Secure Uploads
Jun 8, 2009
My requirements are 500MB, 5GB bandwidth, rails and postgres, $5-6 per month. It looks like there are many providers out there that are offer that.
However the only uploading method shared hosters seem to offer - or at least the only method they advertise - is FTP. Coming from a university and sysadmin background, I thought that anything that sends passwords over the wire unencrypted had died long ago (except HTML forms and legacy systems).
Are there any shared hosting services that allow a more secure upload method (e.g. scp, rsync-over-ssh, even webdav-over-ssl)?
View 4 Replies
ADVERTISEMENT
May 25, 2009
i have moved my hosting to a new provider and i was wondering what is the quickest way to upload my 500MB files to the new server? Is there anyway i can speed this up like have a dedicated uplink port to my server, or via VPN or something, cos at the moment i have an upload speed of around 10KB/s,
View 5 Replies
View Related
Jul 9, 2008
company for over a month or 2
contacting them (support tickets) is as useless as not!..
their reply is always simply: we checked and nothing at our side! (asking for a clarification simply gets u nothing!)
problem is simply ONLY with ftp uploads!
my line upstream is 256Kbps (32 KB/sec) and down 1Mbps and i was always capable of pushing up to 2.2 GB/day ((i monitor my traffic all the time))
but just recently some weird things started appearing...
before uploads would never go under 27-26 KBs on my FTP client
now it's so normal finding it dropping to 15,10,4,2, 0!
ya a whole 0!
and that's not just for a second or two
it can stay like that for maybe aminute then go up back again!
And upon watching my traffic statistics closely, i found myself pushing at the most 1.6 GB only a day!
another funny thing is that files used to appear AND PARTIALLY in the root directory instead of the desired directory!
so WHAT IS UP!
View 14 Replies
View Related
Aug 21, 2007
On my dedic the uploads arent working... I am talking about normal http upload.
In my php.ini uploads are set as On and max file is 100mb.. my tmp is 777
possible error be?
View 10 Replies
View Related
Jul 15, 2008
Ok i get 403 forbidden when i try to access /uploads/ on my server. I wish to make it public. Can i make a index.html file dispay all of the files in the directory?
View 5 Replies
View Related
Jul 31, 2008
I am about to purchase a reseller (Diamond) or maybe just a Hosting (Swamp) but I cant seem to find anywhere details on their MySQL policies.
I have a forum and the database if growing in size daily and im concerned about the database upload limit that may be applied. I have a dedicated server at the moment and im able to request that be changed via php.ini but where would I stand on this if I were to move to shared hosting?
View 3 Replies
View Related
Sep 6, 2008
We are going to host our own website. I built up a windows 2003 server. Installed IIS6. I am working on file upload to our website. I can get files to upload to c:Temp but not to c:Inetpubwwwrootourwebsiteupload.
I even set up the upload directory for full sharing with write permissions. Still no help.
I went into windows explorer and right clicked on the upload dir and shared it and set the permissions for read and write. That should take care of NTFS permissions. But no matter what I do when I click on the upload directory and go to properties is shows 'read only'. Can't seem to get that turned off. Until I do I don't believe I can upload a file to the upload directory.
I went into iis6 mgr and and set the upload directory for full access - read and write. That should take care of iis security.
I went to default website (there is only one) and allowed anon login. Even told it use the Administrator account for login with all read and write permissions.
Here is my upload code: ....
View 3 Replies
View Related
May 16, 2008
I just moved to a new, dedicated server this week. My vbulletin forum users typically upload mp3 files under 10MB. At the moment, I can't seem to get anything above 6MB to work.
In vBulletin land, they recommend changing these in php.ini:
upload_max_filesize - Largest size of a file to accept.
post_max_size - Must be larger than upload_max_filesize.
memory_limit - Should be larger than post_max_size.
max_execution_time
max_input_time
I've cranked all of those up and restarted Apache.
I'm still having the same problems. The little window with the form turns white after what appears maybe 5 minutes, but I haven't timed it.
They also mentioned changing the LimitRequestBody in Apache. I appear to be screwing that part up so I created a thread in the Apache forum specificallya about that.
[url]
So I wanted to ask if there were any other possibilities that you guys could think of that would inhibit the file size up uploads via a form.
I'm running httpd-2.2.8 and php-5.2.6. It needs to be said that this forum is config is mostly right out of the box. $_SESSION wouldn't work in php until I changed the directory for it yesterday. So there may be a very basic config setting that I missed.
---------
I decided to check my error logs.
PHP Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 9852343 bytes)
I'm confused. I have an allowed memory of 30MB (give or take). So why does a 10MB file "exhaust" it?
View 3 Replies
View Related
Aug 12, 2007
We have a server that we just changed over to PHPSUEXEC. On this server, we have a large IPB (Invision Power Board) forum that we have not been able to get uploads in the forum back working again. Users are getting the message that they don't have permission, and to contact an administrator.
I have looked on IPB's forum for PHPSUEXEC related issues, but can't find a solution. Of couse, before phpsuexec the "upload" folder had 777 file permissions, but under phpsuexec this must be 755. It isn't working though.
Anyone had experience with this with IPB and know how to fix it?
View 2 Replies
View Related
Jan 12, 2008
I've been running pure-ftpd for around 4 months now without any problems, until around 24-48 hours ago file upload has been going a bit loopy.
When you upload a file the speed bounces considerably, and at times pauses on 0kbps until it then dies and fails the upload. 9/10 uploads I have tried have failed.
[R] Opening data connection IP: 74.86.20.181 PORT: 35283
[R] LIST -al
[R] 150 Accepted data connection
[R] 226-Options: -a -l
[R] 226 6 matches total
[R] List Complete: 374 bytes in 0.64 seconds (0.6 KB/s)
Transfer queue completed
1 File failed to transfer
[R] Connection lost: chacha
We have restarted pure-ftpd a number of times, but have had no luck.
Please could you try and upload a file (at least 10mb and please nothing dodgey) to this FTP account:
address: chacha.99k.org
user: chacha@99k.org
pass: password
And output the result.
Does anyone here have experience with pure-ftpd and would possibly consider giving my system a "once over"?
View 2 Replies
View Related
Dec 24, 2007
I want to get a VPS to hold my sites and the websites i build for people.
I'm not sure about what happens if a client uploads something they shouldnt - be it porn, warez or whatever.
As a server owner, do i risk getting in trouble? Or am i simply the contact person .
I can't check every file that people might upload.
View 1 Replies
View Related
Mar 23, 2008
I'm currently a video sharing site and I'm aiming for large videos (around 500MB - 1GB), now I have to take into account an average user should only be able to do 30k-50k per sec.
So the session_timeout and upload_max need to be adjusted. Anybody with experience with large upload sites ?
View 2 Replies
View Related
Apr 7, 2007
First of all, I discoverd this forum during my quest to unravel the mysteries of how my site was hacked. I hope this is an appropriate forum to discuss the issues even though I am not a web hosting provider, but merely a customer of a web hosting company, hostrocket.com
I have an installation of WordPress 2.1 WordPress creates a couple world writable directories such as Uploads and Cache which are owned by nobody. Apparently (according to the tech support at hostrocket.com) someone was able to insert and exectue a php script in my world writable Uploads directory. Over 40MB of scripts, executables and files were uploaded. As best I can tell, my space was being used as some sort of link farm or perhaps acting as a server in my webspace. I do not have much knowledge about these things and consequently can't talk very inetlligently about them. But I am trying to grasp what little I am able to absorb about how this could have happened, what I can do to mitigate it from reocurring in the future.
Some of the stuff that was in the directory is as follows...
2421
bindz
h4ckerz
mass.pl p
trace-kmod
2421.1
brk
help.php
mybindshell
ptrace24
99.php
coredump
idf.php
netcat
pwned
CMD.php
dc.pl
index.html
online
r0nin
TMT.htm
elfdump
kmod2
online.tar.gz
raptor
TTdummyfile
gcc
krad3
prctl2
uselib24
bind.pl g
cc.1
list.txt
ptrace
The "online" directory contained over 40MB of directories such as...
abortion diethylpropion
accounting diflucan
accupril diovan
acne distance-education
actonel dospan
actos dovonex
acyclovir doxycycline
adderall drug
adipex drug-rehab
adventure-travel drug-test
adware dvd
adware-spyware e-pathto
affiliate-program effexor
air-travel elavil
aldara enalapril
alprazolam equity-loan
altace estradiol
amaryl evista
ambien fioricet
amitriptyline flexeril
amoxicillin flonase
amoxil florida-lottery
antivirus fluoxetine
atenolol fosamax
ativan free-poker
avandia free-slots
avapro free-spyware
baclofen furniture
bankruptcy gambling
bextra home-equity-loan
biaxin home-loan
bingo hosting
black-jack hotel
blackjack hydrocodone
blackjack-game images
bontril imitrex
britney-spears insurance-life
business internet-betting
buspar internet-gambling
buspirone loan
butalbital loans
buy-hardware lortab
buy-phentermine lottery
california-lottery lotto
captopril mesothelioma
car mortgages
car-insurance online-black-jack
carisoprodol online-casino
cars online-gambling
cartia online-loan
cash-loan online-pharmacy
casino online-poker
casino-games online-roulette
casino-las-vegas online-slot
celebrex payday-advances
celebrex-online phentermine
celexa poker
celexa-online poker-chips
cephalexin poker-game
cialis poker-tables
cigarette refinance
cigarettes refinance-house
cipro refinance-loan
claritin refinancing
clindamycin ringtones
clonazepam roulette
clonidine slot-machine
codeine slot-machines
consolidate-card slots
cozaar steroids
credit structured-settlement
credit-card texas-holdem
credit-card-debt texas-holdem-poker
credit-card-debt-consolidation texas-holdem-rules
creditcard texas-lottery
cyclobenzaprine tramadol
darvocet travel
dating travel-insurance
debt-consolidation ultram
debtcard valium
denavir viagra
diazepam vicodin
diclofenac video-poker
didrex wagering
diet-pills xanax
As you can see, I was had in a BIG way.
So the first thing my webhost had me do was to change ownership of the directories owned by nobody to me. Then I was able to change permissions from 777 to 755. However in so doing, I am no longer able to use the Dashboard of WordPress to upload images anymore, unless I temporarily change permissions back to 777.
The other thing the tech support guy did is to create an .htaccess file with,
php_flag engine off
I guess this basically renders php scripts impotent from running.
So without flaming me, can you help me understand how someone in a shared server environment is able to put a php script into one of my directories?
What amazed me was this particular script, "99.php" actually when viewed in a browser window titled phpshell was called "c99adult v. 1.0 pre-release build #16". It basically enabled whoever had access to the URL, to view my webspace, and do all sorts of nasty things. Talk about a wake-up call!
Obviously this enabled the hacker to view my config.php file and ascertain my database password and everything else. Whether he did, or whether there is a logfile of that info that could enable him to hack the database at some time in the future is unknown to me but it's really freaking me out.
View 8 Replies
View Related
Jul 26, 2009
how can i secure my tmp on vps?
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
it isnt work on vps and i have this error:
[root@ dev]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: could not find any device /dev/loop#
View 4 Replies
View Related
May 5, 2009
i want to secure my /tmp and do this:
so i try this link
[url]
so:
cd /dev
dd if=/dev/zero of=tmpMnt bs=1024 count=150000
/sbin/mke2fs /dev/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
but i have this error:
root@server [/]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: no permission to look at /dev/loop#
View 4 Replies
View Related
May 13, 2009
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
View 14 Replies
View Related
Aug 7, 2008
vbulletin.com/forum/showthread.php?t=281011
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
View 3 Replies
View Related
Sep 8, 2008
i'v been Installed all these In my VPS server
1)Disable Functions:
system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source
and Enable The Safe_Mode.
---------------------------------------
2)Hide_your_apache_Version
---------------------------------------
3)Install LogWatch in a Server
---------------------------------------
4)Mod-Security-Install
---------------------------------------
5)Root-Login (IP Sent).
---------------------------------------
6)Disable Login Root and Change SSH Port .
---------------------------------------
7)Installing eAccelerator .
---------------------------------------
8)Install Nobody Check
---------------------------------------
9)Updateing All of
/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp
----------------------------------------
but doesnt know yet what the better to secure my vps ..
and about Firewall two .. wich firewall better
CSF or APF+BFD ..
View 4 Replies
View Related
Mar 27, 2008
I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.
Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?
I am able to connect to both sites using WinSCP and choosing Secure FTP.
View 1 Replies
View Related
Aug 30, 2007
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
[url]
View 2 Replies
View Related
Nov 11, 2007
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc
128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer
LAMP Environment
Support within Business Hours
Control Panel
View 6 Replies
View Related
Feb 4, 2007
So I just got SVN installed on my server, and now I'm wondering about the best way to go about securing it. This is what I've had done so far
the executables were installed to /usr/bin as ROOT
Then I created a directory in /usr/local/svn as ROOT to hold the svn repositories (the conf folders, etc).
I've decided that I'd like to use the SVNSERVE tool rather than have to run Apache2 which my current VPS provider does not provide any support for.
So I've run SVNSERVE like so:
svnserve -d -r /usr/local/svn --listen-port=7126
Then for each repository within the /usr/local/svn folder I've gone into the conf folder and added:
anon-access = none
auth-access = write
password-db = passfile
realm = myrealm
The passfile is located in the same directory (ie. /usr/local/svn/test) and contains my users in the format:
[users]
harry = harryssecret
sally = sallyssecret
I then run my checkouts like so:
svn checkout svn://mysite.com:7126/test
Now my question is how secure is this. I was tempted to use svn+ssh but I couldn't seem to figure out how to get it configured. Is the protection I have adequate? How easily can this be compromised? What steps should I take to lock it down further. Can I limit the connection to SVNSERVE to only come from certain specific IP's... similar to how apache does:
Order deny,allow
deny from all
allow from 192.153.123.12
View 10 Replies
View Related
Feb 22, 2007
What would be the most secure free CMS at the moment? I ask this because im looking to setup a website, and i dont have enough money to invest in a custom coded website, so to start out with ill use a free CMS, but i dont want to be hacked.
Now i know that because the CMS's are open source, they can still be hacked, what im looking for is something that is the most secure, preferably with sql injection protection.s?
View 11 Replies
View Related
Apr 15, 2007
Secure FTP?
Entirely dependent on Client Software or do we need to buy an SSL certificate and install it on our server as well?
How it works?
View 1 Replies
View Related
Jun 25, 2007
[url]
i followed the guide, after done I reboot the server then it gives me these errors:
Quote:
mounting local filesystems: Failed
mounting other filesystems: /dev/tmpMnt: No such file or directory
View 5 Replies
View Related
Nov 3, 2009
What is best method to secure the tmp?
1. /tmp mounted as noexec,nosuid?
2. creating /usr/tmp directory?
View 1 Replies
View Related
Mar 25, 2009
i have question about securety of our DNS Server.
View 8 Replies
View Related
Jun 13, 2007
I am looking for antivirus under linux like f-secure scanning php shell files scripts but free
i am facing many problems here from these shell files ....
View 0 Replies
View Related
