File Upload Security On XO - Built In

Jul 26, 2007

My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?

View 1 Replies


ADVERTISEMENT

Plesk 12.x / Linux :: Deny User Upload File Via File Manager Or Hidden File Tab?

Feb 10, 2015

I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...

View 2 Replies View Related

Apache :: How To Discover Which Php File Allows Malicious File Upload

Oct 10, 2014

i manage linux apache webserver with a few wordpress blogs and from time to time i see someone inject a malicious .php file into wp-content/uploads/2014/10/ directory.

i think its some bad plugin or theme, but these is more blogs, i ugrade, update, WP, but

how can i setup some monitor to tell me which php file (or even line in php file) injected that malicious .php ? I have linux root access so i can setup anything 

View 3 Replies View Related

Upload Folder Security, How Do I Achieve This

Jun 15, 2008

on my VPS if I dont set the permissions 777 of the temp and the final upload folder, move_uploaded_file just doesnt work.

So I have set it to 777. But then 777 permissions now pose a threat where some hacker can screw my system.

How can I prevent this from happeing?

View 5 Replies View Related

Hosting & Client-side FTP Upload Security

Feb 27, 2009

My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.

My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.

So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"

How can I:
1) ...set their specific FTP to open to their directory only?

2) ...ensure that they cannot navigate to other folders on my server?

3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?

View 7 Replies View Related

Image Upload Security Idea Good Or Bad

Mar 1, 2008

I was just working on some concepts for image upload security features and wanted some others opinions. Would the below be worth doing to not have to deal with the 777 or even 775 phpsu issue(s)?

- What about loading the images into a db and logging the upload. Then having a cron or a daemon move the file to a location under the owner (user) and then delete the file out of the db.

Pros:
- Images would be loaded and displayed from under the user of the site making no 777 issues.

Con:
- Mass use of db could cause crashes?
- Would have to write front end to know if the file was in db or in the folder location

View 4 Replies View Related

PHP File Upload

Jun 8, 2009

I think I messed php config and I can't upload anything with php now
Dir is chmoded on 777 and File_Uploads = On in php.ini

I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't

View 5 Replies View Related

Upload File

Jun 28, 2007

I have a forum ( VBulletin ) in admincp Upload file is ok and high,
For example .Zip file are max 3 Meg upload, but i want upload .Zip in thread, i can not upload over 1 Mb, and i view database error!

View 4 Replies View Related

Cannot Upload File

Apr 6, 2008

When I try to install ffmpeg, but it fail. The server cannot upload 1KB file from php.
$_FILES['xxx']['size'] return to 0
$_FILES['xxx']['tmp_name'] return to ''

Server: CentOS 5.x X86_64 Bit + Cpanel + Apache 1.3 + PHP 4.4.8...

Quote:

Originally Posted by php.ini

;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 30
max_input_time = 60
memory_limit = 64M

; Maximum size of POST data that PHP will accept.
post_max_size = 8M

;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
;upload_tmp_dir =

; Maximum allowed size for uploaded files.
upload_max_filesize = 50M

View 14 Replies View Related

File Upload Service?

Oct 10, 2009

does anyone know of a good free file upload/download service that allows the transfer of 1-3 GB?

View 10 Replies View Related

Can't Upload Any File Through CPanel

Dec 7, 2008

we can't upload any file in cPanel.

my users can upload files only with FTP.

how can i resolve the problem without send request to cPanel's support?

View 4 Replies View Related

File Upload - And Timeouts

Aug 17, 2008

I run a video script on my new server at leaseweb and had a lot of trouble with timeouts and IO Errors when uploading files to our site.

We tried changing a few settings making the environment as liberal as possible.

I changed max_input_time and max_execution_time in php.iniI also changed TimeOut in httpd.conf and made sure there is no LimitRequestBody in httpd.conf

The tmp directory should have enough space and is writable.

So the question is if these changes are not enough because we are still getting these errors.

Is there something we are missing. Or does Leaseweb have some invisible incoming bandwidth limit it slaps on its servers by default?

View 3 Replies View Related

Email And A File Upload Page

Nov 3, 2009

A few accounts that will probably hold a few gigabytes worth of data. I need each account to use IMAP and handle up to 5 customer service reps simultaneously accessing the same account via IMAP. * We tried this previously with Google for domains but were limited to 10 simultaneous connections via IMAP *

Website

Just a basic LAMP setup is fine and the mysql isn't even necessary. I will be hosting a basic form for hi-res photo uploading though so I need to have a pretty high timeout and memory limit for php.

As far as traffic on the site is concerned, I don't anticipate more than a handful of users on the site at a time.

My question is - do you think a good shared host in the $10 a month range could handle a project like this? Can you recommend one?

I can setup a VPS on Linode for $20 a month that I'm sure could handle this, but I'm not a server admin and don't want to risk managing sensitive data myself.

View 6 Replies View Related

Upload A .htaccess File In FTP And It Disappears

Feb 11, 2008

I upload a .htaccess file in FTP and it disappears, i checked with SHELL file is there but cant see in ftp ,

View 2 Replies View Related

Mod_security- Hacker Still Upload File..

Jan 18, 2007

I just have someone uploading file via php on a website, i need a way to block that kind of attack via mod security?

can add in mod security to avoid this?

89.146.147.144 - - [17/Jan/2007:12:24:11 -0600] "GET /favicon.ico HTTP/1.1" 404 1002 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:23 -0600] "GET /XXXX/index.php?x=************.***?&action=mkdir&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/&newdir=bh HTTP/1.1" 200 154634 [url]
x=************.***??" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:32 -0600] "GET /XXXX/index.php?x=************.***?&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/bh/ HTTP/1.1" 200 7444 [url
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"
89.146.147.144 - - [17/Jan/2007:12:24:41 -0600] "GET /XXXX/index.php?x=************.***?&action=mkdir&chdir=/var/www/vhosts/XXXX.net/httpdocs/XXXX/bh/&newdir=************.*** HTTP/1.1" 200 8422 [url]
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1"

View 4 Replies View Related

How To Prevent People Upload Unwanted .php File

Oct 22, 2007

I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server.

There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?

View 8 Replies View Related

Plesk 11.x / Linux :: PHP Script Can't Upload File

Jun 4, 2014

All my PHP script can't upload file. I have tried to set CGI Application or FastCGI Application to my domain, but I can't resolve this issue.

View 6 Replies View Related

Plesk 12.x / Windows :: Max File Upload In PHPMyAdmin

Jul 10, 2015

I'm change “upload_max_filesize” & “post_max_size” in php.in but when i wanna import sql show me>>>(Max: 2,048MiB)

View 1 Replies View Related

Plesk 12.x / Linux :: Upload File Limit?

Jun 22, 2015

I have a big problem concerning the file upload limit (I need a large size, around 2Go) : I was using my app in /var/www/vhost/default and it was working perfectly, I decided to change it and use /var/www/vhost/mydomain.com to have it throught the plesk panel, and there I have an upload limit than I need to push. I can't upload files larger than 128Mo and I don't know why.

- I have checked all php.ini files (with locate php.ini) and they are all correct.
- I used plesk panel to set php conf -> done.
- I put :
php_value memory_limit 2000M
php_value upload_max_filesize 2000M
php_value post_max_size 2000M
in my .htaccess in htdocs

[Code]....

I reload/restart apache2, psa, ... And it still doesn't work, I have no more idea every conf file seems correct. It's not a permission problem because I can upload some 80Mo files but not 500Mo ...

View 6 Replies View Related

Moving Large File Storage, Upload/download To Amazon S3

Jul 24, 2007

I'm currently running on a VPS. My site allows for large file uploads and downloads, with files over 600mb in size.

The server has issues when the site gets three or more requests for large file downloads. I'm trying to grow this site to thousands of users and it is hard to do when the site can't handle even three.

I've been told by my host that I need to upgrade to dedicated. My VPS only has 512mb RAM and one large file download is eating up that RAM. This is causing the issue.

I'm a newbie and while I knew I was risking a bit by going with VPS I do find it a bit annoying that these guys advertise 1TB of bandwidth per month but I can't even support downloading 1GB at the same time....maybe it's just me...

Anyway, I am now looking into moving the large files and the upload/download over to Amazon S3. If I do this I am expecting my RAM usage on the VPS to greatly decrease. Is this correct? If my PHP code is running on the VPS, but the actual file download via HTTP is coming from S3, that should not be a heavy load on my box, correct?

any opinions on S3?

View 2 Replies View Related

Plesk 11.x / Linux :: Upload Bigger File Then 16MB Failed

Dec 23, 2014

I have 1 domain so i will use upload script on but there is some issue when i try and upload file.

I have upload 1 file so was 11MB &
1 file so was 6MB without problem.

And try with a file so was 17.46MB and this will not upload. It seems to me that it is a barrier for some space 16MB of uploading! Since that work and upload file so was 6 & 11MB but when I try and upload a file so is 17.46 or higher it stop.

Free Users can upload 100MB FREE
Premium: 1GB

I have set this in Plesk - PHP Settings

memory_limit: 1G
max_execution_time: 84600
max_input_time: 84600
post_max_size: 2G
upload_max_filesize: 2G

Also restart server after changing this. But still the same and can not upload bigger file then 16MB

View 2 Replies View Related

Plesk 12.x / Linux :: Can't Increase Phpmyadmin Max Upload / Import File Size

Jan 2, 2015

I'm running Plesk 12. I install it today, using the ISO which parallels provides, which includes centos 6.5 and preinstalled Plesk 12 in my vps. Then I logged in plesk, and I did everything it wants. Then I upgraded my php, to php 5.4.36 according to the manual that Paralells provides, and then I tried to increase the max upload file size for phpmyadmin. I have edited my /usr/local/psa/admin/conf/php.ini file and tried to restart using with 3 different ways using terminal:

1st: service sw-cp-server restart
2st: /etc/init.d/psa stop
/etc/init.d/psa start
3st: reboot (which rebooted all the vps)

My php.ini file is:

short_open_tag = On
y2k_compliance = Off
output_buffering = Off
max_execution_time = 600
max_input_time = 600
memory_limit = 256M
max_file_uploads = 99999
max_input_vars = 2000

[Code] ....

However, when I'm trying to import a 31mb sql file, I always get that error, and only some of my tables are being imported:

#1153 - Got a packet bigger than 'max_allowed_packet' bytes

View 2 Replies View Related

Plesk 11.x / Windows :: Internal Server Error 500.0 When Upload Database Backup File

Dec 23, 2014

I'm having a problem with Plesk Panel 11.0.9 update #64. All other page running perfect. But when I go to "Backup Manager --> Database Backup Repository --> Upload Backup File" then Plesk Panel show error: Internal Server Error 500.0.

On server, it show detail below: .....

View 2 Replies View Related

Plesk 11.x / Linux :: Upload Backup MSSQL Server File - Filemng Cp Failed

Mar 19, 2014

I'm trying to upload backup ms sql server file. But the Control panel tells me error: "Error: copy_file failed: filemng cp failed:"

View 4 Replies View Related

Backup File Security

May 3, 2008

I currently do daily backups to rsyncpalace Daily, weekly, monthly. cPanel does a backup of all user accounts to a folder and they are rsync'd offsite via ssh.

My questions are: Should I be comfortable or concerned that all of my website(s)' data are neatly bundled, stored in plaintext (tar) formats and only protected by a single login and password?

Am I exposed to any more or less risk of tampering with my data than on my webserver itself?

View 6 Replies View Related

CGI Security And File Permissions

Apr 24, 2007

I am planning to use CGI for my web installations and there appears to be a whole lot of conflicting info about setting file permissions in the user's folder.

What are the permissions actually required for reading and writing into the web users directory?

A lot of them say 755, but that doesn't make sense as it gives any user read and write permissions to the whole web directory tree.

Other than the initial index .php, .cgi or some other files that need to be ready by the webserver process shouldn't every other file be 700 or 600 as every subsequent file access is done under the control of the cgi program?

Unless a file is to be served directly by the web server process and is not in a ScriptAlias directory or is not marked as a CGI shouldn't the permissions on that file be 600 or 700?

I'd also like to know if there are some guides as to how the CGI security issues operate.

View 2 Replies View Related

Security Risk To Share Phpinfo File

Mar 10, 2007

There are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?

View 4 Replies View Related

Just Built New Pc, Restarts Randomly

Dec 3, 2008

I just built a new pc, everything works well, but sometimes my computer will just restart randomly, it doesnt happen immedietly but randomly, within 30 or more minutes operating. Any ideas to why? and how i can fix it? ...

View 12 Replies View Related

Purchasing Built Servers

Jun 28, 2007

I realise that a lot of providers build theirs from parts, but I was wondering where I could find some cheap low - mid range servers already built (or at least with the case etc).

I have tried searching eBay, but it's difficult to find what I am looking for. Are there any large companies out there? I am from Australia, and from what I can see there aren't really any around from here. (Looking for an upgrade for my colo).

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved