Server Script Security

Allowing users to run scripts on your dedicated server can be a frightening experience. Not only must you trust in their sincerity, but also trust that they will not be negligent in securing any scripts they run. Furthermore, most scripts these days are complex content management systems that may have thousands of functions. A vulnerability in one may not be exposed until considerable time has passed.

Rather than sit on your hands and hope for the best, there are proactive measures you can take to make sure your server stays secure.

1. Check for world-writable files. When some users configure their scripts, they give them the most liberal permissions possible. These files are just begging to be exploited, especially if they are configuration files containing passwords.

2. Immediately lock down any problem scripts. It may be more diplomatic to give a user time to fix the problem, but that whole time, an attacker is still hitting your server and possibly your other customers. Let your user figure out the problem, but not at the expense of others.

3. Use an application firewall. I have mentioned this one on several occasions. Application firewalls, like ModSecurity, can greatly reduce the risk of web apps being exploited.

4. Use script installers for popular scripts. This way, users do not have to configure and secure their web apps themselves.

5. Run security audits. There are many tools that can help you find any vulnerabilities on your server, especially when it comes to scripts.

Finally, it is a good idea to send out reminders to users to secure any scripts they might be running. You can also recommend security tools, especially to those who are writing their own scripts. With a little effort, you can keep your server happy and secure.