I'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.
So what should I do to best secure the server?
So far now I did:
- Apache: Installed mod_security and mod_evasive.
- PHP: Set register_globals=OFF Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close Set safemode=ON Set open_basedir to user's directory on virtualhost
Is that would be a secure environment for my users?
When cpanel has apache 2.2 available. I am planning on switching my servers over to it and to SuPHP from mod_php. There are hundreds of accounts on my different servers and I am worried about the transition. I know cpanel has a permission conversion script, but I dont completely trust it. The biggest issue to me though, is all the users that have php_values and flags in their htaccess files that would then be needed converted to php.ini's. Has anyone created a conversion script for doing this in an automated fashion?
I might not even convert my full servers to this and just do with the partial ones (less than 25%), but I really think it would benefit the customers and myself with the nice added layer of protection of suphp.
i want to know what is the difference between dedicated server and shared server. I was relaly confused in these services. Couls any one please let me know in detail about these servers?. I will be choosing one of these service.
I am developing a phpfox site and in order to use the video capabilities I need a host with ffmpeg installed.
My current host were a bit misleading and let me think I could pay them a small sum to install ffmpeg on a shared server and that would see to it. Turns out I would need to get a dedicated server, which was quite a shock when I saw the price of that.
I would like to know if shared servers with ffmpeg are worthwhile, or is a dedicated server generally regarded as the only way to go?
If success can be achieved with shared hosting, are there any hosting companies that would be recommended. Apthost is a name that seems to crop up quite regularly, but I don't know how to tell a good host from a bad host, so I'm asking you all!
P.S. My bandwidth needs shouldn't be more than 100gb/month at the start, but that is only a rough beginner's guess.
I would like to inform you about the planned migration of your shared hosting account to a new hosting environment. This concerns the domain xx***********. The migration will start on: 29-10-2009 during business hours.
Due to a problem with the restoration of the backup on the newermachine, we did not succeed in the transfer of your domain. So for now it will stay on the 'older' webshared enviroment. Are you OK with us to give it another run tomorrow? Please indicate a No in case this is inconvinient to you, if there is noanswer we assume that there is not a problem and we will work on thetransder again tomorrow.
Dear Customer, The transfer of your webpackage to one of our new shared hosting servershas been completed.
Now my Oscommerce site is down: Parse error: syntax error, unexpected ';' in /vhosts/xxx***********/httpdocs/catalog/index.php on line 314
I checked line 314 of index.php does not have ';' My site admin side is working.
Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
I have been with Page-Zone for a couple years now. Just the past year I have had little problems with them.
-For instance once I was trying to update my website and their server went down. I thought it was something on my end so I started trouble shooting it for an hour and then it came back up.
-Another time the users on my website were without e-mail for a week, because they changed IP address.
-And finally the e-mail accounts couldn't receive any e-mails from Comcast, MSN, or Hotmail accounts. So I ended up setting up a Google Aps account for us to use for e-mail.
Granted they are very cheap but I have been having many problems with little support. Also today I just noticed that in the whois it lists Network Solutions as the technical contact. Are these things that I should be looking for a new host for?
I am working on creating a social networking website. It will have approximately 2500 members with about 1/2 using video. I spoke to 2 different programmers through rent-a-coder. One told me to get a dedicated server through GoDaddy that runs me about $120/mo. The other programmer told me that there was no way that I would need that much and I could get a shared hosting package for $10-$20/mo and that would work fine. He said that a dedicated server wouldnt be necessary unless I was getting a ton of hits to my site or needed to host multiple sites. I inquired about it with GoDaddy and when I mentioned I was doing a social networking site, they said I would need the dedicated server. I am hiring someone to build the site since it is beyond what I am capable of, so I am clueless on who is correct.
One of my clients sites has just been hacked and im pretty sure its through the hosting and not the scripting, although the host us not being very helpfull.
What I want to do is see what other sites are on the shared account to see if any of them are having problems. As a coincidence the server has 'gone down' not long after being hacked which makes me think the host has pulled it.
I remember years ago (at least I hope I didnt dream it) that a website told me all the other sites on my server, probably by using some kind of reverse lookup on the IP, servers are not my strong point so I dont know.
I have a small reseller account but all the domains are managed by myself. Security has not been a problem because the sites are simple, but now I have a need to deliver and recieve private files. I know how to keep the website itself secure writing my own sessions, using explicit variables, storing sensitive data outside of the web directories and that sort of stuff but it is my 'neighbors' that bother me. If one of them gets hacked or I get a bad neighbor sharing the server I do not want them to have access to my files and passwords.
A few years ago I wrote a browsing script that I found out had the ability to escape my own area and roam freely around every area on the server with unlimited access to every file. When I complained about it, the server admin said that I had nothing to worry about. When I pressed the issue I was told that nobody could invade my files because it was against the rules to go into other people's account. It turned out most server administrators left things open to eliminate scripting problems for their users and there was really no way to lock down a server without breaking a lot of scripts. At the time I moved to a more secure server but they eventually opened things up because of too many complaints and help requests.
Have things changed? Have they worked out the issues with shared servers? Is there a way to tell if my host has implemented proper safeguards (if any viable ones exist)?
This concerns a fairly successful ecommerce website. It is coded in classic asp and has a MS SQL database.
The site sees average of 1500 visitors a day using about 50 GB of bandwidth a month.
The host wants to move the site to a two box dedicated (1 web - 1 database server).
This is an expensive proposition and the client is balking. I am not an expert in these matters but it seems like overkill to me. It seems like most sites don't have problems with the database and web server on 1 box.
VPS or Dedicated Server?? Or stick with shared hosting?
I currently use a shared hosting reseller account with HostGator for $24.95 which gives me 24 GB disk space and 250 GB RAM and allows me to host unlimited domains. It has cPanel, WHM and it is managed. I've used them for two years and they are awesome! Currently, I have about 20 very small domains hosted under my hosting account: all are very small and require no bandwidth or disk space whatsoever. EXCEPT, I have two or three domains which are solely used for e-commerce which is why I am considering upgrading to a VPS or dedicated-server.Background on the business:Users visit the site (300 visitors a day) and use the shopping cart to place an order for the software which ranges from $50-$300. An account is created for them in which they can login to download the software packages which range from 10 MB to 100 MB file size. They then install it on their computer and activate it with the license key number. Upon activation, the installed software connects with our backend of our website to update their account with their computers fingerprint. Each time the software is executed, their computer connects with our licensing server to verify legitimate usage. Our backend has access to their billing information and licensing; therefore, security is a must.We have about 4,000 users. Recently, with the business growing, I am not sure if I should be looking for a VPS or dedicated-server solution. With HostGator I'm paying $300 a year (and everything is running seamlessly). Or, I can switch to VPS for $500/yr and dedicated server for $2000/year. My budget is open, though I don't want to get anything that is overkill for the logistics of my business. What I current use and need:*Space: Up to 10 GB *Bandwidth: Up to 100 GB*Reliable, 99.9%+ uptime and MANAGED server*Daily backups*Good support (i.e. installing SSL certs, firewall)*Secure*cPanel*Allow me to host other my other non-business websites (1 big forum with 500 visitors/day and 19 very small parked sites) *IONCube support*I will have to get SSL for a few of my sites. And for that, IÃ¢Â€Â™ll need dedicated IP addresses. I would prefer if there is a VPS or dedicated server solution which has a package for multiple dedicated IP addressesQuestions:1) For my business, would you recommend VPS or dedicated-server or do you think I am fine with what the shared hosting reseller account with HG I have already? If a VPS or dedicated server is justified, which provider do you recommend that suits my needs?2) Will I truly see a notable and significant improvement by upgrading from my current state to a VPS or dedicated server?3) Will I need a firewall to ensure security for the 4,000 clients? How can I optimize the security of my clients?4) Privacy is a very important concern (not that I'm doing anything illegal). I use GoDaddy to do a private whois so it does not reveal my name or address. If I switch to VPS or dedicated server, should I be concerned that people can use the IP address of the website to identify me? What approaches can I take to protect my privacy?5) What do you think of slicehost.com? I was recommended to use this. I thought maybe the 256 slice plan would be appropriate for me, but I don't know what linux distribution to use: Ubuntu, CentOs, Fedora, Gentoo, Debian, etc. Heck, I don't even know the differences and I don't plan on playing around with anything on the server.I really appreciate your help in this matter. I am a totally newbie when it comes to this hosting stuff.
Hi, is anyone know the advantage of VPS hosting vs shared hosting? I found a cheap VPS plan at in2net.com. I can get 15G space, 200G bandwidth and 256 RAM for $9.95 a month. My site starts getting a lot of users, it might be an issue with shared hosting. My site also hosts a forum, and currently has 1000 unique visitors and 8000 pageviews daily. Sometime the forum has 30-50 concurrent members.
So, I'm just wondering in my case, wihch one would you choose, VPS or shared hosting? since they are the same price. I don't know how to manage servers, but my friend has a unmanaged server at theplanet, and he hasn't managed the server at all since he had it. So, if a VPS host comes with all the scripts installed, in this case, it doesn't require any management, am I right? oh, one more quesiton, is the plesk control panel works like whm panel? where each client has his own control panel?
I have a reseller shared hosting plan that allows for 50 sub-accounts and I'm using about 20. I am looking at getting a VPS with between 256 - 394 mb RAM and am wondering if I were to move all of my accounts to the new VPS would I be ending up with less RAM to use for all of my sites.
To put this another way how do most reseller plans manage RAM usage? Do each of my sub-accounts have access to say 64 mb RAM so that if I were to use all 50 sub accounts I would have access to 50*64 mb.
From what I've experienced and read with shared hosting my thought is I could end up with less access to server resources, CPU and RAM, with a VPS plan - though with VPS the resources are more guaranteed rather than being dependent on the usage of other accounts on the server.
The reason I am looking at a VPS account is that I have a site that will likely have 1000s of users with a server intensive script (Moodle) and I know it would violate the reseller account agreement. So maybe my plan should be to keep the reseller account and use it for my database driven sites and use the VPS for the server intensive site and my html based sites.
Also, my VPS choice seems to be narrowed down to Liquidweb, JaguarPC and Zone - has anybody heard of any negative experiences with Liquidweb? I can't find any.
I am running an account on a shared server (pair.com) and need to recompile PHP to add the IMAP module. Is there anyone that can point me in the right direction. Is there a way to easily keep the current settings and just add this module?
I've trawled the sitepoint forums but haven't found anything relating to this subject. I'm hoping someone out there has found themselves in a similar situation.
As a brief summary, I work as a full time web designer for a company but also run my own web design business in my spare time. Within the next year I plan to go freelance which will hopefully leave with some spare time to learn dynamic web design as well as offer clients domain registration and hosting services.
As a web designer, my knowledge of hosting is not that great, but I intend to learn. Currently, I work with a guy who sorts all this out for me. He has a shared server and pays a certain amount per month and charges me £XX a year per client to setup domains and hosting.
I was wondering how much technical skill I need to set this up myself. With so many hosting packages out there, it's hard to know where to start. Should I buy a dedicated server and host my clients at home or go with the safer option and pay monthly for shared hosting?