About site security (if available)
Your service provider configures the security environment
in which your site is hosted. Depending on the security level assigned
to the site, certain services for the site run in protected mode within
the restricted environment of the site’s file system, technically referred
to as a chrooted environment. This
prevents you and the site users from accessing data or resources pertaining
to other sites on the server.
Your site can be configured for one of the following security
To ascertain which security level is configured for your
site, contact your service provider.
High security runs certain services, that are vulnerable
to security breaches, inside the restrictive environment of the site's
The services that are secured are:
CGI scripts can present security loopholes in two ways:
They can unwittingly
reveal information about the host system thus enabling hackers to break
into the system
When the scripts
process remote user input, such as the contents of a form, they become
vulnerable to remote exploits that subvert the scripts to run potentially
High security places cgi scripts inside a restrictive part
of the site's file system.
High security could pose problems if the CGI scripts used by the site
source required libraries or configuration files from outside the site’s
file system, in which case, the necessary files will have to be copied
across to the site's file system.
For example, if a CGI script uses Perl,
then all the Perl
libraries and configuration files must be copied into the CGI directory.
services like Telnet or SSH
allow users to interact with remote computers on the Internet. They can
expose your system to denial-of-service attacks and enable hackers to
run subversive code.
High security locks remote user logins
(administrator and users of the site) to the restrictive environment of
their home directories. When you or any of the site users connect to the
site you are directly logged in to the home directory of your site, preventing
view or access to any system wide resources from the site’s operating
mod_perl and mod_php are modules that allow users to run
scripts on the Web server, thus exposing your Web server to potential
High security disables the mod_perl
services for a site. Scripts using mod_perl or mod_php cannot be run on
In high security sites, the .pl
(Perl) files located at /var/www/perl
and the .php files are run as
CGI processes. However, in 3.1 compatibility and low security sites, the
.php files are managed by mod_php
and the .pl files located at /var/www/perl are managed by mod_perl.
If you want to harness the full power of these services, you must opt
for 3.1 compatibility or low security. To have your security level reset,
contact your service provider.
3.1 compatibility offers a loosely knit security environment
wherein remote login
services are secured, but CGI scripts run in a vulnerable environment.
The following services are secured.
CGI scripts are not locked in the site's file system. This
compromises security but eliminates file sharing constraints posed by
secured CGI scripts.
Telnet and SSH
services are secured as in high security. Remote user logins
(administrator and users of the site) are locked in the protective environment
of the site's file system.
services are enabled for the site. Your site can run scripts using mod_perl
Low security provides an open operating environment. You
can share or access files (depending on file access privileges) residing
on the server. Users of your site are, however, restricted to the home
directory of the site.
Your site is also enabled to run mod_perl
None of the following services are secured for the site.
While CGI scripts reside within the site's file system, the
administrator of the site can access or share system wide resources outside
the CGI-BIN directory.
With low security, administrators can use the Telnet or SSH
service to traverse the file hierarchy outside the site's home directory.
Users, however, are jailed to their home directory within the site.
For IP-based sites, remote access, using the Telnet service, is locked
into the site's file system. When the Site Administrator or the site users
connect to the site they are logged directly into their home directory.
To override this limitation, Site Administrators need to connect to the
control panel server on which the site is hosted. To connect to the server,
contact your service provider for the IP address or host name of the server
and then log in with the user name <user_name>@<site_name>.
services are enabled for the site enabling site users to run scripts using
Site Administrator's Help
Published April 16, 2004