I have many VPS servers with 3 or 4 sites per server. Most sites are WordPress-based
In the past 2 years I've received 3 attacks to compromised plugins, which not only affect the site with the plugin, but all the sites in the same server
Since Apache2 is always running with www-data user (or any user defined in the config), the site
scripts through Apache , have write-access to all core files, not only from the site, but the entire server where www-data is the owner (a.k.a. all the other sites) in /var/www/html to name some directory.
According to most guidelines, the classic permissions are 755 for directories (full access to owner, www-data) and 644 for files except for wp-config.php which is 600. But with a compromised php file within the web server all three permissions have 7 or 6 for the owner, which mean, perfect r/w access.
The classic solution I've read in the past is the multiple Apache2 chrooted simultaneously processes, each with a different user. But I seriously doubt many people do this in practice, because it's complex to maintain. Looks better in theory than in practice specially when you own like hundred of sites, having to maintain hundreds of apache2 chrooted processes.
So here is my question: Have anyone any other ideas to avoid this specific scenario?
