Restricting one bad virtual host install from impacting other installs on the same VPS
How do you restrict one bad (vulnerable) Virtual Host from affecting other installations on the VPS? A friend also hosts his Wordpress site (basically a one pager for his work) on the same box as I have my personal sites (Wordpress again). All of this is setup as virtual hosts using lighttpd as the web server.
His wordpress site was not updated for some time which was used by an attacker to upload scripts and send emails by the dozen. Since all the wordpress vhosts are within the typical var/www directory and owned by www-data, my installs also have random php files uploaded.
I think this is a typical situation for those who run multiple sites from one VPS (one rotten apple in the basket). How do you typically deal with such a situation?
Use KVM and not OVZ, or better yet- make him someone else's problem. Tell him to get services with a provider you do not use, or care for.
Ah! I didn't know about the KVM OVZ difference. Thank you.
Unfortunately, there is a quid pro quo here, can't push him out. (Will probably put him on a KVM migrating from the current OVZ)
You don't even have to do that; just use something like mod_suphp and run each site as its own user to prevent extra damage.
Thanks @FlamesRunner. I'll have to read up on this.