Scrambling Text For Security
Jan 2, 2007
I have a link on a site as follows: destinationsite.com/index.php?kw=test
This url is obviously going to appear in the browser window's Address bar, when the person reaches the destination page.
Is there any way to have it change the url so that the kw=test does not appear? Please bear in mind that I will not be able to change the link that the person clicks since it is with an advertising company.
View 3 Replies
Jan 10, 2009
I've been meaning to get around to this for quite some time now, and since I've got some free time I figured I'd review NearlyFreeSpeech.net
Length of time with host: 4+ years
Sites hosted: 5 (+/-)
Basically, I couldn't be happier. They're pretty much everything that shared hosting should be. They don't oversell. They don't sell your information to advertisers. And they've got several "killer features" that few (if any) other hosts offer.
Pros
Performance
Unlike some (most?) shared hosts, they don't cram a bunch of sites onto the same server. In fact, they don't even assign you a server per se. All sites are hosted on clusters, so the most active sites will be handled by several servers working in tandem. The load balancing is automatic transparent -- if your site starts getting a load of traffic, their servers will shift your site around as necessary to ensure that it remains responsive. This process isn't noticable at all; every aspect of their service feels like a traditional shared hosting setup, the sole exception being that performance doesn't suck. Wordpress and phpBB (notorious for bringing most shared hosting plans to their knees) feel snappy and responsive, even when faced with large amounts of traffic.
Reliability
They're not perfect, but they're close. I've used several other shared hosts over the years, and I can safely say that NFSN is the most reliable of all of the ones that I've used. Again, I think this has to do with their clustering setup. I've never been told "sorry, but someone on your server crashed Apache". They do get hit with DDoS attacks from time to time (as do all hosts), but it's exceptionally rare for said attacks to cause a disruption of service. When large scale attacks do occur, they handle them quickly and professionally. There have been a handful of large-scale failures over the time I've been with them, but disruptions of service are few and far between.
Language Support
Pretty damn good. I'd say they're best at hosting PHP/MySQL sites, but they're very, very good with all of their officially supported CGI languages [url] too.
They'll also install libraries, PEAR modules, etc. upon request, even if it's something that nobody other than you will ever use.
Support
Support is second-to-none. Support is conducted via their administrative control panel. Although they do have official hours, it's not unusual to have your question answered quickly even at some ungodly hour of the morning. All the support staff are top-notch, and they all *definitely* know their stuff. They don't hand-hold as much as most hosts, but if you're reasonably competent and/or not afraid to learn you won't have any trouble. They've also got a panic button feature that I quite like -- from their write-up about the feature:
After you hit the panic button, a ticket will be opened at "Panic" priority including the text of your message. The on-call admin will also be immediately paged with the text of your message. Then, one of three things will happen:
-If you hit the panic button for a legitimate, previously-unreported system or network outage that needs our immediate attention, we will change your issue to "High" priority, refund your panic message charge, and cut the cost of your next panic message in half.
-If your message does not pertain to a legitimate problem or outage that needs our immediate attention, we will change your issue to "Standard" priority, you will not receive a panic message refund, and the cost of your next panic message will be doubled.
-If your message is clearly spurious ("Haha lolz I paged u!") it will be ignored and your ability to send panic messages will be revoked. You will not receive a panic message refund.
Free speech / censorship
Hands down, they make other hosts look like jokes. I've managed several controversial sites over the last four years, and NearlyFreeSpeech.net is the ONLY host who hasn't hassled me.
The best thing I can do to promote their service is to point you to their beliefs ([url] page. Yep. No mission statements... just three simple quotes. And they really do believe in those values.
They even go as far as to say this in their FAQ:
You must obey all applicable local laws unless you get our prior express consent in writing. We do provide anonymous hosting of content that violates local government censorship laws at our sole discretion in cases outside the United States where we feel government censorship is contrary to the cause of freedom.
Quite a departure from most shared hosts. Even more (and yes, I speak from experiene when I say that they really do hold to this):
A NearlyFreeSpeech.NET member site is defaming me or otherwise injuring me civilly.
Please forward a copy of your legal finding from a court of competent jurisdiction to our contact address. If you have not yet obtained such a finding, a preliminary injunction or court order is also sufficient.
If you are not able to obtain the above, you will need to work directly with the site operator to resolve your differences. We will have to fall back on our members' contractual assertion that the content they upload is legitimate and therefore we will not be able to get involved.
This quote really sums up their stance:
A NearlyFreeSpeech.NET member site contains offensive content.
At NearlyFreeSpeech.NET we firmly believe that censorship is a dangerous and misguided approach to the problems of society. We believe that the price we pay for the huge number of fantastic sites we host are a few sites that we feel are significantly less fantastic.
We believe that the price you pay for living in what we hope is a free society is that when you encounter something offensive, you must resist the urge to censor it and instead research, investigate, and speak out passionately in opposition to it. That is the essence of free speech.
Please do not send us abuse complaints of this nature. We will discard them.
DMCA
Ah yes. Everyone's favorite. Fortunately, NFS is sane about this (far more sane than some uh... "dreamy" hosts I've used...). Again, another excerpt from their FAQ (which I can also attest is true):
We adhere to the entire law very closely. We do not generally pull the plug on an entire site if, for example, someone claims that a single graphic is infringing. We do our best to remove only the content that the copyright owner specifically identifies as allegedly infringing. We allow and encourage the use of the "putback notification" process when material is incorrectly identified as infringing. But we do not automatically terminate a member's service merely for receiving a complaint alleging infringement. (However, actually infringing someone's copyright does violate our TACOS and will generally result in immediate termination.)
Keep in mind that while we aren't lawyers, neither are we idiots. We can tell the difference between people harassing our members via the DMCA and cases where our service is genuinely being misused, and we can adjust our attitude accordingly. Fortunately, both of these cases are very rare.
Cost.
This one's a big issue for folks on shared hosting, so it's worth going over. Basically, NFSN uses a pay-per-use model. Simply put, you pay for the resources you use. This does mean that you won't be able to "game the system" and hope to get away with a high-traffic site on an oversold server for a couple bucks a month. This also means that the system won't game you, and put your high traffic site on an oversold server. Most importantly, it means that you don't pay for what you don't use. Those 1000GB for $10 plans seem like a great idea until you realize that if you only use 1GB you're getting royally screwed.
Pricing is a little unconventional, so it's worth going over in a bit of depth:
Bandwidth
Bandwidth starts at the price of $1/GB. This may seem steep if you compare them to the prices promised in the ads of various heavily-oversold shared hosts. Fortunately, it's not a flat rate. In fact, the more bandwidth you use, the lower your per-GB charge is --and the discount is permanent. They've got a bandwidth calculator [url] if you're curious about pricing.
Storage
$1/100MB, flat fee.
MySQL
$0.01/day IIRC. Their MySQL servers are top notch FreeBSD 7 boxes, and I definitely think they're worth the price.
E-mail forwarding
$0.01/day. You can obviously use your own e-mail servers instead, or use something like Google Apps -- but if you want them to do e-mail forwarding it costs $0.01/day with no usage cap. (And yes, I do mean no usage cap. Bugmenot.com uses NFS's e-mail servers for their "disposable mailbox" service, and they have a heck of a lot of inbound mail.)
Privacy
Wow. Short of bribing an off-shore host, I don't think you'll find a more private arrangement. Unless they've got a court order demanding your details, you can safely assume that they won't be divulged. Again, I speak from experience.
Also interesting to note is this excerpt from their FAQs:
At NearlyFreeSpeech.NET, we believe that with great power comes great responsibility, so we take a dim view of such behavior. For that reason, our TACOS require our members to provide complete and correct contact information, and requests for anonymous hosting are typically denied.
However, we do make one important exception. If you live outside the United States and can demonstrate that the site you wish to host would put you at significant, legitimate risk of retaliation from a government with a documented track record of reprisal against people who speak out against it, we may be able to help. Anonymous hosting is serious business; it can be one component of a coordinated plan to protect you and your family from torture and murder. It's absolutely not an option you can use to dodge lawsuits or unpopularity arising from hosted material.
I haven't (thankfully) had to depend on that level of privacy protection -- but if I did, I wouldn't hesitate to work with them.
SFTP/SSH access
Name says it all.
Scalability
To quote 'jdw', one of the founders of the service, in response to a user's questions re: scalability:
It depends. If all you need is bandwidth, it should be pretty well unlimited. There have been a couple of cases where we have asked people to move on based on CPU usage, but those involved specific situations where they had a poorly-tuned application and couldnât or wouldnât optimize it for the load they were getting. Those were also before the days of 8-core cluster nodes.
A VPS or single dedicated server would definitely not be able to serve more bandwidth. Most of them are capped to 10 or 100Mbps; our load-sharing architecture can serve a single site into multiple Gbps if the site is fast enough (i.e. static content) and you can pay for it.
When they mention CPU usage, it's worth noting that it's nothing like Dreamhost and other shared hosts. You just won't hit it unless you've got a bug or you're trying to do something like calculate pi to a billion places. The limits that are in place are solely to prevent runaway/buggy apps from screwing things up -- you won't hit them, even with heavy usage, provided your site's software is functioning correctly.
Cons:
To be honest, there aren't many. There are some though, so in the interest of completeness, here they are:
No SSL
The reasons for this are varied, and they're actively working to implement a solution. The short story is that, due to the architecture of their service, it's not quite as simple as "drop in a cert and tweak the httpd config". Essentially, since they don't assign static IPs for individual sites, they can't support SSL until all mainstream browsers support the SNI extension.
No overselling
Some people may think the lack of "unlimited bandwidth for $7.99/mo" is a con. Others think "unlimited bandwidth for $7.99/mo" is a con. Depends on your perspective and usage I guess.
No Ruby on Rails
Doesn't bother me, but it might be a deal-breaker for someone I suppose.
Not your bog-standard cPanel + Linux box setup
Some folks would say that this is a con, due to the lack of familiarity. Their control panel is different than a lot of hosts, but it's flexible, clean, and responsive, so it's fine for me.
Perks
One thing I've come to notice over 4+ years with NFS is that there are lots and lots of nice little features that aren't advertised, but that make life just a little easier.
Examples:
E-mail to POST
Their mail forwarding can be configured to POST incoming messages (complete with attachments) to a specified URL. The format of this submission is documented on the member wiki.
Member wiki
Contains member-submitted documentation of NFSN's quirks, some of its special features, and how to best get different apps working on NFSN.
Management API
I haven't played around with it, so I can't provide too many details, but NearlyFreeSpeech offers a public API to allow for the programmatic management of user memberships, sites, DNS records, etc. Pretty cool, and not something I've seen elsewhere.
Domain registration
Cheap domains, simple registration process, and (unlike GoDaddy) they don't screw around with your registration just because you said something that they didn't like.
Haskell support
If you know what this is, you know why this is sweet ;-)
Member forums
Not terribly unique, but a great resource. Pretty much everyone there is quite friendly and happy to help new users.
Free trial
You can create a trial membership. This membership comes with $0.02 (IIRC) credit, and is a great way to tinker with their platform before depositing money.
You can get a refund
Sweet. Never had to use it though, but good to know I could if I had to.
Humor
A little thing, yes -- but it's good to see a host that actually seems like it's staffed by real people rather than bash scripts and stock photos.
Member/staff interaction
This is something I haven't seen with any other hosts. The staff interact with the users on the discussion forums. When a user asks "why do you do/say X", they get a response. They have discussions on why they decided to do/say X. Members ask for Y to be available through the web control panel, and some time later a staff member bumps the thread to point out that Y has been implemented.
---
Verdict
If you need shared hosting, you'd be doing yourself a disservice by not trying NearlyFreeSpeech.net
View 14 Replies
View Related
Dec 12, 2007
I'm working on some PHP intranet tools. I'm still somewhat new to PHP, having come from an ASP background; been doing PHP for about a year now.
The tools used to be located on a Solaris box, which is running PHP 4.2. One of the tools checks text files in a particular location on the same box that are generated by another process. The text files are found and parsed by locating a particular directory and looking through the entries for filenames matching a particular pattern; they may or may not be present depending on the success of the other process. The text files and directory are not in a web-servable location (i.e. they can't be reached via HTTP or FTP).
I am now able to migrate to a new Windows 2k3 server running IIS 6. I've configured it with PHP 5.2.5 and it is successfully serving web pages. I need to migrate these tools over to the new server but they still need to reach the text files on the old server. The old server has a Samba share hooked to the directory I need and I can successfully map it as a mapped drive from the Win2k3 box.
It's my understanding (after hours of googling and testing) that mapped drives are specific to the logged-in user and not to the machine in general, so IIS can't see them (which seems to be validated by my tests). I've pulled in the mapped drive to the Samba share as a virtual directory under IIS but PHP scripts still can't see it. The share is not available under FTP or HTTP, so cURL doesn't seem to be an appropriate solution, as far as I can tell. It's also my understanding that mapped drives aren't dependably re-mapped after a server reboot until the user logs in, and of course there won't necessarily be users logging into the server to create the mapped drives after a reboot. So mapped drives seem to not be a solution either.
One person from another forum (not SitePoint) suggested running the IIS process under the domain login credentials used to get to the Samba share, and find a way to map the drive automatically after a reboot (some sort of Windows service that would call a batch file or something). I'm not comfortable using a domain login to run my IIS under (although I tried it and it didn't seem to work for a previously-mapped drive).
So my question is: is there a way from PHP to connect to a remote Samba share, provide inline credentials, and use functions like is_dir and file_get_contents on files in that share? I'm not a PHP guru yet, but I've successfully set up the server, create and use remote MySQL databases, write my own JavaScript and Ajax, and don't consider myself to be a newbie - and I simply can't find a good solution for this problem. I come from an all-Microsoft background where integrated authentication was the intranet standard and issues like this simply didn't come up.
I hope this is the appropriate forum to ask...the server forum was the second runner-up but after looking at threads there they didn't seem to address issues like this.
View 9 Replies
View Related
Sep 30, 2007
Why does the WHM panel send me my private key and passphrase for my SSL certificate to my inbox when I generate a CSR? Um... isn't that a bit insecure?
I purchased a Rapid SSL cert from NameCheap who then needed a Certificate Signature Request(CSR) which is generated from WHM.
After generating the CSR, WHM sent me an email that is literally titled 'SSL RSA PRIVATE KEY for *.<domain_removed>.com'
The email not only contains the ----- RSA PRIVATE KEY----- but also my 'challenge password' .
is this supposed to happen? and why on earth would my private key and passphrase be sent via unencrypted email? The only think I can think of is that the WHM panel feature is being used to generate the CSR and is sending me a self-signed cert private key , which I'm not going to use (i'm only going to use the CSR) Even if thats the case, I think it still shouldn't happen, its too confusing for newbies like me and I could just end up using the same passphrase for my actual certificate.
Here are the steps I followed:
1. purchased a RapidSSL from namecheap
2. Clicked 'Activate' in namecheap's SSL dashboard which then asks me for a CSR.
To get the CSR, per Site5's wiki:
1.logged into WHM
2. clicked 'Generate a SSL Certificate and Signing Request'
3. completed the 'create a new cert' form which among other things, asks me for the 'Email address the cert will be sent to'. For all the fields, see the site5 wiki
4. click Create
View 5 Replies
View Related
Jun 20, 2008
I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:
SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.
Allowing AccessIf you trust:
/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so
This message was for thwe SQL and Zend optimizer.
My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?
View 3 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Jun 17, 2015
I need to be able to access email passwords in plain text (not encrypted). I'm running with updates so as to not force encryption, which I'm told is a one-way deal. I'm going to have to go to new hardware soon, as I'm finding the hardware starting to fail.
I understand the "mail_auth_view" utility shows the passwords, and was wondering if it will decrypt them for you?
If not, how can I keep the behavior of non-encrypted email passwords so that the customer administrators still have access to them for their users? I know a new install forces encryption, which is why I can't do that. How can I preserve the non-encrypted passwords and move to new hardware? This seems to be a deal breaker for my customers.
View 3 Replies
View Related
Mar 1, 2009
if you go to www.home.ecarindo.com, you can see that it displays the text file, the Default.aspx, the ACTUAL text file,
I've added the line DirectoryIndex Default.aspx to the .htcaccess in my home directory in cPanel, btw.
Update: nevermind, my idiotic team member registered a Linux plan instead of a Windows plan, sorry for the disturbance.
View 1 Replies
View Related
Jul 1, 2008
Was browsing a few websites (as you do) and noticed something unusual on a competitor site. They had used the same text as another website I had viewed not long ago.
OUR MISSION
It may sound unbelievable but the majority of the big companies in the web hosting business usually do not invest much in the development of new technologies. Instead they rely on 3rd party solutions and software. Unlike theirs, our hosting software was created, developed and designed in-house by us. Moreover, our business approach is human-oriented in that our client support is a centre factor in the quality hosting service that we offer.
Read that before...?
I just did a google search for the first part of it (including the quotes, so it will only find sites that contain the whole string word for word)...
"It may sound unbelievable but the majority of the big companies in the web hosting business usually do not invest much in the development of new technologies."
Result?
Quote:
Results 1 - 10 of about 9,170 for ... (0.10 seconds)
Isn't it ridiculous when you have 10,000 companies using identical "About Us" text?
View 14 Replies
View Related
Aug 24, 2007
I am on a shared server account with Lunar Pages basic hosting plan.
The only script file I have up running is db Masters FormM@iler. It runs on Cpanel. I deleted whatever other scripts I could find on my server. The site is just basic html pages with jpgs and a gif.
Is there much else I really need to do to secure the server or is that more in Lunar Pages' hands?
If there is still more I can do to secure the server, and is it a small amount that's easy to do or would it be wise to just hire someone else to put in a few hours making sure everything is truly set up securely?
View 5 Replies
View Related