Prevents Users From Overriding System Php.ini In SuPHP Mode
May 25, 2008
this is simple steps to Prevents users from overriding system php.ini in suPHP mode .... in CPanel servers
first : you must make sure that suphp is installed as default handler
than just edit your httpd.conf file or php.conf file ( will be better to use php.conf )
now add this line :
Quote:
suPHP_ConfigPath /usr/local/lib
or ( Zend )
Quote:
suPHP_ConfigPath /usr/local/Zend
if you need to use only php.ini config file :
Quote:
suPHP_Config /usr/local/lib/php.ini
View 0 Replies
ADVERTISEMENT
Dec 3, 2008
I have 3 75GB HD in R5 mode. Can I add a 4th one to the system?
View 4 Replies
View Related
Oct 14, 2014
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.
Server logs:
/var/log/messages
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But:
/var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
View 6 Replies
View Related
Sep 9, 2014
Is it possible to query for a list of system users using the API RPC? I know it's possible with a MySQL query
Code:
select id, login, account_id from sys_users order by login;
I've searched through the API RPC manual, but I don't see a way to do this. I always have to specify a filter, I can't find a way to just query for all users.
View 1 Replies
View Related
Jul 11, 2007
if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder
i thought about this:
ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini
and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit
i triad to chmod to 0 but it will stop PHP
is there any solution to stop the user see the content for the file?
View 9 Replies
View Related
Nov 6, 2009
There is a user on my server that uploaded a php.ini file to their home directory, that disabled the "disable_functions" in the server php.ini. Is it possible to stop people from doing this?
View 1 Replies
View Related
Nov 5, 2007
I am configuring a bind reverse DNS zone to use the $GENERATE statement. This works well. But If I add a single IP record after or before the $GENERATE statement I get 2 PTR records for that IP (which is expected I guess).
Does anyone know if it's possible to report only 1 PTR record for a single IP (host) record?
View 1 Replies
View Related
May 15, 2009
I am looking for a content delivery network that will only serve files to a list of allowed hosts. This is such a basic "doh" feature, but nobody seems to have it (Mosso CloudFiles doesn't have it, and even Amazon S3 has no easy-to-use hotlink protection). Has anyone found such a CDN?
View 10 Replies
View Related
Jul 18, 2014
Version: 11.5.30 CentOS 6 115140407.17 x86_64
Description: On prior versions of Plesk, users could attach Microsoft Office (word, excel, etc) files to messages they are composing in Horde, and then, before sending, click on those attachments to view them to make sure they are correct. After upgrading to 11.5, the following error is shown in Horde instead:
"Fatal error has occured could not display attachment. Details had been logged for the administrator."This issue does not occur with other file types, such as a PDF or text file.Steps to reproduce: Install Plesk 11.5 on Centos 6 x64, create an email in Horde, attach a Word document, before sending, try to view the document.
ACTUAL RESULT: Fatal error has occured could not display attachment. Details had been logged for the administrator.
View 1 Replies
View Related
Feb 6, 2007
I have a question regarding people who are stealing content off my site (using the same URL of my site). I would like to make a rule (in .htaccess, I imagine) that does the following:
If the graphic is placed on the desired domain, put the correct graphic in place.
If the graphic is placed on another domain (stolen), put a 'substitute' graphic in place that says that the content was stolen.
I know you can do something along these lines (I used to have an .htaccess that prevented people from linking to pages outside of designated domains) but I'm not sure if you can narrow it down much more. However, it would rock if it was possible.
View 7 Replies
View Related
Sep 6, 2013
The upgrade has an error when manage the users database.
PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM
PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
EXPECTED RESULT
Show users in the tab users for database.
View 2 Replies
View Related
Mar 25, 2009
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
View 7 Replies
View Related
Nov 13, 2007
I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.
Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)
well. getting to this fix was after 10 hours of all sites not working on the server.
now (5 minutes ago) I go to http://www.suphp.org to read their docs for solution to find this
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, hostmaster@marsching.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache Server at www.suphp.org Port 80
Why did this suddenly arise while No changes were done on server software or config?
I believe this happens after the first coming apache restart or something but dunno what was the reason yet
maybe suphp.org guys have to update us when their site comes back online
View 5 Replies
View Related
Dec 18, 2007
how to know in which mode php running ? CGI or ISAPI
View 2 Replies
View Related
Apr 1, 2009
what do you prefer?
fastcgi or suphp?
which one is better with suexec (in security and resource usage)?
View 11 Replies
View Related
Oct 28, 2009
we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.
View 5 Replies
View Related
Mar 23, 2009
i have many problem from this
i want to remove it
i had recompiled apache without it but it still working
View 2 Replies
View Related
Jul 22, 2009
I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?
View 14 Replies
View Related
Feb 8, 2008
what are suexec / suphp and for what purpose we use it.
View 1 Replies
View Related
May 22, 2008
we are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?
View 7 Replies
View Related
Jun 25, 2008
somebody suphp?
What is your advice?
View 6 Replies
View Related
Mar 18, 2008
I'm wondering which one is the best with cPanel and Apache 1.3.41. The server will be used for shared hosting.
View 11 Replies
View Related
Mar 19, 2008
I wanted to ask an advice which php handler is the most secure to have on a shared server:
dso vs cgi vs SuPHP
I currently have dso with Suexec on and few accounts are getting phishing sites uploaded so I read that SuPHP is safer. What do you recommend?
If I do change the server to SuPHP should I enable Suexec as well in the whm: Configure Suexec and PHP?
View 9 Replies
View Related
Nov 27, 2008
i have install suhosin and i want to know that should i install suphp too?
and
do you recomend me to install suphp?
View 2 Replies
View Related
Jun 10, 2009
I currently have one server running PHP in suPHP mode. One of my friend told me that if i change the PHP to Apache Mode, this would decrease my server load a lot and thus give more performance.
Anyone can tell me what mean changing PHP to Apache mode? Is that something i can do from WHM? Will this affect the domains currently hosted on my server?
View 6 Replies
View Related
Nov 6, 2009
What is the best option in the php setting does keeping the php function safe mode on or off?
View 12 Replies
View Related
Apr 9, 2009
i need to enable php safe mode on for my joomla and i came across this
Quote:
When the php safe mode is turned off globally by default at our server end, you can still override the setting to turn it ON for only your domain by just insert the following line inside the ".htaccess" file (at Linux server):
Code:
php_value safe_mode "1"
my joomla .htaccess file:
Quote:
##
# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
View 3 Replies
View Related
Aug 30, 2008
I have a script that needs safe mode off to run, the script writers have said safe mode is disabled as default and not required and even disabled in php 6
Now I'm not to fimular with Safe mode, all I know is most scripts are wrote to work with this on
View 4 Replies
View Related
