Learn about Centmin Mod LEMP Stack today
Register Now

PHP-FPM suhosin7 - dead?

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, Sep 11, 2016.

  1. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    12:07 PM
  2. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    4:07 AM
    Perhaps it is not a good idea to depend on suhosin.

    Just like the development timeframe for suhosin7. The same goes exactly for suhosin.
    From 2010 to 2012 and 2012 - 2014, both (nearly) 2 years without releases or updates.

    From the suhosin FAQ:

    If you are using centminmod you do have your own server with its own managed code by yourself as admin.
    So there is no need to use suhosin if you ask me.
    If you are running websites for 3th party's, you could check Cloudlinux for that job.
     
    Last edited: Sep 11, 2016
    • Like Like x 1
  3. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    12:07 PM
    I trust my code of course.

    CloudLinux has security features like that for PHP?... Unheard.

    I believe CloudLinux is not supported by centminmod though.
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,987
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    12:07 PM
    Nginx 1.13.x
    MariaDB 5.5
    yeah Cloudlinux isn't supported by Centmin Mod though maybe way into the future when Centmin Mod Premium membership numbers grow, I might look at Cloudlinux support so can get their CageFS working for fully isolated site, user/vhost sites for Centmin Mod :)

    But you'd need to pay for it too CloudLinux - Main | New template

    Code (Text):
    NUMBER OF LICENSES    MONTHLY PRICE
    (ANNUAL PRICING AVAILABLE)     YOU SAVE
    1    $14    0%
    2-4    $12    14%
    5+    $10    29%

    you +1 agree

    Unfortunately, like all open source code, you're at the mercy of the developers' timeline and priorities for working on their codes :)
     
  5. Oxide

    Oxide Active Member

    502
    29
    28
    Mar 19, 2015
    Ratings:
    +54
    Local Time:
    12:07 PM
    surely agree, but you also use xenforo - you never know when the next exploit comes to xenforo.. suhoshin could actually help and prevent a lot.
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,987
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,767
    Local Time:
    12:07 PM
    Nginx 1.13.x
    MariaDB 5.5
    then need to wait for suhosin php 7 support :)
     
  7. bassie

    bassie Active Member

    494
    104
    43
    Apr 29, 2016
    Ratings:
    +312
    Local Time:
    4:07 AM
    The PHP development cycle is a lot faster these days, in short they quicker release new versions behind each other and shedding old versions even faster. Given the break which the suhosin team regularly takes of 2 years or more it is not likely that suhosin7 will have a long existence.

    You could use CSF with several blacklists. A lot of known bad servers are then blocked.
    A lot quieter with those lists. The blacklists are automatically updated.

    Any bad servers that transfers to white (new owner or so) can visit the forum as it should be.
    (For example) The day after it is removed from the upstream blacklist.
     
    • Informative Informative x 1