Shared Server With Mod_php
Feb 24, 2007I decided to stick with mod_php for my shared server. What I'm looking for is any info/links on best security implementations for mod_php.
View 4 RepliesI decided to stick with mod_php for my shared server. What I'm looking for is any info/links on best security implementations for mod_php.
View 4 RepliesI'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.
So what should I do to best secure the server?
So far now I did:
- Apache:
Installed mod_security and mod_evasive.
- PHP:
Set register_globals=OFF
Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close
Set safemode=ON
Set open_basedir to user's directory on virtualhost
Is that would be a secure environment for my users?
I'm looking at optimizing our dynamic content delivery process and there are some interesting claims regarding fastcgi vs. mod_php.
What I am wondering about is assuming apache serving ONLY php content, why would fastcgi perform any better than mod_php? The memory footprint of spawned workers exists in both solutions.
Wouldn't context switches and buffering in fastcgi actually lower performance?
What could be gained by using a different web server (nginx/lighty) ? The primary bottleneck would still be physical memory (assuming <255 workers) ?
Here is the comparison between Apache and Nginx. Request processing overhead and real-world application performance measurements included.
[url]
When cpanel has apache 2.2 available. I am planning on switching my servers over to it and to SuPHP from mod_php. There are hundreds of accounts on my different servers and I am worried about the transition. I know cpanel has a permission conversion script, but I dont completely trust it. The biggest issue to me though, is all the users that have php_values and flags in their htaccess files that would then be needed converted to php.ini's. Has anyone created a conversion script for doing this in an automated fashion?
I might not even convert my full servers to this and just do with the partial ones (less than 25%), but I really think it would benefit the customers and myself with the nice added layer of protection of suphp.
i want to know what is the difference between dedicated server and shared server. I was relaly confused in these services. Couls any one please let me know in detail about these servers?. I will be choosing one of these service.
View 4 Replies View RelatedI am developing a phpfox site and in order to use the video capabilities I need a host with ffmpeg installed.
My current host were a bit misleading and let me think I could pay them a small sum to install ffmpeg on a shared server and that would see to it. Turns out I would need to get a dedicated server, which was quite a shock when I saw the price of that.
I would like to know if shared servers with ffmpeg are worthwhile, or is a dedicated server generally regarded as the only way to go?
If success can be achieved with shared hosting, are there any hosting companies that would be recommended. Apthost is a name that seems to crop up quite regularly, but I don't know how to tell a good host from a bad host, so I'm asking you all!
P.S. My bandwidth needs shouldn't be more than 100gb/month at the start, but that is only a rough beginner's guess.
I received this emails from Leaseweb
1st:
Dear Mr.
I would like to inform you about the planned migration of your shared hosting account to a new hosting environment. This concerns the domain xx***********. The migration will start on: 29-10-2009 during business hours.
2nd email:
Dear Mr.
Due to a problem with the restoration of the backup on the newermachine, we did not succeed in the transfer of your domain. So for now it will stay on the 'older' webshared enviroment. Are you OK with us to give it another run tomorrow? Please indicate a No in case this is inconvinient to you, if there is noanswer we assume that there is not a problem and we will work on thetransder again tomorrow.
3rd email:
Dear Customer,
The transfer of your webpackage to one of our new shared hosting servershas been completed.
--------------------------------------
Now my Oscommerce site is down:
Parse error: syntax error, unexpected ';' in /vhosts/xxx***********/httpdocs/catalog/index.php on line 314
I checked line 314 of index.php does not have ';'
My site admin side is working.
How much shared server load allowed is reasonable? My host currently allows up to 10% before suspension.
View 13 Replies View RelatedDoes anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
I have a dedicated server with a few websites (virtual hosting) and I would like to do some load testing on it to measure what kind of performance I would get.
(This is a dedicated server with shared account not a shared hosting account)
When I browse one site it is fast but I wonder what will happen if 10 people are browsing 8 of the sites etc.
Is there any testing tools (other than Apache Bench) I can run that will test multiple site simultaneously?
Re. Apache Bench - I could run AB on the same server, on another server in the same DC or on another server in a different DC.
Which would me more accurate? Is the network a bottleneck or would the server be the bottleneck?
Also what is a 'good' time-per-request value? I want the websites to be responsive.
What percentage of shared hosting customers use SSL and require their own IPs? I need to estimate the subnet size for a shared server.
View 5 Replies View Relatedhow to install shared ssl in cpanel server
View 2 Replies View RelatedI`m building some Xeon Nehalem servers for shared hosting with cPanel. The servers will be:
Dell PowerEdge R410
Xeon Nehalem E5502
12GB DDR3 RAM
3ware raid controller
But for shared hosting, is it worthy to have a RAID-10, or would a RAID-1 be enough?
We have some Xeon E3xxx servers running with RAID-1 hosting more than 1000 accounts, we hadn`t had any IO/load problem so far.
few inter linked question!
how many shared account do you have on your dedicated machine?
and what machine you have got?
ever faced hardware failure ? how many a month or year
what saved you or ruined you
I have been with Page-Zone for a couple years now. Just the past year I have had little problems with them.
-For instance once I was trying to update my website and their server went down. I thought it was something on my end so I started trouble shooting it for an hour and then it came back up.
-Another time the users on my website were without e-mail for a week, because they changed IP address.
-And finally the e-mail accounts couldn't receive any e-mails from Comcast, MSN, or Hotmail accounts. So I ended up setting up a Google Aps account for us to use for e-mail.
Granted they are very cheap but I have been having many problems with little support. Also today I just noticed that in the whois it lists Network Solutions as the technical contact. Are these things that I should be looking for a new host for?
I was reading this
vbulletin.com/forum/archive/index.php/t-6868.html
but that was quite some time back.
If any user has current experience of using Zeus w.r.t
- running of standard vbb, photopost etc
- zend and / or ioncube
- some php scripts need url rewrite, is it possible
- creating subdomains when the host does not provide it
I am working on creating a social networking website. It will have approximately 2500 members with about 1/2 using video. I spoke to 2 different programmers through rent-a-coder. One told me to get a dedicated server through GoDaddy that runs me about $120/mo. The other programmer told me that there was no way that I would need that much and I could get a shared hosting package for $10-$20/mo and that would work fine. He said that a dedicated server wouldnt be necessary unless I was getting a ton of hits to my site or needed to host multiple sites. I inquired about it with GoDaddy and when I mentioned I was doing a social networking site, they said I would need the dedicated server. I am hiring someone to build the site since it is beyond what I am capable of, so I am clueless on who is correct.
View 14 Replies View RelatedOne of my clients sites has just been hacked and im pretty sure its through the hosting and not the scripting, although the host us not being very helpfull.
What I want to do is see what other sites are on the shared account to see if any of them are having problems. As a coincidence the server has 'gone down' not long after being hacked which makes me think the host has pulled it.
I remember years ago (at least I hope I didnt dream it) that a website told me all the other sites on my server, probably by using some kind of reverse lookup on the IP, servers are not my strong point so I dont know.
where I can find this tool,
I have a small reseller account but all the domains are managed by myself. Security has not been a problem because the sites are simple, but now I have a need to deliver and recieve private files. I know how to keep the website itself secure writing my own sessions, using explicit variables, storing sensitive data outside of the web directories and that sort of stuff but it is my 'neighbors' that bother me. If one of them gets hacked or I get a bad neighbor sharing the server I do not want them to have access to my files and passwords.
A few years ago I wrote a browsing script that I found out had the ability to escape my own area and roam freely around every area on the server with unlimited access to every file. When I complained about it, the server admin said that I had nothing to worry about. When I pressed the issue I was told that nobody could invade my files because it was against the rules to go into other people's account. It turned out most server administrators left things open to eliminate scripting problems for their users and there was really no way to lock down a server without breaking a lot of scripts. At the time I moved to a more secure server but they eventually opened things up because of too many complaints and help requests.
Have things changed? Have they worked out the issues with shared servers? Is there a way to tell if my host has implemented proper safeguards (if any viable ones exist)?
how to secure a windows and a linux server used for shared hosting?
View 0 Replies View RelatedI'm trying to figure out if there are any security risks in enabling WebDAV on a shared server.
View 1 Replies View RelatedThis concerns a fairly successful ecommerce website. It is coded in classic asp and has a MS SQL database.
The site sees average of 1500 visitors a day using about 50 GB of bandwidth a month.
The host wants to move the site to a two box dedicated (1 web - 1 database server).
This is an expensive proposition and the client is balking. I am not an expert in these matters but it seems like overkill to me. It seems like most sites don't have problems with the database and web server on 1 box.
I just had user KILL the server using 80% CPU and 30% ram.
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Processor #1 speed: 2331.000 MHz
Processor #1 cache size: 2048 KB
Memory: 4039468k/4718592k available (2494k kernel code, 144784k reserved, 1262k data, 200k init)
with 1TB HDD
How can I restrict him or anybody else from doing this? MySQL was in the next top useage... his site runs a HUGE DB...
Have the following edits
Code:
/etc/my.cnf
[mysqld]
safe-show-database
skip-innodb
max_connections = 800
key_buffer = 96M
myisam_sort_buffer_size = 64M
join_buffer_size = 2M
read_buffer_size = 2M
sort_buffer_size = 3M
table_cache = 1800
thread_cache_size = 128
wait_timeout = 900
connect_timeout = 10
tmp_table_size = 128M
read_rnd_buffer_size = 524288
bulk_insert_buffer_size = 8M
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 2M
query_cache_size = 192M
query_cache_type = 1
query_prealloc_size = 16384
query_alloc_block_size = 16384
[mysqld_safe]
open_files_limit=8192
[mysqldump]
quick
max_allowed_packet=16M
[myisamchk]
key_buffer=64M
sort_buffer=64M
read_buffer=16M
write_buffer=16M
VPS or Dedicated Server?? Or stick with shared hosting?
I currently use a shared hosting reseller account with HostGator for $24.95 which gives me 24 GB disk space and 250 GB RAM and allows me to host unlimited domains. It has cPanel, WHM and it is managed. I've used them for two years and they are awesome! Currently, I have about 20 very small domains hosted under my hosting account: all are very small and require no bandwidth or disk space whatsoever. EXCEPT, I have two or three domains which are solely used for e-commerce which is why I am considering upgrading to a VPS or dedicated-server.Background on the business:Users visit the site (300 visitors a day) and use the shopping cart to place an order for the software which ranges from $50-$300. An account is created for them in which they can login to download the software packages which range from 10 MB to 100 MB file size. They then install it on their computer and activate it with the license key number. Upon activation, the installed software connects with our backend of our website to update their account with their computers fingerprint. Each time the software is executed, their computer connects with our licensing server to verify legitimate usage. Our backend has access to their billing information and licensing; therefore, security is a must.We have about 4,000 users. Recently, with the business growing, I am not sure if I should be looking for a VPS or dedicated-server solution. With HostGator I'm paying $300 a year (and everything is running seamlessly). Or, I can switch to VPS for $500/yr and dedicated server for $2000/year. My budget is open, though I don't want to get anything that is overkill for the logistics of my business. What I current use and need:*Space: Up to 10 GB *Bandwidth: Up to 100 GB*Reliable, 99.9%+ uptime and MANAGED server*Daily backups*Good support (i.e. installing SSL certs, firewall)*Secure*cPanel*Allow me to host other my other non-business websites (1 big forum with 500 visitors/day and 19 very small parked sites) *IONCube support*I will have to get SSL for a few of my sites. And for that, I’ll need dedicated IP addresses. I would prefer if there is a VPS or dedicated server solution which has a package for multiple dedicated IP addressesQuestions:1) For my business, would you recommend VPS or dedicated-server or do you think I am fine with what the shared hosting reseller account with HG I have already? If a VPS or dedicated server is justified, which provider do you recommend that suits my needs?2) Will I truly see a notable and significant improvement by upgrading from my current state to a VPS or dedicated server?3) Will I need a firewall to ensure security for the 4,000 clients? How can I optimize the security of my clients?4) Privacy is a very important concern (not that I'm doing anything illegal). I use GoDaddy to do a private whois so it does not reveal my name or address. If I switch to VPS or dedicated server, should I be concerned that people can use the IP address of the website to identify me? What approaches can I take to protect my privacy?5) What do you think of slicehost.com? I was recommended to use this. I thought maybe the 256 slice plan would be appropriate for me, but I don't know what linux distribution to use: Ubuntu, CentOs, Fedora, Gentoo, Debian, etc. Heck, I don't even know the differences and I don't plan on playing around with anything on the server.I really appreciate your help in this matter. I am a totally newbie when it comes to this hosting stuff.
Hi, is anyone know the advantage of VPS hosting vs shared hosting? I found a cheap VPS plan at in2net.com. I can get 15G space, 200G bandwidth and 256 RAM for $9.95 a month. My site starts getting a lot of users, it might be an issue with shared hosting. My site also hosts a forum, and currently has 1000 unique visitors and 8000 pageviews daily. Sometime the forum has 30-50 concurrent members.
So, I'm just wondering in my case, wihch one would you choose, VPS or shared hosting? since they are the same price. I don't know how to manage servers, but my friend has a unmanaged server at theplanet, and he hasn't managed the server at all since he had it. So, if a VPS host comes with all the scripts installed, in this case, it doesn't require any management, am I right?
oh, one more quesiton, is the plesk control panel works like whm panel? where each client has his own control panel?
I have a reseller shared hosting plan that allows for 50 sub-accounts and I'm using about 20. I am looking at getting a VPS with between 256 - 394 mb RAM and am wondering if I were to move all of my accounts to the new VPS would I be ending up with less RAM to use for all of my sites.
To put this another way how do most reseller plans manage RAM usage? Do each of my sub-accounts have access to say 64 mb RAM so that if I were to use all 50 sub accounts I would have access to 50*64 mb.
From what I've experienced and read with shared hosting my thought is I could end up with less access to server resources, CPU and RAM, with a VPS plan - though with VPS the resources are more guaranteed rather than being dependent on the usage of other accounts on the server.
The reason I am looking at a VPS account is that I have a site that will likely have 1000s of users with a server intensive script (Moodle) and I know it would violate the reseller account agreement. So maybe my plan should be to keep the reseller account and use it for my database driven sites and use the VPS for the server intensive site and my html based sites.
Also, my VPS choice seems to be narrowed down to Liquidweb, JaguarPC and Zone - has anybody heard of any negative experiences with Liquidweb? I can't find any.
Just wondering if mysql load balancing is possible in a shared environment.
Example:
I have 3 shared accounts. On one server, I have the write and the 2nd and 3rd server I have the read (select). Or vice versa .. Would it be possible to create a php script to perform this function?
I am running an account on a shared server (pair.com) and need to recompile PHP to add the IMAP module. Is there anyone that can point me in the right direction. Is there a way to easily keep the current settings and just add this module?
View 13 Replies View RelatedI've trawled the sitepoint forums but haven't found anything relating to this subject. I'm hoping someone out there has found themselves in a similar situation.
As a brief summary, I work as a full time web designer for a company but also run my own web design business in my spare time. Within the next year I plan to go freelance which will hopefully leave with some spare time to learn dynamic web design as well as offer clients domain registration and hosting services.
As a web designer, my knowledge of hosting is not that great, but I intend to learn. Currently, I work with a guy who sorts all this out for me. He has a shared server and pays a certain amount per month and charges me £XX a year per client to setup domains and hosting.
I was wondering how much technical skill I need to set this up myself. With so many hosting packages out there, it's hard to know where to start. Should I buy a dedicated server and host my clients at home or go with the safer option and pay monthly for shared hosting?