On Thursday 28 May 2009, Alan McKinnon wrote:
> On Thursday 28 May 2009 21:51:26 Stroller wrote:
> > > So I recommend option 4:
> > >
> > > Pony up the money for server #2
> >
> > Just for the sake of satanic advocacy, could you indulge me, please?
> >
> > Let's say Mick is the administrator for all domains in question. He
> > decides to run the two sites on different machines, one for
> > MickBlog.org and one for MicrophoneShoppe.com. If MickBlog is
> > insecure, what makes you think he will administer MicrophoneShoppe any
> > more securely?
>
> I suffer from a healthy dose of paranoia :-)

Well, it is commonly said that the fact you are paranoid doesn't necessarily 
mean they are not out to get you!  

> Added to that, my employer is an ISP and not shy with budgets, so a
> purchase order for new hardware in a case like this will not raise any
> eyebrows. For me, it's a low level of risk high impact scenario and the $
> cost is low.
>
> In a budget-constrained environment, it would obviously work very
> differently

Well, I am in a very cost constrained environment I'm afraid.  Good advice 
given here - I am now thinking that a virtual server is the next stage.  Any 
idea how it would run on a single CPU machine - or must we bite the bullet 
and go for some multicore monster?

> And yes, I do indeed not trust php code at all. I've seen the audit results
> of too many php projects that were diligently hardened and what it took to
> get them from working state to an acceptably secure state.

I haven't your specific experiences of course, but have read about and seen a 
few horror stories of cracked phpBB implementations that I know I would not 
be able to sleep at night ... especially as one of the hosted websites is 
running some home brew of php+perl.

Still, at least formally it is weak passwords that are usually blamed for most 
compromised servers.
-- 
Regards,
Mick