I don't know where to ask this question so hopefully I'm in the right forum. I have a friend that owns his own company and travels alot. He needs a place where he can store his work files (mostly document like word, excel, pdf, drawings, etc...) which contains very sensitive information. He need a place where he or the people in his team can transfer files and that he can setup access levels for his users. He need access to his files with a secure tool such as sftp or something else that you guys can recommend.
Also, since some files can be very large he requires a good transfer speed from everywhere in the world. He's looking at around 100GB of storage space and a very high transfer allowance. He will probably need to host his website also. Do you guys think it's better to host the files and website separately?
I'm making a website which sells digital goods. Are there file hosting services that allow customers to download directly from them when they buy something? Instead of hosting files on my own web host?
I hired a full time web designer to help me create the site but I'm wondering what else I'm missing.
I'm guessing I'm going to need a high end dedicated server with an 100mb unmetered port? How much space should I be looking for? The file size is going to be limited to 150mb per download and if the files have not been downloaded in 2 weeks they will be deleted. What type of HDD space should I be looking for?
Does anyone know of a CDN that can provide secure file delivery for 100+ people? I'm looking for something that will allow me to send product download links to customers and have them only download the files once each. They mustn't be able to view or distribute the actual file location for their friends to download.
I'm looking for a pay as you go service with no sign up fee.
I know simpleCDN offers pay as you go, at a rate of $0.09 per GB with no sign up fee, but they only seem to offer http and https delivery at present, which is half way there, but it lacks the secure delivery.
I know Edgecast offers a 'secure token' system that allows download links to be sent out that can only be used once. However, they have a whopping $550 sign up fee, and then a whopping $550 per TB transferred. This has the secure delivery, but lacks the pricing my company can afford.
Does anyone know of any more CDNs that have this secure download link function?
The 'secure token' functionality of Edgecast is a good idea, but even a CDN that just allows you the standard function of creating multiple FTP accounts with different permissions will do to trick.
I am running a large scale business and some time I have to transfer large and very important data files to my business partner. I fear about my data because there are many of my business competitors who will definitely try to steal my important data. So there is huge amount of risk involved in sharing my important data on Internet. I recently heard about secure file transfer technique from my friend who is working in well established software company. Does anyone have any idea about what is Secure File Transfer (SFT) service and how does it work?
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF?
or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ...
let's make this subject for the most important issues for secure your php.ini
from script-kids as we can ...
here i have some important question's for anyone has or controlling a server ; vps ....
#0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!]
these question every one had a server ; vps , need to know and secure his box from other ...
and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
We have several VPS's reselling shared hosting, and as we grow our shared hosting operations, I've realized how its almost impossible to have every user, developer or who ever is accessing our shared accounts to properly lock down their scripts eg set proper permissions... But what I don't get is how larger shared hosting providers (which we plan on becoming) fully lock out homedir/User A from being able to access, view or write to homedir/User B's files no matter if User A's executed scripts, processes, protocols is requesting User B's files...
In a shared environment you can't rely on your customers to lock down their stuff and they are trusting you to take reasonable precautions to protect their stuff at the same time... This should be basic security but its almost impossible it seems to achieve in a shared env.
Obviously there are VPS's with completely isolated layers but in a shared env it shouldn't be too big of a request to have one persons stuff not easily visible by another person no matter if SSH is being used or a script of any kind.. bottomline... think of a hotel ... a "shared environment"... one guest can't just go in someone else's room easily. The hotel owner ensures that guests rooms are not available for other guests to access, this is a reasonable policy and the hotel owner would be in deep s**t if other guests had access to other guests rooms....
Here are the reasons why I think "secure shared hosting" is essentially a paradox...
1. False sense of security - SuPHP, Suexec, open_basedir..
Problem is even if you're using SuPHP or open_basedir or other security practices, someone on that server could still possibly "view" other users files which could include database config files and other files that you wouldn't want someone to read/access. These files could include xml, dat, txt etc any other file that a user might not want another user in another homedir to access that isn't protected by SuPHP or SuExec...
2. People often say.. well its your users responsibility "Rely on your end users to choose proper permissions for their files"... This is like relying on your hotel guests to deadbolt their door instead of having an autolock on their door when they close it.
I'm sure your clients would expect you to "section off" their account reasonably from another user however these doesn't seem possible at least with Apache that requires "nobody" to have to access files... And the problem is you can't rely on your users.. Besides, most open source scripts (WP, Joomla, Magento) and people here in this forum recommend 644/755 permissions as being the ideal permissions for most files/folders however if a user makes all of their files 644/755 other users can still possibly access those files.. You still would be giving world-readable access... Many people still use PHP as an Apache DSO, so under normal circumstances where scripts are installed in pub_html a user is FORCED to use world-readable permissions on their config files for their apps to run. For instance with our cPanel install, when we provision accounts in WHM, it creates .htaccess files with 644 permissions .. well why would it do this if .htaccess shouldnt be read by other users .. same goes with xml files, or other non-php/cgi files outside or inside the pub_html directories of a users homedir/ that shouldnt be viewable by world users...
Bottomline, until "world" readable/writable/executable permissions completely are ignored in a users homedir/ for not just PHP/CGI but for any file I think shared hosting security no matter what patches you have added to Apache or your system (Suhosin ,SuPHP etc) ... is a paradox... It shouldn't even be possible in any home dir no matter how responsible/irresponsible a user is for one user to be able to view another users stuff. The whole point and reason panels such as WHM or any panel uses the /home dir is to separate that users files/mail/etc from another users.. So, logically, there's no reason why a script would need access to anothers home dir/ knowing its a shared environment and on a shared hosting env it shouldn't be allowed to go outside of that users /home/ dir ...
So I think a server admin should be able to enable a "mod_shared host" lets say in WHM or something that will get rid of global permissions eg there will only be 64 not 644 for any file in /home/<user>/... If someone chmods something to anything in Y ... XXY ... Y is completely ignored and set to 0...
If the server admin wants to override such settings, there could be an override feature but by default, just as PHP open_basedir restrictions settings in WHM work for PHP, the same should go for all files/scripts part of a home dir (any extension), under normal shared hosting shouldn't be accessible by any method (FTP, SSH, any apache module/process - CGI, Java etc) regardless of DSO, SuPHP...
Until then... How could large shared hosting providers sleep at night knowing that they are not protecting everything in their users home directories? This should be a simple and reasonable request that a user would expect when signing up for Shared hosting... Obviously there are other possible security leaks, breaches can occur but this should be basic security...
Shared hosting shouldn't be like open kindergarten cubbies with a curtain protecting the contents, instead, anyone signing up for shared hosting would expect their host to at least have a high school locker with a pad lock ....
Or am I missing something? Is there a solution already for this reasonable security practice of protecting users from each other user without referring them to a VPS or a dedicated? How do the big shared hosting operations have a large shared environments with hundreds of users on a box NOT allowing others to view/access other peoples stuff?
I've asked people on cPanel forums as well as our hosting provider, everyone has mixed responses and no real "answer" so I wanted to get your thoughts...
I am using the latest version of Apache on an Windows XP machine
When my web service is down for maintenance, since Apache is will still be up and running, I would like for Apache to serve an xml file as a response for the appropriate request. I have three operations available, makePayment, calculateFee, and voidPayment.
Is it possible to have Apache determine what type of request is made for example if I have an xml error page for each operation; how will Apache know which xml file to serve based on the operation request from the client
To make it more clear: What is the best practice for modifying apache to know what request is being made in order to serve the appropriate xml file?
I'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.
So what should I do to best secure the server?
So far now I did:
- Apache: Installed mod_security and mod_evasive.
- PHP: Set register_globals=OFF Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close Set safemode=ON Set open_basedir to user's directory on virtualhost
Is that would be a secure environment for my users?
I work for a small web design firm with about 100 clients/domains and we are starting the search for a new hosting provider. We need a managed dedicated server with an offsite backup. We are also looking for a company that knows what they are talking about. If we have a Linux or server question they need to be able to give us a quick straight answer. Also, if they could help us transfer all our hosting accounts from our current server over to the new one that would be a BIG plus.
We have been thinking about Rackspace or 1and1.com but were wondering what the community thought. Any recommendations?
I'm currently trying to setup a personal web hosting service for my friends where they get an area of web space, etc, for them to use. Basically, a free web hosting service, etc with PHP, and all possible.
Does anyone know how I could go about setting this service up? ( If I were to get a HostGator/webspace account, etc)
I ordered a VPS from Hosting-IE on the 25th March and was initially told it would take 4 days or so to setup. A week later I emailed them, and was told by Max that it would be setup that day.
Throughout the next week I emailed a few times and received no response at all, and got fed up so a few days ago I just filed a complaint with Paypal to try and get my money back (After waiting nearly 3 weeks for a VPS I think I should). Now Hosting-IE are saying to Paypal that they gave me the info, when this isn't true.
So I just lost 60 euro's, not that much but still enough to get annoyed about. Gonna see if I can file a chargeback with my credit card company.. hopefully it should work.
Anyway, definately stay away from Hosting-IE! I should have read up on them before I ordered..
What type of hosting account i need to choose for a digg like news service(or social bookmarking). Is Bluehost enough ?? They have unlimited data transfer/domains/space near 6$ /per month. What other factors should be considered for a file hosting or image hosting site??
4. Has any web host been sued so far for damage to data or loss to business?
One of our data centre has reported that it has lost each and everything in fire at its place - including all instruments, servers, machines and so on. We were having 100 domains with them on our server. Our clients are very much co-operating with us.
What shall we do in this case as far as our 4 questions are concerned?
i was recommended by a good friend to come here for advice. i'm looking for a web hosting service that will allow multiple domains & do php for my zen cart ecommerce website. i am currently spending $200 per year for web hosting just for my ecommerce website alone. does anybody know of any good reliable and cost efficient web hosting service that will allow me to do this at the same cost or slightly higher than what i'm paying?
I want an Oscommerce based store and would like to know what are the best options for hosting Oscommerce? May be Godaddy or yahoo or any other? Kindly guide me in making this decision in the light of your experiences.