I've recently started experiencing some issues where files uploaded through Joomla or some other scripts (mostly PHP) inherit a permission of 600. Prior to updates being done on the server I'm hosted on, uploaded files received 644 permissions and all things worked great.
I've checked the umask that assigned to the shell (022) and have ruled out that as a problem.
I want to filter any files uploaded and i have put this line at php.ini
suhosin.upload.verification_script = /my path
But my problem till now i can not make this script. (Disable upload php files)
I used to have my apache 1.3.37 with PHP compiled as a CGI. Whenever i have a php script (say vbulletin forum software) that allow file uploads, files will be uploaded with the correct userid and groupid on the server. However, once i compiled PHP as ISAPI module, the files will be uploaded but will be owned by 'nobody'. Of course i can log in as root and chown it back to the right user, but it's a hassle if there are multiple user accounts on the server and they're using php software on their end. If someone is using an ftp program and tries to overwrite that uploaded file that's owned by nobody, it will not let them do so. Is there a way to fix this, or change the config files that would fix it?
View 3 Replies View RelatedOk, new to Plesk, trying to move from ispconfig. So I have Plesk 12 running on Centos 6 64bit in a VPS. I figured out how to upgrade PHP and now I have installed my first website. The website is joomla based but I am getting the below error when installing components:
Warning
Copy failed.
JInstaller: :Install: Failed to copy file /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/tmp/install_55081e65af5fe/pkg_kunena.xml to /var/www/vhosts/virtual-sim-racing.com/httpdocs/home/administrator/manifests/packages/pkg_kunena.xml
Package Install: Could not copy setup file.
This suggest to me a permissions issue - but what to do with it. I have checked all of the relevant Joomla folder permissions and they are all showing as writeable, so it looks like something outside of that?
I don't want to have to stick with ispconfig much longer ...
I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
I am wanting to know if there is a way to stop files being uploaded to my vps, via ftp cpanel etc that are malicious..
I have been told there is a way to do this but i havent been told how..
Basicaly i want to know if there is something where i can add a list of keywords that are in the malicious files and what ever it is will stop them from being uploaded or if they manage to get uploaded onto my vps will it make them not work?
I am looking into this as i had an issue before where someone uploaded a shell onto my server :@ luckily it didnt cause no damage or he didnt get anywhere but i still want to be safe.
I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?
View 1 Replies View RelatedI am using a upload script for my files. After upload i cant see them on ftp but can see on panel file manager.
View 9 Replies View RelatedI created a FTP account with vsftp and files uploaded are not readable via www-data
View 1 Replies View RelatedI am trying to copy files from one account to another through SSH, files copy with old account permissions and ownership.
Is this possible when I copy, ownership autometically changed to new account.
I am using CPanel and have root access.
How to Change php files permissions in directory and subdirectory at once ?
I want to change the permissions of php permissions to be 644 in /home/user/public_html/forum and all forum subdirectory using SSH.
How can I change permissions of a lot of files through plesk file manager without selecting one by one?
View 2 Replies View RelatedOn my previous server and on some other hosts, I was able to write to files (for example with PHP) without having to chmod the files first.
Now I cannot, and files are required to be chmoded properly so I can write to them.
I cannot even touch() a file with PHP.
Is there any way to have this permissions removed?
I don't want to chmod the all thing, all I want is to change the configurations so I can fwrite() or file_put_contents() normally.
I's a dedicated un-managed server, so basically any advanced configurations can be done.
I have a python script that generates images and is able to write them into a directory on the same web space
However, I would like the same script to write files into another directory located in the web space of another domain on the same server.
For example, script lives here...
/var/www/vhosts/domain1.com/httpdocs/scripts/myscript.py
this works...
/var/www/vhosts/domain1.com/httpdocs/scripts/images/
this fails...
/var/www/vhosts/domain2.com/httpdocs/web/images/
The directory structure already exists, so there is no need to create any new directories
I have tried setting permissions for the destination "images" directory to 777 and that didn't work.
Do I need to specify something within Plesk to enable it to write to another directory?
Does anybody understand what is going on here?
Here is the problem:
I log in to FTP and I try and upload an updated file (the file already exists on server). It prompts me to overwrite and I say yes but when I refresh/check the site the page hasnt changed - I then tried uploading the file again and it still says the existing file size (so I know it hasnt been replace).
Any idea why it it not overwriting?
The files are CHOWNed my the owner (FTP user) which is myself.
I uploaded my file to web server(html, image file and css file), but strangely after uploaded it to server all file that I uploaded size 0 KB. I uploaded it using WS FTP.
Is there something wrong the way I uploaded it.
Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
How many websites can be uploaded to one single webspace account
View 9 Replies View RelatedWhenever someone uploads or re-uploads to my server a file relating to a CGI script that sends mail, I get an email with something like:
Quote:
Note: If this is the first time you received this mail, it contains the history for the entire month so far.
Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.
/home/xxxxxxx/public_html/followup/send2.php:106: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send2.php:107: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send2.php:108: }
---
/home/xxxxxxx/public_html/followup/send.php:100: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send.php:101: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send.php:102: }
---
What steps can I take to actually inspect them to ensure they are not sending out SPAM?
I am currently on a host that is offering unlimited bandwidth, however they are not that great as the site keeps going slow.
View 18 Replies View RelatedI am in charge of making a website for a charter school. Where I stand right now is I am going to use Joomla, and I assume Fantastico. Now where I am still stuck is with a webhost. Every time I locate one that sounds good (editor's picks, and such), I read the feedback comments and find tons of complaints. Can someone recommend one please. Under $10; user friendly; accepts Paypal would be very helpful. I went to get Bluehost, as an example, from some reviews I read, and then I read the feedback section. I don't think I understand the terms enough to make a choice on my own,
View 14 Replies View RelatedI currently have a VPS in the UK that I host my clients joomla sites off and the specs of this VPS server are as below:
- 20 GB SA-SCSI Disk Space
- 350GB bandwidth
- Full root access / Parallels/WHM/cPanel
- 2 Dedicated IPs
- 384 MB SLM RA
I am now running around 10 joomla based sites off of this VPS, 5-6 of which are Ecommerce based sites. Whilst I am probably only using 10gb of the overall disk-space so far, in terms of performance, should I continue to add clients to this server or should I keep the more hungry sites on this server and move some of the less resource intensive non-ecommerce sites to another VPS? Or would it be in my best interest to upgrade to a Dedicated server where I will have all my own resources?
I have a joomla site running on a new unmanaged VPS at FutureHosting.biz and it is performing very poorly.
I am not a server admin but i copy the same CMS and database to a shared account i have access to and the site runs much faster. That shared account happens to be a SiteGround server which if possible, i would like to stay away from.
I have had bad experience with SG so i am contemplating, MidPhase, as an option for VPS support.
I was also considering LunarPages and HostGator but their recent datacenter problems and poor reviews i want to stay away from them as well.
I really want to find a quality host who has experience managing large joomla based sites.
Is it good security wise?
View 11 Replies View RelatedI have installed joomla and now i m installing some extension but when i install extension i m getting error ------------>
JFolder::create: Path not in open_basedir paths
Unable to create destination
I am going to start a new personal / business website which will feature articles along with pictures and few videos, all managed through Joomla. I recently visited the official Joomla forum and found a thread which posted guidelines on choosing a proper Joomla hosting.
forum.joomla.org/viewtopic.php?t=95678
3. The most security conscious hosts turn PHP's Register Globals directive OFF by default. The next best allow you to turn it off in local .htaccess or php.ini files. A host that requires you to run a site with Register Globals ON should be avoided. This is true for any PHP enabled site, whether or not you are running Joomla!. There is a legitimate argument to be made by hosts for keeping Register Globals ON for PHP4 sites. This is that it would break too much legacy code. This argument should not be accepted for a PHP5 installation. Beginning with PHP5, the official PHP recommendation was to keep Register Globals is OFF. Note that beginning with PHP6, there will not even be a Register Globals setting, so don't get caught in a Register Globals backwater. Modify your code to work without Register Globals, and choose a host that encourages such practices.
6. Be sure users on your shared server can't view each other's files and databases, for example through shell accounts and cpanels.
7. Choose a host that provides real information about security compromises, rather than simply shutting your site down. Check their user forums for evidence of how they've responded to cracks in the past. A good host may for example, inform you immediately that a security breach has occurred and will quarantine the problem file for you, while leaving it there for further investigation. A poor host will shut your site down and provide very limited information on why. Watch out! All too many do this.
8. Be sure you have access to raw server logs. Reading these logs is a vital part of site security and recovery.
9. Choose a host that limits the number of users per machine and the average CPU load per machine to some reasonable number (depending on hardware). Be sure they proactively move user sites as needed to balance load. Check the number of domains on a server using reverse IP lookup.
10. Choose a host that manages it's own data center. Check the data center infrastructure, such as redundant Internet access, hot swappable backups, full daily backups, environment and access controls, emergency generators, etc.
11. Check that your host is not at risk of having its IP addresses blocked because it hosts porn or SMAM sites.
What alarmed me was #3, #6-#11
My Question is, how the hell am I supposed to check for these flaws? I thought I was going to settle down with Hostgator or Hostmonster, but now I am not sure.
If Hostmonster or Hostgator do not meet these requirement, can someone be kind enough to suggest some?
I don't expect that much of traffic, so I want to keep the budget minimal: below $8. I know that by limiting this budget, I am limiting the quality of hosting, but I am not ready to commit my resource to my first site: just an experimentation of my limits.
