Your service provider configures the security environment for your site. Depending on the security level assigned to the site, certain services for the site run in protected mode within the restricted environment of the site's file system, technically referred to as a chrooted environment. This prevents you and the site users from accessing data or resources pertaining to other sites on the server.
Your site can be configured for one of the following security levels:
To find out the security level assigned to your site, contact your service provider.
High security runs certain services, that are vulnerable to security breaches, inside the restrictive environment of the site's file system.
The services that are secured are:
CGI Scripts
CGI scripts can present security loopholes in two ways:
High security places CGI scripts inside the restrictive part of the site's file system.
Important: High security poses problems if the CGI scripts used by the site source required libraries or configuration files from outside the site's file system, in which case, the necessary files must be copied across to the site's file system.
For example, if a CGI script uses Perl, then all the Perl libraries and configuration files must be copied into the CGI directory.
Telnet/Secure Shell
Remote login services like Telnet or SSH allow users to interact with remote computers on the Internet. They can expose your system to denial-of-service attacks and enable hackers to run subversive code.
High security locks remote user logins (administrator and users of the site) to the restrictive environment of their home directories. When you or any of the site users connect to the site, you are directly logged in to the home directory of your site, preventing view or access to any system-wide resources from the site's operating environment.
mod_perl/mod_php
mod_perl and mod_php are modules that allow users to run scripts on the Web server, thus exposing your Web server to potential exploits.
High security disables the mod_perl and mod_php services for a site. Scripts using mod_perl or mod_php cannot be run on the site.
Important: In high security sites, the .pl
(Perl) files located at /var/www/perl
and the .php
files are run as CGI processes. However, in medium and low security sites, the .php
files are managed by mod_php and the .pl
files located at /var/www/perl
are managed by mod_perl. To take advantage of the full capabilities of these services, you must opt for medium or low security. To have your security level reset, contact your service provider.
Medium security offers a loosely knit security environment wherein remote login services are secured, but CGI scripts run in a vulnerable environment.
The following services are secured.
CGI Scripts
CGI scripts are not locked into the site's file system. This compromises security but eliminates file sharing constraints posed by secured CGI scripts.
Telnet / Secure Shell
Telnet and SSH services are secured as in high security. Remote user logins (administrator and users of the site) are restricted to the protective environment of the site's file system.
mod_perl / mod_php
mod_perl and mod_php services are enabled for the site. Your site can run scripts using mod_perl or mod_php.
Low security provides an open operating environment. You can share or access files (depending on file access privileges) residing on the server. Users of your site are, however, restricted to the home directory of the site.
Your site is also enabled to run mod_perl and mod_php scripts.
None of the following services are secured for the site.
CGI scripts
While CGI scripts reside within the site's file system, the administrator of the site can access or share system wide resources outside the cgi-bin directory.
Telnet / Secure Shell
With low security, administrators can use the Telnet or SSH remote login service to traverse the file hierarchy outside the site's home directory. Users, however, are restricted to the home directory of the site.
Note: For IP-based sites, remote access, using the Telnet service, is locked into the site's file system. When the Site Administrator or the site users connect to the site they are logged directly into their home directory. To override this limitation, Site Administrators need to connect to the control panel server on which the site is hosted. To connect to the server, contact your service provider for the IP address or host name of the server and then log in with the user name <
user_name>@<site_name>.
mod_perl / mod_php
mod_perl and mod_php services are enabled for the site enabling site users to run scripts using these applications.