here at work theres a little situation with access privs. im in web and my image upload script places files on the server as www user (i understand that). however, if im working on this script and need to either delete these files or archive them then i dont have privs with my account.
how would one go about giving my account access to delete and modify files the www user has uploaded?
i m a part of development team and i can't find way to test site url while defining website on DW when it says whats your site url. what the other guys r entering are my ip and folder name like [url]is this the right way?
View 7 Replies View RelatedI am actually very inexpirience in server management. I have a small - I believe - problem. I need to get config file onto my computer from my root server. I can access it through terminal, but it is not very confortable. The config file is on root server.
the file is located at //etc/xxx.conf
Do I need to use web browser to do it? If so how?
Or is there a way that I log to my root server through ssh and transfer onto my computer?
1. If I recompile my mysql, can that potentially harm any of my database / table / data?
2. Here is a list of files. [url]. I guess, I have the same in my server. Any idea how can I access to these files?
Here is what I got -
root@usr [/]# find myisam
find: myisam: No such file or directory
When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:
<Directory /var/www/html/folder/files>
order deny,allow
allow from localhost
</Directory>
This works BUT the file also isn't viewable from within the application anymore.
I have download manager script that I use for my customers to download products right after the purchase.
Script generates download link that looks like this:
http://www.yourwebsite.com/download/...582921B&p=1840 (where 2YY6582921B is receipt number that is different with each purchase).
All products are placed in one folder. This folder can not be seen in above download url, but can be accessed thru browser and files can be downloaded that way without paying for them.
Can I use .htaccess and if yes how, to protect all product files the way that they can not be accessed directly by visiting url thru browser (in case somebody will find the correct url), they should be allowed for access only for my download manager script.
I don't really now how this can be done, but as far as I can remember when I was in shared hosting, they always complaint about memory usage.... but they always know what specific files were cosing the most load on the server.
So, I remember I have this count.php file that was constantly hited and the complaint and tell me exactly what file it was cosing the heavy load.
This is just an example, but looks like they always knew the specific files that were cosing problems, so what the hell, this can be done!
Now that I have my own server I would like to know these things as well, so I can know what files need to be optimized.
I searched and searched and searched and... OK, you'll get the point, and I just HAVE NOT find any information on this.
Can someone tell me this "secret"? What do you use to get the files that are cosing the most heavy load on a Linux server?
transfer a client's site files (over 220 MB) to my server. The client does not use cPanel or have SSH access.
FTP is horribly tedious. I have created the account on my server and have SSH enabled. I have a feeling I can use wget to download the files to the account's home directory, but I am not sure of the correct syntax to recursively download all the directories and the files.
In web application we are facing high vulnerability issue based on the session validation.
We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.
Need the solution for this issue: How will we resolve the issue using validate the session in apache side?
Scenario as below:
When user manually passing the request if user logged they should access the files
When user manually passing the request if user is not login they shouldn't access the files
Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.
EX: [URL] ....
When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.
How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.
I have some issues access my files through FTP. I created a new FTP user, that match the domain name, so it is easy for me to terminate access if i choose to delete the domain.
I can only access / see files that i uploaded with that specific FTP user. If i install a plugin inside Wordpress, i can not access those files via FTP.
If i login via SSH, with the root user, i can see all files.
I have tried to add the FTP user to the psacln group, but no luck.
In Plesk 11.5 I set log rotation to once a day and to keep 365 files. But I can only find 13 files (only one access_log) in /var/www/vhosts/mydomain/log. But Plesk tells me that 100 GB are used for the logs (the 13 files only have about 3 GB). Where are the files? In previous versions (before 11.5) I always had the files (named .1, .2 etc) in the same log directory.
View 3 Replies View RelatedI signed up for hosting with IX Web Hosting in April of 2007. There have been two occasions that they provided the perfect example of Terrible Customer Service. So much so, my last pony ride with IX Web Hosting was my last. I decided to call it quits and move my account to Host Gator.
I keep my most important sites on a dedicated server at Servint.net. If you are interested in a dedicated server or VPS, I highly recommend Servint. You will not beat the level of service and professionalism this company offers. But thatâs another post in itself.
The point is, I had some SEO tests I wanted to perform and I was looking for a hosting company that would allow me to host 10 different domains in the same account on different ip addresses. IX Web Hosting had the plan I was looking for. So in April of 2007, I signed up for a hosting account.
Overall, I was pretty satisfied with the server performance at IX Hosting. I experienced very little if any downtime from server issues. They donât offer a standard cpanel interface like most web hosts. It appears to be a proprietary / in house control panel.
It was pretty straight forward and with a little time I was up to speed.
Then on June 5, 2008, I got the following email from a System Administrator at IX Web Hosting.
---------------------------
Hello,
My name is Anthony, and I am a system administrator at IXWebhosting. Iâm here to ensure a reliable and fast hosting / e-mail environment. This is the reason why I ask you to get in touch with us.
We have received numerous complaints from third-parties about spam originating from your website. As you may know, spam is an on-going problem for all internet users, hence all companies have very strict rules against spam. I am here to ensure that neither you nor any other customer is facing any downsides which could be the result of these spam regulations.
We ask you to immediately cease and desist any such activities. If you are unaware of this activity, please contact me or any of my colleagues via this ticket, phone or live-chat so that we can find the reason for the spam activity together and fix the issue instead of the symptom. Viruses and things of that nature may be installed on your computer and will cause the spamming. We recommend that you run an anti-virus program. If you currently do not possess an anti-virus program, you may download a free version. Please just follow the link below to find Googleâs best links for free anti-virus software:
google.com/search?q=free+anti-virus+software [url]
In order to ensure your hosting and mail environment is working flawlessly, we ask you to get in touch with us within the next 72 hours. I highly appreciate your time.
Best Regards,
Anthony Washington
System Administrator
IXWebhosting
-----------------------------------
They identified the domain as bestadtracking.com. This is a domain I own but have never promoted. Not only had I not sent spam through IX Web Hosting, I averaged less than 200 sent email a month on all the domains on my account. So on June 6, 2008 I responded to IX Web Hosting with the following two messages.
-----------------------------------
Hi Anthony,
I can assure you I am not sending spam from this domain or any others. Iâm a little surprised that this domain is in question? I set it up over a year ago and havenât ever promoted it. I donât send any type of email over this domain. I have no reason to. It gets no traffic or inquiries.
Are you sure there isnât some type of mistake? Otherwise, there are a couple of php style contact forms on that site. Could a hacker use that sort of thing to send spam? How can we track this down?
Thanks,
Brent Crouch
615-389-XXXX
-----------------------------------
Here is the second email I sent on the same day.
-----------------------------------
Hi Anthony,
I am using AVG on my computer and the scan completed finding no viruses. Besides that, I am using Outlook to manage the mail on several of my domains. I donât even have a send account setup for bestadtracking.com on my computer. As I stated in the previous reply, I have no reason to since this domain is not promoted.
Can you give me the IP address of where the spam originates? Iâd like to compare that to my IP address here at home and office.
Thanks,
Brent Crouch
-----------------------------------
I had no information to track the issue any further. The lack of response from IX Web Hosting left me to believe the issue had been resolved or there had been a mistake. Then 4 days later on June 10, 2008 I got this message.
-----------------------------------
Brent
We tried to reach you today in order to resolve this issue, but unfortunately it has been well over 72 hours since this ticket was placed. We must sadly suspend your services, please do not hesitate to call us at 1-800-385-0450 any time, day or night.
Best Regards
Ian
-----------------------------------
Amazing! They give me no information to solve this problem. On top of that, they donât respond to my ticket in 4 days and because I didnât answer the phone when they called they suspended not only the domain in question but every domain listed in my account.
I called in and spoke to a tech support guy who allowed me to remove the domain in question and in return, he restored my other domains. He also left a message to have the tech support manager call me the following day.
The manager I spoke to apologized for the way the ticket was handled and the lack of information that was given. He said he would follow up with the employees that were responsible for the ticket and make sure it never happened again. He was helpful in looking at the server logs and determining how someone had loaded a spam bot onto my site.
Apology accepted. Stuff happens. I considered it water under the bridge and not a big deal. Not so muchâ¦..
After my first run in with IX Web Hosting, I wrote the whole incident off as a fluke. The manager I spoke to seemed very sincere and assured me that wasnât proper protocol and wouldnât happen again. I was trucking right along until I got this email from them on October 26, 2008.
-----------------------------------
Dear Brent Crouch,
We have received notification of phishing material in your account. Phishing files are usually placed through some type of exploit of out dated code, weak file and folder permissions. Packaged shopping carts and photo galleries are usual sources as hackers find exploits and developers fix them almost daily, so unless you constantly update the software or completely secure it things like this can happen.
You must agree to remove this content and update any software that has resulted in security holes. To protect your account from further action you must agree to our request for compliance. Please respond to this message stating your intent to do so. You may either log into your control panel with us, and access this ticket via the 24/7 help desk, or provide this ticket number to our Live Chat or phone representatives. Failure to respond to this message within 72 hours will result in the suspension of the affected domain with us until such a time as this matter is resolved.
Michael
-----------------------------------
The email gave me no indication of which domain had been hacked. When I wrote to live help and gave them the ticket number, I spent 10 minutes waiting only to be told they didnât know which of my domains had been effected. They recommended I reply to the online support ticket.
Here is the email I sent them in response on October 27, 2008.
-----------------------------------
I replied to live help and they could not find any information. So far you havenât told me which domain is a problem.
Please give me the info I need to correct this problem and Iâll take care of it.
Brent Crouch
615-389-XXXX
-----------------------------------
Eight hours later, I was able to find the problem by viewing all the files on my domains and looking for the files that had been recently changed. It turned out my brentcrouch.com domain had been hacked and setup with all sorts of eBay and bank phising pages. The site operates on a Wordpress platform which is widely used and is a big target for hackers.
[url]
I wrote back to IX Web Hosting for a second time on October 27, 2008.
-----------------------------------
I found the problem on my brentcrouch.com domain. I updated the wordpress software to the latest and cleaned up the problem. The only exception is the brentcrouch.com/forum directory. I am unable to delete this directory as the hacker has removed my access. Please delete the directory.
Thanks,
Brent Crouch
-----------------------------------
The following day, here is the email I got back from IX Web Hosting.
-----------------------------------
Brent:
Thank you for your attention to this matter. Per your request we have removed:
/brentcrouch.com/forum - deleted
We will be closing this ticket at this time. If you have any questions please feel free to contact us. We will be happy to assist.
Please note that this is the second time this problem occurred. Unfortunately, I have to bring to your attention that as per our terms of service a third instance will result in immediate account termination without notice. No backups will be provided. If you have any questions about how to avoid this from happening again our support team will be glad to advise.
Respectfully
Frankie
Support Tech Representative
-----------------------------------
When I seen that response, I was pissed! I run my own server at Servint.net. Iâve hosting accounts at several other hosting companies. Iâve never had a site hacked except from IX Web Hosting.
In 4 months, Iâve had two sites hacked. In both instances, IX Hosting was zero help in locating the source of the problem. In the first incident, they didnât even reply to my ticket for 4 days. In the latest incident, they couldnât even tell me what domain was hacked.
Then they send me an email telling me if it happens again not only will they suspend my account, theyâll deny me access to my files! Huh?
Thatâs not a risk Iâm willing to take. With the high costs of obtaining customerâs in this business, Iâm a little surprised they donât do a better job of trying to retain them. In my opinion, this policy is unacceptable and makes IX Web Hosting one of the worst hosts Iâve ever dealt with.
I just signed up for a hosting account with Host Gator and have already moved all my domains over. So far, so good.
Whatâs your experience with IX Web Hosting?
i have a Dedicated server and i installed firewall and i fixed all cpanel option and i disable shell access for all users and ......
but my users can upload shell hack files (Like:c99 ) then they can access to another website ,,,, they can`t Write ,,, they can Read files only
but there is a problem because the hacker will read the config files so my Database websites will hack soon
I'm trying to configure an custom access_log file for an custom file called "extra.php"
How I can make an log file that's log only "extra.php" ....
in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.
When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?
I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.
By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.
How can I allow only one ip or a list of ip addresses to access port 8443.I need to limit access this port to few ip addresses and not everyone
View 6 Replies View RelatedI couldn't keep my mouth shut (technically fingers). A customer wanted to upgrade servers and he needed a way to move the data across. Since I don't allow hard drives to be swapped, they have to do it manually all by themselves. I generally allow up-to 4 days for them to transfer data and make DNS changes, etc. But this time, I offered help! I agreed to move the data (darn me) and it just came out of me, involuntarily.
God knows what just happened... but in a positive way, customer is extremely happy!
So...
Both servers are on cPanel - with root access (duh)
200 odd files which total to 25 GB
1 database about 100 MB in size (no biggie)
I was planning on using one of my Windows 2003 servers (via remote desktop) to download the 25 GB and upload the 25 GB, but that sounds like a waste of resources and time.
I found a great little app called ID Shutdown Manager which bascially lets you do stuff like wake on LAN, Shutdown, Log Off etc.
The App also has a cgi script which you can call from a web server so you get a web interface to the program.
This is exactly my reason for getting the app as I just wanted to host a web page where I could login from the internet and wake on lan my media PC.
Ok so...
The app gives you all the iis or apache setup instructions and tells you to place the cgi script which is actually a .exe into the scripts folder and then enable basic authentication for it.
Done.
So if I navigate to <SERVER>/scripts/sdmancgi.exe its supposed to give me a user / pass prompt and then when login successful I see the app and can wake on lan etc.
ok I have got this to work
on the actual machine where server is running I can access it in IE7 by localhost etc.. and it works
However when I try to access from another PC in my lan by typing <SERVER>/scripts/sdmancgi.exe I get a nice little message saying the content cannot be displayed you may require to insall a program or something to display it.
If I try to access the page from firefox on same remote PC, it works!
I can also access page from outside my LAN, it works on my N95 browser.
Also I have had friends try it from firefox from the Internet and they say it works as well.
Forgot to mention I am running on port 8081 as I already have other servers running on 8080 and 80 (one is my router and the other server installed itself from setup.exe and I dont know what server its using)
I have also tried latest apache server as well as some other free one. Both have the same effect. Ok in firefox, not in IE.
One would think its a problem with the cgi file not compatible with IE7 however, I even tried to go to default page setup in IIS <SERVER>:8081 and I get the same message. So at this point the server hasnt even tried to access CGI or prompt for Basic Authentication.
I tried googling and not much luck. I read something about CSS and when I view source of failed web page from IE7 it mentions something about CSS so dont know if this is it?
I'm having trouble with a vps and the ips won't ping and can't connect via ssh.
I can via hypervm console when I run apt-get update but it doesn't download anything.
I have successfully installed dns only to my vps. the problem is when i try to add it to the cluster system on my other vps it asks for a remote access key, so i visit both ip:2087/scripts/setrhash and ip:2086/scripts/setrhash and it shows an unable to connect error in firefox.
this is both using [url]
does anyone know how i can access the remote access key?
I have windows servers that I'll be co-locating very soon. I have purchased a Dell 2161ds-2 and an APC remote boot power strip. Could someone please tell me the best way to secure remote access to these products. Do I put them on public IP's and allow them through the firewall or do I put them behind the firewall and access them after I authenticate through the firewall.
View 6 Replies View Relatedhow can i get access to the SSH
By checking if the computer name is identical to the name saved in my server
SSH by entering the name of the user after the login and password and the correct Port
I am working on one of client issue where client is facing problem accessing cgi-bin directory. I checked and found that cgi facility was not enabled in cPanel. I added that entry but it does not worked. Again, I checked httpd.conf file and added ScriptAlias entry for domain. Restarted apache, however, cgi-bin is still not accessible. Set permission on all cgi files.
View 4 Replies View Relatedi have installed apf firewall yesterday and every things is ok but to day when i want to access to server by ssh i get this error
View 7 Replies View RelatedI cannot access to [url](our Hosting provider). Can you access the website? I disabled my static IP by contacted my ISP and tryed to access it with different IPs. But I can access to other web sites. This problem occurred when I installed Boldchat operator with together Microsoft .NET Framework. Most times my modem settings broke because of this software. So I removed it from my computer. But I still cannot access to the web site. But I can access it by using anonymous surf sites such as [url] My ISP could not found a problem.
View 1 Replies View Relatedim opening a gsp, I already got my box for 2 -3 ,month i think im good with everything but the thing i need to figure and if u gusy could help me it would be great, How do i Setup like a FTP access to a server. ( Exemple: I sell a server to some1 they are gonna need ftp access to put in maps or change server name rcon or wtv. all i got the the on i use for ALL of my ips its the root and i cant give this one).
View 5 Replies View RelatedHello everyone, i would like to know if the forum has users from Europe and that they have dedicate server at Liquid Web. I have few dedicate servers at liquidweb and in past 12 months I have big problems with speed with these servers, and with speed to them. Speed download / upload sometimes does not exceed either 512 Kbps and sometimes download or upload from liquidweb server can be only 10 kB/s.
Loading of some pages can take for 1 minute. I opened a ticket for this problem, but the Support feedback told me that this is quite normal for my distance which I consider totally unacceptable. It is acceptable that the ping must be large, but low speed is simply unimaginable.
I need help with understanding the difference between Telnet and SSH. I am in the process of signing up for a hosting plan and I have asked the sales rep if we will have telnet access. Their reply was that we have full root access via SSH.
Any help that anyone can offer on the differences and benefits/drawbacks would be much appreciated.