mod_userdir Print

  • 4

Shared

Because of this module, cPanel clients often think that they have been hacked, when in fact this is not true.

Apache mod_userdir allows any person to display their own web content on another person's domain name by placing "~username" at the end.

The actual content in these cases is hosted from the trailing user name and not the domain name, which so far has not been compromised.

EXAMPLE

So if my domain name is "bigjerk.com" and my user name is "big", I can list any other domain name that shares a server with me (e.g. "notavictim.com") and place my user name at the end like so...

http://notavictim.com/~big/

This will display the "bigjerk.com" website, but looks like the content belongs to "notavictim.com".

This feature is difficult to disable, so we normally do not.


Was this answer helpful?

« Back