i manage linux apache webserver with a few wordpress blogs and from time to time i see someone inject a malicious .php file into wp-content/uploads/2014/10/ directory.
i think its some bad plugin or theme, but these is more blogs, i ugrade, update, WP, but
how can i setup some monitor to tell me which php file (or even line in php file) injected that malicious .php ? I have linux root access so i can setup anything
I think I messed php config and I can't upload anything with php now Dir is chmoded on 777 and File_Uploads = On in php.ini
I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
I have a forum ( VBulletin ) in admincp Upload file is ok and high, For example .Zip file are max 3 Meg upload, but i want upload .Zip in thread, i can not upload over 1 Mb, and i view database error!
When I try to install ffmpeg, but it fail. The server cannot upload 1KB file from php. $_FILES['xxx']['size'] return to 0 $_FILES['xxx']['tmp_name'] return to ''
I run a video script on my new server at leaseweb and had a lot of trouble with timeouts and IO Errors when uploading files to our site.
We tried changing a few settings making the environment as liberal as possible.
I changed max_input_time and max_execution_time in php.iniI also changed TimeOut in httpd.conf and made sure there is no LimitRequestBody in httpd.conf
The tmp directory should have enough space and is writable.
So the question is if these changes are not enough because we are still getting these errors.
Is there something we are missing. Or does Leaseweb have some invisible incoming bandwidth limit it slaps on its servers by default?
A few accounts that will probably hold a few gigabytes worth of data. I need each account to use IMAP and handle up to 5 customer service reps simultaneously accessing the same account via IMAP. * We tried this previously with Google for domains but were limited to 10 simultaneous connections via IMAP *
Website
Just a basic LAMP setup is fine and the mysql isn't even necessary. I will be hosting a basic form for hi-res photo uploading though so I need to have a pretty high timeout and memory limit for php.
As far as traffic on the site is concerned, I don't anticipate more than a handful of users on the site at a time.
My question is - do you think a good shared host in the $10 a month range could handle a project like this? Can you recommend one?
I can setup a VPS on Linode for $20 a month that I'm sure could handle this, but I'm not a server admin and don't want to risk managing sensitive data myself.
My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server.
There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
I have a big problem concerning the file upload limit (I need a large size, around 2Go) : I was using my app in /var/www/vhost/default and it was working perfectly, I decided to change it and use /var/www/vhost/mydomain.com to have it throught the plesk panel, and there I have an upload limit than I need to push. I can't upload files larger than 128Mo and I don't know why.
- I have checked all php.ini files (with locate php.ini) and they are all correct. - I used plesk panel to set php conf -> done. - I put : php_value memory_limit 2000M php_value upload_max_filesize 2000M php_value post_max_size 2000M in my .htaccess in htdocs
[Code]....
I reload/restart apache2, psa, ... And it still doesn't work, I have no more idea every conf file seems correct. It's not a permission problem because I can upload some 80Mo files but not 500Mo ...
I'm currently running on a VPS. My site allows for large file uploads and downloads, with files over 600mb in size.
The server has issues when the site gets three or more requests for large file downloads. I'm trying to grow this site to thousands of users and it is hard to do when the site can't handle even three.
I've been told by my host that I need to upgrade to dedicated. My VPS only has 512mb RAM and one large file download is eating up that RAM. This is causing the issue.
I'm a newbie and while I knew I was risking a bit by going with VPS I do find it a bit annoying that these guys advertise 1TB of bandwidth per month but I can't even support downloading 1GB at the same time....maybe it's just me...
Anyway, I am now looking into moving the large files and the upload/download over to Amazon S3. If I do this I am expecting my RAM usage on the VPS to greatly decrease. Is this correct? If my PHP code is running on the VPS, but the actual file download via HTTP is coming from S3, that should not be a heavy load on my box, correct?
I have 1 domain so i will use upload script on but there is some issue when i try and upload file.
I have upload 1 file so was 11MB & 1 file so was 6MB without problem.
And try with a file so was 17.46MB and this will not upload. It seems to me that it is a barrier for some space 16MB of uploading! Since that work and upload file so was 6 & 11MB but when I try and upload a file so is 17.46 or higher it stop.
I'm running Plesk 12. I install it today, using the ISO which parallels provides, which includes centos 6.5 and preinstalled Plesk 12 in my vps. Then I logged in plesk, and I did everything it wants. Then I upgraded my php, to php 5.4.36 according to the manual that Paralells provides, and then I tried to increase the max upload file size for phpmyadmin. I have edited my /usr/local/psa/admin/conf/php.ini file and tried to restart using with 3 different ways using terminal:
1st: service sw-cp-server restart 2st: /etc/init.d/psa stop /etc/init.d/psa start 3st: reboot (which rebooted all the vps)
My php.ini file is:
short_open_tag = On y2k_compliance = Off output_buffering = Off max_execution_time = 600 max_input_time = 600 memory_limit = 256M max_file_uploads = 99999 max_input_vars = 2000
[Code] ....
However, when I'm trying to import a 31mb sql file, I always get that error, and only some of my tables are being imported:
#1153 - Got a packet bigger than 'max_allowed_packet' bytes
I'm having a problem with Plesk Panel 11.0.9 update #64. All other page running perfect. But when I go to "Backup Manager --> Database Backup Repository --> Upload Backup File" then Plesk Panel show error: Internal Server Error 500.0.
For those who are still under the softlayer hacker abuse please note you will need to re-load your server. We got hit a 2nd time after thinking everything was clean. Anyhow, for those who got hit again, my team and another from WHT - forgot who made the original clean.php script...
anyhow, here is a tool to clean all the data for all of your users:Copy fixit.pl and clean4.php to a directory. IE: /home/yourusername
Change username "changeme" in fixit.pl to the username where clean4.php is located execute fixit.pl: IE: perl fixit.pl. If you want to test this on one user uncomment the die statement. When you are ready to do the entire server comment the die statement.
i've got a couple of vps accounts and one got hacked today, i received a domain creation email for a domain i didn't create, password was "hackedonlyhost" and contact was not my email but someone elses. Root password was changed etc etc, but i managed to get control of the vps again.
Why am i posting this in the ded forum? because the email in the account setup was for a hosting company. I traced the ip to LT. I've found this guy on a couple of hacker forums (arabic, he's in egypt) also using his email at his hosting company.
So, whilst he may not be breaking LT rules at all do i bother contacting them to say they are providing services to hacker?
There Is Some Way That Hacker use a .htaccess file to change the php Version On The Server To use the Exploit Look I Run A php Shell From My Server [url] You Can See From The picture that my php version is 5.2.6 then I Have upload the .htaccess To My server the Version has been changed look to other picture [url] You Can see The .htaccess file And This Way Only Work If I have More Than one php Version on my server How Can I Secure My server From This Way
I'm still trying to figure this one out. I got an email last night about 10:30pm that a weird IP had logged with root. I thought it was a guy that helps with tech things but I ran the IP... it came back from Korea and I knew I was in trouble. I immediately logged into WHM and changed the root password then sent the server down for a reboot. He was only in there for about 3 minutes before I nailed him. I've banned the IP from the server and have been watching it for nearly 12 hours now and they haven't came back yet.
Now comes the task of trying to figure out how he got the password. This is mind boggling to me. He knew the password, like someone gave it to him... there were no incorrect guesses or brute force. The password was a series of random letters, both upper and lower case. Is it possible he got it through getting to /etc/passwd via a PHP script? I have open basedir restrictions in place, can they get around that? I noticed at the time he logged in there were several IPs trying to exploit PHP scripts on my server, you know, setting the parameters to txt files but I assumed with shell functions disabled (except exec) and with open basedir this wouldn't be possible. Is there a hole in cpanel / PHP / kernel recently I may have missed?
As with many sites. my site was hacked recently. my host was so negative about this. they didn't notice the hack attempt although it took the hacker 9 hours to break through.
after that I made some search on my host to find that it is not a real host at all. they are just resellers to another company. I was very disappointed, Then I decided to go to a better host who can protect me from hackers.
I read some threads about 'hacker safe host' but they all in general don't give a real name of trusted 'anti-hackers' companies.
can you guide me to some of the famous hosts?
if you can't my friends got a VPS hosted with WestHost. he offered me to move my site to his VPS. is west host trusted about hackers?
