Dreamhost accounts have PHP register_globals turned on by default. I tried to override that and have register_globals turned off by putting this line
register_globals = Off
in a php.ini file placed at the web root. But phpinfo() still shows register_global as on. How do I turn off register_globals in Dreamhost?
i got hosting with cPanel Control panel i have some problem with this hosting because its "register_globals" disabled , i need to enable the "register_globals" on my hosting ,
View 10 Replies View RelatedI get the following security warnining in my Joomla installation:
PHP register_globals setting is `ON` instead of `OFF`
From what I have read this is a big security risk and it is something that the host can easily turn off. Why wouldn't my host have this turned off?
I was told by live chat that I could overide with my own php.ini file, but I know nothing about php or php.ini files. I read in a forum that I would have to place this file in EACH directory of my Joomla installation where a php file exists. I don't even want to think about what a pain that is. Also, everytime I add an extension I have to repeat the process? I've also read that this may interefere with several extensions.
Isn't there an easier way to do this?
I read that the host can configure their servers so that you would only have to place the file in one directory or that you would only have to edit the .htaccess file
I just switched to Hostgator and I didn't have this problem with my old host. Should I try to find a new host that has better security?
I really don't know what I'm doing or where to begin with this. I'm probably just misunderstanding something. Can you please help me understand this?
On my server (cpanel/whm php version 5) I need phpsuxec enabled so Configure Suexec and PHP I have suxec as on and php handler as cgi.
The problem is that enabling of register_globals through .htaccess file of cpanel accounts is not working. I have tried all kinds of commands as:
php_flag register_globals on
and even tried creating a php.ini » register_globals=on
and that still does not enable register_globals on an account. I do not want to enable register_globals centrally as I am aware that is a security threat.
But if I change to dso php handler that .htaccess code enables register_globals but then phpsuexec is not working.
Is there anyway to combine these two options?
my server is centos and cpanel,
i setup it with suphp and suEXEC,
and i set the register_globals as off on server,
now,i had a website need register_globals on,
i search many articles and try to edit php.ini and .htaccess,
but all still show
FATAL ERROR: register_globals is disabled in php.ini, please enable it!
or
500 internal error
could anyone teach me how to solve the issue?
Today I have a customer want to swich the register_globals on on his account ,,, i'm running PHPSuExec and running php as cgi not as Apache module , and as you know using php as cgi will cause internal error 500 if some one add php_flag register_globals on
to .htaccess file.
what is the soluation to switch register_globals on for his account only without using the .htaccess file.
put in mind the php files that need the register_globals to be on is encrypted with zend , so we does not have access to it for modification.
have any one have the solution?
How can custom safe_mode / register_globals for an account?
Hi,
I have with CentOS 5.2 + cPanel/WHM. For security i edited suphp.conf and force all users use my main php.ini config:
[phprc_paths]
application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/
Now i wanna turn on register_globals and turn off safe mode for an account, how can i do that?
The problem appeared from register globals, in the shop oscommerce after the actualization PHP to the version 4.4.5 information appears me: FATAL ERROR: register_globals is disabled in php.ini, please enable it! and if I add: php_flag register_globals On to the file .htaccess this: one can not display page.
View 1 Replies View Relatedhow to turn off f-cgi?
Its causing big problem at my friend's site, it often leads to 500, 501 and 502 pages, earlier some one mentioned even fcgi could be reason for the error pages as it might show error page if php file takes longer time to load,
so I would like to to turn off fcgi at his site, he uses hypervm-lxadmin, I couldn't find an option when I searched, may be I have missed it, can u guide me through how to solve this issue
and I would like to know if turning off f-cgi will it cause any problem to the site, such as tech, issue to be fixed
How can I turn off open_basedir completely from within .htaccess?
I'm finding conflicting advice on how this can be done, or even if it can.
I have a pentium4 2.8 HT server.
However, HT was turned off at some point due to various reasons ( not by me).
how to turn HT back on in SSH?
I've just gotten a job at a newer webhosting company. I myself have personal pet pieves regarding webhosts. I want to know what turns you off a host the most. For me its Customer Service, Overselling and slow server/support response time.
View 9 Replies View RelatedRecently I had a "falling out" with DreamHost. I had their downtime and everything everyone else experiences, and I was ok with that. I could look past the small problems and love DreamHost for the good things it offered. The good cheap things(Shared Hosting).
I was running a small video blog(externally hosted videos) with WordPress as my street pimp. Everything was going great. It started out slow, as most sites do, but I was really happy to be seeing 1.5-5K unique hits daily. This went on for a good 2 months lovely. I was very satisfied. Well one day I became "Mr Big" and hit 12K in about 10 hours. DreamHost quickly turned my account off, as I was affecting the other sites on the server that I shared. Understandable. Well they eventually referred me to their VPS (dreamhostps.com)and I quickly signed up, thinking I had just solved all my problems.
Haha, what a lying **** she turned out to be. Promising me love and compassion, but only bringing deceit and pain. Spending an extra $25/mo(250 MB/250 MHz guaranteed) I thought I was golden.
Now I cant get 50 uniques an hour without getting a Internal Server Error. WHY DREAMHOST?! WHY MUST YOU HATE ME??
Im currently looking to get away from DH. I cant stand these problems. I need something that can withstand 15K unique hits on a mildly modified WP site serving external videos. What are my options?
I guess I should also include my budget... which isnt much at all. Im not going above $50/mo, but would love to get something around $35-45.
I spent an afternoon completely away from computers, and when I got back, I received this email from the Dreamhost Security Bot:
-----
We have noticed your myacct user causing a large amount of load on the webserver. We also noticed that domains under this user are running outdated web software that may be hackable. Often times when domains get hacked the hackers will launch malicious processes that use a great deal of CPU time and thus increase the load on the machine caused by your user. This does not necessarily mean that your sites are hacked, but they could be. To ensure that your user is not compromised and contributing to server load unnecessarily (and, also not engaging in illegal activity typically associated with these types of hacks) we ask that you review the following and act accordingly.
Comment: so far, so good
Most commonly hacking exploits of this nature occur through known vulnerabilities in outdated copies of web software (blogs, galleries, carts, wikis, forums, CMS scripts, etc.) running under your domains. To secure your sites you should:
1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you're running a vulnerable version:
[url]
Joomla (v1.5.8) : /home/myacct/disabled site.net/ (OUTDATED!)
I disabled this site six months ago.
Joomla (v1.5.12) : /home/myacct/joomla1512site.com/ (OUTDATED!)
There were three of these
WordPress (v2.8.4) : /home/myacct/wp284site.org/ (OUTDATED!)
There were six of these
- WordPress installations need to be updated to the current release of 2.8.5.
- Joomla installations need to be updated to the respective current secure release: 1.0.15 or 1.5.14.
- Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.
The (OUTDATED!) domains above have been disabled by renaming the domain directory to end in "_DISABLED_FOR_POSSIBLE_EXPLOIT__CONTACT_DREAMHOST". Please do not reinstate them until you are ready to immediately upgrade them, or until you have already upgraded them.
-----
So, nine of my sites were disabled, for a period of four hours, with NO ADVANCE WARNING from Dreamhost.
I send them a response, pointing out that:
1. I run a tripwire program, integrit, on a daily basis. It showed no evidence that any of these sites had been hacked.
2. My access logs showed no increase in activity on this date.
They wrote, "We have noticed your myacct user causing a large amount of load on the webserver." Well, I certainly would like some details on this, but I haven't received any.
Here's part of the response I got:
-----
In the case of some of the domains that were disabled your softwares were
years out-of-date.
------
no. Wordpress 2.8.4 was released August 12, 2009. Joomla 1.5.12 was released July 1, 2009. The only software that was "years" out of date was on two sites that had been disabled by me six months ago.
It's clear that these people are making things up as they go along. All they really had to do was send me a note saying, "Hey, Bob, could you update these Wordpress and Joomla sites sometime in the next few days?"
Running Apache 2.2.2 and PHP 5.2.5, and my error_logs are filling up with PHP notices. I'd like to turn this feature off, but I must be missing something here. I've edited the php.ini and set error_reporting = E_ALL & ~E_NOTICE, and reloaded apache, but I still get the same php notices over and over again in the httpd error log.
View 1 Replies View RelatedI have a website where people perform a number of tasks, saving some data to temporary session files. If the user is idle for a certain amount of time, then performs an action, his/her work will be gone.
I'd like to set the sessions to never expire, so that only a browser close would delete the temporary files.
I've tried looking around in the IIS manager, but I cannot find a way to do this.
My webhost's autoresponder does not keep track of who it has auto-responded to. Hence it will auto-respond back to the same person twice.
Some emailer might send me an email (most likely spam) and I would auto-respond. But that emailer also has a dumb auto-responder and response back to me. I would auto-respond back; it would auto-respsond back forever.
I'm afraid to turn on an "Out-of Office" auto-responder because if that happens, I would have a billizion emails in my inbox upon my return.
Is there a smart auto-responder that tracks who it has responded to and auto-repsonds to the same person only once?
Does anyone know how to turn On Register Globals in a php.ini file? I think I can only edit the file using ssh...
View 4 Replies View RelatedIs it possible to make it so that a domain can not send email?
I have a security issue on an old domain that I need to keep active but I do not want any application to have the ability to send ANY emails at all.
Which is one is better?? MidPhase.com or Dreamhost.. i need lot of bandwidth with fair price.
View 16 Replies View RelatedJust read about some deal they're having where they're selling you a domain and 2 years of unlimited bandwidth hosting for 24 dollars or so. Is this legit?
Is quality sacrificed for this kind of pricing?
I'm currently with downtownhost and they are amazing by the way but if it's that cheap, I might be forced to switch.
it says domain is already in system. it seems the previous guy was hosting it on dreamhost.
basically they said I can't host this domain, and that i have to pay extra to have it added.
anyway to circumvent this?
Does anyone know the path on Dreamhost for ASPELL, or if they have it at all?
View 2 Replies View Relatedi have decide to buy hosting plan on dreamhost with a discount coupon of 24$ per year, i want to know whether this offer is valid for year or for ever.
View 2 Replies View RelatedI've been a DreamHost customer for a few years now. I like to remain loyal to one brand, but I just can't stand DreamHost's down times (My website is down as I am writing this). I enjoy their cpanel a lot, and I was wondering if anyone can suggest me a few alternatives. I am currently on shared hosting with over 10+ domains. I read about, ANHosting, BlueHost, and HostGator. I want something fast, and I might even settle for a cheap VPS. However, I don't know how much resources do I use, so we will have to work out the details if I choose a VPS.
View 14 Replies View RelatedYour opinions about Dreamhost?
View 24 Replies View Relatedwhen you sign up for DreamHost account, the billing page says
Promo codes/referrers are for first time customers only. Therefore, if you use one you may not host a domain ever previously hosted with DreamHost on this account.)
I have already used to for $ 97 off coupon for one year, so if i sign up again with new account,
is there any chances to get caught
Let me know if someone has experience
My account which was hosted for over a year with DreamHost has been disabled on 25th November without any prior notice or reasonable explanation. They only said:
----
Your account has been disabled for Terms of Service violations.
Specifically, the clause you violated is:
Customer agrees to not engage in activities pertaining to Black Hat SEO, Spamdexing, and so-called "Scraper sites." These can all have a severely detrimental effect on server performance and are not permitted. You must find hosting elsewhere. We will not re-enable your account under any circumstances.
Terri H
----
I swear I have never engaged in such activities. I asked them to clarify the action and tell me the problem domain. But they told me nothing about that. Even if I did such things (I swear I didn't), do they have a right to prevent my access to my files and databases? How can I move to a new host without these data?
I have multiple domains on my account and 2 of them is very important to me. One of them have 9000 unique hits per day and brings a good adsense income. I cannot rebuild these websites because they are products of two years effort.
Now I'm begging them to let me access my files and mysql databases but they do not answer my tickets and emails. I lost my bearings and don't know what to do!
I was disturbed by a posting on DreamHosts blog. I try to stay current on hosting news and sometimes it involves looking at others Blogs. This example is not NOT to treat a customer
[url]
Even though the customer contacted the wrong department, this is NOT the way to handle these issues. I have personally received calls on my personal cell phone because they found it on one of the domains I own (whois I assume). I still take the call and work with the customer to resolve. I will never even think about doing this. Your Thoughts?
some largeish download file links to test my download speed with. I need some from Bluehost and Dreamhost. If you have a link for another host on the west coast feel free to post it.
View 14 Replies View Related