Prevent Users To Run Phpproxy On Server.
is there any way to prevent users to run phpproxy or any proxy script on server (server is Linux / whm )?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
How To Prevent Nobody To Move In Server
i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script.. as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
View Replies!
View Related
My Server Was Hacked -- How To Prevent This
My server was recently hacked and I'm looking ways to secure it in the future. I use the server to host my own websites. It was hacked to be a spam server. I traced the new files the hackers added to my "upload" directory, which is where my site members upload pics. I had set the directory to chmod 777. Could someone hack that directory solely from it being its rights being 777? The site was custom developed in PHP, and looking through it myself, I couldn't find any security issues. But then again, I may not know what exactly to look up. I would appreciate any general tips to protecting a server, as well as general tactics hackers use to hack a server and PHP site.
View Replies!
View Related
Preventing Users From Connecting To Other Users Database
On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server. What I want to do is to make the users can only connect to their own databases and not other's. I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
View Replies!
View Related
Bought Private Domain Name Server (DNS) To Prevent Hotmail Bouncing...am I Wrong?
While I am used to reselling and domain registration stuff, I am totally new to DNS stuff..I tried many searches and readings without hope. that's why I need your help. We have a problem that makes both incoming and outgoing emails from our website's email server not going or received, without any failure message or error message on both sides: the sender and receiver. We talked to our webhosting company- they do not own, but host on a dedicated provided by Iweb in Canada - and they told us a quick solution for this: To buy a private IP address, therefore our websites with them will not get blocked as spammy IP, setting us away from the dozens of sites they have on the same server IP (as domaintools reverse IP reported: xx other sites hosted on this server). The company I work for agreed on this solution immediately as we are loosing customers for this problem. They charged us 8$ a month for this "private ip". We had the same problem for another day after their solution, when I checked domaintools, I found our websites are still on the same IP of the company. I called them, and the Admin there told me: it's a hidden CNAME setting that is not shown to public because it's "private" and the delay happenned because we had to contact Hotmail staff and wait for their reply to include it in their safe list, but others as Gmail and Yahoo do not require contacting them and will go through automatically." My question is: - What is Private IP/ Private DNS? - Why and how it is used to prevent false blocking/bouncing? - Does that mean they had to sell it to every domain, while their IP is not on blacklists (I checked it). - Is Private IP just an internal setting or it has to be bought from a large ISP like regular/public IPs? and if just some settings, is this price fair? we pay 120$ annually for hosting one site with them. - They told us they put our other two sites on theis same new private IP. How can this be possible? - I cannot understand: Hotmail can prevent our emails from reaching inboxes, but can it also prevent its users emails from reaching us?? Is this issue a Private-IP related?? - What do you think the real problem is, and what advice(s) should I follow to have our emails going and coming smoothly in the future? Note: We don't send unsolicited emails ever. We only have a 1500-member mailinglist that we send a newsletter to, once every few months. Our daily email traffic is about 10 to 20 messages in and out.
View Replies!
View Related
Server Specs To Run SharePoint Server 2007
I've recently had a number of enquiries from hosted clients and potential customers requesting SharePoint hosting for use in connection with their current packages. I've used Windows SharePoint Services 2.0 in the past, but am specifically looking into the latest and greatest release of SharePoint to date to install - SharePoint Server 2007. I've read over Microsoft's server requirements for running SharePoint, who recommend a 3GHz or higher processor and 2GB RAM for web servers, and 4GB RAM for SQL servers. To me, this seems ridiculous for the small number of clients I'll ever be hosting, and who will only have a small number of SharePoint users per site. Those with any experience of SharePoint hosting please share your opinions of SharePoint hosting on various server configurations, as I'm interested to know how it performs. As I'll only have a small user base, would running SharePoint fully on one existing IIS 6 web server do the trick? What processor should this machine have, and amount of RAM to run SharePoint well?
View Replies!
View Related
Server Is Over-run By Spam
I'm hosted with elitehosts.com, they've been absolutely GREAT for 2 years now. However, one of my sites gets SOOO much spam email that the host cannot handle it. Apparently the limit is like 500/hour. The result is email for the domain is no longer dependable. Senders to the domain get undeliverable bouncebacks. Is there anyway to fix the problem? The server side spam filters catch the email, but doesn't solve the problem of all the incoming mail. Is finding a new host (if even just for email) my only option?
View Replies!
View Related
One Server - File - Two Users Editing It, Third Errors Out
There is 1000MBPS network set up between three computers and server. Server has files which program saves. Program is being run in three different computers. Each computer tries to get into same file (eg last bill) that was created before. First computer goes in within seconds. second minutes and third just crashes. No matter which computer runs it first, last one crashes. So called "server" is running on Windows XP pro since it just needs to keep one program files. However I cant find out whats causing file sharing over network bug that crashes access to same file if connection from many computers.
View Replies!
View Related
Users Cannot Connect To Remote MySQL Server
I have a few users that have a hosting account with me and are trying to connect to their own MySQL servers elsewhere. Both said that they are able to connect to the MySQL server with other hosting accounts but not the ones hosted with me. I asked if they had setup permissions to allow remote connections from my server and they confirmed that they did. What am I missing? Do I need to configure my firewall somehow? I figured the connection is just using port 80 since it's from an PHP script right?
View Replies!
View Related
Show Number Of Users Connected To Server
I've tried the uptime ssh command but that only shows how many users are currently connected to the server via ssh. Does anyone know a command to show how many active http connections there are? I'll use php to run the command and print it to the users browser so they can see how many users are on each server. Very similar to what gamershell do.
View Replies!
View Related
How To Run DNS Server On My Own Hosting?
I recently came from a VPS server where my provider gave me the names of their DNS servers which I then pointed my domain name to with GoDaddy. I recently signed up for a dedicated server and asked my provider for their DNS servers. They replied that I needed to run DNS on my server. Is this normal for dedicated hosting providers? Do I just need to point my domain to the public ip address on this server or do I need to load/configure DNS on my server? Is there sofware that I need to install?
View Replies!
View Related
Do You Run An NTP Server For Your Network
I'm curious to see who here runs time services for their network / their machines. Also, if you do run time services, do you use a Stratum 0 time source (GPS, WWVB, DCF77, CDMA, et al) or do you just sync with pool.ntp.org? Is your NTP server in pool.ntp.org? What I'm really curious to find out is if anyone here provides stratum 1 time sources (a time source that is directly sync'd to an external reference clock, like a GPS). And have you even contemplated such a thing?
View Replies!
View Related
Server To Play Games Run Programs
what I'd like to do is get a server set up that i could remote into and play games such as second life.And Leave it running etc. I would also like to be able to install other software on the server and run them just as i do with my home pc. Is that possible ? and if so what kind of setup do you suggest? Linux,windows.
View Replies!
View Related
Is It Feasible To Run A Private Server At Home
I'm just wondering, is it alright to run a private server at home using XAMP or Apache2Triad? If I dont want to let any outside connections thru, and just use my PC to run test or test sites, is it alright security wise, and what should I do to make that work properly (just not letting anyone from the outside in)?
View Replies!
View Related
Sitepoint Book - Run Your Own Web Server
I have just bought "Run your own web server using linux and apache" by sitepoint. On the back cover it says covers fedora core 4 but i'm having trouble finding a downloadable iso off the net. I can find various files but am not sure which ones i need. I can find core 6 and would like to know if there's much difference in 4 and 6 and if what's in the book can be done with core 6
View Replies!
View Related
Multiple Domains On A Dedicated Server, Plesk, Users And Apache
In my old server (VPS) I had my dir structure as: sitea.com was pointing to /home/me/public_html/sitea siteb.com was pointing to /home/me/public_html/siteb On my new server, I have root permissions and used Plesk to create two domains sitea.com and siteb.com . Now plesk asks for a user to be created for each domain, so created usera and userb for sitea and siteb respectively. Now as root on my server I created the dir /home/me/ and untarred the whole backup from old server to new server and I have dirs : /home/me/public_html/sitea and /home/me/public_html/siteb In apache configuration in file: httpd.include_sitea under dir /var/www/vhosts/sitea.com/conf/httpd.include I changed the document root to /home/me/public_html/sitea So I thought I am all set. But it does not work. When I try sitea.com in the browser it works but for all subdirs, for eg sitea.com/images it says Access denied. This is because the dirs I created are owned by root. So the owner of /home/me/public_html/sitea needs to be usera for this to work ? Again for siteb to work I need to change the owner of /home/me/public_html/siteb to userb ? This will be painful ? At least I should be able to change the owner of /home/me/public_html/ to one owner and ensure all sites under that work fine. How do I do that ? I think the problem is clear by now. Its that I want all my sites to work off from .../public_html/ sub dirs.
View Replies!
View Related
Can I Run Debian On A HS22 IBM Blade Server
Im starting my business and where providing web application services. In any case iv been working with IBM to determined what hard ware solution would be best for me. All i wont to know is if Debian linux will run fully properly with The IBM HS22 Blade series. They wont me to use RedHat and Microsoft SQL 2008 witch I'm not a fan of. This is a field where my knowledge kind of hit's the end of the road so if there is any one out there who knows what there talking about pleas in lighten me.
View Replies!
View Related
Dedicated Server - Run Windows & Linux
Can I run both Windows & Linux on a dedicated server? I currently have a website hosted on a shared hosting Linux web server (uses PHP, MySQL). I want to use RED5, which seems a bit tricky to set up. Why Windows? I would feel more comfortable installing RED5 on a windows server (I think it'd be easier for me, no experience with Linux command line etc.). Why Linux? I'd prefer to keep the existing PHP/MySQL website on Linux because I have Apache specific settings.
View Replies!
View Related
Run Rsync To Sync A Folder From An FTP Server
I want to run Rsync to sync a folder from an FTP server - which I have limited access too with my server. 1. Do I have to have rsync installed on the server with the FTP too, as I won't be able to do that as it is not my server. 2. Is Rsync easy enough to get up and running and set it to run every 24hours?
View Replies!
View Related
Cheap Reliable Server That Can Run PHP/MySQL With Plesk
I currently have a decent server that runs around 10 websites, but 1 of those sites contributes around 99% of the total traffic. This large site is being moved onto a new server, leaving the remaining 9 sites rattling around on this big (and expensive!) server. So, I am now looking for a smaller server to handle the other smaller sites. They get minimal traffic - around 5k uniques a day.
View Replies!
View Related
CGI Scripts(Perl/Python) Are Not Able To Run On Plesk Windows Server 2003
I have a Windows 2003 dedicated Server with Plesk Control panel I am not able to execute CGI scripts(Perl/Python/CGI) on it when I try to execute on it I get these errors: Access denied to invalid credentials 401 Error Error is 401.3 ACL restrictions.... what I tried is I have tried to change IIS settings for IUSR_name and also I tried editing in httpdconf file for CGI settings and restarted the server... but all of no use I am executing these scripts in CGI-BIN folder and outside of it..
View Replies!
View Related
ManageMyServices... Run.. "Forest" Run
Server been down over 14 hours..... over 50 sites down.... standard response within a few hours... we will reboot your server within the next 30 min. Sites come up for 3 minutes then down again.... Resubmit ticket... few hours later.... same response... reboot server.... same result... server still down. Last ticket submitted over 3 hours ago.... no response...server still down. No phone number... Hard to believe anyone would run a business in this manner, knowing peoples livelyhood depends on their sites being up.
View Replies!
View Related
How To Prevent Rm -rf /
Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this? Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly. Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
View Replies!
View Related
Prevent Phishing
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages. logs: May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec) Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
View Replies!
View Related
How Prevent Hackers Away
I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc. 1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server. As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through. 2. Compile apache with safe mode as well. 3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home. 4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled. 5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server. keeping your server secure from hack attempts.
View Replies!
View Related
Mod_security To Prevent Some Script
I try to use mod_security to prevent some script in some files, imagine I want to block all scripts includes "test" in the body so if code of script.php is: HTML Code: <html> <p>test</p> </html> and someone run script.php , I want block running and show 406 error now can you tell me how can I write this rule in mod_security 2 with apache 2? I use SecRule RESPONSE_BODY "test" but its now working ...
View Replies!
View Related
|
TRACKER
