Hardening OpenX

Updated: October 18, 2010

The most important step to harden you OpenX installation is to upgrade to the latest version and then keep it up to date. You can check if you are running the latest version in the Configuration>Product Updates in the administration interface. This will prevent OpenX from being exploited due to any known vulnerabilities. After you have done an upgrade you should delete the install.php and install-plugins.php files from the /www/admin directory. Once you are you sure the upgrade has been successful you should remove the old OpenX installation from the server. You also need to keep plugins updated. It is also important to keep other software running on the sever up to date, particularly phpMyAdmin.

You can also take a number of extra steps to harden the OpenX installation:

If you are not using a plugin you should remove it, so that there is not a possibility that it can be exploited.

If you are on a shared server you should set the permissions of the OpenX files and directory as low possible, you can contact you provider to find what permissions they recommend. The configuration file should be set to read-only.

Instead using admin or administrator as the username for the administrator account, use a unique username. This cannot be done in the administration interface, but can be done in phpMyAdmin or other database administration tool. You should also use a strong password.

You can provide an extra layer of security for administration interface by password protecting the directory or restricting the IP addresses that can access it. To secure the transfer of information to and from the administration interface you should enable SSL, this requires that your server that supports SSL and you have an SSL certificate. Instructions for enabling SSL for the administration interface are located here.