I'm using suphp to secure a shared web hosting server and am confused about one issue I'm having. It is my understanding that using suphp, you should be able to chmod 755 all directories and chmod 600 all files since apache runs the .php files as the user.
However, when I chmod 600 all files, the formatting of the sites gets messed up. It loses all css and if you try to view image files in the browser you get a permission denied error. Why is that?
As a temporary solution, I can chmod 644 all files and then 600 only sensitive files like config files (wp-config.php for WordPress for example), but I'd rather just chmod 600 everything.
Can anyone explain why 600 doesn't work?
With 644 permissions, any user could upload a script like:
Code:
<?php
$filename = realpath("/home/user/public_html/wp-config.php");
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
echo '<textarea name="textareaName" rows="46" cols="103">'.$contents.'</textarea>';
?>
and view another users's file if it is 644.
When I go to all of the html pages, I get a message box that says You have chosen to open [blank line] which is a: text/x-server-parsed-html. The blank line means there is nothing there no filename.
An email from the webhost said that a suPHP upgrade(?) caused this.
The only PHP file I have is one that reads text files to put up on a News page.
I am confused as to exactly how a suPHP upgrade which I have never heard of until today can cause this much damage.
What is the easiest way to get cpanel to install on a home server to play with it? Do they have some kind of unlimited trial that limits to private class IP range or something? Would be neat to mess around with. I'd run it in a VM in the 10.1.1.x range and afaik their licensing goes by IP so if they see that IP they obviously know its not being used for a real hosting company. (well you technically could nat I suppose...) I also though of just ordering a cpanel dedicated server to mess around with but prefer to do it at home in a VM, and possibly at no cost. Anyway this can be done (legally)?
Has anyone here gotten any of the Xen images from jailtime.org to work on CentOS? I've figured out what the heck I'm doing since my last question [url], but they still won't boot. And the more I Google it, the more people I find asking the same questions.
It looks like they're depending on a bunch of non-standard images in their initrd, and, unless we have some of these unknown modules, the darned thing won't boot. Mine ends up failing like this:
Code: NET: Registered protocol family 1 NET: Registered protocol family 17 Using IPI No-Shortcut mode XENBUS: Device with no driver: device/vbd/2049 XENBUS: Device with no driver: device/vbd/2050 XENBUS: Device with no driver: device/vif/0 md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. VFS: Cannot open root device "sda1" or unknown-block(0,0) Please append a correct "root=" boot option Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0) The xen.conf for this particular VM:
Code: # This points ta real Dom0 kernel! kernel = "/boot/vmlinuz-2.6.18-53.1.13.el5xen" memory = "256" name = "Ubuntu-Matt" vif = [ 'mac=00:01:02:03:04:07, bridge=xenbr0, vifname=vif1.0' ] # Set the disk... disk = ['file:/home/matt/vms/ubuntu-7.04/ubuntu.7-04.img,sda1,w', 'file://home/matt/vms/ubuntu-7.04/ubuntu.swap,sda2,w'] root = "/dev/sda1 ro" This is driving me bonkers... Has anyone gotten these to work? Would I be better off just installing from an ISO?
I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.
Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)
well. getting to this fix was after 10 hours of all sites not working on the server.
now (5 minutes ago) I go to http://www.suphp.org to read their docs for solution to find this
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, hostmaster@marsching.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log. Apache Server at www.suphp.org Port 80
Why did this suddenly arise while No changes were done on server software or config?
I believe this happens after the first coming apache restart or something but dunno what was the reason yet
maybe suphp.org guys have to update us when their site comes back online
I plan to build huge image gallery, using lighttpd to server these images. It would be easiest for me to have all these files (more than 1 000 000) in one directory? Is it ok?
I have no idea, if this can cause any problems. Should I part my files into several directories, does it make serving better/faster?
I have virtual folder in IIS6 which has asp file as default and several jpg files. How to prevent JPG files download from server? I want to let execute asp file only and do not let users download jpg files.
The images I am trying to block are on page generated by a simple PHP script on my server. The offender has replicated what I am doing with ASP on their server. They are hotlinking to my images for the resulting page. They left my website's name on them, so they must think that giving credit is enough.
I'm going to be contacting them to stop but I also want to see if there is a way for me to prevent it from happening in the first place.
I know mod_rewrite works on my server because I've been using it for some other things.
However, whenever I enable the above code (add it to the directives and restart apache - have also tried just putting it in a .htaccess file in the appropriate directory), I end up with images still being allowed on my domain and the other domain I'm trying to stop from using my images. Do you think it could have to do with an absent referrer? I read that the code doesn't work if the referrer is blank. What else would cause this not to work? Obviously the domain would have to be correct, but it doesn't block from my domain OR the offending domain.
I tried another method:
Code: <FilesMatch ".(gif¦jpg¦png)$"> SetEnvIfNoCase Referer ^$ allow_image SetEnvIfNoCase Referer ^[url] allow_image Order Deny,Allow Deny from all Allow from env=allow_image </FilesMatch>
This one blocked images to the offending domain, but it also blocked mine!
I am creating a web application, nothing spectacular just something to display content.
After completing a long night of coding, I uploaded my files to my server and checked to make sure everything was functioning correctly. Everything seemed fine so I went to bed.
The next morning, to my surprise, all my images had dissapeared! Well not all of them, just the ones being displayed through the PHP script. (coincidentally, these images where all in the same directory...)
Of course the first thought that went through my mind was "scripting error". Which surprised me, since everything worked perfectly the night before. I checked and double checked everything, and I couldn't find anything wrong. I checked the permissions on the directory holding the images and they appeared correct (755). So, to locate the problem I decided to strip out all the variables and create a test page that had only the SQL query, and a print to output the <img> code. Still nothing! So I decided to just go the HTML route and create a test file that held only the <img> code, no PHP involved... nothing.
The images are on the server. I double checked... if you right click > view image, it shows up. Then if you go back to the "test" page and refresh the image is there... however, it does not appear when you first load the page, or it appears and then immediately dissapears.
I contacted my host about the issue, and their first response said:
Quote:
Dear customer, The images are there if you login through plesk control panel and go to File Manager under your domain you can find the pictures and see them.But some of them are not opening under your website. Best Regards
Honestly... are you kidding me? Reiterating my question doesn't constitute as an answer. And they call themselves "engineers"...
Seeing as it appears to only be affecting one directory (and possibly only JPG images...? Have a look at the test pages above), I believe it might be a permissions issue.
I've got an application (java web ) tha dynamically creats images ( with dynamic url - ...tab&vi=nia&h=24&ds=bottom&fn...) - like thumbnails,icons ect.
The think I'm trying to deal with is to force caching theese images by a browser.
When the application starts the server gets images and shows code 200 ( and this images apppers in web browser cache), but after reloding or simply viewing the images from the cache url the server shows again code 200. I'd like to have code 304 - not modified - like when browser gets an image from cache.
The dynamic url for image is being created only once - when the appication starts, and after that it stays unchanged, but I still can't force use the cached images - like when it is a static url - .../image.jpg.
I need a medium of some kind to store my backup drive images of a windows 2003 standard x64 server. I will be taking DriveImage XML images every Sunday. The medium must have a minimum capacity of 250gb.
I am wondering what is the best/most cost efficient option? My budet is around $500.
I have heard tape and usb external drives.
Can you provide specific models, costs, pros/cons of each technology and product?
We have a major chunk of our traffic coming in from Asia and our servers are in the US. The latency is an issue which we have sorted out by ensuring we use Amazon's cloudfront CDN atleast for the static images.
Now while this is working rather well, we are now wanting to experiment and see if we could put up an additional image server in our country to serve IPs from that specific range.
In case the local image server goes down, the amazon cloudfront setup should be used. What are the best options for achieving this with the least amount of latency for the users?
I use 34SP to host my website, and the package which I use allows me 2000MB of traffic a month. If every image that I use on my website (including the logo and background image) is hosted on photobucket instead of by the 34SP server, does this mean that the data received from photobucket won't count against my monthly traffic allowance?
And is this a reliable way of doing things? I guess it's less reliable than having all the images on the same server, but how often is this likely to go wrong?
i have to reload a page several times. at least once. the templates show up fine, but the actual images and contents do not show up unless i reload the page....this is evident during peak hours but not during normal hours.....
I'm starting to see this, or maybe it's always existed, but it seems like bigger sites are hosting their images on external servers. I've even seen some sites use Flickr as the host for all of their images. I guess for Flickr that means you have a guarenteed image CMS, but I really don't see that as why Flickr was created.
I'm sure there are bandwidth advantages, and maybe that's the main reason. Is there a point where the traffic gets so high that moving images off site would improve load times and sever loads? Is it a worthwhile endeavor for smaller sites? I'm curious to see what the thoughts are on this trend.
I am hosting my site on cpanel server, but there is a little problem, my images in the application are not getting displayed, whereas they are displaying alright on my local server, i've tried different methods to ressolve this issue, but, i wonder is it something to do with the server.
first time building a website, and was thinking about setting up a blog type website similar to the likes of engadget etc....
However I'm curious as to how I can source images and how copyright relates to a blog news site. Obviously with the quick nature I would be posting like other news sites I doubt there would be time to email the owner of a site and ask for permission and await a response.
So maybe theres a loop hole in regards to blog news sites for permission?
For my website I have a server which houses all of my gallery IMAGES of my user profiles. There are over 100,000 images on the server and it's only purpose is to provide those images with http.
However, the http server also has PHP installed, and it's only purpose is for uploading new images. Therefore users eventually get redirected to the images server where they can upload the image.
This all works, but in the future I want to remove the PHP side to the server. I also want to change the whole server program from Apache to Lighthttpd. This is because, lighthttp is a very low overhead web server program, but also provides very little features.
So I was wondering, if I was to do so, and since PHP is not installed, then I would have to make the upload pages on the main http server (which has PHP and Apache). Then I would have to make the main server send the uploaded image to the the lighthttp server via some sort of the scp system call, via PHP. I know that this IS possible, but when it comes down to security holes and so on, would this method really be worth it?
Generally I want to have the lighthttp setup only because it eliminates having to have any dynamic content. Obviously this can also be done with apache (removing dyanmic content), but lighthttp may be more efficient for static content.
I have a simple app where i am currently downloading some images from the internet. I want to use a local web server to host some of these images when i am not connected to the internet. I installed the apache web server and added the images folder under htdocs - my document root.
Now, i want something like when i continue to query images from www.examplesite.com/xyzimage.png within my app, it should be redirected to localhost/images. Is this possible? I tried doing this
In C:WINDOWSsystem32driversetchosts i added this line URL:...
we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.
I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?
we are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?
