Inout Adserver is a commercial PHP/MySQL product. Public vendor material documents product features and runtime requirements, but it does not publish a formal public security policy/advisory process equivalent to many open-source projects.
Based on available vendor documentation, hardening should focus on strict perimeter protection, role segmentation, and anti-fraud signal monitoring.
Vendor minimum requirements list PHP 7.2 and MySQL 5.0+ with ionCube loader support.
Security stance:
- do not deploy on bare minimum legacy runtime; use currently supported PHP/MySQL versions compatible with your licensed release
- isolate this app behind a hardened reverse proxy (TLS, headers, rate limits)
- keep DB private to local/private network only
- patch OS, web server, PHP modules, and control panel stack continuously
¶ 2) Lock down admin, sub-admin, and single-sign-on paths
Vendor feature list highlights Sub-Admin accounts and optional single-sign-on mode.
Hardening controls:
- disable or tightly restrict SSO mode unless required
- define least-privilege sub-admin roles (billing, moderation, support)
- restrict admin login by network/VPN if possible
- audit high-risk actions (fund movements, ad approvals, payout changes)
¶ 3) Protect money and payout workflows
The platform supports advertiser funds and publisher withdrawals.
- require dual-control for payout approval where possible
- enforce MFA on all accounts with payout/payment privileges
- review currency conversion and bank/check approval logs daily
- separate operational users from finance-approval users
¶ 4) Use built-in anti-fraud features as mandatory controls
Vendor documentation lists fraudulent/repetitive click tracking, proxy click detection, bot click detection, and click-history controls.
- enable all anti-fraud checks by default
- monitor invalid/fraudulent click spikes per publisher and campaign
- trigger automatic quarantine/review for suspicious publisher traffic
- retain forensic logs for dispute handling
¶ 5) Secure integrations and messaging
Vendor docs note configurable SMTP and API/XML-oriented integration features.
- secure SMTP with authenticated TLS and restricted credentials
- rotate API/XML integration credentials on a schedule
- protect ad code generation/distribution endpoints from unauthorized reuse
- disable unused add-ons/modules to reduce attack surface
- Inout Adserver product page (version and platform overview): https://www.inoutscripts.com/products/adserver/
- Inout Adserver features page (requirements, anti-fraud controls, sub-admin model, SMTP): https://www.inoutscripts.com/products/adserver/features/
Any questions?
Feel free to contact us. Find all contact information on our contact page.