SuPHP - Protect User's Files
Nov 9, 2008suPHP - Protect User's Files
I have suPHP
ADVERTISEMENT
Prevents Users From Overriding System Php.ini In SuPHP Mode
May 25, 2008this is simple steps to Prevents users from overriding system php.ini in suPHP mode .... in CPanel servers
first : you must make sure that suphp is installed as default handler
than just edit your httpd.conf file or php.conf file ( will be better to use php.conf )
now add this line :
Quote:
suPHP_ConfigPath /usr/local/lib
or ( Zend )
Quote:
suPHP_ConfigPath /usr/local/Zend
if you need to use only php.ini config file :
Quote:
suPHP_Config /usr/local/lib/php.ini
Files Not Downloading To Users
Feb 6, 2008I run a download website boasting many files (entirely legal, non-pornographic), the sizes of which range from 100KB to 500MB. Some users of the site seem to be complaining of the files not downloading and or being truncated (i.e: it says it has been downloaded even though it has not been fully downloaded.)
Here is one reply I received:
"No specific massage appears, only sign the download is complete and infact it is not. About 7 mega down loaded instead of 79 mega. I use fire fox browser and ADSL internet line speed 512"
All the files however do seem to download perfectly on my computer, though I have a good 8mb line, which leads me to believe it may be something to do with a timeout setting?
Securing My Site So Only Registered Users Can Download Files
Nov 14, 2007I'm setting up a web site for my online music library, doing it the hard way and learning as I go!
What I want to do I keep all the audio files secure so only registered users can get at them, how do I do this? FTP? permissions? Can I pass the user data from the client database somehow or do I have to set it up manually for each client?
I'm using php and mysql and have a table set up with all the file locations in it and that side of things is mostly working well. Once a user gets the URL of the file how do I make sure only that user can download the file?
I've tried searching the web for info but I have the sneaking suspicion I'm not asking the right question.
Disable Shell Access :: Users Can Read Files For Other Websites
Sep 4, 2008i have a Dedicated server and i installed firewall and i fixed all cpanel option and i disable shell access for all users and ......
but my users can upload shell hack files (Like:c99 ) then they can access to another website ,,,, they can`t Write ,,, they can Read files only
but there is a problem because the hacker will read the config files so my Database websites will hack soon
How To Password Protect Web Pages, I Can Protect Directories But Can't Put Pages In
Mar 4, 2007i did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
username: webforum
pass: password
Plesk 11.x / Windows :: Panel Don't Show Users Database In Tab Users
Sep 6, 2013The upgrade has an error when manage the users database.
PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM
PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (lÃnea 807)
EXPECTED RESULT
Show users in the tab users for database.
Preventing Users From Connecting To Other Users Database
Mar 25, 2009On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.
I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)
Suphp
Nov 13, 2007I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.
Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)
well. getting to this fix was after 10 hours of all sites not working on the server.
now (5 minutes ago) I go to http://www.suphp.org to read their docs for solution to find this
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, hostmaster@marsching.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache Server at www.suphp.org Port 80
Why did this suddenly arise while No changes were done on server software or config?
I believe this happens after the first coming apache restart or something but dunno what was the reason yet
maybe suphp.org guys have to update us when their site comes back online
FastCgi Or SuPHP
Apr 1, 2009what do you prefer?
fastcgi or suphp?
which one is better with suexec (in security and resource usage)?
SuPHP Along With Suhosin
Oct 28, 2009we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.
View 5 Replies View RelatedHow To Remove Suphp
Mar 23, 2009i have many problem from this
i want to remove it
i had recompiled apache without it but it still working
SuPHP Or EAccelerator
Jul 22, 2009I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?
View 14 Replies View RelatedSuexec And Suphp?
Feb 8, 2008what are suexec / suphp and for what purpose we use it.
View 1 Replies View RelatedSuPhp Use A Lot Of Resource
May 22, 2008we are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?
View 7 Replies View RelatedPHP 5 Handler (DSO Vs SUPHP)
Jun 25, 2008somebody suphp?
What is your advice?
PHPSuExec Or Mod SuPHP
Mar 18, 2008I'm wondering which one is the best with cPanel and Apache 1.3.41. The server will be used for shared hosting.
View 11 Replies View RelatedPhp 5 Handler Dso Vs Cgi Vs SuPHP
Mar 19, 2008I wanted to ask an advice which php handler is the most secure to have on a shared server:
dso vs cgi vs SuPHP
I currently have dso with Suexec on and few accounts are getting phishing sites uploaded so I read that SuPHP is safer. What do you recommend?
If I do change the server to SuPHP should I enable Suexec as well in the whm: Configure Suexec and PHP?
Suphp And Suhosin ..
Nov 27, 2008i have install suhosin and i want to know that should i install suphp too?
and
do you recomend me to install suphp?
How To Protect Port 80
Nov 2, 2007someone attacking my VPS via port 80, which firewall u advice me to use on windows 2003 WEB edition ?
Or anyone have smillar experiance and can tell me what to do? Btw my hosting company is LeaseWeb.
How Do I Protect My Website
Jun 29, 2009This is probably a pretty complicated answer so please forgive me as I'm a newbie to making my own ecommerce website.
What steps are needed to protect/prevent one's site from being hacked? I have domain privacy (on WhoIs) but I feel this isn't enough.
Way To Protect URLS
May 23, 2009Are there any scripts out there that can protect URLs? For an example I am trying to protect a megaupload.com URL with a masking URL and making sure that the masking URL is only access by a referral site. Can this be done?
View 1 Replies View RelatedProtect Directory
May 22, 2007i have another question is their a way to protect a directory without using .htaccess because i dont have modrewrite installed on my apache server.
View 4 Replies View RelatedHow To Protect Website
Feb 20, 2007Last days my site was hacked to the main page has been added the "iframe" tag with path to the virus loading. I don't know how somebody could edit the original page and insert this code to the html body. This time I have updated this page from archive but I would be glad to know how to protect my site in future. Could somebody advice me fast and effective methods?
View 7 Replies View RelatedHow To Protect Cpanel And Whm
Dec 28, 2007what is the best way to protect whm and cpanel from unwanted login?
If i change the port they still can sniff, is there away to put another layer to protect it or assigned specific ip to be able to login ? I'm on a dedicate server and only hosting for 1 site so there no customer that i should worry about.
can i change /whm and /cpanel to something else just to hide it form novice users.
Suphp On Webmin With Debian 5
Jun 24, 2009I have just installed my vps with webmin on debian 5 and I need a guide to how to configure my system to use suphp, Ive googled it but not come back with any clear guide.
I better add Ive plunged in at the deepend and after the secuity breach at Vaserv, I can not take the easy option and install lxadmin any longer.
SuPHP On A Dedicated Server
Oct 18, 2009I'm running a dedicated server (ie my site only) which is primarily a vbulletin powered site.
I was wondering if it is beneficial in running PHP as suPHP along with suhosin?
A lot of articles I see seem to be aimed at shared setups where there are other users with various (possibly) untrusted scripts.
It is a WHM/cPanel managed server which by default is set to run PHP5 as DSO (Apache module).
suexec is installed however this only affect CGI scripts correct?
I recently had a (paid) security audit completed and I asked the question about suhosin. The reply I got was:
Quote:
You do not need suhosin as you do not run suPHP we enforce posix acl's which will prevent vulnerable scripts from being able to download to the system easily and prevent the automated attacks. You can try this by installing a phpshell and you will see it's not very effective, only php functions are really of any use (such as readfile() and so on) but it will prevent things like wget xxx.
Should I recompile Apache (via EasyApache) with suPHP and suhosin or just leave as is?
Register_globals With Suphp And SuEXEC
Mar 29, 2009my server is centos and cpanel,
i setup it with suphp and suEXEC,
and i set the register_globals as off on server,
now,i had a website need register_globals on,
i search many articles and try to edit php.ini and .htaccess,
but all still show
FATAL ERROR: register_globals is disabled in php.ini, please enable it!
or
500 internal error
could anyone teach me how to solve the issue?
Broke Something When Playing Around With Suphp
May 17, 2009suphp and spent the better part of the day configuring a new server and then upgrading it to suphp in preparation for a migration next week.
However, I broke the links to var/www/html in the process and I don't know at what point it broke to know how to fix it.
I have a couple of links that usually work to this directory:
lax.powermonster.net/test.bin
and
[url]
Both of which now come up to a 404 error from my main site: powermonster.net.
Suphp Working With Vsftpd
Apr 23, 2009I am setting up a shared Server with apache2 and php5 + suhosin +suPHP + vsftpd.
The Directory Structure is:
1. DocumentRoot
/var/www/virtual/website1
/var/www/virtual/website2
/var/www/virtual/website3
............etc
2. For each website I would create a system account and tie it to each virutal host(as required by suPHP)
chown -R John:group1 /var/www/virtual/website1
chown -R Mary:group1 /var/www/virtual/website2
chown -R Ben:group1 /var/www/virtual/website3
...........etc
<VirtualHost 192.168.100.44>
DocumentRoot /var/www/virtual/website1
ServerName www.website1.com
suPHP_UserGroup John group1
</VirtualHost>
<VirtualHost 192.168.100.45>
DocumentRoot /var/www/virtual/website2
ServerName www.website2.com
suPHP_UserGroup Mary group1
</VirtualHost>
........etc
3. I setup vsftpd with chroot to each virtual host.
This works very nice as long as each client has only one ftp account. But if a client(website1) wants to have multiple ftp accounts( ex. john, john100, john200), they would mess up the file ownership when they upload and change files. Since suPHP executes PHP scripts with the permissions of their owners (suPHP_UserGroup John group1, suPHP would complain their setid is mismatched because the John100 is not the suPHP_USERGROUP owner(John). I have tried Virtual Hosting with Vsftpd and Mysql, that didn't work because all the virutal users would be acting as one user (guest_username=virtualftp) when they upload and change files. I am wondering if there is ways to allow multiple ftp accounts for each Virutal host working together with suPHP. Or It is possible for ftp user to change ownership once they log in.