i know normally the user can put a flag in their .htaccess to do this, this does work for php5 because it is run using dso, but php4 is run using cgi and the one client that needs register globals also needs it for php4,
If I have a php page with no errors, everything works fine. If I remove a semicolon so it should give me an error, it displays nothing but a white page... Also, there is no error_log created.
php.ini error config:
Code: ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; error_reporting is a bit-field. Or each number up to get desired error ; reporting level ; E_ALL - All errors and warnings ; E_ERROR - fatal run-time errors ; E_WARNING - run-time warnings (non-fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and ; relying on the fact it's automatically initialized to an ; empty string) ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ; initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; ; Examples: ; ; - Show all errors, except for notices ; ;error_reporting = "E_ALL" ; ; - Show only errors ; ;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; ; - Show all errors except for notices ; error_reporting = E_ALL & ~E_NOTICE
; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On
; Even when display_errors is on, errors that occur during PHP's startup ; sequence are not displayed. It's strongly recommended to keep ; display_startup_errors off, except for when debugging. display_startup_errors = Off
; Log errors into a log file (server-specific log, stderr, or error_log (below)) ; As stated above, you're strongly advised to use error logging in place of ; error displaying on production web sites. log_errors = On
; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. ;log_errors = On;
; Do not log repeated messages. Repeated errors must occur in same file on same ; line until ignore_repeated_source is set true. ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; sourcelines. ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This has only effect in a debug compile, and if ; error reporting includes E_WARNING in the allowed list report_memleaks = On
; Store the last error/warning message in $php_errormsg (boolean). track_errors = Off
; Disable the inclusion of HTML tags in error messages. ;html_errors = Off
; If html_errors is set On PHP produces clickable error messages that direct ; to a page describing the error or function causing the error in detail. ; You can download a copy of the PHP manual from http://www.php.net/docs.php ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. ;docref_root = "/phpmanual/" ;docref_ext = .html
; String to output before an error message. ;error_prepend_string = "<font color=ff0000>"
; String to output after an error message. ;error_append_string = "</font>"
; Log errors to specified file. error_log = "error_log"
; Log errors to syslog (Event Log on NT, not valid in Windows 95). ;error_log = error_log;
We have about 100 servers using CSF, and CSF is generating A LOT of mail alerts.. which is causing us to receive over 1000 mails daily, just from CSF alerts.. this doesn't include support emails or others.
My question..
How do you handle mail alerts when you have lot of servers? See... i can not waste 5 hours reading every mail.. even if I start deleting those mails a lot of important and critical alerts can be erased in the process..
I was wondering what other people did to prevent their networks from being used as platforms for network abuse. I just setup an inward facing snort server, myself- But I was wondering what other providers (especially other low-cost VPS providers)
i'm wanting my users to be able to upload pictures to their accounts via email by sending the picture to a central email address (pics@mysite.com, for example).
from there, i'd like to take that incoming email and parse it how i see fit. (matching the email address to the user account, inserting the subject as the photo title, etc...)
I've been with NPSIS as a host for 8 years. They started out with 2 guys and their wives doing the billing. Many changes/expansions over the years and all went well till they sold out in 2007. I didn't even realize they sold it until recently when the problems kept increasing and the solutions didn't. It ended today when NPS threatened to turn me in for collections. I in turn will be filing BBB and Attorney General. They lost track of my payment for 2 years thru the school I teach at. I had a grant that paid for a domain name and some hosting for the 2 years for the kids to create their own sites. I called to confirm payment before the grant expired last spring. Now they suddenly say it was never paid. They did slip up and mention that they were in the process of converting to a new billing software package. Good Luck at turning the school in to collections.
Anyway, I am in the market for a new host. I have a couple of other accounts that will follow me. I have been searching for 2 days now and I am finding more bad hosts than good ones. I'm not looking for a McDonalds approach like godaddy or hostgator. I'd prefer something more than a 1 man operation. My typical approach with any new business is to google "NewBusinessName complaint" or "NewBusinessName sucks". This only works for places that have been in business for a year or more though. I am coming up with a lot of hosts on my "NOT" list and the few I find on the good list don't quite have what I want either.
My main concern for my primary account is email/span handling. I like to use horde and squirrelmail, and boxtrapper as part of cpanel. I can deal with something other than boxtrapper if it has white list/ response challenge. I am not sure what the next 8 years will bring as far as needs/changes are concerned but I want a host willing to change with the times. Dealing with spam is a big deal to me.
Any suggestions? Like I say I've been searching for 2 days so far and it seems like finding a needle in a hay stack. I'm still reading lots of info on this site but I am in a hurry to switch hosts.
I created a SQL Server database that need sto be setup for the customer on their hosting account. The hosting company wanted the sql statemens, ok so I gave it to them to setup my tables and stored procedures. I also mentioned that if they gave me a username and password with database location and catalog name for the connection string and as long as I had create rights for that database I could run my own sql statements via SQL Server Enterprise Manager to set it up. They sent an excuse about how insecure that wasy and that they couldn't send any usernames or passwords for the database to me t set this up.
They also said it's becomming more common for Hosting Companies to not allow access to the databases for thatpurpose. Ok... uh how in the world do they expect to have a programmer create and run their data driven website without that information? I'm confused on what these guys are doing.
So.. is this true? Are more hosting companies hording their database infromation and customer usernames and passwords from the developers?
a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.
One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?
(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )
My mail server receives tons of messages directed towards bogus, non-existant addresses at my domain. When those addresses don't exist, it creates a reply email with the subject "Mail delivery failed: returning message to sender". How do I stop exim from doing this?
Firstly this question is not related to running a web hosting business, but to dedicated servers hosting our own websites.
I was just wondering, other than security reasons, what is the importance (if any) of keeping Apache/WWW logs? Are there legal reasons?
If it is best to keep Apache logs, how should we go about this? If we don't look after them properly there will be massive amounts of logs being kept - what is the best way to store them? I know they can be "rolled over" and kept for a certain amount of time, which is the best utility to do this?
The OS is Linux (CentOS) and the web servers are Apache and Lighttpd.
and should proxy/gateway/cache server logs be kept?
I just bought a new dedicated server and have got Lxadmin on it. Now lxadmin , automatically uses a different loggin system than I would want it to use. It creates a seperate log file for each doamin.
They are located in /home/httpd/EXAMPLE.com/stats
EXAMPLE.com-error_log EXAMPLE.com-custom_log
Now the problem is that I have literally hundreds of domains and I want it to instead log at a single place and not at these hundreds of seperate places.
This is the root cause of my problem
# The location and format of the access logfile (Common Logfile Format). # If you do not define any access logfiles within a <VirtualHost> # container, they will be logged here. Contrariwise, if you *do* # define per-<VirtualHost> access logfiles, transactions will be # logged therein and *not* in this file.
I am unable to have any kind of centralised logging command because of the individual entries for each Virtual host.
Even if i can manually remove those entries once, and new domain created by lxadmin will have that same problem. Morevoer, any kind of update of lxadmin which rebuilds the database will also ruin all the hardwork that I put in.
Is there any suggestion / solution to this problem? Have centralised data at one place in a single file?
We have quite a large number of servers now but I'm now finding it harder and harder to keep log of the number of details for it. How do the bigger guys keep control on this? Ie: Keeping logs of the serial/product keys of each part in the server, where they were ordered from, what date was it ordered etc?
My collection of growing motherboard, ram, processor boxes (which all store the serials of the products on) are now slowly taking over the office even when flat packed. I normally just write on each of the boxes where the product was ordered from, date of order and server name. While this is all well and good.. 50 servers later it can be a bugger to find the serial of that dedi mobo without going to the DC.
I tried my efforts at a simple Access database but I kept finding I spent more and more time typing in complex keycodes into the DB and just gave up. When this has been done it sounds nice and easy but then I hit another stump.
Ontop of logging a new servers details, how do you log which server is available to be sold, who its been sold too? ATM we have a VPN shared spreadsheet with all the details in (praying that the other employees will actually update it) but Im not sure if it will stand up when it hits 100+ servers rather than the 50+ atm.
Running Apache 2.2.2 and PHP 5.2.5, and my error_logs are filling up with PHP notices. I'd like to turn this feature off, but I must be missing something here. I've edited the php.ini and set error_reporting = E_ALL & ~E_NOTICE, and reloaded apache, but I still get the same php notices over and over again in the httpd error log.
For some reason on a box I have, it takes 25 seconds from the time I hit enter for a usernames password for it to login via SSH. I am running CentOS 4.4
Is there something I can check to see why it is taking so long and/or fix this?
I have Cpanel VPS account, and have been regularly backing up all my outgoing emails (via SMTP, imap or webmail) with the following:
Added to following lines in /etc/antivirus.exim
Code: if first_delivery and ("$h_from:" contains "username@domain.com") then unseen deliver "backup@anotherdomain.com" endif So, this worked well for the longest time. At some point it 'disappeared' and stopped working which I guess was due to some update, and putting it back it got it working again.
Recently, I had a new vps, moved my domain there and dropped the same bit in, but this time around, it didn't work.
Is it possible that antivirus.exim isn't being parsed? How do I check? Or is there somewhere else I can stick it into so it'll always work and not get replaced by some cpanel update?
I'm looking at allowing remote telnet into my server.
like any security-minded administrator, I want to log what my users type on the telnet session.
I'm using the script command to generate transcripts of the users session.
I have /etc/profile set to automatically start the script command to log user activity, and in /etc/bash.bash_logout I have a command that emails me the transcript of the users' session.
All of the above works well except for one thing:
the users can type "exit" to escape from my script logging and any commands they type won't get logged.
Does anyone have an app they use to track the bandwidth/usage for each connected computer/server?
we have multiple servers hooked up to one internet connection, all running miscrosoft windows software. Ideally i would like ONE of the servers running microsoft 2003 to log all others network usage.
All the servers do different things, so it would be great to check which are under most demand etc.
The other thing is, naturally i dont have screens for them all, only one. So this is the main reason for remote logging. Would be hassle to have to Remote desktop into each one to check how there doing every hour etc.
commands to log packets temporarily for a certain udp port with the IP information ect.
Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.
