Remote POST

Jun 4, 2007

how can i forbid POST to be sent from outside website and allow it to be sent from the website of origin like if you are on domain.com POST command must be allowed only if you are sending it from taht domain/referer?

View 9 Replies


ADVERTISEMENT

Can't Post With @ Symbol

Sep 14, 2006

I am running on a VPS system, and I have some auction software and I run Vbulletin as well..

When someone trys to do a Private MEssage via Vbulletin using anything with the @ in it.. Like an e-mail address. And hit submit, it says " /private.php access is denied.

But it also does it when I post news in the auction site. Which leads me to believe their is something screwed up with one of the server settings.. But I dont know what?

View 6 Replies View Related

Another Vaguhost Post

Feb 4, 2008

Well i started off with them in december. here is my review

- Waited a week after payment for service. ticket replys "will be up tonight" or "working on it now" now came a week later.

- then when it did come online cpanel/whm licence was invalid, resulting in 4 more days of "will be fixed today" replys to my tickets

- finaly server up and whm working, fantastico licenc invalid, here foes another 5 days

- same time as fantastico: whmcs licence invalid guess how long? (had to threaten to cancel to get it)

Dispite all this when i finally got online they promised a free month for the issues, server ran great for about a week and i was happy at this point.

then ran into several small issues, ftp shutting down, site downtime, not being able to edit files and folders, nothing major just little things, but lots of them.

cron issues, RV took a week to get installed. wrong amount of ips that to this day was never corrected.

support tickets started to disapear, and respond times grew massivly, bandwidth exceeded pages sprung up daily and randomly on all mycustomers pages, and mail to this day has never worked properly.

then i get invoiced in the middle of jan for another 3 months. not only did i not have my time i paid for but didnt get the free month for the issues, at this point they try to upsell me to pay the full year at discounted price and my issues still are not fixed.

At this point im through with this, i havent spent 3+ years building the customers i have to loose 3 in 1 week due to there serice. After seeing other simmilar posts here and how they reject refunds, I was promised in both msn chat and there own ticket system they DO offer a money back guarantee and have 7 screen shots of different convos with it being guaranteed. PayPal will not interfere as its a service therefor if i do not recieve 2 of the 3 month i have paied fore i am doing a credit care charge back.

Jeff has lied far too often. We have even checked into his "Llc" which he is most definetly not. and this is illegal.

Jeff when you read this no BS responces not "we dont refund" this is not a choice for you, it is an understanding on my part that you keep one of the three months payment or i will do a 100% credit card chargeback which will result in your paypal deducting it and charging you $15 for the process. refund 2 months, and i want it this week, not next month. Dont bother deleting my tickets and email/msn convos i have everything screenshoted. your a crook, and a fraud. I cant believed that in between all this the 1 or so week it did somewhat work i actually posted positive reviews and supported/defended your business.

View 14 Replies View Related

Way To Block Too Many POST Requests

Apr 17, 2007

if there is a rule to add to firewall or mod_security to ban any IP which is sending more xx number of POST requests to the same URL?

View 6 Replies View Related

Post Command Details

Apr 6, 2007

In httpd-status i see that some IPs hardly sending POST command to index.php but can i somehow find out what exactly they are trying to post and into which form on that page ?

View 5 Replies View Related

Post Your CSF Score & Warnings

May 26, 2007

We were able to get the score up to 62/70. Will need the server management company's advice and help to try and get rid of more of the red warnings.

What is your score and which red warnings do you have left? Post them please.

Score: 62/70.

Will ask server management company about these red warnings:
A1. /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
A2. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality
A3. You should modify /usr/local/lib/php.ini and set:
enable_dl = off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in php.ini
A4. On most servers anacron isn't needed and should be stopped:
service anacron stop
chkconfig anacron off
chkconfig --del anacron

Probably going to leave these red warnings for now:
B1. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read this article and this article
B2. You should modify /usr/local/lib/php.ini and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
B3. To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable phpsuexec when you build apache/php. Note that there are sideeffects when enabling phpsuexec on a server and you should be aware of these before enabling it
B4. You have package updating disabled, this can pose a security risk as OS vendor and cPanel security updates may not be applied in a timely manner WHM > Update Config >cPanel Package Updates > Automatic

View 2 Replies View Related

Gigenet: Post-migration Review

Oct 17, 2009

It's been close to a month since we've migrated away from our former provider to Gigenet, and after monitoring the activity and health of our new servers, I felt it was time to write a review.

This isn't about bashing our old partners, the data center and our former managed hosting provider. I'm leaving names out of this, and I'll appreciate it if the couple people on WHT who know our old providers keep that info to themselves, because this is not about them; it's about Gigenet.

Support
Tickets/support is about as good a place as any to start. Our old setup had all management running through our managed hosting provider, and tickets were either closed unanswered, or we might wait days to get a response, which was too often less than helpful.

Our setup now includes standard management through Gigenet, and we've contracted Rack911 to handle management of some very specialized services and security requirements we wouldn't expect Gigenet or any other data center-based management team anywhere to handle. That's another (very positive) review for another day.

During the course of migrating (five servers during three weekends), we opened perhaps 10 tickets regarding server config, IPs, provisioning certain services, etc., and the longest we had to wait for any ticket to get answered was 9 minutes. In all but one case, the first response resolved the ticket - the remaining ticket did require more back-and-forth communication, which is to be expected. Even better, instead of hearing about everything that can't be done (something we'd come to expect from our previous provider), they focused on what could be done, and they did it. Things were handled properly and professionally every time.

Best of all, I can actually call my admins or chat with them, sort out issues in minutes instead of days or months.

Hardware Performance
Despite how much happier we are with the response we're getting from our admins, this benefit pales in comparison to the performance increase we've seen since we moved.

We have a single client who accounts for three of the five servers we're hosting right now. Again, I'm leaving names out, because this is not their endorsement of Gigenet - it's our endorsement. The performance boost we've seen since moving has been nothing less than astonishing.

Of those three servers, let's consider the old Web server config:
- Xeon Quad Core, one of the mid-2008 E series
- 6GB RAM
- Public 100MBPS connection
- SATAII 250GB HD

And now the new Web server:
- Core i7 920
- 8GB RAM
- Public 100MBPS connection
- 10k Raptor 147GB x2, RAID1

So, it's a step up. Is it a significant step up? I'll leave that to hardware geeks to debate. But I don't think anyone can argue that the increase in hardware does not match the increase in performance when you look at these numbers:

Old Web Server
Typical Load: 2 - 5
High Traffic Load: Always 15+, often 40+, sometimes reaching 200+ and requiring a restart
Typical Idle: 85%
High Traffic Idle: 0%, and it could stay buried for 15-30 minutes at a time!

New Web Server:
Typical Load: .1 - .3
High Traffic Load: .5 - 1 (I've only seen it go above 1 twice)
Typical Idle: 95-100%
High Traffic Idle: 80-90%

We have even more revealing numbers from when we did some post-migration stress testing. I won't get into details here (I might be doing a more thorough write-up about this in the future), but the general conclusion was that the new server could handle 6x the traffic of the old server and still serve pages faster than the old server did even with all traffic already routed off that server.

I attribute this to three things (caveat: I'm not a hardware expert, and this is my best guess).

1) The hardware is a step up, and that will account for some performance boost.

2) Rack911 optimized this server from day one.

3) The components/build are simply higher quality.

If you happen to know the client who uses these three servers, again, please keep this info to yourself, but try surfing their site now, and you tell me whether it's faster, like maybe 3-4x faster! They've been getting quite a few people complimenting them on their site's performance over the last few weeks. I'd like to take credit for that, but I can't.

----------

So there you have it - another satisfied customer of Gigenet (and Rack911). I hope over time my experience with them continues to be the same quality it is now. We're paying a bit more than we were before (for both hosting and administration), but we're getting so much more for our money!

View 14 Replies View Related

WiredTree 1 Year Review (Re-Post)

Mar 24, 2009

I have been a WiredTree customer for about one year and I am very happy with their services. One of the top VPS providers available on the world, WiredTree runs its servers in its own datacenter and it is the real peace in mind company. On January 15th 2008 I've started a VPS 512 in WiredTree using a a WHT promo offer and encountered not only one problem with billing, hardware, software, support!! I'm running 16 monster websites of my selected customers on this VPS under cPanel optimized for VPS release 4-R32603 - WHM 11.24.2 - X 3.9. OS: CENTOS 4.7 i686 on Virtuozzo. I've recently rebooted my VPS by command line (SSH) due a new app install exigence and this task was performed in few seconds without only one problem with cPanel!! The VPS 512 has this spec:

WiredTree Fully Managed VPS512 with Cpanel
* Intel Dual Xeon Clovertown (8 CPU Cores)
* 512MB Guaranteed SLM RAM
* 2048MB Burstable RAM
* 500GB Bandwidth (100Mbps Uplink)
* 50GB RAID-10 Disk Space
* Fully Managed - 24x7 Toll-free Phone + Helpdesk Support
* 24x7 Proactive Monitoring and Service Restoration
* ServerShield Server Hardening
* 4 Dedicated IPs
* cPanel / WHM
* Virtuozzo Power Panel
Nightly Off-Server RAID Backups included

A great point in this VPS 512 is the number os disk inodes allowed for its 50GB disk space: 10,485,760 (in generally default VZPP disk inodes for 50GB are only 600,000). Disk inodes number it is a very important item in VPS spec because with much disk inodes you can host much directories and subdirectories; if the inodes number is little you will fill an entire virtual HDD (your VPS) quickly if you are hosting websites with a long files tree.

I did my order using the verified corporate PayPal account of @Macarlo Networks, Inc. and in few hours I received a phone call from WiredTree and then, few minutes after this, the welcome e-mail with my login. WiredTree is not a reseller and control it's own NOC in Chicago, Illinois, a best point for all bandwidth requests from U.S. and other countries.

My rating after one year with WiredTree:

Uptime: 10/10
Management: 10/10
Support: 10/10
Price: 10/10
Billing: 10/10

Domain for verification: http://macarloshark.com/

For evaluate the WiredTree's VPS 512 for this review I hosted there the above referred 16 websites, all setup in few minutes by cPanel version 11.15 with Fantastico De Luxe and more...Using a tarball downloaded also in few minutes from our external backup server, in Nedw York (BQBackup) I put all 16 websites data in my VPS 512, registered in my partner Dotster, Inc. the new name servers for macarloshark.com and after the propagate proccess I started all websites just fine and in high speed, including for same extra-heawy webpages we have just for evaluations on VPSs and physical dedis.

Then I started the WHT Unixbech test on January 2009 and see the output below: ....

View 4 Replies View Related

Mod_secuirty POST Payload Error500

May 9, 2007

I've been having problems with the server company. These have been based around me getting an error 500 (SQL injections from CRITICAL to EMERGENCY) in mod_security when testing out a CMS built using PHP and MySQL.

After months of reading about internet security, SSL, XSS, mod_security docs etc. etc.

I've managed to get the 'add' page working by escaping the $_POST stuff and making things in general less dynamic in order to make the SQL statements less open to attack and avoid getting the error again.

Now I'm back to the 'edit' page and I seem to have escaped everything and basically built it in exactly the same way as the add.php page, except using different SQL and a little SQL beforehand to drag out the database entry, and I'm still getting error 500.

The error logs still claim this is a $_POST payload attack, but I can't see where this could be coming from.

Does anyone know where it is likely to be coming from (form hidden inputs, what you can/can't put in the SQL statement, anything like that)?

View 0 Replies View Related

Redirect Or Block POST Request With .htaccess

Apr 22, 2009

if there is anyway to block/redirect the POST request to another page using .htaccess ?

The reason is my site is getting hammer with DDOS attack where they target my index page with request like below: ....

View 5 Replies View Related

Who Like To Post Your Websites Hosted With Faskvps Or Sarora

Mar 30, 2009

Who will post your websites here hosted with faskvps or sarora?

I saw so many reviews about them, but seldom see the websites with these two hosting companies.

View 6 Replies View Related

This Is 2 Months Update For My Old Post About Serverboost.com And Its Good

Dec 30, 2008

This is a 2 months update for serverboost.com hosting and i must say i was wrong when i said they are a gold hosting, because they are more than a gold hosting. I am sorry serverboost because i said that, they are your only friends in the time of need. When everything goes wrong in your website this the adress you need to remember and this only. So i thought to myself wait this is not gold. this is more than that. This is friendship and it worth more than gold. I feel like i am home , its your new family and this is worth mre than gold pireod. Experience 10/10 Bandwith 10/10 Availbility 10/10 Support 10/10 They use a datacenter in Netherlands on We-Dare network.

and remember if you think there prices is a little high just contact them in the chat and i am sure you will never go out.
my website is [url]

View 1 Replies View Related

Post Install @Base Packages On CentOS 5

Oct 3, 2007

Wondering if anyone know how to install all the packages for the @Base category in the CentOS 5 install from yum. I did not check this during install and can't figure out an easy way to see and install all the packages in the @Base category.

Also tried some searching and can't seem to find a way to install package groups from yum.

View 1 Replies View Related

Apache Logs - Viewing POST Data

Mar 20, 2007

I suspect that somebody is trying to do SQL injections on one of my websites. Is the POST information that is send using forms logged anywhere so I can read it in the same way I can read the GET requests in Apache logs?

View 6 Replies View Related

Plesk 11.x / Linux :: Cannot Send Big Files With POST

Dec 12, 2013

I have a problem with file upload. I changed php.ini files in /etc/php5/cgi and user and php.ini to work with big files. I changed accordingly max_filesize, post_max_size, memory_limit.Also changed suhosin memory_limit and some other stuffs. I cant get files bigger than ~100MB to be sent through forms with post! Below is ok.Is there any method to do this with plesk 11.5?? I saw docs on this particular topics with plesk 10 on internet but nothing for plesk 11.

View 8 Replies View Related

What Is A Fast Host That You Users Can Post Adult Content?

May 8, 2008

looking for a a quality webhost where users can post adult content. Know any?

View 6 Replies View Related

Open Port 3000 On Server For Canada Post

Feb 19, 2008

How can I open port 3000 on my linux server.

I need it for Canada Post live shipping quotes.

View 1 Replies View Related

Submitting POST Info Triggers A Request To Download The Page

Jan 17, 2007

Not sure if this is the appropriate forum to post this question in. If so, please move to the correct forum.

Anytime some creates a new thread or sends a new pm, it will ask them to download the .php page after submitting the POST. I am wondering if anyone else has had this problem and what can I do to resolve it?

View 2 Replies View Related

From Remote Server To Remote Ftp

May 3, 2007

how to transfer file(s) from remote server to remote ftp using ssh(on remote server)?

View 3 Replies View Related

How Do I Secure Remote Access To Remote Access Products

Mar 24, 2007

I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.

View 6 Replies View Related

Remote KVM

Aug 10, 2009

I am looking for options to use for remote KVM. I have great local KVM that are multi user that are paid for. I need to get something that works well with them for remote access. I have tried the Belkin remote boxes and the scree quality was bad and was not happy with it.

View 9 Replies View Related

Remote KVM

Aug 21, 2009

Why is the price on Remote over KVM vary so much on colocation from data center to data center?

I mean some places that I've contacted its $5 per month while other places its $150 to $250 per month. Or $10 per hour.

Is there a benefit to both parties using this?

View 10 Replies View Related

What Remote KVM Do You Use

Jan 23, 2007

what remote KVM or over IP KVM does everyone use.

which one will suit my needs.

I like the Avocent KVM's but they are pricey.

Please offer some feedback on what you use.

View 14 Replies View Related

Remote Cron

Mar 30, 2009

I've just noticed that many people may have a free remote cron facility without realising it.

If you have any domains registered with Godaddy, you get free web space that includes a cron facility. It only runs every half hour, but you could set six jobs at 5 min intervals to get an effective 5-minute poll, which is good enough for many purposes. You could use it to check uptime on another site, for example. Has anyone tried this?

View 11 Replies View Related

Remote Mount VPS

May 9, 2009

What options or tools are available to mount your VPS from a Windows XP desktop?

View 7 Replies View Related

Remote Desktop VPS

Oct 23, 2009

I want to ask is there any way i can remote desktop to my VPS which has Centos 5 installed onto it with Cpanel, etc.

I need to do a few tasks which i cannot do via SSH.

View 10 Replies View Related

Who Here Uses Remote Logging

Jul 20, 2008

Who here uses remote logging?

If yes state what you are using after voting on the poll.

View 6 Replies View Related

Remote View

Apr 3, 2008

how can I view the desktop of my server remotely through ssh.

View 3 Replies View Related

Remote / Off Host SQL

Aug 10, 2008

I've seen this mentioned before, that you can run SQL on a separate server and lot of people do it for SQL heavy applications.

Only thing I wonder, how well does it work bandwidth wise? Is there a noticeable slowdown in query speed? What about bandwidth cost, does it use a lot, enough to run over a typical dedicated server monthly limit?

Also what about security, are queries/username/password sent out in clear text?

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved