grsecurity forums

[redduck666]

hello, recently someone broke into a server through X page, the problem is that they were able to get data about page Y which is on the same server. can i prevent this kind of behaviour and retain functionality?

[katmai]

usually you can secure apache using mod_security / mod_evasive / enable php SUEXEC / disable enable_dl in php.ini config / disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open in php.ini / work on open_basedir protection /

those tweaks should help you a lot in increaing server security.