There are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?
If you have CSF installed, under its WHM section there is a quick security 'scan' you can run - just wondering what score you have?
I know it's not an infallible test, but the scan does test for some potentially large weaknesses hence why I'm asking here (mainly out of curiosity) what sort of scores people have.
Mine is 103/112 - the rest of the points were mainly for features I didn't want enabled for particular reasons (i.e. one of the recommendations is to force all cPanel visits to be through SSL, a feature which some clients don't want) plus sometimes it says I've got features enabled which are disabled, etc.
I just started using FileZilla Client, as a way of allowing business clients to upload to an ftp account at my website (the ftp account is a subdirectory of my public_html directory, and has its own username and password).
I noticed that, along with other information for each file listed at that subdirectory, FileZilla also posts info on "owner" and "group". It turns out that, for each of these fields, FileZilla displays the username of my entire site -- not the username specifically associated with the particular ftp account to which FileZilla had connected. Thankfully, it doesn't also display the password that goes along with it!
I'm wondering if anyone would know:
- does this constitute a significant security risk? - is this because of actions on the part of my web host, or because of FileZilla's programming? (ie, would the same thing occur in all ftp clients?) - if this is a significant security risk, would there be any workaround?
I just recompiled PHP 5 with MySqli in cPanel and Mysqli is working fine under Apache, but it doesn't work under lighttpd. I can see the MySqli module in phpinfo when I run it under Apache, but there's no MySqli module when I run it under lighttpd. So how can I fix it to use MySqli with lighttpd?
I'm using Apache2, MySQL5, and PHP5 with CentOS4.6, cPanel 11.
When recompile Apache2 and PHP5 from WHM, there are no options for mbstring, so now my PHP5 doesn't has mbstring.
I tried to install mbstring as below, but I got this message:
root@mybox [~]# yum install php-mbstring Setting up Install Process Setting up repositories update 100% |=========================| 951 B 00:00 base 100% |=========================| 1.1 kB 00:00 addons 100% |=========================| 951 B 00:00 extras 100% |=========================| 1.1 kB 00:00 Reading repository metadata in from local files Excluding Packages in global exclude list Finished Parsing package install arguments No Match for argument: php-mbstring Nothing to do
I also tried:
up2date -i php-mbstring
Are there other ways to install mbstring for PHP5?
Unlimited addon domain. Unlimited Mysql databases. No setup fees. About 600Mb webspase About 2000-3000 trafic Cheap as posible If posible (but not necesary) multiple IP's. Payment from PayPal but if it's necesarry then it's Moneybookers ok to. Prefer monthly payments.
At present I run SSH on a different port then normal to protect root. This has worked for two years, but with discovering that cPanel finally support SFTP without shell access needed, I want to finally turn off FTP and require SFTP. The problem is the port I am using. Since it's a random port I have been secured against root attacks (well nothing has shown up). I am with LiquidWeb which is fully managed. So I guess they take care of allot of prevention.
This is what I am thinking of doing. move SSH back to port 22 (I only host a few friends sites and want to be hosting 20 accounts by end of year to cover my costs). Then disabled root password and require SSH keys. Would this be strong as secure as running SSH on a high #port or am I fooling myself.
I could also add in for good measure restricting root SSH/SFTP (yes I prefer SFTP for file management as I am legally blind and using Transmit+BBEdit is allot easier for me for editing files). The problem with restricting to certain IP's, is that Shaw charges $30/month more for a static IP and I also am at my moms 25% of the time (and she is also with Shaw). I think the XXXX.vs.shawcable.net is static but I am not 100% sure.
I really do want to kill FTP so that only port 80 is the only non SSL port open.
configure: error: Cannot find MySQL header files under /usr/local/webserver/mysql. Note that the MySQL client library is not bundled anymore!
Because mysql installed on another physical server. so how may I fix the problem? can I configure php without "---with-mysql" and "--with-mysqli" parameters? I need my php could access remote mysql server.