It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
View 8 Replies
How Can I prevent users removing file web.config on FileManager?
I try set attribute read-only, but not effect.
I've just uploaded my website files onto the server, the website is working fine, but I'm not sure my files are 'arranged' right. I uploaded my images in a folder, but all the rest of the files are 'loose' along with the index file. If I go to either of my domain names, the website appears, which is ok for now, but I only really intended it to under one domain name, so there may be problems if I want another site up there. I think my files should be in a folder. Is this right? Should the index file be in the same folder, or should it be outside the folder with the links changed accordingly. I've been emailing my hosting service, and they 've been trying to help, but I feel a bit thick because I don't really understand what they're saying. Could someone tell me in very plain english how the files should be arranged?
View 11 Replies View Relatedi just bought php file management script, its running smoothly, the only problem was i cant upload big file ( > 1 Gigs ) using that script, then i ask the developer and he said it shouldnt be a problem since he sold that software before people and he never got a problem like that.
OS : Slamd64
apache 2.2.10
php 5.2.8
i tried to changed
post_max_size = 1900M
upload_max_filesize = 1500M
Why is it that you can upload large file size when you are using FTP, but you cant upload large file size beyond the max when you are using browser to upload?
View 3 Replies View RelatedI want to install a script (a simple wordpress blog)on my website but now i'm just astonished at how many files I have to upload on my server's directory! Uploading those files one by one will take forever. Is there a way to upload multiple files all at once?
View 3 Replies View RelatedHi guys, I've been having problems trying to edit my php.ini file which I think I've now fixed.
The whole reason I wanted to do this was because I've just moved to Media Temple from another hosting company and I'm having a couple of problems with the switchover.
Basically I use a CMS system to add properties which appear on the main website. I also upload PDFs and images. On the old hosting company, the PDFs and images went into folders called dnDir/pdf and dnDir/images but on Media Temple, they are going in to a folder called tmp. I really want them to go to the same place as they used to.
Is this an issue with php.ini that I need to rectify? If so, could you point me in the right direction?
There is a behavour with my server FTP when uploading a whole directory with many files in many sub-directories
Very often, the server disconnect itself when actively uploading files and the log simply says 'timeout'
It is as if the file got 'stuck' half way, and the FTP consider them as idle, therefore it disconnect you with a 'timeout' before reconnecting you.
But i have no problem uploading a single 200mb file to the server via FTP. I suppose no problem with 'keep alive'
So what is this behavior and how to solve it?
I'm facing a very strange FTP issue with one of my shared-hosting accounts, while all of my other servers are having no problems but only this one, when I try to upload a file (whatever file) larger than 500kb from my local PCs, in most cases, the file would stop uploading during the process and hang there until it times out.
There are 2 interesting things though:
The file transmission typically hangs when approximately 248kb of the file have been transferred, pls see the attached screenshot for example.
If you look at the attached screenshot, you will notice that the uploading transmission hangs when 248kb of the file have been transferred. This is very strange and what I mean is that for example, I randomly pick up a file, and attempt to upload it onto my host for 10 times, now see, 5 times it will hang when 248kb of the total size have been transferred, 3 times it will hang at other points *near* 248kb (224kb or 280kb typically), 1 time it will hang at another random point, and 1 time it might be uploaded successfully (yes, there is still a tiny chance for the file to be uploaded successfully).
My default internet uploading speed is 80kb/s-100kb/s, lately I found that, when I limit the uploading speed on my FTP client (e.g. max. 30kb/s), everything WILL WORK without any problem! No hangs, no interrupt.. Whereas when I free up the uploading speed limitation and let it upload with my regular speed, the problem appears again.
It seems to me that the FTP hangs only when the uploading speed is higher than 60kb/s. However my host provider told me that they have customers uploading without any problem at over 400kb/s, and they said "there's no problem or limitations on the server at all".
Up until now, I have done following things to troubleshoot the issue but with no luck:
Contacted my host.
Disabled/Enabled the PASV mode on my FTP client.
Tried different FTP clients on different computers (FlashFXP and Filezilla).
Rebooted my router and reseted everything with the factory default settings.
Contacted my ISP for the issue, they "did something" but nothing were helpful.
Rebooted all my PCs.
Disabled both firewalls on my PC and on the router.
Furthermore, I have asked another friend of mine in another city with another ISP to test the FTP uploading, but unfortunately he got the exact same problem. And I've done some search on the internet for hours but no one seemed to have the same problem..
Does anyone host with 1and1 and use PHP to upload files???
I can't find anywhere on the 1and1 FAQs that say what the temporary file directory is for uploaded files.
Anyone been there before who can help?
I've just installed SSL and I'm wondering where should I put my files so that users from web are accessible only through SSL?
Do I have to upload whole site to the Private_html folder instead of public_html folder?
i have a problem trying to upload files to a server, when i try and upload a file, (.htm) i get a message: file already exists (even though it doesn't), which if i then say to overwrite, it creates an empty file of 0mb, (with the name of the file i am trying to upload).
i don't know a great deal about web servers - are there any web server settings which may be causing this.
i have free hosting server and a rule to upload 3MB file max. it works for FTP, but somehow it doesn't work for php. It seems for php the limit on my server is 100MB (no idea why)
i use following directives to limit file size in php.ini :
; Maximum size of POST data that PHP will accept.
post_max_size = 4M
(4 just for some margin )
; Maximum allowed size for uploaded files.
upload_max_filesize = 3M
and i still can find 100MB files on disk. this is part of log file from apache from the account that uploaded it to me:
Code:
boorako.[] someip - - [13/May/2007:12:21:22 +0200]
"POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment=&domail=&email=&useproxy=
&proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path=
/some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto=
/a/index.php&link=[url]
HTTP/1.1" 302 188
[url]
boorako.[] someip - - [13/May/2007:12:21:35 +0200]
"POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment=
&domail=&email=&useproxy=
&proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path=
/some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto=
/a/index.php&link=[url]
HTTP/1.1" 302 188 [url]
"Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
as the effect of this (at least i think so), there was 100MB file in his home dir.
any idea how can he POST such big files even with those two directives?
i have also set LimitRequestBody to 5194304 and LimitXMLRequestBody to 5194304 in apache2.conf which also should stop files being POSTED as big as 100MB.
i have php 4.4.4-9, Linux Debian, apache 2.2.3 working in worker mpm, and php as fastcgi.
P.S. i removed server info like IP, dir and address to not show specifics about my server in public, i put [] there.
I am having trouble uploading a 500mb file with File Manager in the control panel as well as SmartFTP. I was told to upload this large file through Putty. I able able to login through SSH as root, but i can't seem to find the right directory to upload this file into. This file is a backup file of the home directory. I am transferring all files from my old host to my new host. How would I find the right directory and upload this file through Telnet.
View 0 Replies View RelatedI have a Dating Portal >>> Dating Sites but HTML file isn't uploading on my server "site5.com" Except HTML file every file is uploading there but HTML isn't
View 2 Replies View Relatedanyone knows file sharing/uploading site hosted on akamai server?
i know few sites where i can share video but wanna know sites where i can upload any files and share.
Domain has PHP Settings in Plesk set to 2G and I get this error when uploading a 48MB file using Wordpress. I assume I need ot modify this manually in conf file somewhere to allow uploading large files?
Requested content-length of 48443338 is larger than the configured limit of 10240000..
mod_fcgid: error reading data, FastCGI server closed connection...
I am getting following error while uploading jpg images using file manager.
Unable to copy (C:Program Files (x86)ParallelsPleskPrivateTempagenta68ae7b7e47ebe9a8f021ecaf928d247php8699.tmp) to (C:Program Files (x86)ParallelsPlesk
mp{3f060750-21f6-11e4-80b6-c3d8b970534c}): (112) There is not enough space on the disk. (Error code 1)
I'm trying to upload backup ms sql server file. But the Control panel tells me error: "Error: copy_file failed: filemng cp failed:"
"The issue usually occurs due to exceeded disk quota. Check it."
When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:
<Directory /var/www/html/folder/files>
order deny,allow
allow from localhost
</Directory>
This works BUT the file also isn't viewable from within the application anymore.
to upload some flash videos over to our web host.
All the videos have been uploaded to << link removed >> and in there you will seea flash_video directory, in there should be a html file where you can double click and watch the flash video.
Now go ahead and try it, click on the HTML file and click CONTINUE and try clicking on MODULE 1.. You will see a video play to the left but on the right are bunch of POWERPOINT slides that will appear as the guy continues to speak. THAT DOESNT SHOW..
Our website is hosted by xo.com
Dont know much about the plan since its my 2nd day at the job..
But here is the weird part,
i have uploaded the samething - same exact way to another web host and it plays fine, the PPTs show up fine..
What do you guys think it is?
Before someone asks about uploading methods, i tried filezilla, coreftp and cuteFTP using both ASCII and binary methods. Samething..
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server.
There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
I am trying to ftp some changes to my site. The strange thing is that while the FTP client (Filezilla) is accepting the new file, it will not show up on the new site. I've tried caching, refreshing browers, and rebooting but nada.
I then went back into my FTP client and checked the timestamp of the file being uploaded. For whatever reason, it will not show the most recent time of the file being uploaded, much less accept the most recent upload.
Here is a screenshot of what I mean.
I am being hacked & I don't know how they are getting files on my server. They are doing it on two of my domains, I suspended one and then they got it on the other. My FTP access log does not show anything suspicious..
How can I find their doorway?
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file.
so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file.
the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse.
the question , how to avoide this prolem in the future?
notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
Does domlog file and raw access files are same? I mean do the contains same contents?
View 0 Replies View Relatedi download a script .. when i unzip the script .. all the folder have chmod to 700 + 600
what command could let the folders and sub folders have chmod to 755 ( as root )
i command this
chmod 755 *
but the folders inside the folder didn't chmod to 755
there is alot folders thats why its hard to do it manually :p
I have download manager script that I use for my customers to download products right after the purchase.
Script generates download link that looks like this:
http://www.yourwebsite.com/download/...582921B&p=1840 (where 2YY6582921B is receipt number that is different with each purchase).
All products are placed in one folder. This folder can not be seen in above download url, but can be accessed thru browser and files can be downloaded that way without paying for them.
Can I use .htaccess and if yes how, to protect all product files the way that they can not be accessed directly by visiting url thru browser (in case somebody will find the correct url), they should be allowed for access only for my download manager script.
I have anywhere between 80,000 - 90,000 webpages that have a single code into this. Unfortunately at the time the web developer I used didn't use PHP includes. So each .html file has the code in it.
I want a way so I can do a single command either a program or an SSH command can find the syntax in the files and replace it will code I have. Its just a single line of code that is basically for an adsense code, so the pub-blahblahblah etc..
Does anyone know of a SSH command I can use, or a program that will find and replace without manually opening up each file? 80k - 90k of opening files then find/replace will take forever!
I recently had an issue where my box wasnt listing accounts (on logging into WHM for the first time it would, thereafter browsing different functions in WHM it would fail to list any accounts), would not list any zone items when editing DNS zones and in general was acting very strange.
I think the tech support chap narrowed it down to zero free inodes on the filesystem (i was even getting errors when editing files with 'vi'). This was increased for the VPS and all issues seemed to be resolved...
However named and httpd were not starting after reboots. Again on looking closely named and httpd were missing from /etc/init.d (on CentOS 5.3)! This is very strange and i certainly didnt modify those nor delete such critical files.
For a second opinion, is there any cPanel script that can be ran to fix the issues, i am concerned other things have been affected but havent manifested themselves yet (other files deleted etc). Does cPanel update script create the init.d files or is this done by the CentOS operating systems itself? Are these files modified during a cPanel update script?
These init.d files for named and httpd have been readded (copied across from another box) and it seems to be ok again, but ideas on howto proceed much appreciated, as i mentioned i dont want any nasty supprises!
