Top Menu

Unix Security Notes

On Sun Solaris, due to the Unix system architecture, you will have read access to all of the non-sensitive (ie. not the passwords or such files, but almost all the rest) areas of the server via Telnet or SSH. This is not a security hole and is the way all Unix servers work. Our servers have the maximum security possible on a multi-user Unix server. If you are used to Windows, DOS, and/or Mac, you have to understand the very different Unix-based operating system to fully comprehend the difference. Via FTP, you are restricted to your home directory (it becomes /) and can not go outside it.

If you would like to restrict access to your home directory - allow full access only for yourself and the minimum necessary for the server daemons - so that other users can not read it, but HTTPD, FTPD, procmail, etc. still can, you should execute chmod 711 within your home directory using your shell login. Please note that the public_html directory has to be 755 for proper web page delivery and cgi script execution.

Make sure your files are secure -- if you set the file permissions wrong on your files, then other users, or a rogue CGI script on another customers site, may be able to delete or change those files. Do NOT make files world writable unless you don't mind this happening, instead use suEXEC or cgiwrap. Files must be world readable to be served by the web server software. FrontPage-enabled accounts may require different permissions for certain operations.

Keep your password to yourself -- do not give it to anyone else unless you don't mind all of your site being deleted by them or anyone they may hand the password on to. You are responsible for all use when logged in under your username. If you suspect your password has been discovered by someone (eg. you seem some files in your account that you didn't upload), change it immediately. You should change your password regularly - at least once a month. Make sure to use a full eight character password composed not only of alphanumeric characters, but also others (* ) $ # ; " + _ and so on). Your password should never a dictionary word, numeric only, or anything else easy to guess.

Make sure to keep full copies of all your files locally. If you are running live forums or some other such area on the site with dynamic content, make sure to make a local copy of all the changed files frequently. Also, do not store any sensitive data (eg. credit card numbers) on the server. Such sensitive data should be communicated directly to your online processor(s) and/or sent viaencrypted E-mail and never stored on a multi-user server.

Although we do all in our power to protect your data and upkeep our server security, given the nature of the internet (no server is absolutely secure unless it is disconnected from the internet), we can make no guarantees. You should do all you can to safeguard your password, as well as your data.

Sometimes you might find a "core" file in your home directory; this is nothing to worry about. It is produced by the server when a program or process you are running (such as the weekly automatic stats or procmail) crashes. This file simply contains the contents of the server's memory at that moment in time. The usual task to perform on this file is to simply erase it. Please erase it from your directory space if you ever discover one there. It exists in case we needed to examine the system's memory contents to help us discover the problem and is rarely necessary.

If you have any questions or concerns about security, please feel free to contact Technical Support.