Shared
Because of this module, cPanel clients often think that they have been hacked, when in fact this is not true.
Apache mod_userdir allows any person to display their own web content on another person's domain name by placing "~username" at the end.
The actual content in these cases is hosted from the trailing user name and not the domain name, which so far has not been compromised.
EXAMPLESo if my domain name is "bigjerk.com" and my user name is "big", I can list any other domain name that shares a server with me (e.g. "notavictim.com") and place my user name at the end like so...
This will display the "bigjerk.com" website, but looks like the content belongs to "notavictim.com".
This feature is difficult to disable, so we normally do not.
Reseller
We have enabled mod_userdir protection for all reseller servers. The nobody user has been excluded from mod_userdir protection, so you will still be able to access http://servername.websitewelcome.com/~yourusername.
However, this will prevent you from using http://resellerdomain.com/~yourusername to access your (or any user's) account with a domain whose DNS does not resolve to us.