I need advice to secure a web server. I am currently managing an OJS server at my University. This server is often attacked, such as with PHP script injections, to cause malfunction or online gambling contents. What I have done so far:
1. Set permissions (the user owns all PHP scripts instead of www-data, these files are often modified by a third party)
2. File access monitoring ( I log every access that happens in the doc root)
3. daily backup