FAQs
I'm a new webmaster. Now what?
A good starting point for new webmasters with sites on the non-CMS web server is to first familiarize yourself with the environment on which you will be developing your site. The Tutorials section presents a series of instructions for working with the Unix operating system and also how to use a Secure File Transfer application to manage your files.
How can I let someone else update my site?
Account sharing is a violation of NYU IT policy.
If someone else needs to access your site, they will need to obtain their own account on the i4 server. Instructions on how to apply for an account are available on the NYU IT Webmaster Account page.
Keep in mind that your i4 account password is your NetID password. Your NetID password authenticates you for a number of secure services at NYU - including your email, your grades (if you're a student) and your paycheck information (if you're an employee).
If you have let someone use your i4 account information, we recommend that you change your NetID password immediately by visiting the Start Page.
How can I request an i4 account?
Note: As of November 2018, the i4 server is no longer accepting new users, unless that user is replacing a user who has left NYU in order to manage an existing website. Over time, existing i4 users and websites will be offered other alternatives.
To request an account for someone who is assuming i4 responsibilities from someone else, please submit an i4 account request online.
What software should I use to securely connect to the web server?
To make your connections to the web server more secure, you should use secure software clients.
Secure Shell (SSH) Software
The i4.nyu.edu machine, which provides shell access to the main NYU Web server, only supports SSH (not Telnet). In a secure shell session, the information being sent back and forth (such as your password) is scrambled, so that if someone intercepts your keystrokes, the data will be unreadable. This is especially useful if you are connecting from off-campus.
NYU IT currently supports PuTTY (for Windows). macOS users may use the Terminal program, available natively on their computers.
Additional information on establishing a secure connection to i4.nyu.edu is available in the tutorials section.
Secure File Transfer Protocol (SFTP) Software
At NYU, we require SFTP for file transfers, and recommend using a graphical SFTP program for access to the web server. NYU IT distributes Fetch software (for macOS), and the NYU Web Team supports Fugu for macOS, and WinSCP for Windows. While you may use other programs, such as FileZilla, Cyberduck, Dreamweaver, and Transmit, they are not supported by the NYU Web Team.
Visit our SFTP Guide for more information.
How can I get a special email address for inquiries about my site?
For information on how to request a departmental or organizational group, please see the ServiceLink Knowledge base.
Why do I have to use MFA to connect to i4?
Requiring multi-factor authentication (MFA) creates an additional level of security that helps NYU protect your personal information from cybersecurity threats and ensures uninterrupted access to University services and information.
I need to connect to i4 but I don't have a smartphone...
Depending on how you connect to i4 (SFTP vs SSH client) you may not need to use a smartphone.
When connecting via an SFTP client...
If you don't have either an iOS or Android device with the Duo Mobile app installed, you'll instead automatically receive a call to an enrolled phone number. Keep in mind that you can also install the Duo Mobile app on a iPod or tablet device, not just a smartphone. Read more about connecting to the i4 server with an SFTP client.
When connecting via an SSH client...
You'll be prompted to select your authentication method of choice when connecting through an SSH client like PuTTY or Terminal. Follow the same steps required when you make your initial connection to the i4 server.
How can I choose my authentication method?
When connecting via an SSH client...
You'll be prompted to select your authentication method of choice when connecting through an SSH client like PuTTY or Terminal. Follow the same steps required when you make your initial connection to the i4 server.
When connecting via an SFTP client...
You cannot select your preferred authentication method.
If you have the Duo Mobile app installed on your mobile phone or tablet, you will automatically be prompted to complete MFA through the app. Please note that even if you have a different option (e.g., calling your desk phone) as your preferred authentication method, it will still prompt you to authenticate using the Duo Mobile app.
If you do not have the Duo Mobile app installed then you'll be prompted to complete authentication using a registered phone number.
Read more about connecting to the i4 server with an SFTP client.
Why does it keep asking me to authenticate?
Your authenticated connection to the i4 server should last an hour. If you're experiencing faster time outs, verify your keep alive settings.
For clients using Fetch, you may notice that when duplicating a file a second connection window will appear asking you to complete MFA. If you duplicate files frequently, we recommend keeping two connection windows open until your work is complete.
Make sure your site is secure!
It is absolutely essential to confirm that all NYU-related websites are operating in a secure manner.
A general rule: Be aware that the main NYU Web server, http://www.nyu.edu/, is a publicly accessible server. You must consider any file stored there to be generally available. As search engine technology has become more sophisticated, there may be no such thing as a "hidden" directory or file. Data files containing sensitive information should NOT be stored on the web server.
Perform a Site Review
If you're being asked to collect sensitive information through your website, you must get written approval for doing so from a senior officer in your school or area and also get technical certification from NYU IT before you implement any application. Use the Webmaser Support request form for more information.
Information that may be considered "sensitive": social security numbers, driver's license number (DLN), date of birth (DOB), mother's maiden name, bank account numbers, employee numbers. Review the Electronic Data and System Risk Classification Policy to see additional information about data classification at NYU.
NYU is subject to various federal, state and local regulations. Among these are the Federal Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act as well as NY State consumer protection regulations. You should also be aware of any NYU policies that impact your site. For these reasons and the general security concerns above, do not collect or store highly sensitive information on your site(s). Where necessary, use the NYU NetID as a unique identifier and consult NYU IT on proper use of the NetID.
Regularly review all contents of the Web site(s) you maintain. You should remove outdated and irrelevant files and directories (for example, files and directories called "old"), including any backup (.bak) or archive files (.zip, .sit). A production Web server is not an appropriate place for such files. You must also remove any executable files (.exe).
Deactivate any application or form that asks for Student ID or other sensitive personal information. Before reactivating any such application, you must use the Webmaster Support request form for approval.
Review the access privileges on all files on your site(s). Ensure that the privileges are set appropriately to protect sensitive files from publication and from indexing by search engines. Learn more about properly setting Unix file permissions.
My site was hacked! What do I do?
NYU IT uses many methods to protect the security of the web server, so it is unlikely that your site will be attacked. However, there are times when webmasters notice unexpected and unauthorized changes to their site.
The most common cause of these unexpected changes are incorrectly set UNIX permissions, which allow set your files or directories to be "world-writable". If you use a Secure FTP (SFTP) program to upload files to your page, or if you use an authoring program, it's a good idea to log in periodically to check that the permissions on files are correctly set.
The other common cause of changes is not closing out accounts of former webmasters. If someone is no longer an authorized webmaster, you need to notify the NYU Web Team immediately, so that we can terminate their access to your site and transfer the necessary privileges to the correct person.
How do I prevent my published email address from being harvested by spammers?
To prevent the harvesting of your or your organization's email address from your web pages on NYU Web (non-CMS), we recommend that you implement one of the two solutions offered below to replace your "mailto" links on html pages.
Option 1: JavaScript Replacement
For example, if your email address is mysite.info@nyu.edu, you would insert the following code, replacing user with the information to the left of the @ sign and replacing site with your host name.
<script type = "text/javascript">
<!-- Begin
user = "mysite.info";
site = "nyu.edu";
document.write('<a href=\"mailto:' + user + '@' + site + '\">');
document.write(user + '@' + site + '</a>');
// End -->
</script>
Option 2: ASCII Code Replacement
You can replace the @ sign in your "mailto" links with the ASCII code equivalent: @
For example, if your email address is mysite.info@nyu.edu, you would do the following:
<a href="mailto:mysite.info@nyu.edu">mysite.info@nyu.edu</a>
This will produce a link that says mysite.info@nyu.edu
How can I prevent search engines from indexing my site?
From The Web Robots FAQ:
What is a WWW robot?
A robot is a program that automatically traverses the web's hypertext structure by retrieving a document, and recursively retrieving all documents that are referenced. Web robots are sometimes referred to as Web Wanderers, Web Crawlers, or Spiders. These names are a bit misleading as they give the impression the software itself moves between sites like a virus; this not the case, a robot simply visits sites by requesting documents from them.
How do I prevent robots scanning my site?
On the non-CMS based web server, the quick way to prevent robots from visiting your site is put the following 2 lines into a file called robots.txt in the root directory of your site:
User-agent: *
Disallow: /
This will signal to the robot that the directory contents in which the robots.txt file is placed may not be scanned.
When another webmaster tries to update the site, they can't upload files. How can I fix this?
Unix is a computer operating system, like Windows or Macintosh OS; a master program that coordinates other programs' activities and manages files.
The i4.nyu.edu server uses Solaris, a proprietary version of UNIX from the Sun Corporation. The NYU Web server cluster uses Linux, a Unix-like operating system.
Unix allows a number of people to work on the same machine at once and have access to shared files. This allows hundreds of members of the NYU community to develop and maintain content for NYU Web; you and your colleagues may even have been put into a web permissions group on the i4 machine so you can share file access to content in your web directory.
Unix allows you to designate, on a file-by-file basis, who has permission to read the file and and/or write to the file. This is known as setting file permissions. When you upload a file, you become the owner of that file and it is assigned (usually) to the default web permissions group that you are in. But, unless you say that other group members have permission to write to the file, they cannot make modifications, they'll only be able to read the file.
See our tutorials for more information:
Why would I want to restrict access to my site?
To ensure that your Web directory is secure, you can install a restriction file called .htaccess.
A .htaccess file allows you to protect your web page, site, or directory from being accessed by unwanted public users. This file will prevent web access by anyone who does not have permission to view your site.
For example, you could deny access to machines outside the NYU network or allow access for only the machines in the NYU Information Technology (NYU IT) subnet. You could also create a username and password scheme so that only select individuals who know the username and password can access your site. Another option is to restrict the site to only those with NYU NetIDs and passwords.
Visit our tutorial on restricting user access to learn more.
How can I obtain statistics about my site's web traffic?
Google Analytics is a self-service tool that provides analytical data on content pages within NYU.edu and its subdomains.
Content pages hosted on NYU's legacy server previously used a statistics analysis program called Urchin that provides reports about who is visiting your website. Support for Urchin has been deprecated. If you need assistance with monitoring web usage of your content, please contact the Analytics Team.
Can I upload a cgi or php script that I wrote or found online to my web directory?
No.
The main NYU web server is a shared resource. Please do not upload or implement any (open source, commercial, or self-created) scripts without first consulting the NYU Web Team (this includes bulletin board software, blogs and wiki applications).
We have made a basic formmail script available for use within web sites.
However, if you wish to implement or create your own Perl or PHP scripts, you must first request that via the Webmaster Support request form with the following information:
- Provide a brief history of your scripting/programming experience.
- Provide a description of how you plan to implement scripting into your site.
- For each script you plan to use, please include:
- The name of the script (including version, if applicable)
- The script author (if not yourself)
- An outline of the script's purpose (what does it do?)
- Location of where you obtained the script (e.g. -URL of Web site from which you downloaded the script if you did not write it yourself)
- Timeline of script's use - for example - are you adding an application for a specific event with a deadline?
Requests will be reviewed and if approved, you will be enabled for cgiwrap on the web server to run Perl scripts. Keep in mind that we run PHP in safe mode; it is "locked-down" for security purposes. Safe mode disables or restricts a number of common functions, most of which involve reading from or writing to the filesystem (e.g. file uploads). We don't display any error messages and register_globals is turned off.
Please note, the NYU Web Team cannot write or modify scripts for your site and can only provide limited technical support. If you don't know what the script does, think twice about implementing the script. If you have more complicated site needs, you may wish to consult with Digital Communications.
How can I use SSL to protect information sent through form submissions?
Secure Sockets Layer (SSL)
Secure Sockets Layers (SSL) can increase the security of your data. When you use SSL, information is encrypted as it leaves your computer.
If your page is publicly available, it makes little sense to encrypt it for transfer over the network; everyone can already see it.
Sometimes, however, a page may accept sensitive data, for example, usernames and passwords. In this case, sending the information over the network in an unencrypted form permits snooping, i.e., the act of "spying" on network traffic as it passes from point A to point B. (Remember that when you download a page from, say, Amazon.com, that page passes through possibly many other networks before reaching your computer.)
When you use SSL, information is encrypted as it leaves your computer. Anyone snooping the data while it's on the network will see only random characters, not the information as it was originally formatted.
Once the traffic reaches its final destination, the destination computer decrypts the encrypted data, returning it to its original state. It then forwards the decrypted data to the recipient. To both the sender and the recipient of the data, the encryption/decryption process is transparent.
Activating SSL on www.nyu.edu requires changing any intra-site http links into https links. If you’re using relative links in your pages (links that do not include the full URL), then SSL-enabling your entire site might mean having to change only the entrance URL from http to https. Experienced webmasters may know that a http-style URL maps to port 80 on the server machine, while https-style URLs map to port 443. If you want to selectively activate SSL within your site, you will need to use full http or https URLs in your pages. (Don’t forget to test the links.) SSL-capable browsers that follow your https links will use the encryption layer SSL provides.
If you're using .htaccess restriction files with NetID/NetID password authentication, you are required to have SSL in place.
Use the code below within your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
Write to: webteam@nyu.edu if you have any questions.
I want my site to look like the NYU site. What do I do?
New York University understands the importance and value of clear, coordinated, and consistent communications in contributing to our reputation as a leader in the field of higher education and our emergence as the world's first Global Network University -- allowing us to attract the best students, premier faculty, and strategic partnerships.
Digital Communications provides a University Identity and Style Guide for those who wish to review design standards.
Questions? Write to urpa.styleguide@nyu.edu for assistance.
I manage a departmental site within my school's web site. How do I contact my school's webmaster about possible site style requirements?
Each NYU school has its own Webmaster who manages the site as a whole, and each school handles the management of its departmental sites differently.
If you've been assigned to manage a departmental site, before you begin to redesign your pages, check with your school's webmaster first to see if there are any required design elements.
See our list of School Webmasters for more information.
I want to add logos or images from other NYU sites to my site. Are there any resources for these materials?
Note: Do not lift graphics from other web sites, including any NYU web sites, and use them on your site. Many of these images are either purchased for a specific use or have been commissioned by a department for their use. If there is a graphic on another NYU web site that you are interested in using, contact the administrators of that site to ask for permission. If permission is granted, please request the appropriate quality artwork.
Please consult the University Identity and Style Guide for information about available NYU logos, business kits, and other helpful resources.
Questions? Write to urpa.styleguide@nyu.edu for assistance.
Important Note: Please keep in mind that i4 as a hosting platform is scheduled to retire in July 2022. If you haven’t done so already, we highly recommend that you look for alternative server solutions. You can reach out to the NYU Web Team if you need assistance with this process.
Many of the resources shared throughout the NYU Web Guide are specific to the main (non-CMS) NYU web server, www.nyu.edu, accessed through an account on the legacy i4.nyu.edu machine. The i4 server is no longer accepting requests for new accounts and active websites must be migrated before the scheduled retirement in July 2022.
At any point, cyber security or infrastructure updates may prevent web applications on i4 from working before the scheduled retirement. We encourage active web owners to migrate off of i4 as soon as possible.
For other web options, please refer to the website publishing comparison chart. If you have questions about a site that is not on this server, please contact your school webmaster or write to the Web Team.