advice request for shared hosting and security issue
I have a Debian Squeeze web server running PHP-FPM, fastcgi with apache2. I used dotdeb sources to install php-fpm and fastcgi. There are many vhosts defined on them, each has their own pool configuration and working without problems.
My current problem is about the PhpSpy program. It is a PHP file that runs dir, chdir, readdir commands and let the user traverse the file system and read files. I couldn't figured it out a solution for it.
I used chroot option at the pool configuration which didn't worked. It seems there is a but with Apache2 and Fastcgi usage. I enabled suexec also which didn't helped.
I can try to disable opendir, chdir commands globally then some php files under vhost directories will be broken.
What is the solution? Should i set chroot? If so how? Any working combination will be great for Debian Squeeze.
I will be appreciated if there is an easier solution also.
Below include the detail conf files and my question i asked to stackoverflow:
Will be great if someone help.