On Sat, 2014-01-25 at 08:32 -0500, Steven Tardy wrote:
the problem with your /var/www/html permissions is the user/group "apache" can write to directories and files. which can be used by anyone on the internet(bad guys) to use potentially exploitable dynamic pages(.php/.cgi/etc) to add/modify files on your server. this is a bad thing. SELinux may offer some protections. i would: chmod -R g-w /var/www/html chown -R somewebuser /var/www/html (replace somewebuser with the unix user account to modify the website.)
On my setup I have all web pages in a special root directory
/data/web/do/domain-name/sub-domain-name/files .....
with a non-standard user having rw-r-r
Apache can't write to anything except
/data/web/logs/
I have self-created web site defences which, instantly after the first hacking attempt, block the hacker's IP address. I am not giving hackers unlimited opportunities to continuing trying to break-in.