Geeklog Forums

I just switched servers with my host. The old server used an ensim control panel. The default paths were

/home/virtual/site125/fst/var/www/html/
/home/virtual/site125/fst/var/www/cgi-bin/
/home/virtual/site125/fst/var/www/cgi-bin/geeklog

The new server uses a Direct Admin Control panel. The default paths are

/home/"myaccount"/domains/"mydomain"/public_html/
/home/"myaccount"/domains/"mydomain"/public_html/CGI-Bin
/home/"myaccount"/domains/"mydomain"/geeklog/

On the old server I created a folder called geeklog for all the files except the public_html files. Somewhere in a post or the instructions it said the cgi-bin is a good place to place the geeklog dir because the cgi-bin is outside the public_html dir. I placed geeklog dir in the cgi-bin.

If you look at my new server path, the cgi-bin is in the public_html. Since geeklog dir shoudn't be in the public_html, I just put the geeklog dir outside the public_html. I'm concerned however because I've read posts that the cgi-bin can have security risks if its in the public_html dir. Can someone confirm that this poses a security risk or not? The cgi-bin in the public html is my hosts default install. The cgi-bin is 755 the htaccess file is 644.

I don't know what else to add. If my question seems unclear or longwinded I apologize. I'm a newbie. I did get the install to work. Its just a security question.

I'm using a DA control panel. On mine, I can create extra directories at the same level as public_html outside the webroot. Have you tried to do this?

I don't know if there's more of a security risk if the cgi-bin is inside the public_html compared to being outside of it. In a cgi-bin, usually files not set to 755 cannot be accessed directly. Why don't you request some of the files you placed in it and see whether the server returns an error or allows you access to them. If you can't create a directory outside, you can always password protect the cgi-bin or whatever directory in public_html you choose for extra security.