Hardened PHP deployment on Ubuntu

Here is a list of things that I was about to type up. There are other things you can do, like Suhosin, but the first link is a good start to this.


As you can't really trust your app developers to write secure code, you'll have to limit the attack vectors non-secure php code could provide. Using user input without proper sanitizing as SQL or as an argument to open() are classic examples of things that go wrong.

My brief list:

  • put the php environment inside a chroot jail, to limit the risks to the host.
  • make sure the php apps don't access the same databases which are used otherwise.
  • rate-limit (and monitor) outgoing mail. If there's a way to send email with user-specified content and address, some spammer will sooner or later find and exploit it.

I'm sure there are plenty of other things I either don't know about or I can't remember any more.

There are also plenty of stuff you as an administrator can't prepare for. For example, it's very hard to control cross-site scripting risks and to make sure mechanics inside the apps don't encourage any malicious use cases, such as using the app as a drop box for bad stuff like rootkits.