Say I have http://www.foo.bar
and I let my registered members have their own subdomain like http://fred.foo.bar
what are the potential dangers there?
Lets say that each user can upload and download files via FTP to their subdomain document root.
assuming that they have the ability to upload PHP and javascript files, is there a way to lock these scripts to only their subdomain? will other members be in danger? will the server be in danger?
Simply speaking: your domain may be grabbed by the FBI because some dude puts something on his site that is illegal.
Happened. Some weeks ago. FBI went behind child porn and seized domains... i think one of them was wnned by a provider (child porn in a subdomain) and had like 70.000 subdomains, which all went "dark" (showing a seized comment). Took 2-3 days to fix this.
There's always a risk that someone can take advantage of a bug or gain privileged access, especially using a cleartext transfer protocol like FTP. The hazard mostly lay in your permissions granted to the user and how you sandbox each user in.
A blanket security checklist isn't necessarily applicable because we don't know how you're implementing this in the first place; the server OS, the server for content, how you're jailing them, etc.
And security is a process, not a checklist.
Really the only thing I could tell you is assume all your users are malicious, sandbox them as much as possible, check your permissions on subdirectories to grant the least privileges necessary and make sure you have good backups and a file checker that does checksums in place to check for malicious activity as well as a good update procedure in place to keep the latest patches applied. Beyond that there's not much detail to your question and the question is so wide that the topic can fill a book...
Yes, if you let people run random PHP scripts or other CGI scripts/executables, they can use those to do all sorts of things on your server. Assuming a Linux server, the first thing you should do is make sure that every user's directory is accessible ONLY to its owner and to the group of the webserver and then ensure that the webserver is configured to run all PHP scripts and other CGIs through something like suphp/suexec so that they execute as the user who owns them, instead of executing with the webserver's permissions. Otherwise, if the users' files are world readable, then any PHP script can read them too. If the PHP scripts are run as the webserver, then the PHP scripts can read or write to any file that the webserver can read or write to, and that may include other people's scripts.
Protecting the users from each other is only the first step. Protecting the server from the users is the next, and requires a lot more work and continuous vigilance. For this, setting quotas (to keep users from filling the drive) and auditing permissions on things the users should not have access to would be just the beginning.
Since this is not mentioned already...
Some one may be able to convince a CA to issue a SSL certificate for the parent domain and not just their own subdomain.