Submitting POST Info Triggers A Request To Download The Page
Jan 17, 2007
Not sure if this is the appropriate forum to post this question in. If so, please move to the correct forum.
Anytime some creates a new thread or sends a new pm, it will ask them to download the .php page after submitting the POST. I am wondering if anyone else has had this problem and what can I do to resolve it?
I've checked the average page download time that the Googlebot reports in Google Webmaster Tools and, from what I've seen elsewhere, I think the number is good -- less than 200 milliseconds. However, my pages are compressed and small (>1.5K). This gives me a download time of ~7500 bytes/sec for the Googlebot.
what kind of page download speeds do others get with Googlebot? What's typical/good/bad?
I need a MySQL user that has the privileges to add routines and triggers. The default users that are created by Plesk do not have these rights. How would I be able to add these rights to a specific user, or all users, that doesn't care.
I already logged in over SSH as a root user:
Code: mysql -uadmin -p`cat /etc/psa/.psa.shadow`
Then I tried to update the rights of the users:
Code: mysql >UPDATE db SET Create_view_priv = 'Y', Show_view_priv = 'Y', Create_routine_priv = 'Y', Alter_routine_priv = 'Y'; mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
This didn't work. So I wanted to add super privileges by doing this:
Code: mysql> GRANT SUPER ON *.* TO 'user'@'%' IDENTIFIED BY 'mypassword'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
I am running on a VPS system, and I have some auction software and I run Vbulletin as well..
When someone trys to do a Private MEssage via Vbulletin using anything with the @ in it.. Like an e-mail address. And hit submit, it says " /private.php access is denied.
But it also does it when I post news in the auction site. Which leads me to believe their is something screwed up with one of the server settings.. But I dont know what?
Well i started off with them in december. here is my review
- Waited a week after payment for service. ticket replys "will be up tonight" or "working on it now" now came a week later.
- then when it did come online cpanel/whm licence was invalid, resulting in 4 more days of "will be fixed today" replys to my tickets
- finaly server up and whm working, fantastico licenc invalid, here foes another 5 days
- same time as fantastico: whmcs licence invalid guess how long? (had to threaten to cancel to get it)
Dispite all this when i finally got online they promised a free month for the issues, server ran great for about a week and i was happy at this point.
then ran into several small issues, ftp shutting down, site downtime, not being able to edit files and folders, nothing major just little things, but lots of them.
cron issues, RV took a week to get installed. wrong amount of ips that to this day was never corrected.
support tickets started to disapear, and respond times grew massivly, bandwidth exceeded pages sprung up daily and randomly on all mycustomers pages, and mail to this day has never worked properly.
then i get invoiced in the middle of jan for another 3 months. not only did i not have my time i paid for but didnt get the free month for the issues, at this point they try to upsell me to pay the full year at discounted price and my issues still are not fixed.
At this point im through with this, i havent spent 3+ years building the customers i have to loose 3 in 1 week due to there serice. After seeing other simmilar posts here and how they reject refunds, I was promised in both msn chat and there own ticket system they DO offer a money back guarantee and have 7 screen shots of different convos with it being guaranteed. PayPal will not interfere as its a service therefor if i do not recieve 2 of the 3 month i have paied fore i am doing a credit care charge back.
Jeff has lied far too often. We have even checked into his "Llc" which he is most definetly not. and this is illegal.
Jeff when you read this no BS responces not "we dont refund" this is not a choice for you, it is an understanding on my part that you keep one of the three months payment or i will do a 100% credit card chargeback which will result in your paypal deducting it and charging you $15 for the process. refund 2 months, and i want it this week, not next month. Dont bother deleting my tickets and email/msn convos i have everything screenshoted. your a crook, and a fraud. I cant believed that in between all this the 1 or so week it did somewhat work i actually posted positive reviews and supported/defended your business.
how can i forbid POST to be sent from outside website and allow it to be sent from the website of origin like if you are on domain.com POST command must be allowed only if you are sending it from taht domain/referer?
In httpd-status i see that some IPs hardly sending POST command to index.php but can i somehow find out what exactly they are trying to post and into which form on that page ?
We were able to get the score up to 62/70. Will need the server management company's advice and help to try and get rid of more of the red warnings.
What is your score and which red warnings do you have left? Post them please.
Score: 62/70.
Will ask server management company about these red warnings: A1. /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options A2. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality A3. You should modify /usr/local/lib/php.ini and set: enable_dl = off This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in php.ini A4. On most servers anacron isn't needed and should be stopped: service anacron stop chkconfig anacron off chkconfig --del anacron
Probably going to leave these red warnings for now: B1. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read this article and this article B2. You should modify /usr/local/lib/php.ini and disable commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list B3. To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable phpsuexec when you build apache/php. Note that there are sideeffects when enabling phpsuexec on a server and you should be aware of these before enabling it B4. You have package updating disabled, this can pose a security risk as OS vendor and cPanel security updates may not be applied in a timely manner WHM > Update Config >cPanel Package Updates > Automatic
I have a problem with my server. I am trying to make a subdomain, and it isn't working. I create it like how in all tutorials says here( click here ) . I completed all fields, but when i try to open the subdomain in a browser page, it's telling me, page not found / page doesn't exist. I have a dedicated server on window server 2008 for my website with a dedicated IP.
It's been close to a month since we've migrated away from our former provider to Gigenet, and after monitoring the activity and health of our new servers, I felt it was time to write a review.
This isn't about bashing our old partners, the data center and our former managed hosting provider. I'm leaving names out of this, and I'll appreciate it if the couple people on WHT who know our old providers keep that info to themselves, because this is not about them; it's about Gigenet.
Support Tickets/support is about as good a place as any to start. Our old setup had all management running through our managed hosting provider, and tickets were either closed unanswered, or we might wait days to get a response, which was too often less than helpful.
Our setup now includes standard management through Gigenet, and we've contracted Rack911 to handle management of some very specialized services and security requirements we wouldn't expect Gigenet or any other data center-based management team anywhere to handle. That's another (very positive) review for another day.
During the course of migrating (five servers during three weekends), we opened perhaps 10 tickets regarding server config, IPs, provisioning certain services, etc., and the longest we had to wait for any ticket to get answered was 9 minutes. In all but one case, the first response resolved the ticket - the remaining ticket did require more back-and-forth communication, which is to be expected. Even better, instead of hearing about everything that can't be done (something we'd come to expect from our previous provider), they focused on what could be done, and they did it. Things were handled properly and professionally every time.
Best of all, I can actually call my admins or chat with them, sort out issues in minutes instead of days or months.
Hardware Performance Despite how much happier we are with the response we're getting from our admins, this benefit pales in comparison to the performance increase we've seen since we moved.
We have a single client who accounts for three of the five servers we're hosting right now. Again, I'm leaving names out, because this is not their endorsement of Gigenet - it's our endorsement. The performance boost we've seen since moving has been nothing less than astonishing.
Of those three servers, let's consider the old Web server config: - Xeon Quad Core, one of the mid-2008 E series - 6GB RAM - Public 100MBPS connection - SATAII 250GB HD
And now the new Web server: - Core i7 920 - 8GB RAM - Public 100MBPS connection - 10k Raptor 147GB x2, RAID1
So, it's a step up. Is it a significant step up? I'll leave that to hardware geeks to debate. But I don't think anyone can argue that the increase in hardware does not match the increase in performance when you look at these numbers:
Old Web Server Typical Load: 2 - 5 High Traffic Load: Always 15+, often 40+, sometimes reaching 200+ and requiring a restart Typical Idle: 85% High Traffic Idle: 0%, and it could stay buried for 15-30 minutes at a time!
New Web Server: Typical Load: .1 - .3 High Traffic Load: .5 - 1 (I've only seen it go above 1 twice) Typical Idle: 95-100% High Traffic Idle: 80-90%
We have even more revealing numbers from when we did some post-migration stress testing. I won't get into details here (I might be doing a more thorough write-up about this in the future), but the general conclusion was that the new server could handle 6x the traffic of the old server and still serve pages faster than the old server did even with all traffic already routed off that server.
I attribute this to three things (caveat: I'm not a hardware expert, and this is my best guess).
1) The hardware is a step up, and that will account for some performance boost.
2) Rack911 optimized this server from day one.
3) The components/build are simply higher quality.
If you happen to know the client who uses these three servers, again, please keep this info to yourself, but try surfing their site now, and you tell me whether it's faster, like maybe 3-4x faster! They've been getting quite a few people complimenting them on their site's performance over the last few weeks. I'd like to take credit for that, but I can't.
----------
So there you have it - another satisfied customer of Gigenet (and Rack911). I hope over time my experience with them continues to be the same quality it is now. We're paying a bit more than we were before (for both hosting and administration), but we're getting so much more for our money!
I have been a WiredTree customer for about one year and I am very happy with their services. One of the top VPS providers available on the world, WiredTree runs its servers in its own datacenter and it is the real peace in mind company. On January 15th 2008 I've started a VPS 512 in WiredTree using a a WHT promo offer and encountered not only one problem with billing, hardware, software, support!! I'm running 16 monster websites of my selected customers on this VPS under cPanel optimized for VPS release 4-R32603 - WHM 11.24.2 - X 3.9. OS: CENTOS 4.7 i686 on Virtuozzo. I've recently rebooted my VPS by command line (SSH) due a new app install exigence and this task was performed in few seconds without only one problem with cPanel!! The VPS 512 has this spec:
WiredTree Fully Managed VPS512 with Cpanel * Intel Dual Xeon Clovertown (8 CPU Cores) * 512MB Guaranteed SLM RAM * 2048MB Burstable RAM * 500GB Bandwidth (100Mbps Uplink) * 50GB RAID-10 Disk Space * Fully Managed - 24x7 Toll-free Phone + Helpdesk Support * 24x7 Proactive Monitoring and Service Restoration * ServerShield Server Hardening * 4 Dedicated IPs * cPanel / WHM * Virtuozzo Power Panel Nightly Off-Server RAID Backups included
A great point in this VPS 512 is the number os disk inodes allowed for its 50GB disk space: 10,485,760 (in generally default VZPP disk inodes for 50GB are only 600,000). Disk inodes number it is a very important item in VPS spec because with much disk inodes you can host much directories and subdirectories; if the inodes number is little you will fill an entire virtual HDD (your VPS) quickly if you are hosting websites with a long files tree.
I did my order using the verified corporate PayPal account of @Macarlo Networks, Inc. and in few hours I received a phone call from WiredTree and then, few minutes after this, the welcome e-mail with my login. WiredTree is not a reseller and control it's own NOC in Chicago, Illinois, a best point for all bandwidth requests from U.S. and other countries.
For evaluate the WiredTree's VPS 512 for this review I hosted there the above referred 16 websites, all setup in few minutes by cPanel version 11.15 with Fantastico De Luxe and more...Using a tarball downloaded also in few minutes from our external backup server, in Nedw York (BQBackup) I put all 16 websites data in my VPS 512, registered in my partner Dotster, Inc. the new name servers for macarloshark.com and after the propagate proccess I started all websites just fine and in high speed, including for same extra-heawy webpages we have just for evaluations on VPSs and physical dedis.
Then I started the WHT Unixbech test on January 2009 and see the output below: ....
I've been having problems with the server company. These have been based around me getting an error 500 (SQL injections from CRITICAL to EMERGENCY) in mod_security when testing out a CMS built using PHP and MySQL.
After months of reading about internet security, SSL, XSS, mod_security docs etc. etc.
I've managed to get the 'add' page working by escaping the $_POST stuff and making things in general less dynamic in order to make the SQL statements less open to attack and avoid getting the error again.
Now I'm back to the 'edit' page and I seem to have escaped everything and basically built it in exactly the same way as the add.php page, except using different SQL and a little SQL beforehand to drag out the database entry, and I'm still getting error 500.
The error logs still claim this is a $_POST payload attack, but I can't see where this could be coming from.
Does anyone know where it is likely to be coming from (form hidden inputs, what you can/can't put in the SQL statement, anything like that)?
This is a 2 months update for serverboost.com hosting and i must say i was wrong when i said they are a gold hosting, because they are more than a gold hosting. I am sorry serverboost because i said that, they are your only friends in the time of need. When everything goes wrong in your website this the adress you need to remember and this only. So i thought to myself wait this is not gold. this is more than that. This is friendship and it worth more than gold. I feel like i am home , its your new family and this is worth mre than gold pireod. Experience 10/10 Bandwith 10/10 Availbility 10/10 Support 10/10 They use a datacenter in Netherlands on We-Dare network.
and remember if you think there prices is a little high just contact them in the chat and i am sure you will never go out. my website is [url]
Wondering if anyone know how to install all the packages for the @Base category in the CentOS 5 install from yum. I did not check this during install and can't figure out an easy way to see and install all the packages in the @Base category.
Also tried some searching and can't seem to find a way to install package groups from yum.
I suspect that somebody is trying to do SQL injections on one of my websites. Is the POST information that is send using forms logged anywhere so I can read it in the same way I can read the GET requests in Apache logs?
I have a problem with file upload. I changed php.ini files in /etc/php5/cgi and user and php.ini to work with big files. I changed accordingly max_filesize, post_max_size, memory_limit.Also changed suhosin memory_limit and some other stuffs. I cant get files bigger than ~100MB to be sent through forms with post! Below is ok.Is there any method to do this with plesk 11.5?? I saw docs on this particular topics with plesk 10 on internet but nothing for plesk 11.
Right now my stats system only shows from what website traffic is coming. I have google analytics aswell, and with all its functions, it does not tell me from exactly what webpage traffic is coming, and to what webpage the traffic is coming to.
So, let say someone is sending me traffic from www.reffererxxx.com/cool_video.html to www.mysite.com/super_cool_video.html
My statistics would only show that www.reffererxxx.com is sending traffic to www.mysite.com
Is there a way(a script/service/program) to find out exactly from what webpage the traffic is coming, and to what webpage of mine the traffic is going to? (I do not have server logs / webalizer / awstats as my server cannot handle the log processing due to high server loads)
i have decide to buy hosting plan on dreamhost with a discount coupon of 24$ per year, i want to know whether this offer is valid for year or for ever.