How to Prevent Cross-Site Infection on OLS Server?

[Hunk2024]

Hi OLS Team,
Is there a way to prevent hackers from infecting all websites on the same OLS server?
Last week, one of my websites was hacked due to a vulnerability in a WordPress plugin, and unfortunately, all other websites on the same server were compromised as well. Is there any way to mitigate this risk in OLS?
Thanks!

 

[Cold-Egg]

May I know if there's any control panel on the server? And, do you use the same user account for all the virtual hosts?
Features like namespace can implement sandboxes to isolate files, users, processes from all others.

 

[Hunk2024]

May I know if there's any control panel on the server? And, do you use the same user account for all the virtual hosts?
Features like namespace can implement sandboxes to isolate files, users, processes from all others.

Thanks for your reply. namespace is mainly working on litespeed process, but i use wordpress and the affected files are php fiiles. is there a way to manage php process to avoid infection from other wesites on same server?

 

[Cold-Egg]

That should be included through. You can also consider implementing suEXEC, but this may not work if all the accounts run as the same Linux user&group. You might also want to check if open_basedir helps or not in your case.

 

[Hunk2024]

May I know if there's any control panel on the server? And, do you use the same user account for all the virtual hosts?
Features like namespace can implement sandboxes to isolate files, users, processes from all others.

no, i bought vps like vultr and linode and use linux comand to set up OLS and then to host the wordpress. in this case, what methods can be done on free openlitespeed server to malware infection from 1 website to all on same OLS server? Thank you, please advise.

 

[LiteCache]

no, i bought vps like vultr and linode and use linux comand to set up OLS and then to host the wordpress. in this case, what methods can be done on free openlitespeed server to malware infection from 1 website to all on same OLS server? Thank you, please advise.

OLS is just a web server for delivering data. However, OLS is neither a firewall nor a web application firewall or an introduction detection system. If you expect protection against cross-site infection, then your expectations of OLS are wrong or inaccurate. Cross-site attacks take place in the application layer, usually based on PHP. Therefore, the primary protection is to at least limit the typical leaks. Limitations can mean restrictions on required functions, making it almost impossible to strike a balance between security and sufficient functionality.

However, you can take precautions by, for example, preventing your server from being searched for known leaks. Such a procedure is relatively easy to implement with on-board resources (modRewrite). However, you need a basic understanding of how "hackers" think.

Always keep WordPress and all plugins up to date and don't install every plugin just because it supposedly has useful functions. 2/3 of all plugins are poorly programmed!

 

[Cold-Egg]

You might also want to consider using some free control panels with OpenLiteSpeed, as they automatically create a Linux user:group for each account and enable PHP suEXEC by default, offering enhanced security.