To suPHP or not to suPHP?

I am running a PHP site that IMHO, is programmed a little shoddily and is slow with mySQL queries and what not. I am not a programmer but have hired someone else to do it.

My main concern is security then speed. As it is right now, loading a log-in page takes an average of 4000+msec with ab -n 100 -c 100.

The site is expected to have large bursts of visitors, probably 100s of hits a second.

Currently it is running suPHP with Suhosin. I am thinking of changing that to FCGI + Suhosin + suEXEC. Will that be as secure as suPHP? The reason for wanting to change is so I can use xcache and the like and hope for some acceleration of some pages.

Thanks for any advice.

5 Replies

You don't say what distro you're running so some of this might not matter.

I'm running apache2+fastcgi_2.4.7+php5.2+APC+suexec on my ubuntu 10.04 web servers with good results. There are a few snags you should be aware of.

Php-cgi needs to be set as the process manager for the php interpreter not fastcgi. This is because APC will only share cache across one process. This isn't a big issue, but it has some trickle down effects.

You need to use fastcgi instead of fcgi because of the way fcgi issues php calls to the cgi process (1 render call per php-cgi manager pid). Just set maxClassProcesses to 1 in your fastcgi config, and then set PHPFCGICHILDREN in your wrapper script to how ever many php processes you want running.

There's a bug in the latest version of fastcgi in the 10.04 repo (bug). I pulled down a newer version from a ppa that some one put up with the recompiled sources from 11.04.

All that said, it wont help against sql injection attacks etc, you need to be aware of all the vectors.

Hope that's helpful.

Thanks for the reply. It was helpful. :D

This thread seems to be a few weeks old, but just for the record…

How many sites do you plan on running on your Linode?

suphp/suexec gives you extra security only if you have more than one site on the same server, and you don't trust the administrators of those sites. (Think of a web hosting business.) The primary purpose of suphp/suexec is to isolate sites from one another, so that one hacked site won't affect other sites. It doesn't bring any additional protection to individual sites, so it won't make sense if there's only one site.

The popular nginx + PHP-FPM stack uses the exact same security model, by allowing PHP scripts to run as any user you specify. IMO it's easier to set up and maintain than an Apache + FastCGI + suExec setup, and often saves RAM. But if you're comfy with Apache, that's also fine.

Just 2 sites and I am the admin for the sites. I however, do not control the code.

My main concern is that if someone manages to take a site down without suEXEC, they could gain root or abuse the other site.

Is my assumption correct?

Investigate app armor, it maybe overkill but it's a darn good way of restricting what php can do.

However you should audit the code that's on your server, that's part of being a good sys admin.

I personally run nginx+phpfcgi which can run php under a separate user for each site.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct