on my VPS if I dont set the permissions 777 of the temp and the final upload folder, move_uploaded_file just doesnt work.
So I have set it to 777. But then 777 permissions now pose a threat where some hacker can screw my system.
How can I prevent this from happeing?
My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?
View 1 Replies View RelatedMy information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I:
1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
I was just working on some concepts for image upload security features and wanted some others opinions. Would the below be worth doing to not have to deal with the 777 or even 775 phpsu issue(s)?
- What about loading the images into a db and logging the upload. Then having a cron or a daemon move the file to a location under the owner (user) and then delete the file out of the db.
Pros:
- Images would be loaded and displayed from under the user of the site making no 777 issues.
Con:
- Mass use of db could cause crashes?
- Would have to write front end to know if the file was in db or in the folder location
We have a site that almost almost almost hit 100,000 page views last month. We do a fair amount of eCommerce and also use web-based customer management software. Because of this, we require fairly high uptime - in the 99.99% range.
I've been checking out options like RAID, hot-swappable power supplies, and redundant network cards, none of which our current host has. But then I realized that next to none of the recent performance issues we'd had were related to hardware - they were all related to someone else on the shared server writing a script with an endless loop and taking down the server until someone noticed and restarted Apache.
I'm a programmer and have admittedly very little experience in actually running a server. But I would think it would be relatively easy to write a script that checks the server load every few minutes, restarts the offending service or terminates the offending process, and emails a tech to check the logs later.
It appears some elements of the ICPH webpage have keep-alive and some not.
I want to ask how to achieve all are loaded with keep-alive?
htaccess contains:
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
On my VPS I would like to set the /tmp folder to 777 and point to it with session.save_path.
The VPS will host a number of sites, but I will have sole control of them. ie. the account holders will not have access to cpanel.
If it makes any difference, the server is running phpSUexec.
What are the risks involved with this?
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I have two servers.
One server has a folder named 'vidfiles' and I want to transfer this entire folder (all 70gigs) to another server I just got.
Both servers are linux and use CPanal/whm.
What would be the command to get the files to transfer direct from server to server?
i had upload problems with Aspirationhosting since signing up yesterday.
Tried the following -
1. filezilla ftp/sftp upload a 8m zip package only to get time out from time to time
2. tried other ftp client resulting same issue
3. upload the other hosting company in the same way turns out very fast
4. isp speed test turns out 180 -230k/s
5. cpanel>web upload to AH server only gets "dead" pages or hours time consuming for a 8m pack
6. contacted the support and ticket is still open, almost all possible issues considered but failed to crack
here is the error from time to time while filezillar ftp upload unpacked site files -
Error:Directory /home2/XXXXXX/public_html/XXXXX/directory1/2/3: no such file or directory
And if sftp used for uploading package site (only 8m) the error is - time out...
I'm trying to upload a 15mb SQL file via PHPMYADMIN, and each time I try it takes ages loading and then I get the following error:
Fatal error: Maximum execution time of 300 seconds exceeded in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/import/sql.php on line 118
Im having problems uploading a 250mb sql DB thru Phpmyadmin in localhost. Can someone please help me out with this one? Is there a better way to do this. It keeps telling that the file is too large to upload thru phpmyadmin.. I have edit the php.ini file but no luck it still says the same thing.
What I basicly just want to do is to look at my old database tables that I had from my old site. I need all my members information so that I can start migrating info. Is there a software that just allows me to look at my sql DB ? I have a local copy in my hard drive.
Whenever I tried to upload large files to my server it restarts the upload again and again and never actually uploads. It just keeps overwriting the previous file. I don't get any errors? It just automatically reuploads and overwrites the files everytime.
View 2 Replies View RelatedI think I messed php config and I can't upload anything with php now
Dir is chmoded on 777 and File_Uploads = On in php.ini
I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
I am unable to upload a 33 MB video, the upload bar stops displaying at 60% and the error at apache is
[Thu May 14 17:00:07 2009] [error] [client 122.172.115.137] (104)Connection reset by peer: Error reading request entity data
how i can make an FTP account for my clients to upload files to
but when they upload a file they dont see it after. I want to just make 1 ftp user / pass to give to my clients but after uploading they dont see the file or any other files in the folder.
Maybe a way for the file to auto move to another folder after uploading?
I have uploaded my site through FTP. Everything seems to be showing except the /images files.
Images in .gif and .jpg ain't showing up. The error I get is
"The image "image URL" cannot be displaying, because it contains error"
It's weird because the image is uploaded on the ftp in images folder but for some weird reason it's not showing up.
I have a forum ( VBulletin ) in admincp Upload file is ok and high,
For example .Zip file are max 3 Meg upload, but i want upload .Zip in thread, i can not upload over 1 Mb, and i view database error!
I am having problems on my server... I can't upload files via php script because of a time out... when i upload files that take 2-3 min upload i get timeout... everything under that is normaly uploaded ...
execution time is set to 3000 .. same problem again..
file size limit set over 200MB ... (trying to upload 20-30MB) ... timeout...
etc...
i have a vps with vps4less. i have a counter strike server on it.when i am alone i have 65ping. when my friends connected i have 120.They say that i have 10mbps unnmetered.Is there any way to check my upload speed?
View 8 Replies View RelatedWhen I try to install ffmpeg, but it fail. The server cannot upload 1KB file from php.
$_FILES['xxx']['size'] return to 0
$_FILES['xxx']['tmp_name'] return to ''
Server: CentOS 5.x X86_64 Bit + Cpanel + Apache 1.3 + PHP 4.4.8...
Quote:
Originally Posted by php.ini
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
max_execution_time = 30
max_input_time = 60
memory_limit = 64M
; Maximum size of POST data that PHP will accept.
post_max_size = 8M
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
upload_max_filesize = 50M
I have no idea where to upload my cpanel backup file to now that I bought myself a vps.
It says that I have to upload it to /root but where is that lol? How can I upload it to /root, /usr, or /home (any is fine according to WHM).
Both old and new server are powered by Cpanel.
I got a dedi windows box with Plesk 7.6.1 installed.
I can't figure why is the max upload speed via ftp client is 25Kb/sec when I capable to push > 50kb/sec?
Anyone know how to fix it? Maybe in metabase.xml file?
I am not exactly sure where to post this so I figured I would try here.
I have quite a few customers I host on a dedicated server. I would like to offer them the ability to backup any kind of data they want to on the server as well.
I am looking for a simple program that i could distribute to my customers and all they have to do is:
Install the application
Type in UN/PW I provide them
Select the directories they would like automatically uploaded
Select the frequency of the automatic upload
Does anyone know of good software I can use that is that simple to use?
We have 10 VPS node on one hyperVM.
One of the VPS have problem while uploading.
When I try to upload any contents to my site it gives me 10Kbps speed so I am worry about it.
I have one reseller account on which I get more than 200Kbps upload speed.
What can I do to fix this issue?.
if any changes I need to do on openvz.
I'm using Transmit on OS X as an FTP client. I've been trying to upload a folder of images to my site for weeks now and every time I try to do so, that server seems to hang up on me or cut the transmission off and the images never get 100% uploaded. There is still plenty of space available. The images are all under 200KB. I'm using passive mode. I have this problem on this server and a few others. With some other servers, I don't have this problem at all, the images are uploaded just fine.
View 7 Replies View RelatedI have frequently read that you should upload all files to and create folders in the public html. But recently an IT manager told me this sacrifices security completely. So in respect of setting up a new site,
Folder name (at server)
public html Q1 You place the index.htm file here, correct?
public ftp Q2 What do you place in this?
w3 Q3 do you place other folders at w3.sitename here?
user created Q4 are folders for the subdomain folders created here (and not in the public html folder) - for security reasons?
Q5 For add-on domains e.g. w3.sitename/add-on/abc.htm where is
it best to place the folder for the contents e.g. abc.htm?
i'm trying to make a backup for my configuration using XMODEM protocol,i entered the command as follow :-
upload configuration xmodem <filename.txt>
it gave me error msg (tftp : DND LOOKUP FOR HOST FAIELD)
so i change the command to
upload configuration xmodem <my pc ipaddress> <filename.txt>
IT GAVE ME ANOTHERE ERROR (SYNTAX ERROR AT TOKEN FILENAME)
NEXT POSSIBLE COMPLETION
<CR> <HOUR (0-23)>
upload configuration xmodem 192.168.2.23 toman.txt 10:10
IT GAVE ME ANOTHER ERROR (Syntax error at token FILENAME.txt
Next possible completions:
<cr> <hour (0-23)>)
WHAT IS WRONG WITH THE COMMAND SYNTAX...?
