Prevents Users From Overriding System Php.ini In SuPHP Mode

May 25, 2008

this is simple steps to Prevents users from overriding system php.ini in suPHP mode .... in CPanel servers

first : you must make sure that suphp is installed as default handler
than just edit your httpd.conf file or php.conf file ( will be better to use php.conf )

now add this line :


suPHP_ConfigPath /usr/local/lib

or ( Zend )


suPHP_ConfigPath /usr/local/Zend

if you need to use only php.ini config file :


suPHP_Config /usr/local/lib/php.ini

View 0 Replies


3 75GB HD In R5 Mode. Add A 4th One To The System?

Dec 3, 2008

I have 3 75GB HD in R5 mode. Can I add a 4th one to the system?

View 4 Replies View Related

Plesk 12.x / Linux :: Connecting To FTP For Passive Mode Users

Oct 14, 2014

After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:

Connect ok!
"/" is the current directory
Get directory
227 Entering Passive Mode
550 Access is denied.

Server logs:
Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709
Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d'
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy ([]) - FTP session opened.


Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/ /lib64/security/ cannot open shared object file: No such file or directory
Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/
Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy ([]) - USER client: Login successful.

ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured
ad2: everything was fine until recent updates
ad3: this is happening only for passive users only
ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19 

View 6 Replies View Related

Plesk 11.x / Linux :: Query List Of System Users Using API RPC

Sep 9, 2014

Is it possible to query for a list of system users using the API RPC? I know it's possible with a MySQL query

select id, login, account_id from sys_users order by login;

I've searched through the API RPC manual, but I don't see a way to do this. I always have to specify a filter, I can't find a way to just query for all users.

View 1 Replies View Related

How To Disallow Php.ini Overriding

Jul 11, 2007

if i enabled phpsuexec the client can remove all disable_functions and every thing if he just uploaded php.ini to his public_html folder

i thought about this:
ln -s /usr/local/lib/php.ini /home/user/public_html/php.ini

and it work perfectly but if the user triad to make edit via FTP to the file he will see the file content but can't edit

i triad to chmod to 0 but it will stop PHP

is there any solution to stop the user see the content for the file?

View 9 Replies View Related

Person Is Overriding Php.ini File

Nov 6, 2009

There is a user on my server that uploaded a php.ini file to their home directory, that disabled the "disable_functions" in the server php.ini. Is it possible to stop people from doing this?

View 1 Replies View Related

Bind $GENERATE Statement Overriding

Nov 5, 2007

I am configuring a bind reverse DNS zone to use the $GENERATE statement. This works well. But If I add a single IP record after or before the $GENERATE statement I get 2 PTR records for that IP (which is expected I guess).

Does anyone know if it's possible to report only 1 PTR record for a single IP (host) record?

View 1 Replies View Related

CDN That Prevents Hotlinking

May 15, 2009

I am looking for a content delivery network that will only serve files to a list of allowed hosts. This is such a basic "doh" feature, but nobody seems to have it (Mosso CloudFiles doesn't have it, and even Amazon S3 has no easy-to-use hotlink protection). Has anyone found such a CDN?

View 10 Replies View Related

Plesk 11.x / Linux :: Horde In 11.5 Prevents Some Attachment Viewing

Jul 18, 2014

Version: 11.5.30 CentOS 6 115140407.17 x86_64

Description: On prior versions of Plesk, users could attach Microsoft Office (word, excel, etc) files to messages they are composing in Horde, and then, before sending, click on those attachments to view them to make sure they are correct. After upgrading to 11.5, the following error is shown in Horde instead:

"Fatal error has occured could not display attachment. Details had been logged for the administrator."This issue does not occur with other file types, such as a PDF or text file.Steps to reproduce: Install Plesk 11.5 on Centos 6 x64, create an email in Horde, attach a Word document, before sending, try to view the document.

ACTUAL RESULT: Fatal error has occured could not display attachment. Details had been logged for the administrator.

View 1 Replies View Related

Rule (htaccess?) That Prevents Stealing Of Graphics And Puts Another Graphic In Place

Feb 6, 2007

I have a question regarding people who are stealing content off my site (using the same URL of my site). I would like to make a rule (in .htaccess, I imagine) that does the following:

If the graphic is placed on the desired domain, put the correct graphic in place.
If the graphic is placed on another domain (stolen), put a 'substitute' graphic in place that says that the content was stolen.

I know you can do something along these lines (I used to have an .htaccess that prevented people from linking to pages outside of designated domains) but I'm not sure if you can narrow it down much more. However, it would rock if it was possible.

View 7 Replies View Related

Plesk 11.x / Windows :: Panel Don't Show Users Database In Tab Users

Sep 6, 2013

The upgrade has an error when manage the users database.

OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM

In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:

Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

Show users in the tab users for database.

View 2 Replies View Related

Preventing Users From Connecting To Other Users Database

Mar 25, 2009

On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.

I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)

View 7 Replies View Related


Nov 13, 2007

I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.

Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)

well. getting to this fix was after 10 hours of all sites not working on the server.

now (5 minutes ago) I go to to read their docs for solution to find this


Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
Apache Server at Port 80

Why did this suddenly arise while No changes were done on server software or config?

I believe this happens after the first coming apache restart or something but dunno what was the reason yet

maybe guys have to update us when their site comes back online

View 5 Replies View Related

How To Know Which Mode Php Run

Dec 18, 2007

how to know in which mode php running ? CGI or ISAPI

View 2 Replies View Related

FastCgi Or SuPHP

Apr 1, 2009

what do you prefer?

fastcgi or suphp?

which one is better with suexec (in security and resource usage)?

View 11 Replies View Related

SuPHP Along With Suhosin

Oct 28, 2009

we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.

View 5 Replies View Related

How To Remove Suphp

Mar 23, 2009

i have many problem from this

i want to remove it

i had recompiled apache without it but it still working

View 2 Replies View Related

SuPHP Or EAccelerator

Jul 22, 2009

I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?

View 14 Replies View Related

Suexec And Suphp?

Feb 8, 2008

what are suexec / suphp and for what purpose we use it.

View 1 Replies View Related

SuPhp Use A Lot Of Resource

May 22, 2008

we are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?

View 7 Replies View Related

PHP 5 Handler (DSO Vs SUPHP)

Jun 25, 2008

somebody suphp?

What is your advice?

View 6 Replies View Related

PHPSuExec Or Mod SuPHP

Mar 18, 2008

I'm wondering which one is the best with cPanel and Apache 1.3.41. The server will be used for shared hosting.

View 11 Replies View Related

Php 5 Handler Dso Vs Cgi Vs SuPHP

Mar 19, 2008

I wanted to ask an advice which php handler is the most secure to have on a shared server:

dso vs cgi vs SuPHP

I currently have dso with Suexec on and few accounts are getting phishing sites uploaded so I read that SuPHP is safer. What do you recommend?

If I do change the server to SuPHP should I enable Suexec as well in the whm: Configure Suexec and PHP?

View 9 Replies View Related

Suphp And Suhosin ..

Nov 27, 2008

i have install suhosin and i want to know that should i install suphp too?


do you recomend me to install suphp?

View 2 Replies View Related

PHP In Apache Mode

Jun 10, 2009

I currently have one server running PHP in suPHP mode. One of my friend told me that if i change the PHP to Apache Mode, this would decrease my server load a lot and thus give more performance.

Anyone can tell me what mean changing PHP to Apache mode? Is that something i can do from WHM? Will this affect the domains currently hosted on my server?

View 6 Replies View Related

PHP Safe Mode On Or Off

Nov 6, 2009

What is the best option in the php setting does keeping the php function safe mode on or off?

View 12 Replies View Related

Php Safe Mode

Apr 9, 2009

i need to enable php safe mode on for my joomla and i came across this


When the php safe mode is turned off globally by default at our server end, you can still override the setting to turn it ON for only your domain by just insert the following line inside the ".htaccess" file (at Linux server):


php_value safe_mode "1"

my joomla .htaccess file:


# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license GNU/GPL
# Joomla! is Free Software

# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

# mod_rewrite in use

RewriteEngine On

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
########## End - Rewrite rules to block out some common exploits

View 3 Replies View Related

Safe Mode VPS

Aug 30, 2008

I have a script that needs safe mode off to run, the script writers have said safe mode is disabled as default and not required and even disabled in php 6

Now I'm not to fimular with Safe mode, all I know is most scripts are wrote to work with this on

View 4 Replies View Related

Copyrights 2005-15, All rights reserved