Secure
Shell Access (SSH)
We require using SSH, instead of
telnet or rlogin, to gain shell access to our servers.
Normally, when using telnet or rlogin, data is sent
over the network in a clear, un-encrypted form. Network
sniffers anywhere in between the client and server can
steal your user/password information or data transferred
in your session. OpenSSH offers a variety of authentication
and encryption methods to prevent this from happening.
Encryption is started before authentication, and no
passwords or other information is transmitted in the
clear. Encryption is also used to protect against spoofed
packets.
When you login with your SSH client, use the following
settings:
Remote Host Name: www.YOURDOMAIN
User Name: (same as your FTP user name)
Password: (same as your FTP password)
Using
CGI
In order to execute your CGI scripts
or programs, they must have the correct permissions.
To make something executable, it must
have a bitmask of 750, or rwxr-x---, or "Owner:Read,Write,Execute;
Group:Read,Execute; Other:No Access" Your FTP
client software should have an option to use chmod
or set file permissions, and within those options,
you should recognize one of the above conventions
You may also need to customize your
scripts for our particular environment. Here are some
common items used in CGI:
Physical path to your cgi-bin directory:
/www/www.yourdoaminname/cgi-bin/
Path to Perl: /usr/bin/perl
Path to Sendmail: /usr/sbin/sendmail
Path to MySQL: /usr/local/bin/mysql
If we determine your script to have
a security vulnerability, or it is consuming large amounts
of resources on the server, the CGI will be disabled
and we will notify you of our actions and possible solutions
immediately.
Using
PHP
Your PHP files must be named with
an extension of ".php". Please refer to http://www.php.net/
for documentation and tutorials on how to use PHP.
Using
MySQL
You may request a MySQL database
created for your use. Go to your Control Panel and select
Options, then check the MySQL box. You will receive
a confirmation email with the necessary information
to login to your database. Please see http://www.mysql.com/
for documentation about using MySQL.
Using
.htaccess
You may use htaccess to provide access
control for your website or any subdirectory within.
How to password protect a directory
of your website:
1) Create a text file called ".htaccess"
with the following contents:
AuthUserFile /www/www.YOURDOMAIN/etc/htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Area"
AuthType Basic
require valid-user
2) Now you need to generate a password
file called "htpasswd":
You can generate the file in an SSH session directly
on the server, by typing the following at the command
prompt:
htpasswd -bc /www/www.YOURDOMAIN/etc/htpasswd USERNAME
PASSWORD
Securing your content
We've done our best to ensure the security of your information
and content. There are some things you should also do
to protect your files.
Passwords- Your password should be at
least 6 characters and include a random mix of upper-case,
lower-case, as well as numerals and special characters
(such as &, ^, $, etc). You should never use a
password based on a word that can be found in the
dictionary, they may be guessed by a cracker.
File Permissions- The following table
will give you the correct file permissions depending
on the type of file:
| Use this
mode: For: |
|
| 644 or
rw-r--r |
HTML files, images,
static content: 644 or rw-r--r-- |
| 750 or
rwxr-x |
CGI scripts and programs |
| 640 or
rw-r |
Data files that are
accessed by the CGI and not directly by the web
server |
Directory Structure- The following table
shows your default directories and their intended
purpose
| Directory name: |
Purpose: |
| /cgi-bin |
CGI scripts go here |
| /htdocs |
Web content goes here (HTML files,
images, etc) |
| /etc |
CGI configuration files, password
files for .htaccess |
|
