Low Security Option - CLICK HERE

Standard Security Server Settings:

In a shared web hosting environment (where you share a web server with hundreds of other websites) - it is vital to have the highest possible security settings, so as to keep all sites on the server secure.

The following is a short list of the security options provided (ask us if you don't see something listed here):

FTP

• Anonymous FTP Logins: Disabled
• Anonymous FTP Upload: Disabled

E-MAIL (non GOOGLE APPS accounts - see GOOGLE APPS documentation for specific information about GOOGLE APPS)

• The maximum each domain can send out per hour: 100
• You must use your ISP's outgoing SMTP to send E-Mail.
• You may NOT archive/store e-mail on our servers.
• You may NOT send SPAM.
• You may NOT forward e-mail OFF NETWORK (off network forwarding causes false positive spam complaints)

If you choose NOT to use GOOGLE APPS, then you are restricted to our Default E-Mail System.

E-MAIL LISTS - we do NOT allow any E-Mail Lists of any kind.

That doesn't mean you cannot have E-Mail Lists, it just means you can't use your shared web hosting account to host E-Mail Lists.

Google Apps E-Mail allows for some very simple E-Mail Lists, but it could not be used for anything commercial. See GOOGLE APPS documentation for specific information about GOOGLE APPS.

CLICK HERE TO READ the WHITEPAPER on E-MAIL LISTS.

MySQL

• Port 3306 - CLOSED

PHP

• The following are TURNED OFF for security reasons:
  register_globals
  enable_dl
  ini_set
  show_source
  system
  shell_exec
  passthru
  exec
  popen
  proc_open
  allow_url_fopen
• PHP Register Globals: Off
  
• PHP Max Post Size for cPanel PHP in Megabytes: 55M
• PHP max execution time for cPanel PHP execution in seconds: 90
• PHP Max Upload Size for cPanel PHP: 50M
• Loader to use for internal cPanel PHP: ioncube
• upload_max_filesize: 2M
• memory_limit: 64M
• max_execution_time: 30
• max_input_time: 60
• safe_mode: Off
  .

 

ini_set - EXAMPLE ERROR: PHP Errors: Warning: ini_set() has been disabled for security reasons

You may encounter this or similar error by running a PHP script that uses ini_set. It is common knowledge that this function is considered to be dangerous to a shared hosting environment, as this setting allows PHP scripts to override global security and performance settings for PHP scripts - thus, it is disabled on our main PHP configuration. We have disabled most insecure PHP functions and are unable to allow them for any specific users due to potential security issues.
To remove this warning, edit your PHP script and remove the entire line where the disabled function is mentioned or insert this line on the top of PHP script:
error_reporting(0);

PHP Register Globals: Off - Global variables are a horrible hold over from the PHP 3 days. In most distributions register global variables is set to off (and thankfully it won't be supported in future versions of PHP).
Register globals allows various HTTP variables to be used without specifying their source.
For instance, if a developer wants to use a URL variable named 'id', for instance from the URL request index.php?id=4, with globals they can simply use $id rather than $_GET['id'].
This is a great convenience but it can cause collisions.
For instance, if a form post uses a variable called 'id' and there is a variable $id defined in a script and a user alters the URL of the script to include an 'id=' in the URL which variable has precedence?
Even more damaging is the ability of attackers to override configuration variables such as DOCUMENT_ROOT from the URL.
This can cause no end of problems, especially if attackers are able to call scripts that are normally included in other scripts and expect predefined variables, which could be overwritten via GET variables by an attacker.