This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
how I can block direct access to my scripts?
Plesk: 12.0.18
phpMyAdmin: 4.2.5
When I try to access phpMyAdmin directly from the link: [URL] ....
I get the following error:
Welcome to phpMyAdmin
You probably did not create a configuration file. You might want to use the setup script to create one.
Error
MySQL said: Documentation
Cannot connect: invalid settings.
Retry to connectClick to expand...
I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.
I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.
ive got a flash music player that gets its tracks from a dedicated directory on my server. there's about 10GB of music in there (we own it) and i want to stop people getting at the files (they can see the path in the source of the page that has the flash player).
i tried an htaccess directive that stops listing the directory contents but that obviously wont work. what is the best & most secure strategy to achieve this, blocking all ip addresses apart from my server's?
My server is Win2003 Standard with IIS 6. I'm using IIS6 to host websites but i have a need to run subversion which require Apache. I'm wondering would it cause any problem with my current operation. Apache will run on different port than the standard 80.
View 3 Replies View Relatedin wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
how to run SSI(server side includes) on my linus server,
View 1 Replies View RelatedI've been asked to find a way to host our intranet externally without opening up the network.
The webserver accessible to the public domain is within an dmz. The intranet I need to serve is within our internal network.
I've managed to convince our network admin to open port 80 on the server running the intranet but I can't seem to find a way to proxy the content from the intranet server, through the webserver and to the user.
I have issue with my shared server. Someone used SSI to local attack user on my server.
I want to disable SSI but i dont find out how to ? (expect manual recomplie apache)
I am trying to follow this guide on how to configure procmail:
[url]
I can login to my dedicated server via SSH, but how do I edit files etc. should this be done via SFTP, or via Shell?
I want to enable our server ssi server side includes (.shtml parsed).
My hosting company controls our server uptime, daily backup, server loads etc. when i request them; can you please enable ssi for shtml pages, i want to use ssi includes etc.. they suggested me use php instead of shtml for includes.
I want to .shtml, beacuse i use only ssi include header, footer same pages, also these pages search engine friendly.
Apache version: 2.0.52
I posted them please add following lines and restart apache afterwards:
Options +IncludesNoExec
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
They added and restarted apache, but not any affect. When i access .shtml pages via web browser, page opening successfully but not parse ssi includes, example:
<!--#include file="header.html" -->
but not parse, also i cannot use .htaccess files, our server admin say restricted them because security reasons.
I requested them our server root username and password, they say to me; before give you server root password, we remove all our server administration software from server and server administration service will be cancelled.
i was wondering if there is any other free anti-spam filter other than Spam Assassin that can be used on a VPS account?
View 13 Replies View RelatedDoes anyone know how I can create a server-side filter in Plesk 8? I need to filter incoming mail to my mail server (using X-Forwarded-For.
View 0 Replies View RelatedI've problem with my system (Dell vostro200) I've Mcafee security center and it will block some scripts running in the system during the browsing. I can't use any of vBulletin forums ( registration and posting ) I can't do even Mcafee online registratation also. I'm not an expert in os configurations.
View 0 Replies View RelatedJust been thinking and currently i host all my services with other hosting companies like my web hosting accounts etc...but was thinking of buying a DA licence and installing it onto one of my linux servers.
On DA's website it says one licence per IP or something along them lines...does this mean if i was to install a licence on say 99.99.99.999 and it was working ok etc but then if i changed my IP range to 99.99.99.998 would that mean the DA licence would no longer be valid?
I have a website, where i provide streaming videos. Recently i read somewhere that, streaming video or audio files increases server load a loot. Is providing direct download to files is a better option than streaming videos? Please let me know.
View 14 Replies View RelatedPrior to installing FFmpeg and its dependencies, I want to know about FFmpeg server-side conversion without the php script. Does it require those php scripts in the first place or I can just run an ssh command?
Also, does this FFmpeg have a configuration file in which you can set the quality of the converted .fla videos?
How about a lossless quality conversion and keeping the size proportion of the video the same?
Meaning, for example, from .avi to .fla without sacrificing/loosing the quality much or noticeably.
I have a 2003 SBS server with about 50 users on exchange. It is a standalone DC - all the users connect with 'profiles' and 'docs' on the server and use exchange thru outlook..when they leave the office they VPN in and exchange works like a charm.
Problem is for a quick setup I've used the POP 3 connector and kept the emails hosted on my server - I want to get rid of the POP3 connector setup altogether and have mail delivered directly to the server.
Can someone give me a walk thru of steps to do this - so far I have fgured out that I have to add the domain to the recipient policy - configure it properly and then setup each user to receive email for that username and it will just work....
I want to be sure and was hoping that someone who has done the same thing could point me to an accurate tutorial of sorts.
When I restart my server all my domains opens at apache test page. Suspending and reactivating any domain fixes all domains.
View 4 Replies View RelatedI recently signed up a new client to my dedicated server - The minute they switched over to my server, it seems that all hell broke loose. (I'm going to refer to them as "Company A")
Company A called me up and said that one of their employees was getting a huge amount of SPAM and that after a day or two, they were having issues with their E-mail.
I looked at my logs and it showed something unusual-
LOGIN FAILED, user=myclientuser@companya.com, ip=[::ffff:XX.XXX.170.47]: 110 Time(s)
When I explained this to Company A, they ran some virus checks on their computers and 3 out of 5 computers had viruses on them.
They claim to have fixed the viruses but now, they cannot send e-mails to specific clients.
I checked their I.P. against blacklists and they are using Comcast cable internet at their location and I cleared their only blacklisting (spamhaus.org).
I'm still getting calls that Company A cannot e-mail a few of their clients and just to make sure it's not JUST them, I tried to send a test e-mail to the same clients as Company A.
The e-mails from me were rejected due to time-out.
HERE IS MY QUESTION:
Is this an issue on MY end that must be taken care of *OR* is it due to the fact that they had viruses on their computers and now they are blocked because the virus tried to attack everybody in THEIR e-mail address book?
None of my other clients are complaining of e-mail issues or that e-mails are getting kicked back. Just Company A.
I've been carrying some weird hours lately, so I'm able to see activity on my sites that I normally don't see.
Certain IPs are trying to diddle their things into my server and need the boot. It's not consistent (ie not happening every 5, 10 mins)... it's periodically throughout the months. I'll see an IP I blocked 2 months ago just randomly show up at 4:30am and try accessing the same files it was probing during it's last visit. Assuming this is just some sort of bot, can I block it permanently?
I know APF has a collection system that purges an IP list to keep it from bloating, and I had PSM do some hardening so I'm not entirely sure about the workings of APF firewall. So far my IP blocks are blank (which is a good sign!), but I'd like to add some nuisances to it, to keep their crap from appearing in my error logs anymore as "Denied by Server Configuration"
My question is: Can I block people at server level permanently? I do not want their IP being taken out with the purge list that comes by every so often.
My server is getting a lot of spam robots registering as fake users into my forums (altho most emails are invalid
View 2 Replies View RelatedIf your server is blocking googlebot from finding your robots.txt file, how do you configure your firewall to unblock it?
I've searched through Google and I've seen may people just say your firewall is blocking it, but none mention how to really stop it from doing that. Like does Google have an IP it uses, and if so, what is the IP you should whitelist for your server?
As I keep getting that message: Network unreachable: robots.txt unreachable
and I'm sure it's due to a firewall issue, just have no idea how to fix that.
I was wondering if it is possible to block traffic to and from a server with iptables.
Like for example a user transferring files with his ftp client to another server x.x.x.x (FXP)....
been trying with these rules here:
iptables -IINPUT -s x.x.x.x -j DROP
iptables -I OUTPUT -s x.x.x.x -j DROP
iptables -I FORWARD -s x.x.x.x -j DROP
But still the user can transfer to the server destination...
I have a wierd problem on my server. I'm updating an order with my php shopping cart script and notice some of the orders hang on updating. After research I discovered the orders that wont update are orders that have domain names in the textarea field. More specifically. www.yourdomain.com will just hang if I try to update them.
After further research I discovered the if I put an backslash it'll update no problem. IE: www.yourdomain.com
This only happens with domain names inside a textarea. I'm not sure if it's a php config setting, apache setting, my firewall, mod_evasive, mod_security. I've looked at all of them and can't seem to find what is blocking the script from updating just because of www.domainname.com in a textarea.
Is there any way to block or monitor and find scripts such as rapidleech and other torrent upload scripts on a cPanel server?
View 2 Replies View Relatedhow can i remove list of blocking IPs on iptable on my server its over 100 IPs how can i remove it?
View 2 Replies View RelatedEvery time my server tries to send mail to Gmails/yahoos - they reject it with the following message:
Code:
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: PASS
Apr 13 11:35:49 m1370 plesk sendmail[5009]: PASS during call 'limit-out' handler
Apr 13 11:35:49 m1370 plesk sendmail[5009]: handlers_stderr: SKIP
Apr 13 11:35:49 m1370 plesk sendmail[5009]: SKIP during call 'check-quota' handl er
Apr 13 11:35:49 m1370 postfix/pickup[1759]: C90FA61668: uid=48 from=<apache>
[Code] ....
I tried Qmail, same issue
Code:
Hi. This is the qmail-send program at m1370.contabo.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. It didn't work out.
<emailhere@gmail.com>:
2a00:1450:4013:0c00:0000:0000:0000:001b failed after I sent the message.
[Code] .....
Centos 6.6 + Plesk 12 Web Pro Edition
My server certainly did not spam Gmail servers, (my old server works fine sending email t gmail) I fear this has something to do with my "Postfix" configuration.
Im wondering I have some things turned off like:
The PDO extension in PHP, pdo_mysql, etc.
Most scripts use PHP and MySQL extension so no problem at all until i came up with 1 little devil taht requires php with PDO and pdo_mysql
My question is, is there any side effect on a production server if i recompile apache with those extensiones turned on?
Do they run in parallel to the way php and mysql runs now or will it break the whole scripts running and send the server to hell?
Basically what i mean is, i have the resources on the server to run it but do they run in parallel or they change/reconfigure the whole way php and mysql works?
I configured WebDisk on my webhost (via cPanel) and it works great on one computer but with the other there is a slight problem:
When the password was first entered it was mistyped, saved somewhere (I have no idea where, that's what I am trying to find out) and now whenever I try to connect I receive an error:
Quote:
There was a problem connecting to the WebDisk service
I tried to reset the password via Internet Explorer (Tools | Options) but that cleared other passwords, not the WebDisk one.
Any idea how to reset that password (on Windows, the client side)?