Mike napsal(a): > Some suggestions: > (Already mentioned) Keep php scripts up to date! This is paramount > (Already mentioned) mount /tmp on loop with noexec > (Already mentioned) php.ini: allow_url_fopen = off > (Already mentioned) Learn how to use mod_security effectively > (Already mentioned) Block outbound tcp/80 with iptables/etc > (Already mentioned) SELinux can provide more fine grain control over > - "who" can do "what" > (Already mentioned) Use UNIX permissions to restrict access to > - wget/curl/ncftp/lynx/etc > > Additional: > php.ini: disable_functions = system,exec,passthru,shell_exec,pcntl_exec > For php 4.x I would add also safe_mode=On. sed -i 's/safe_mode = Off/safe_mode = On/' /etc/php.ini David Hrbáč