tus clientes tendrán que reprogramar los scripts personalizados, o dejar de usar aplicaciones comerciales por esto, mismo caso con muchas funciones a deshabilitar desde disable_functions, hay que buscar un balance entre usabilidad y seguridad

Saludos,
__________________
Infranetworking.com - Expertos en Hosting Multidominio, Cloud Hosting, Servidores Dedicados y Administración de Servidores Linux
  #17 (permalink)  
Antiguo 01/06/2007, 17:48
 
Fecha de Ingreso: abril-2005
Mensajes: 196
Antigüedad: 19 años, 8 meses
Puntos: 2
Re: Afinando un Server

Register_globals considero que mejor tenerlo en off y después que cada usuario lo active en su .htaccess si lo necesita...

No te olvides de cerrar las DNS para evitar ataques DDos.
http://www.forosdelweb.com/f92/tutorial-como-cerrar-servidor-dns-380556/

Un saludo!!
__________________

Directorio Web --> Posicionamiento SEO en Imágenes
Proxy Anonimo --> Oculta tus datos al navegar
Atención: Estás leyendo un tema que no tiene actividad desde hace más de 6 MESES, te recomendamos abrir un Nuevo tema en lugar de responder al actual.
Respuesta




La zona horaria es GMT -6. Ahora son las 21:22.