How To Prevent Users Change Php_value By .htaccess
Sep 20, 2007I dont want my customers to change php_value by using .htaccess, but still want to enable mod_rewrite for them. How to config?
View 2 Replies
ADVERTISEMENT
Plesk 11.x / Linux :: Prevent Panel Users To Change Their Password
Sep 25, 2014I am looking for a way to prevent panel users i created to change their passwords.
When i try to edit user roles, i can check/uncheck capabilities, but nothing on user password change.
I've tried to search information on this but both Google and this forum are flooded by "users password change" regarding "Horde", which i don't use.
Prevent Users To Run Phpproxy On Server.
Dec 31, 2007is there any way to prevent users to run phpproxy or any proxy script on server (server is Linux / whm )?
View 2 Replies View RelatedPrevent .htaccess Override Of Upload_max_filesize Only
Jul 20, 2008I'm having issues with users setting their upload_max_filesize, and post_max_size values in .htaccess in excess of 500M 1000M
As a result their users are uploading and converting some huge files and pegging my cpu's.
Is there a way to allow .htaccess override for all values except upload_max_filesize & post_max_size
or perhaps there is another solution out there to limit .htaccess by user?
Pervent Users To Something In .htaccess
Apr 27, 2009I dont like users can run following code him .htaccess. How can do it?
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
Options +FollowSymLinks
Options +FollowSymLinks
Redirect All Users Except Me With Htaccess
Mar 13, 2008I'm going to be doing some upgrades on my site and I want to redirect all users to a different page while I do the upgrades but I need to allow my self too have access.
I have done this before with a htaccess rule, but I can't remember what it was and can't seem to find it anywhere.
How To Monitor .htaccess Change
Mar 2, 2009We have a website that uses php include. It is specified in .htaccess to parse all html file to parse for php so php include can be executed.
We don't know the exact cause but our Addhandler line in .htaccess gets keep commented by someone or something and include file (footer) does not show up from time to time. I was told cpanel update inserts the comment but I am not sure.
My question is:
1. How can I prevent this from happening?
2. If it gets modified, how can I get notification?
Allowing Users To Change Their Passwrods Themselves
Dec 7, 2008I am providing consultancy for a SOHO type of organization - 6-10 employees. The budget is not much for hosting. So we can't go high end. The current hosting company, in a way addresses more than 60% of the needs. However 1 important need is for users to be able to change their password for their email account. The current host says that DirectAdmin and CPanel fall short on this and nothing can be done. Any suggestions for hosts that address this need?
This is what the current package looks like:
* Directadmin control panel
* Apache web server
* Exim smtp server
* PHP5 scripting language
* PHPMyAdmin database control
* Unlimited subdomains
* SSI server side includes
* Centos linux OS
* Great uptime
* Squirrelmail web mail
* MySQL 5 database server
* PERL private CGI-BIN
* Unlimited domain pointers
* Webalizer statistics
* 1,000 megabytes of space
* 5,000 megabytes of transfer
* Unlimited POP3 and FTP
* Unlimited mySQL databases
* Unlimited sub domains
Change Databases Password Wihout Effecting Users
Mar 22, 2008my server has just compromised and someone can retrieve all databases on server with my root sql password.
i changed the root sql password to avoid attacking again and want to ask a question...do i have to change all user's databases password too?
many users have wordpress, forum and other php scripts with config file contains current database password.If i change their pass their sites will stop working.
How to do this without bothering users?
Invalid Command 'php_value'
Mar 24, 2008.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration
Domain causing 500 error
Server is cpanel/centos on php 4.4.8 with mod suphp, apache 2.2
.htaccess file shows
php_value allow_url_fopen 0
[PHP Modules]
bcmath
calendar
ctype
curl
domxml
eAccelerator
exif
ftp
gd
imap
ionCube Loader
mbstring
mcrypt
mhash
mysql
openssl
overload
pcre
pdf
pgsql
posix
pspell
session
sockets
standard
tokenizer
xml
xmlrpc
Zend Optimizer
zlib
[Zend Modules]
Zend Extension Manager
Zend Optimizer
the ionCube PHP Loader
Internal Server Error - Invalid Command Php_value
Jul 17, 2009I just went to log on to my site and noticed that I have an "Internal Server Error". I checked the cpanel error log and found:
/home/foo/public_html/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration,
Last night, one of my admins updated php to use suPHP...I guess it broke this.
Plesk 11.x / Windows :: Panel Don't Show Users Database In Tab Users
Sep 6, 2013The upgrade has an error when manage the users database.
PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM
PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
EXPECTED RESULT
Show users in the tab users for database.
Preventing Users From Connecting To Other Users Database
Mar 25, 2009On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
Plesk 12.x / Linux :: Change Plan Via WHMCS Causes Dedicated IP To Change To Shared
Feb 21, 2015I have a client on a dedicated IP, today we needed to downgrade the web hosting plan. As the web hosting plan puts users on a default shared IP, this plan change also changed the dedicated IP to the shared one causing some propagation issues for a small period of time.
I have contacted WHMCS about this asking if they had a way of changing the clients plan but keeping the IP address intact as this could lead to some very undesirable outcomes. They explained that it is not their fault and to contact Parallels.
I know I can change the plan directly in Plesk however by initiating the plan change via WHMCS, everything is automated.
Change Host, Change Domain And Getting Search Engines Up To Speed
Feb 5, 2008Has anyone helped clients transition from one domain to another? Maybe dissolving a partnership or renaming their company... so a new domain name has been registered and a new website created.
2 Issues:
#1 Using .htaccess 301 redirect
We used the following command line in their old website's htaccess file
Redirect 301 / [url]
The goal was to get people try to visit any page of their old website (i.e. OldWebsite.com/contact.html) redirected to their new website (i.e. NewWebsite.com/contact.html). Isn't that supposed to change the address bar's URL, too? For some reason, I visit their old site and I seem to be redirected to their new website but the address bar still has their old domain name? Something is going on???
#2 Having their new company name for 2 years now. People can enter her new company name in Google, MSN or Yahoo. Her new company name appears in the search results but has the old domain name associated with it. We are trying to get rid of any reference to that old domain name? What's the easiest way to do this? So what people see in search engines is:
New Company
Short Meta Description
www.OldDomain.com
What steps did I miss in this transition?
What steps do I have to take on their old website/old web server to control it's appearance on search engines and make sure people get to the new website?
How To Prevent Rm -rf /
Jul 4, 2009Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?
Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.
Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
How To Prevent DNS Flood
May 28, 2008Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?
View 7 Replies View RelatedPrevent Phishing
Jun 1, 2008I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
logs:
May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
How Prevent Hackers Away
Feb 21, 2007I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
keeping your server secure from hack attempts.
Prevent Php Script Run As .gif Or .jpg
Oct 28, 2007Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?
View 14 Replies View RelatedPrevent Ddos
Sep 11, 2007from 2 days ago until now my server be ddos and i stay in my computer and block ip but it is not finish is a program to do block ip automatic?
View 2 Replies View RelatedPrevent IPs Unallocated IPs Being Used
Sep 13, 2007We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.
I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?
How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....
Prevent Mass Download
Sep 21, 2006i need any thing to prevent mass download
my server is cost a huge bandwidht monthly . because mass downloading?
Prevent From Iframe Virus
May 24, 2008I need to know so idea, how to prevent iframe virus injection into the server,also is there is any mod which help in protection for iframe virus.
View 14 Replies View RelatedHow To Prevent Nobody To Move In Server
Jun 13, 2009i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..
as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
Mod_security To Prevent Some Script
Jul 30, 2009I try to use mod_security to prevent some script in some files,
imagine I want to block all scripts includes "test" in the body
so if code of script.php is:
HTML Code:
<html>
<p>test</p>
</html>
and someone run script.php , I want block running and show 406 error
now can you tell me how can I write this rule in mod_security 2 with apache 2?
I use SecRule RESPONSE_BODY "test" but its now working ...
How To Prevent Perl From Working
Jan 12, 2008I have a cPanel/Linux server, runing apache as a webserver.
i want to know how can i prevent perl/cgi files from working on all virtual hosts on both apache2/apache1.3!
What Can I Do To Prevent DDoS Attack
Aug 4, 2008My site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.
The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.
I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.
Prevent User Use Custom Php.ini
Apr 26, 2008I have added some functions in php.ini for security.
But when user use their php.ini file located in their account, all functions enabled again.
How can i prevent user custom php.ini?
How To Prevent OOM (Out Of Memory) Crashes
Aug 19, 2008I have a colocated server with the following specs:
Intel Core 2 Quad Q6600 2.4Ghz
4GB RAM
400GB SATA Drive
I have a problem every few days, the server keeps hanging up and giving an "Out of Memory" message and SSH just hangs and doesn't connect. Every time i have to call out a tech to manually reboot it.
Is there a setting i can change to make SSH connect even when it is out of memory, or anything that can prevent it happening?