for the 2nd time now we've had php become corrupt or something and core dump all over user dirs filling them up with useless garbage ...
We did check the core dumps (atleast a couple) and they were just showing that php was seg faulting which a php recompile took care off (most likely a corrupt php binary)
anyway, what I'd like to know is can anyone recommend a reliable/safe way of disabling php or http from dumping core files and perhaps instead use a different method of notifying the admin of impending or current issues with either software eg. when they seg fault send an email to admin rather than dump a core in user's space
We're running cpanel servers, php4, rhel and phpsuexec is on (cgi)
I have been a 1&1 customer for many years now. I have always used the shared hosting package and for the most part have few complaints. Yesterday afternoon it would appear my hosting server went offline and as of this afternoon it is still offline. I have spoken with their tech support twice and both times they acknowledged a problem, insisted it was being worked on and told me they would email me when it was resolved. I find it truly disappointing that a company the size of 1&1 can not resolve a dead server in a reasonable amount of time.
While I do not use my web sites for any sort of ecommerce I have higher expectations than this. I have made the decision that it is time to move on. I would like some recommendations on alternatives. I would prefer to have a linux based hosting service that will allow me to manager multiple domains from a single control panel.
Additionally, I need to be able to use my own custom php.ini files and would really like to have shell access.
I've been pretty happy with 1and1 for years, until I faced their inability to solve critical failures on their side quickly.
I was always able to solve my problems on the server remotely by using their Recovery Tool and Serial Console they provide through the Admin Panel. Whatever happens, you switch to recovery mode, log in via the serial link, mount your disks and do your job. This was really cool and basically I never needed their tech. support.
Until something terrible happened to the hardware.
A month ago my server went down. It took me 3 days, many calls and many hours of waiting on hold until they figured out that one of their switches was broken. They replaced it, as they said, and all came back online again.
I somehow forgot the fact that during those 3 days when the server lost communication I couldn't log in via the serial link either. Now that turned out to be a separate problem.
Something happened on the server 5 days ago, the root partition got filled, the server gradually went to an unstable state, until 3 days ago it stopped responding completely. First thing I tried was to restart it using 1and1's Recovery Tool - that didn't work, then I tried to connect via the serial link - and that didn't work either.
This clearly looked like a hardware problem again. What can I say. 5 days of meaningless conversations with their customer support people in Philippines and failed attempts to forward my call to their server department in the US. Yesterday I even heard "we are aware of the problem, we are working on it now", but no change since then.
Emails always unasnwered (server247@1and1.com), although their customer support suggested me twice to write an email, as they were unable to reach the server department themselves. They did apologize, and I'm grateful for that, but I need the problem solved.
Not to mention, 2/3 of my paying customers are gone now. So all I need is to get my server back online to pack my stuff and dump them forever.
This is for a web/application server running, Windows 2003 Server Professional, IIS, MySQL, MSSQL 2005 Express, Plesk 8.5. The price is about the same.
We are hosting our software system which do calculation and file manipulation. Now we have Intel Core 2 Duo E6750 and would like to get Intel Core 2 Quad Q6600 to increase our system performance.
Also we have other choice, get Intel Xeon E5405 Harpertown 2.0GHz to replace two above.
I think it is better to have one server box because one box easy to manage than two. Also Harpertown is much faster than these two together.
i am using seperate server for sql .But my httpd server failed many time when i checked maximum number of httpd connection then my sql server using too many connection what is the reason of this problem . Is my sql server using as a slave in a ddos attack or sql server need http connection?
Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?
Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.
Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?
We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.
I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?
How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....
i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..
as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
My site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.
The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.
I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.
