Security Risk Having Mbstring And Mysqli Installed On Your Server

Mar 20, 2008

A friend of mine owns a hosting company and a client of his asked to have mbstring and mysqli installed. What he wants to know is , is there any security risks if he does install that on his server?

Also, he wants to know, if there is not, what how does he go about installing that on the server?

View 4 Replies


Security Risk To Share Phpinfo File

Mar 10, 2007

There are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?

View 4 Replies View Related

Those With CSF Installed - Server Security Check Score

May 12, 2009

If you have CSF installed, under its WHM section there is a quick security 'scan' you can run - just wondering what score you have?

I know it's not an infallible test, but the scan does test for some potentially large weaknesses hence why I'm asking here (mainly out of curiosity) what sort of scores people have.

Mine is 103/112 - the rest of the points were mainly for features I didn't want enabled for particular reasons (i.e. one of the recommendations is to force all cPanel visits to be through SSL, a feature which some clients don't want) plus sometimes it says I've got features enabled which are disabled, etc.

View 12 Replies View Related

"owner" ID In Ftp Client -- Security Risk

Mar 25, 2008

I just started using FileZilla Client, as a way of allowing business clients to upload to an ftp account at my website (the ftp account is a subdirectory of my public_html directory, and has its own username and password).

I noticed that, along with other information for each file listed at that subdirectory, FileZilla also posts info on "owner" and "group". It turns out that, for each of these fields, FileZilla displays the username of my entire site -- not the username specifically associated with the particular ftp account to which FileZilla had connected. Thankfully, it doesn't also display the password that goes along with it!

I'm wondering if anyone would know:

- does this constitute a significant security risk?
- is this because of actions on the part of my web host, or because of FileZilla's programming? (ie, would the same thing occur in all ftp clients?)
- if this is a significant security risk, would there be any workaround?

View 14 Replies View Related

Lighttpd With MySqli

Jul 25, 2008

I just recompiled PHP 5 with MySqli in cPanel and Mysqli is working fine under Apache, but it doesn't work under lighttpd. I can see the MySqli module in phpinfo when I run it under Apache, but there's no MySqli module when I run it under lighttpd. So how can I fix it to use MySqli with lighttpd?

View 1 Replies View Related

How To Enable Mbstring

Jul 5, 2009

I want to enable mbstring. I googled and found --enable-mbstring is the key to turning it on but I don't know where to put this. In the php.ini?

View 14 Replies View Related

Can't Install Mbstring

May 4, 2008

# yum install php-mbstring
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package php-mbstring.i386 0:4.3.9-3.22.9 set to be updated
--> Running transaction check
--> Processing Dependency: php = 4.3.9-3.22.9 for package: php-mbstring
--> Finished Dependency Resolution
Error: Missing Dependency: php = 4.3.9-3.22.9 is needed by package php-mbstring

i tried to install mbstring on my server and wat's goin on here?

View 0 Replies View Related

GD Library & PHP Mbstring Extension

Jun 11, 2009

I install drupal and i get this errors:

1. GD libraryNot installed
The GD library for PHP is missing or outdated. Please check the PHP image documentation for information on how to correct this.

2. Unicode libraryStandard PHP
Operations on Unicode strings are emulated on a best-effort basis. Install the PHP mbstring extension for improved Unicode support.

I have on my server:

Package gd-2.0.33-9.4.el5_1.1.x86_64 already installed and latest version
Package gd-2.0.33-9.4.el5_1.1.i386 already installed and latest version

but i don`t know why drupal say to me it`s not installed. Need to active the GD Library?

How can i fix the problem with php mbstring and GD Library?

I run the yum commands:

yum install gd
yum install php-gd
yum install php-mbstring

It`s not working! :|

The os is centos 5.3 64. I have cPanel too.

View 11 Replies View Related

How To Install Mbstring For PHP5

Jan 17, 2008

I'm using Apache2, MySQL5, and PHP5 with CentOS4.6, cPanel 11.

When recompile Apache2 and PHP5 from WHM, there are no options for mbstring, so now my PHP5 doesn't has mbstring.

I tried to install mbstring as below, but I got this message:


root@mybox [~]# yum install php-mbstring
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Excluding Packages in global exclude list
Parsing package install arguments
No Match for argument: php-mbstring
Nothing to do

I also tried:


up2date -i php-mbstring

Are there other ways to install mbstring for PHP5?

View 8 Replies View Related

Compiling PHP5 With Mysql & Mysqli Support

Jun 15, 2009

While trying to compile PHP 5 with mysql and mysqli , I was facing some issues.

Actually, the configure command generates a bad Makefile.

Open the Makefile and look for a line staring with EXTRA_LIBS

You will see that the option “-lmysqlclient” is repeated twice. Delete one of them and save the Makefile.

Now, you should be able to run the Make command and compile PHP without any issues.

View 0 Replies View Related

Host With Mysqli Suport. Unlimited Addon Domains

Apr 28, 2008

I hawe about 60 websites. I need hosting for it.

SO the criterias:

Unlimited addon domain.
Unlimited Mysql databases.
No setup fees.
About 600Mb webspase
About 2000-3000 trafic
Cheap as posible
If posible (but not necesary) multiple IP's.
Payment from PayPal but if it's necesarry then it's Moneybookers ok to.
Prefer monthly payments.

If posible than MySQLi suport will be great.

View 7 Replies View Related

Is My Domain Name At Risk

May 28, 2007

my domain name expires in July (within 90 days).

It is currently with company A who charge quite a lot to keep it there. I want to move it to company B who are my hosts and with whom I get 1 free domain name.

One added complication is that the domain is in a friends name, but I have logon and can change name to my own any time I want.

Company B said "After it is on our registrar, you will be the only one that can renew it as long as it doesn't expire for longer than 90 days."

This has me worried that because I haven't renewed it withing 90 days that it can be stolen from me. Have I misunderstood or is this a risk?

If so would I be better advised to renew it in my friends name wth company A?

View 10 Replies View Related

How Big Risk Do I Take If I Don't Update The Kernel?

May 2, 2008

I'm a Windows guy and can little or nothing about Linux. How big risk do I take if I'm using a Linux VPS and never update/patch the kernel?

I'm using CentOS 5 and LxAdmin. I can update the control panel, but I can not update/patch the kernel since I have no knowledge how I do that.

I'm using a unmanaged plan, so no help there.

Some of my sites are running Wordpress, but I'm always using the lates WP installation. I not using any other plugins that WG2, Gallery2, and remove max width.

Nobody except me have access to the VPS, and I have no other FTP accounts or something like that on the VPS.

I have no other scripts or any kind of dynamic pages on my VPS.

What kind of risk do I have here?

I'm currently having plans to cancel my second VPS that's using Win2003, and only use Linux in the future. I can cut my monthly expensive with 50% that way, but do I take a big risk doing it that way?

View 9 Replies View Related

Crypt_blowfish, Any Risk In Installing

Sep 11, 2007

A customer has requested we install a pear package called crypt_blowfish for there website which sells items.

What exactly is it? Is there any risk in installing the extension?

Ive not heard of it myself before

View 4 Replies View Related

Which OS Have You Installed On Your Server

Apr 27, 2009

which OS have you installed on your server, and why?

what features of that OS attracted you to use it.

If you have any other reason like it is the only OS supported by xyz panel, share it, if you want to.

Let's find out most popular OS among WHT users.

View 14 Replies View Related

Hosting A High Risk Site

Mar 25, 2009

What sort of redundancy that is recommended for a high risk site?

My definition of high risk is it will attract more hackers than usual, more DDOS, chances of blocked by ISP and etc.

View 4 Replies View Related

ImageMagick Installed On Server?

Sep 11, 2004

How can I know if server has ImageMagick installed?

View 14 Replies View Related

Ioncube Needs To Be Installed On The Server

Jul 16, 2008

I'm being told that Ioncube needs to be installed on the server.

View 8 Replies View Related

Moving SSH Back To Port 22 But Will Root Be At Risk

Apr 26, 2008

At present I run SSH on a different port then normal to protect root. This has worked for two years, but with discovering that cPanel finally support SFTP without shell access needed, I want to finally turn off FTP and require SFTP. The problem is the port I am using. Since it's a random port I have been secured against root attacks (well nothing has shown up). I am with LiquidWeb which is fully managed. So I guess they take care of allot of prevention.

This is what I am thinking of doing. move SSH back to port 22 (I only host a few friends sites and want to be hosting 20 accounts by end of year to cover my costs). Then disabled root password and require SSH keys. Would this be strong as secure as running SSH on a high #port or am I fooling myself.

I could also add in for good measure restricting root SSH/SFTP (yes I prefer SFTP for file management as I am legally blind and using Transmit+BBEdit is allot easier for me for editing files). The problem with restricting to certain IP's, is that Shaw charges $30/month more for a static IP and I also am at my moms 25% of the time (and she is also with Shaw). I think the is static but I am not 100% sure.

I really do want to kill FTP so that only port 80 is the only non SSL port open.

View 14 Replies View Related

DS With Windows 2003 Server Installed

Apr 21, 2009

any DS provider, well-known and providing good support who does offer DS with Windows 2003 Server installed?

View 8 Replies View Related

How To Know Php5 Installed On My Dedicated Server?

Mar 29, 2008

to know if i have php5 installed on my dedicated server. I know that php4 is working but i dont know if php5 is also installed..

View 5 Replies View Related

Killing A Server With WHMCS Installed

Feb 5, 2008

if it was possible to kill a server running WHMCS by executing the cron.php via cronjob on a remote server once every minute.

I just wanted to see if this was potentially harmful, so I can submit it to Matt without sounding like an idiot...

View 3 Replies View Related

Installing Php On Server That Does Not Have Mysql Installed

Aug 7, 2008

I have two servers, one is web server, the other one is mysql server.

I am installing php on web server that does not have mysql installed.

when I do the follows:

./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-debug --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-sendmail=/usr/sbin/sendmail

the script tells me error:

configure: error: Cannot find MySQL header files under /usr/local/webserver/mysql.
Note that the MySQL client library is not bundled anymore!

Because mysql installed on another physical server. so how may I fix the problem? can I configure php without "---with-mysql" and "--with-mysqli" parameters? I need my php could access remote mysql server.

View 3 Replies View Related

Listing Installed Software On A Server

Aug 24, 2007

What is the best way to get a list of all the software installed on a Linux server? Are there specific shell commands for this?

View 12 Replies View Related

Writing Large Files - Risk Of Damaging Filesystem

Jan 19, 2008

Does writing large files (ie, 10GB backups in one archive) cause any risk of damaging a linux filesystem?

View 1 Replies View Related

How To Find Out If SSL Certificate Is Installed On A Linux Server

Apr 20, 2009

How do I go about finding if a certificate is installed on a Linux machine?

View 1 Replies View Related

Windows Server 2003 Installed. How To Add Websites

Oct 3, 2008

I have a Windows Server 2003 package installed on a server. I own a number of websites that are being hosted some place else. How do I get my websites set-up to run on my new server?

View 2 Replies View Related

Copyrights 2005-15, All rights reserved