On 1/25/2014 6:20 AM, Always Learning wrote: > On my setup I have all web pages in a special root directory > > /data/web/do/domain-name/sub-domain-name/files ..... > > with a non-standard user having rw-r-r > > Apache can't write to anything except > > /data/web/logs/ > > I have self-created web site defences which, instantly after the first > hacking attempt, block the hacker's IP address. I am not giving hackers > unlimited opportunities to continuing trying to break-in. and you have configured SELinux to allow all this? FWIW, I usually put websites in /home/someuser/html where each virtual host has its own user account who owns said files, and manages his own stuff. even if that user is really me, I use sudo to log on as a given user to edit that site's files. re: your intrusion detection system, mod_evasive is a useful tool for creating such. -- john r pierce 37N 122W somewhere on the middle of the left coast