Image Upload Security Idea Good Or Bad
Mar 1, 2008
I was just working on some concepts for image upload security features and wanted some others opinions. Would the below be worth doing to not have to deal with the 777 or even 775 phpsu issue(s)?
- What about loading the images into a db and logging the upload. Then having a cron or a daemon move the file to a location under the owner (user) and then delete the file out of the db.
Pros:
- Images would be loaded and displayed from under the user of the site making no 777 issues.
Con:
- Mass use of db could cause crashes?
- Would have to write front end to know if the file was in db or in the folder location
View 4 Replies
ADVERTISEMENT
Sep 2, 2007
I am a application/systems developer looking for a VPS hosting provider that would allow me upload a customized xen image that I could use as a template for additional VPSs.
Does anyone know of a hosting provider that could do this type of thing?
View 1 Replies
View Related
Jun 15, 2008
on my VPS if I dont set the permissions 777 of the temp and the final upload folder, move_uploaded_file just doesnt work.
So I have set it to 777. But then 777 permissions now pose a threat where some hacker can screw my system.
How can I prevent this from happeing?
View 5 Replies
View Related
Jul 26, 2007
My website, a free classified ads site, is hosted by XO, the hosting company. I'm introducing a feature where advertisers can, for free, post pictures of the things that they're advertising -- that is, where advertisers can upload a JPEG or a GIF. I understand that this can open my site up to the uploading of malicious code, and that I should put safeguards in place to make sure that only JPEGs and GIFs get uploaded. However, I'm wondering if XO doesn't include some built-in safeguards that would keep malicious code from getting executed. In other words, since a profesional hosting company runs the servers -- not me -- do I need to be worried about security at all?
View 1 Replies
View Related
Feb 27, 2009
My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I:
1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
View 7 Replies
View Related
Dec 31, 2007
Anyone can give me good rules for apache 2.2.6 / Cpanel , i'm new with this, i've use Apache 1.3.x before.
View 0 Replies
View Related
Apr 1, 2009
I want to understand the Idea of DDOSING
If I have a server with a a gb /second port so no one can DDOS me ?
or if the hacker have a servers with a gb/ port he can destroy any thing ?
second question
sometimes people hjave ip tables to filter all the packets to the server these people some times go down for ddosing too WHY ? why the IP tables cant filter the packets of this type of DDOSING?
View 14 Replies
View Related
Nov 19, 2008
I don't have raid in my dedicated box as it's usually way more expensive. Instead I have two drives. I use one for OS/data and one for backups. I do nightly backups to the disk. I also do 3 weekly off site backups to my home server. So as far as backups I'm safe.
Now the issue is if the disk fails then my server is down. Do lot of people take this risk in order to save money? (often 50-100 per month)
In people's experiences, how long does it typically take for a data center to put in a new drive and load the OS?
In a 3+ disk server I'd use software raid for the data but the OS would still be alone.
Do lot of people do this?
With 10 servers, that's a lot of money saved for a small enough risk.
View 11 Replies
View Related
Jun 9, 2008
I am considering signing up for a very well-received host on this site and around the net. It is DowntownHost. They have a promotion right now where you can get 25% off for life. They have tiered plans. So you if you pay for 1, 2 or 3 years upfront, for example, you will be paying *a lot* less per month than if you paid just monthly. Add in this 25% off promotion, and you can see some big savings.
Now, for most hosts that you haven't tried, I would say no way commit your money for a year. But DowntownHost's reputation precedes them so well, this could be an exception.
Plus, they have a 90-day money back guarantee where you would get all your money back if you don't like the service.
So my thinking is that I should no whether or not I am going to stick with a host within 90 days. That is plenty of time. But, then again, your money is tied up for 1, 2 or 3 years after that 90 days, and if something goes wrong, you are up a creek without a paddle. Plus, I have heard (in general, not with DowntownHost specifically), that your support level could decrease after your trial period if you have paid for an extended plan because, well, they have your money, so what do they care.
What are people's opinion on this?
View 15 Replies
View Related
May 3, 2008
I'm interested in creating a small website exposing the biggest overselling companies, and how their overselling practices are false marketing.
Simply put, I want to benchmark each host with exact tests for accuracy. Any idea how I can fairly test each host, e.g. benchmark?
After the tests have been performed, I will explain which are the worst hosts (e.g. the first to give me the boot due to some TOS clause, e.g. cpu usage), etc.
Also, would anyone like to help out with this project? I'll be putting some nice marketing into it.
View 4 Replies
View Related
Oct 8, 2007
telling me about your offerings, or trying to convince me about out of area datacenters because of the risk of terrorism, cost, or alien invasion, I'm not seriously shopping around, just doing a bit of initial research.
With that disclaimer, what's a rough expectation of pricing for a NYC, carrier neutral datacenter for 1 cabinet with 60 amps of 110v? Preferrably somewhere that Internap is available.
View 14 Replies
View Related
Mar 24, 2007
I've got a 256mb cpanel vps and since I use enom's dns for all the domains going to the server, could I actually disable named (Berkely Name Server Daemon BIND) and get back 64mb ?
View 5 Replies
View Related
May 6, 2008
I'd like to start an ongoing thread here listing the 'Good Hosters with Good TELEPHONE tech support'. In other words, out of the 1,000s of host companies, this may cut it down to less than a dozen.
( And for all you Hosters out there who really want your company to grow, and want to know how, - it's easy: just read here.)
Good telephone support is the #1 ultimate requirement, because:
-It's a lot faster and easier for both the user and the host company, because you can state and answer all questions and clarifications on the spot, you don't need to continually pass new emails with new questions and clarifications, back and forth for days on end, until the issue is solved. It saves tech time and user's time. And saves a lot of nerves.
- It's the best way to sort the good guys from the bad. A bad company isn't going to bother to answer the phone, - or will make you wait way too long, - because they are likely getting endless complaints. The good guys are always ready to answer the phones, with a friendly voice, - because they really WANT to please the customer.
- If a company can't be bothered to pick up the phone, we can't be bothered to even consider them. They're a joke, and so won't be listed here on this thread. (So, before adding or listing any Hosters here, please verfify that they do have Good, quick, friendly, telephone support,; ideally 24/7, but 9am to 10pm might be acceptable, if it was supplemented by some emergency contact.
AND:
- Hoster ALSO needs good EMAIL support (and preferably, Chat online, extended hour availability). (I spend a lot of time overseas). It sems all emails should get a non-automated response within about an hour, - and then support should jump on fixing any problem.
I only need support a few times a year. To answer some questions, or fix a problem, or do an install. That's lesss than 1 hour total, so any company paying maybe $18/hour tech support should be able to handle this. It IS reasonable to charge a custm for extended calls, beyond say, 90minutes a year, IF you don't count the 80%? Of times an issue is the Hoster;s fault of stmg gone wrong, and don't count the 'hold' times.
ALSO IMPORTANT:
- Uptime
- site Speeds
- Monthly plans, no contract (Only a dishonest host will try to force you into a contract, where they can then ignore you.)
- Reasonable price. (? Maybe $12 to $18/month for a basic business site. We don't need massive bandwitdths, - we all know that's an overselling scam, and can't ever be delivered.)
- a good upgrade plan of bigger options. Maybe even VPS.
- Dedicated IP, and availbility of SSL
-PHP 5, mysql, phpMyAdmin, etc
- cPanel ( Some Hosts are using problematic panels, like Hsphere, which are slow to load, slow in operation, require many more clicks, have too many options, spread apart on many separate pages. Time is money, and this really slows down the ability of a small business to manage his own site in effective time. For example, one WHT user wrote somewhere: "I don't feel that HSphere's interface is nice at all, although I have worked with cPanel and DA all my life... I just found it to include un-necessary features or split features up in to different hard to find pages, such as backups - mysql backups you had to find on a completely different page than file backups, and then there were options to have it in the home directory or server-end backup, in which then you had to wait a good 10 minutes before it was ready. cPanel, just hit backup and hit download and instantly it does everything you need...".
I have used several hosters. Currently on Aplus.net and Godad, which have phone support, and mediocre service.
My LIST So Far:
- Liquidweb: a very impressive company with good, 24 hour support. But to get dedicated IP, you need to go with their $25/month plan. Yikes!
- NewIdeaHosting.com. A very small company. My call was returned, and the owner chatted with me for an hour on the phone! Plans have small bandwidth, but promises No overselling, and personalized attention. Extra $5 for dedi IP. He specializes in Small business sites, and small eCommerce sites. He has only 250 accounts, on 3 servers. He rents servers from the Equinox data center of Chicago. Seems exceptionaly honest.
- MegaHosters. Excellent phone support and WHT reviews. But company was taken over by another company, and so may well go downhill in future. Another problem: uses Hsphere.
- Steadfast. Has a good rep on WHT, and seems impressive. Tech answered the phone immediately, but they say they prefer emails. Sales phone has limited hours. Good price on $20 SSL. But, uses Hshhere.
- JodoHost 24 hour phone. But, uses Hsphere. An Indian company with office in Florida, and good rep. I like the idea of outsourcing phone support, if it makes it more available and affordable. But, the accent on the phone was very hard for me to understand, so maybe this might not work.....
- Hostgator. Yes, it's a big overseller, but seems to get good reviews/results anyway, and good phone support.
- ? ThePrimeHost ?? Mostly good WHT reviews; some dissenters. Site says 24hour phone, but when I called on several nights, no one ever answered...
- Can anyone add to this list? Please list only hosts that meet the above minimum requirements of phone support, etc. Especially useful is hosters you've tried.
TO AVOID:
- Avoid Arvixe. I had a horrid experience with them, here: [WHT forum]:/showthread.php?p=5097822#post5097822
- Avoid WebHostingBuzz. This company never returned my phone msessage inquiries.
View 13 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Mar 29, 2007
we have one box in hivelocity.net that has been down so many times this month that we were forced to remove links to siteuptime where we were once so proud of having a 99.7% uptime for 3 years in theplanet.
syslog shows that just before crashing, these entries were made:
kernel: kernel BUG at mm/rmap.c:479
kernel: invalid operand:0000 [#1]
dmesg also shows this:
...
Brought up 2 CPUs
zapping low mappings.
checking if image is initramfs... it is
Freeing initrd memory: 482k freed
NET: Registered protocol family 16
PCI: PCI BIOS revision 2.10 entry at 0xf9f20, last bus=1
PCI: Using configuration type 1
mtrr: v2.0 (20020519)
mtrr: your CPUs had inconsistent fixed MTRR settings
mtrr: probably your BIOS does not setup all CPUs.
mtrr: corrected configuration.
...
i've googled these messages and they point to ram problems.
hivelocity.net claims to have done diagnostics on the box and that there were no problems reported.
they said this is a result of a sys configuration problem made by us.
any ideas?
View 8 Replies
View Related
Jul 12, 2009
I am not sure if many of you have been getting this same spam. But I've been getting spam about sexual topics and the email is just an image with words written on it.
Sometimes the email has words too such as what is written below.
Quote:
Doees Using sexual Body Langauge to Attract Women Really Works? www. med72. com. Chicago Bulls' Masecot Sued For Baad High-Five
I was wondering if you know of a way to block those emails.
View 6 Replies
View Related
Jul 20, 2007
I installed imagemagick perl module but it is still giving off this error
Can't locate Image/Magick.pm in @INC (@INC contains: /home/user/real/mgmt/perl /usr/local/lib/perl5/5.8.8/i686-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .) at /home/user/real/mgmt/perl/real/Image.pm line 33.
BEGIN failed--compilation aborted at /home/user/real/mgmt/perl/real/Image.pm line 33.
Compilation failed in require at gallery.pl line 42.
BEGIN failed--compilation aborted at gallery.pl line 42.
Using cpanel /centos 4.5
View 6 Replies
View Related
Aug 12, 2008
I have developed website which will allow user to upload 1-2 photos and also allow to see other users photo and rate them. For this I have planned to go for VPS. I am also thinking of another alternative of using image hosting service, where I will keep all user photos on image hosting server and embed links given by image server in my webpage.
Now my question is.
1) Using image hosting is faster(respone time for each user) than VPS?
2) How exactly using image hosting works. when user request web page from my server, will my server go and fetch entire image from image server and then send final result to user brower?
View 4 Replies
View Related
Jun 8, 2007
where I can host images for my site. It will be thousands of smaller image like 5k - 30k. I am looking at free sites like imageshak. They say in their terms of service that I can host images for my site as long as I don't host all my images. So do you think that I could put like 20 thousand images on their site? These images would not get accessed too much so it won't slam their servers or anything.
View 13 Replies
View Related
Mar 25, 2007
I haven't been able to find much about this searching, but are people using NAS storage to deliver website images? I've never used NAS before and am not familiar with their performance.
View 5 Replies
View Related
Nov 22, 2007
i have problem in my server that any scripts for uploading Image or rar or zip or upload Xml from admincp for forum not upload in my server
but when i upload from ftp working and upload
View 6 Replies
View Related
Jun 19, 2008
I created a 4GB disk image for a virtual machine in Xen. (I have root on the physical box, so please don't tell me to contact my VPS provider!)
The disk was filling up, so I took the advice online and created a 6GB file with dd (zero-filled), cat'ed it to the end of my disk file, and then...
[matt@babe centos]$ sudo resize2fs -f ./cent.img
resize2fs 1.39 (29-May-2006)
resize2fs: Bad magic number in super-block while trying to open ./cent.img
Couldn't find valid filesystem superblock.
Of course, fsck won't take a disk image, only an actual partition. And I can't mount it, since I get the same error about a bad superblock.
The VM actually boots up fine, but it only sees 4GB of what's now a 10GB file.
I can use losetup to mount it on a /dev, but still get fsck errors:
[matt@babe centos]$ sudo fsck.ext3 -b 8193 /dev/loop3
e2fsck 1.39 (29-May-2006)
fsck.ext3: Bad magic number in super-block while trying to open /dev/loop3
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>
I don't know what blocksize was used, so I don't know where to look for a superblock... (I'm out of my league on fsck'ing virtual disks.)
The thing boots fine and is non-mission-critical right now, so worst-case, I can just mount it, rsync the data to the host, and then set up a new machine and rsync that in... I'd just rather not go through that hassle if I don't have to.
View 3 Replies
View Related
Jun 29, 2008
My goal is to block hotlinking of fullsize images and display a image when they attempt it... but allow clickable thumbnails to be shown. For some reason the following isn't working...
My htaccess looks like this:
RewriteEngine On
RewriteBase /images
#Allow if it's not from another website
RewriteCond %{HTTP_REFERER} ^$ [OR]
RewriteCond %{HTTP_REFERER} ^[url]
RewriteCond %{HTTP_REFERER} ^[url]
#Allow if it's the hotlink.gif
RewriteCond %{REQUEST_FILENAME} hotlink.gif [NC,OR]
#Pass through thumbnails or hightlights as-is
RewriteCond %{REQUEST_URI} .thumb.jpg$ [NC,OR]
#Return an anti-hotlink gif in place of any visual media
RewriteRule .*.(jpe?g|gif|bmp|png)$ css/images/hotlink.gif [R,L,NC]
View 4 Replies
View Related
May 7, 2008
how much space should I need for Image hosting site?
View 4 Replies
View Related
May 5, 2008
We have an image hosting project, which uses ~5Tb/mo,
Currently we are running it on Pentium D 2,8GHz CPU (Dual Core), 1Gb RAM, 2×160Gb 7200rpm IDE HDD for ~170$/mo.
We don't need much better hardware, but need some good hdds (IDE sucks) + RAID.
Stats for 20.03.08-30.03.08 (10 days) - incoming: 35 Gb, outgoing: 1.3 Tb
So it's about ~4 Tb/mo. And we want 5-6Tb for a reserve.
Keyweb doesn't allow image hosting on their servers
Best choice is OVH, but I'm not in Germany..
View 14 Replies
View Related
Jul 6, 2008
I have been trying to get it to work, but cant get it going...
how do I make centos run on xen?
View 8 Replies
View Related
Aug 23, 2008
i have a forum site which is running on a vps 45gb space and 2000gb put i would like to offer my members a means to upload images small files max 5-10mb just with in the site but i would like to use a totally new server are there any shared host that will allow this has i will use a scrpit has well on it
View 9 Replies
View Related
Jul 10, 2008
i'm planning to create an image hosting kind of site. how much bandwidth per month does it usually take?
View 6 Replies
View Related
Dec 17, 2008
i have set up a sever with certain software exactly the way i want it. However, there is some extra stuff i need to install on it.
I am running Centos 5.1 and would like to run some command possibly via ssh which would create an entire image of the server in a disk format such as ISO and then if need be, reinstall the basic operating system and restore the ISO back up if need be.
Is this possible?
If so how and how would i restore the image as well?
View 5 Replies
View Related
Dec 8, 2008
i have plan to build a image hosting. I will build a site using script like this notinportland.com . I need some advise.
I trust i will get about 7k-10k page view everyday , may be 1k-2k unique visitor, just see image on my site, not direct link.
- Of course, i will start with shared hosting. But in future, do i need to updrage vps or server ?
- Does Image hosting make server load highly, using more resource on server?
- All images is legal and have adult content, of course sometime it will have some illegal image ( will be banned and deleted )? Can HPs will allow?
View 10 Replies
View Related
