Safe To Run Your Website And WHMCS On The Same Account Or Site?
Nov 8, 2009
Is it safe to run your website and WHMCS on the same account or site?
Say for example I was running Joomla and WHMCS on the same account. If ever a vulnerability in Joomla was found which allowed hackers to view, edit, or download files on the account, this could mean whmcs getting hacked into. End result would be all account information being stolen or worse all the account being deleted or hacked.
We are using WHMCS with Plesk 9.2 which was working all perfect but from last few days when ever we click on "CREATE" hosting account module in WHMCS it gives us the following message.
Module Command Error CURL Error: 28 - Operation timed out after 100 seconds with 0 bytes received
we tried to contact WHMCS support and they says its related to Plesk and parallels say its related to WHMCS now i am stuck between these 2 companies!
I have this problem today after a fresh install...
I think its maybe i havent dont it proper im not sure..
But a client joined today and i have new account created auto after payment and well it says in the whmcs the user has an login and password but when i tried to login with it it said login failed
Also it trys to login to whm not cpanel with the account, even tho its set up as shared hosting in products...
the login link is : [url]( i removed name for security)
A community website with a forum(phpbb3), not more than 2000 users, less than 50 posts per day and less than 50 users online at the same time, will be ok to host under a shared account?
If the bandwith is lower than the limit, is it possible to use many resources and get susbended?
A single website is returning 503 to every request - it's a wordpress site - and we have a lot of those, none of the others are returning the same errors, so this is quite odd to me:
When I use website copy function the website files are copied to another domain but the database remains on old site. I use this function to move the website from devel state to the production state. All sites work fine but when i schedule the backups all databases are saved on old domain. How to move the database on production domain?
A week ago i came across a installation of a fake paypal site on a account i am using on cpanel. The site had the latest wordpress installed on it with nothing else.
I would like to know;
How is it possible to access the account to install the paypal site and how can a person prevents this in the future. i came acros the site by accident and cant check on all my clients sites all the time.
i have a hosting account which hosts a couple of my sites. Now i have contracted a new site project to a programmer.
I want to give him access to the control panel so that he can manage the site completely(setup database, mail etc) without letting him on any of the info on my other two sites. For my current hosting account it means providing him with my hosting account administrative login, that means he has access to other sites too.
The other option is providing him only a ftp account to upload files only to the particular directory for that project. But the problem with this is that then he cannot setup a database etc. on his own, he needs to provide me sql script which i then use to create the database from the control panel.
Can a reseller hosting account solve my problem..... seperate control panel (administrate all things like databse, mail, password protecting files) for each site?
Any other suggestions, this is the first time i bought hosting.
Any reading material(books or online) to get familiar with each aspect of running and managing a website(mailservers, security, dns for site, backups etc. etc.)?
i need to enable php safe mode on for my joomla and i came across this
Quote:
When the php safe mode is turned off globally by default at our server end, you can still override the setting to turn it ON for only your domain by just insert the following line inside the ".htaccess" file (at Linux server):
Code:
php_value safe_mode "1"
my joomla .htaccess file:
Quote:
## # @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $ # @package Joomla # @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ##
##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # #####################################################
## Can be commented out if causes errors, see notes above. Options +FollowSymLinks
# # mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits
My /tmp on my cPanel hosting server is nearly full, and I was wondering if it is safe to remove all the contents in /tmp, if not, what can I delete to clear up the space?
I have a script that needs safe mode off to run, the script writers have said safe mode is disabled as default and not required and even disabled in php 6
Now I'm not to fimular with Safe mode, all I know is most scripts are wrote to work with this on
Should i switch safe mode on or off . Right now i am using it as on some one told me if i switch it off then server can easily hack but becoz i switch it on im having too much problem specially users of sites having problem of uploading and wordpress also have issue and some more script what you say what should i do?
I would like to know as to whether or not you have php safe mode turned on? If you do, please specify why, and would you allow your clients to turn it off?
As with many sites. my site was hacked recently. my host was so negative about this. they didn't notice the hack attempt although it took the hacker 9 hours to break through.
after that I made some search on my host to find that it is not a real host at all. they are just resellers to another company. I was very disappointed, Then I decided to go to a better host who can protect me from hackers.
I read some threads about 'hacker safe host' but they all in general don't give a real name of trusted 'anti-hackers' companies.
can you guide me to some of the famous hosts?
if you can't my friends got a VPS hosted with WestHost. he offered me to move my site to his VPS. is west host trusted about hackers?