• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Question Webspaces... a good or bad idea?

Dave W

Dave W

Regular Pleskian
Hi all,

I just wanted to start a discussion about the topic because I am starting to not like the idea that one compromised site has access to the other sites within the webspace.

Why were webspaces brought in at all?

I just wanted to know what opinions are out there?

Rgds
Dave
 
If done properly, a compromised site should _not_ have access to files of other customers.
By default, Plesk subscriptions won't have access to files of other subscriptions on the same server.

Did you have a security incident? If yes, what was the incident?

Things to consider:
* Make sure "Restrict the ability to follow symbolic links" is checked in your service plans
* But be aware of this: "Restrict the ability to follow symbolic links" option is not synced with Subsctiptions

Also read:
How to secure a Plesk server
 
If any site fun under difert user you will not have any security issue, if you have multiple sites under suscription runing under same user, you may have some issues if one of that sites be compromised.
 
What I'm referring to is when there is more than one site in a webspace, if one of those sites is compromised then because PHP is running under the same user, malware can move to other sites within the webspace quiet easily. I'm just curious as to what the purpose of a webspace is, shouldn't each site have its own webspace?

I'm just not seeing the advantage of allowing more than one site per webspace, subdomains maybe, but even then I don't think its a good idea. Am I missing something here?

Dave_W
 
Hello,

For security reason (isolation by using different system users) each website (domain with website hosting) should be in it's own webspace/subscription until two websites need to share some local files.
 
You must log in or register to reply here.

Similar threads

Code-Specialist
Question Additional (no root) User for PHP Script across all Resellers
Replies
0
Views
272
Code-Specialist
Code-Specialist
C
Issue New Configuration not created
Replies
3
Views
430
Peter Debik
P
M
Issue Wordpress + Nginx -> connection timeouts / 503 error
Replies
0
Views
749
milez-oh
M
H
Issue Unable to Access WordPress Site After Recent Update
Replies
1
Views
745
Peter Debik
P
G
Question WP installs are quarantined daily.
Replies
4
Views
718
Bobbbb
B
Back
Top