Veportal 2 Major Security Concerns
Oct 16, 2009
I'm starting to test out VPS panels and found vePortal 2. I purchased it and installed it. Now I'm checking some security, as we all know about the terrible result of HyperVM as everyone blindly used it because it was "pretty" but it was not secure.
Some serious concerns I'd like to share with vePortal 2.
1) It makes no backups of any of the files it modifies during install, or so I haven't seen any, like httpd.conf.... more of a pain than anything. There is no way to auto uninstall it either..
2) vePortal gives full root access to the Apache user, letting apache run any root commands!
They add this to your /etc/sudoers
apache ALL=(root) NOPASSWD:ALL
[root@nd11108 myadmin]# su -s /bin/sh apache -c "whoami"
apache
[root@nd11108 myadmin]# su -s /bin/sh apache -c "sudo whoami"
root
This is a root exploit waiting to happen. I asked them about this and got the response.
Quote:
It would be a security breach if a) apache was allowed SSHD Access, or b) the server was running scripts that havn't been marked secure, We have a very comprehensive team of beta testers including one of the largest providers around, They and their staff have not been able to break the security or integrity of the panel as of yet.
All panels in one way or another have root control over the system, for example they wouldnt be able to have a SSH Console without it, as only specified commands would work, we do have a list of the commands required by vePortal if you wish to limit it, but the console and the Shell Commander functions would stop working.
Regards,
Gavin H.
Chief Information Officer
That's funny I have been using the panel a few minutes and already found they've ignored the biggest security hole possible..
3) In 5 minutes I've found multiple XSS vulnerabilities in the admin area... Like search customers, I was able to generate JavaScript alerts in multiple fields....
4) It stores the MySQL root password in clear text in a .php file... yeah that's real secure. Why does it even operate under the MySQL root user, its using a single database....
5) I forgot to add, it doesn't recognize ANY OpenVZ Vps's you've created manually. It has no idea they exist and you cannot view them at all.
I'm sure I could dig deeper into the source code and find more but it's not worth it. Judging by what I found without actually trying to spend time on security I completely removed the product.
The panel does look nice but it sure gets a mark of insecure for me, I would advise others seriously look into the security of this new panel if you're considering using it.
View 14 Replies
ADVERTISEMENT
Sep 14, 2007
I am concerned about securing a windows server without the use of a hardware firewall.
I have an idea as follows:
1) have a dedicated server running linux
2) run VMware Server edition on this linux box to host the windows 2003 server.
3) use iptables etc to secure the outer linux layer (only allowing required ports through to the windows box etc)
What does everyone think - is this a potential runner? am I overdoing things?
View 2 Replies
View Related
Jul 29, 2008
Unlike earlier versions of Microsoft Windows Server, the 2008 version gives you a default logon screen that is very similar to Vista. Instead of the the interactive dialog box that prompts you for a username, password, and sometimes domain, users will find a “push button” screen displaying all users with login permissions. To log into an account all the users will now need to know is the password. This makes things much easier for hackers as the only thing they will now need to guess is the password.
There are a couple of ways to resolve this problem. First, the server administrator can set the local security policy to not display the last username and disable fast user switching. Second, in the System Remote Settings dialog, the remote desktop options can be set to allow computers with Remote Desktop that support Network Level Authentication.
Since the first method is covered in a few blogs, I’ll limit myself to discussing the second method. In the latest versions of Remote Desktop Connection client (version 2.0 for Mac and the version shipped with Windows Vista), Network Level Authentication is supported. This means users must send the username and password before Windows 2008 accepts the connection. Earlier versions of RDC (like the one found in many installations of Windows XP) don’t support NLA. So technically, users will only need to supply the IP or domain name of the remote Windows server, leave the username and password blank, and interact with the logon process that is provided at connection time. Windows 2008 servers that do not have the NLA option set for remote desktop connections are vulnerable since the interactive logon screen (post-connection) is displayed to users using earlier versions of RDC.
This last point may be of significance to service providers offering Windows 2008 dedicated servers. If the server is set up with default settings, the NLA option is disabled and new users will by default be made to change passwords on first logon. Users using new versions of RDC will not be able to logon because the initial password change sequence on first logon is not compatible with NLA. The server will return an incorrect password message to the RDC client even though the user has provided the correct username and password. The only way to establish first connection is thus to use a non-NLA supporting version of RDC so that the user can establish connections without supplying credentials and then going through the password change wizard during the initial login. But as mentioned, having NLA disabled on server side is not an ideal practice at this point.
So there are a couple ways to do this. The service provider should disable the “change password on next logon” option during the user creation process and get user to manually change the password after logon. Or alternatively, assist the client/user in changing passwords through the console internally.
View 0 Replies
View Related
May 16, 2007
I have just discovered a massive security in the CPANEL 10.9 software. This problem is in the BACKUP FEATURE. If you do remote ftp back onto the same account. It will put the file in the account home directory and it will have this type of stuff accountname:ROOTPASSWORD@serverhostname.com
View 14 Replies
View Related
Mar 23, 2008
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
View 12 Replies
View Related
Jul 6, 2009
Anyone successfully install vePortal yet?
View 5 Replies
View Related
Sep 23, 2009
Check it out:
[url]
I have nothing to do with it. Just passing it along.
What is veportal?
vePortal is a VPS Commanding total system control Web-Based system that utilizes PHP Hyper-Threading resulting in major acceleration over competing products, As long as your server can meet the recommended system requirements our control panel and your users will never wait for a page to load for longer than the average website.
View 3 Replies
View Related
Oct 28, 2009
Is there a way to easily install lxadmin/kloxo in veportal?
View 14 Replies
View Related
Oct 5, 2009
Any one facing any issue when Running CPanel on the VPS.
I always seem to be getting these errors only for Cpanel VPS only.
kernel: TCP: time wait bucket table overflow
kernel: TCP: too many of orphaned sockets (90 in CT****)
Even Cpanel Install by SSH or VePortal gives the same error.
View 12 Replies
View Related
Jan 7, 2009
I have some concerns with hosting an external URL. I have these two websites www.benchmarkportal.com and www.bmponlinestore.com and my question is, is it possible for www.bmponlinestore.com to launch if ever I click on www.benchmarkportal.com/store/ url with the url name unchanged meaning it wont change to www.bmponlinestore.com?
scenario:
step : when I click on www.benchmarkportal.com/store/
result: the contents of www.bmponlinestore.com shows up but without changing the url name(the url will still be www.benchmarkportal.com/store/)
View 9 Replies
View Related
May 8, 2007
I have been involved in the development of a complex PHP web applications that does very large amounts of processing, includes several files with thousands lines of code, does multiple and complex db queries etc. So far it has been running only on non-public development servers and has been surprisingly fast given what it does.
But I am concerned about what might happen when it is time for it to start running on a website with many users.
Is there a way to estimate in advance how serious that problem may be?
View 3 Replies
View Related
Jul 26, 2008
so let's get this all hashed out... it'll be interesting to see how people handle various situations.
Before responding, let's keep this thread signature free.
I recently came across an issue where a customer wanted to bring their own Microsoft products/licenses to the table. Got a few questions for the other providers out there... this really needs to be hashed out.
Microsoft is very strict when it comes to enforcing their license policies, we all know this much.
So... when a customer wants to install their own software, what do people do to help ensure that whatever agreement you have with your upstream provider or Microsoft isn't in voliation by allowing someone to bring their own licenses?
What steps do you take to ensure validity of said licenses?
How do you define, much less enforce, these guidelines?
What role, if any, should a provider play in doing their part to help stem illicit license abuse?
View 3 Replies
View Related
Nov 7, 2008
I am hosting IPTV ( internet TV ) which might have copyright issue.
how to host website without copyright concerns ( might be in china or russian )
View 2 Replies
View Related
Mar 1, 2007
I have just finished testing with my HP DL380 G3 server and I have been looking at different companies / facilities to ship it off to for co-location.
How do you ease your own concerns of hardware failures on the server (aside from HDD which are easy to replace) when it is so far away.
I control a datacenter / networking environment for my company, so I have immediate access to any of our gear that breaks, but I will not be co-locating within our facility for obvious reason.
Are most people using left over Dell / Compaq / HP stuff or custom builds? I went with HP because of the built-in iLO capability to lessen the need for so much remote hands in the event of a reboot etc.
I guess the biggest thing that is worrying me right now is a catstrophic hardware failure such as motherboard / cpu. All others can be quickly fixed (HDD, RAM, etc), but with a motherboard / cpu failure, the extended downtime can be long while spare are ordered / shipped.
View 6 Replies
View Related
May 14, 2007
I have been having a very hard time tracking down the source/cause of this surge in email. My server has been sending out thousands of spam emails under the nobody account. So far I have done the following:
Created a spam_log to monitor php/cgi mail scripts
Secured firewall and setup monitoring & automatic ip ban of dictionary attacks in exim
Secured the /tmp folder
Updated server to latest STABLE version of cpanel
Scanned server with rootcheck kit
Here is a sample email that is getting bounced back. I have nearly 60,000 bounced emails in the queue with similar messages.
Quote:
Headers spool file 1Hndfh-0001A4-0G-H
mailnull 47 12
<>
1179161117 0
-ident mailnull
-received_protocol local
-body_linecount 72
-allow_unqualified_recipient
-allow_unqualified_sender
-localerror
XX
1
nobody@whm.mav-hosting.com
156P Received: from mailnull by whm.mav-hosting.com with local (Exim 4.63)
id 1Hndfh-0001A4-0G
for nobody@whm.mav-hosting.com; Mon, 14 May 2007 11:45:17 -0500
039 X-Failed-Recipients: beyp@ttnet.net.tr
029 Auto-Submitted: auto-replied
063F From: Mail Delivery System <Mailer-Daemon@whm.mav-hosting.com>
031T To: nobody@whm.mav-hosting.com
059 Subject: Mail delivery failed: returning message to sender
052I Message-Id: <E1Hndfh-0001A4-0G@whm.mav-hosting.com>
038 Date: Mon, 14 May 2007 11:45:17 -0500
Data spool file 1Hndfh-0001A4-0G-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
beyp@ttnet.net.tr
SMTP error from remote mail server after RCPT TO:<beyp@ttnet.net.tr>:
host ttfarm.ttnet.net.tr [212.175.13.134]: 550 Invalid recipient:
<beyp@ttnet.net.tr>
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@whm.mav-hosting.com>
Received: from nobody by whm.mav-hosting.com with local (Exim 4.63)
(envelope-from <nobody@whm.mav-hosting.com>)
id 1HnaLG-0007Jz-CX
for beyp@ttnet.net.tr; Mon, 14 May 2007 08:11:58 -0500
To: beyp@ttnet.net.tr
Subject: Interaktif Bankacilik Hesabiniz
From: Ak Bank <acc@akbank.com.tr>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1HnaLG-0007Jz-CX@whm.mav-hosting.com>
Sender: Nobody <nobody@whm.mav-hosting.com>
Date: Mon, 14 May 2007 08:11:58 -0500
**CONTENT OF SPAM MESSAGE REMOVED**
I removed the content of spam so it's not posted on the forum
View 6 Replies
View Related
Jan 7, 2008
Paypal started sending me notices that it was unable to connect to my IPN (I'm using modernbill v4) yet I used it without a problem for 3 years.
The sent this message in response to my support inquiry:
I have had the IPN logs checked and show that, on recent transactions, your Web server returned an HTTP 200 OK on some of the transactions. Transactions were pulled from:
Date: Fri, 04 Jan 2008 15:00:09 GMT and Date: Thu, 03 Jan 2008 22:20:48 GMT
The reason that you are receiving the E-mail in question is due to your server not responding with an HTTP 200 OK rsponse. When this happens, the PayPal system attempts to resend the IPN POST for up to four days at which time the E-mail in question is generated to inform the merchant of issues with the IPN script.
This issue is not a PayPal issue, but is rather caused by your server's response to IPN POSTs sent to the IPN Script.
Can someone please help me trace this problem?
This is what my server is using:
Modernbill v4.4 stable
Centos 4.6
CSF Firewall
Cpanel 11
Apache 2.2 / PHP 5.2.5
View 8 Replies
View Related
Aug 5, 2008
Can anyone recommend a well-established VPS provider with facilities at a major EU connection point, preferably TheNetherlands? I need a small account for secondary DNS and MX, plus some caching experimentation. Might turn into an unmetered dedicated mega-server at the same location if things go as planned, so if you only have experience with dedi or colo at a certain host, feel free to chime in.
I'm already a colo-host and a cPanel distributor myself, so I don't need management or a control panel, just a minimal-install CentOS 5 VPS. (I'll be installing cPanel DNSonly) Here's the kicker though, like most USians, I only speak English (and some would say badly), so the host has to speak at least enough to get the account set up. (preferably has a site in English). The real deal-breaker is that they MUST have their own merchant account and accept credit cards for recurring billing. I will not use Paypal, Moneybookers, or any other 3rd-party processor that requires a registration or manual payments. That almost always indicates an amateur operation in someone's basement. Looking for something along the lines of ThePlanet, but in Amsterdam. (AmsterNet? PlanetDam? )
View 8 Replies
View Related
Oct 14, 2007
I'm having a serious problem with Apache 2.0.54. I'm running Debian Sarge (3.1) and I cannot upgrade Apache (easily) so I am stuck using 2.0.54 (2.2+ are not supported on Sarge). I have been trying everything with config changes and different tweaks but Apache is giving me lots of trouble. Whenever I run "apache2ctl restart" Apache will crash and will not start. But when I run "apache2ctl start" Apache will run and in the log, it simply puts "[warn] pid file /var/run/apache2.pid overwritten -- Unclean shutdown of previous Apache run?". I get nothing else before or after I run those commands. Running "apache2ctl graceful" starts messing with it giving me "apache2 <defunct>" errors and "apache2ctl configtest" gives me nothing except "Syntax OK."
Here is my "apache2.conf" file:
Code:
# Based upon the NCSA server configuration files originally by Rob McCool.
# Changed extensively for the Debian package by Daniel Stone <daniel@sfarc.net>
# and also by Thom May <thom@debian.org>.
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
ServerRoot "/etc/apache2"
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
LockFile /var/lock/apache2/accept.lock
# PidFile: The file in which the server should record its process
# identification number when it starts.
PidFile /var/run/apache2.pid
# Timeout: The number of seconds before receives and sends time out.
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
KeepAliveTimeout 15
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers ......... number of server processes to start
# MinSpareServers ...... minimum number of server processes which are kept spare
# MaxSpareServers ...... maximum number of server processes which are kept spare
# MaxClients ........... maximum number of server processes allowed to start
# MaxRequestsPerChild .. maximum number of requests a server process serves
<IfModule prefork.c>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
# pthread MPM
# StartServers ......... initial number of server processes to start
# MaxClients ........... maximum number of server processes allowed to start
# MinSpareThreads ...... minimum number of worker threads which are kept spare
# MaxSpareThreads ...... maximum number of worker threads which are kept spare
# ThreadsPerChild ...... constant number of worker threads in each server process
# MaxRequestsPerChild .. maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
# perchild MPM
# NumServers ........... constant number of server processes
# StartThreads ......... initial number of worker threads in each server process
# MinSpareThreads ...... minimum number of worker threads which are kept spare
# MaxSpareThreads ...... maximum number of worker threads which are kept spare
# MaxThreadsPerChild ... maximum number of worker threads in each server process
# MaxRequestsPerChild .. maximum number of connections per server process (then it dies)
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
AcceptMutex fcntl
</IfModule>
User www-data
Group www-data
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Global error log.
ErrorLog /var/log/apache2/error.log
# Include module configuration:
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
# Include all the user configurations:
Include /etc/apache2/httpd.conf
# Include ports listing
Include /etc/apache2/ports.conf
# Include generic snippets of statements
Include /etc/apache2/conf.d/[^.#]*
#Let's have some Icons, shall we?
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# Set up the default error docs.
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can Internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line;
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/local/apache2/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
Alias /error/ "/usr/share/apache2/error/"
<Directory "/usr/share/apache2/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml
# UserDir is now a module
#UserDir public_html
#UserDir disabled root
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options Indexes SymLinksIfOwnerMatch IncludesNoExec
#</Directory>
AccessFileName .htaccess
<Files ~ "^.ht">
Order allow,deny
Deny from all
</Files>
UseCanonicalName On
TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
IndexOptions FancyIndexing VersionSort
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
# This really should be .jpg.
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# This is from Matty J's patch. Anyone want to make the icons?
#AddIcon /icons/dirsymlink.jpg ^^SYMDIR^^
#AddIcon /icons/symlink.jpg ^^SYMLINK^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* RCS CVS *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .et
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage it .it
AddLanguage ja .ja
AddLanguage pl .po
AddLanguage ko .ko
AddLanguage pt .pt
AddLanguage no .no
AddLanguage pt-br .pt-br
AddLanguage ltz .ltz
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage tw .tw
AddLanguage zh-tw .tw
LanguagePriority en da nl et fr de el it ja ko no pl pt pt-br ltz ca es sv tw
#AddDefaultCharset ISO-8859-1
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps
AddType application/x-tar .tgz
# To use CGI scripts outside /cgi-bin/:
#
#AddHandler cgi-script .cgi
# To use server-parsed HTML files
#
<FilesMatch ".shtml(..+)?$">
SetOutputFilter INCLUDES
</FilesMatch>
# If you wish to use server-parsed imagemap files, use
#
#AddHandler imap-file map
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4.0" force-response-1.0
BrowserMatch "Java/1.0" force-response-1.0
BrowserMatch "JDK/1.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
#<Location /server-info>
# SetHandler server-info
# Order deny,allow
# Deny from all
# Allow from .your_domain.com
#</Location>
# Enables SSI
Options +Includes
LoadModule layout_module /usr/lib/apache2/modules/liblayout.so
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^/.* http://%{REMOTE_ADDR}/ [L,E=nolog:1]
</IfModule>
# Include the virtual host configurations:
Include /etc/apache2/sites-available/[^.#]*
And here's my "httpd.conf" file:
Code:
# This is here for backwards compatability reasons and to support
# installing 3rd party modules directly via apxs2, rather than
# through the /etc/apache2/mods-{available,enabled} mechanism.
#
#LoadModule mod_placeholder /usr/lib/apache2/modules/mod_placeholder.so
<VirtualHost 66.150.225.201:80>
#
#User vu2004
#Group vu2004
#
#
#SuexecUserGroup vu2004 vu2004
#
ServerAdmin todd@datacomponents.net
DocumentRoot /var/www
ServerName xetaspace.net
ServerAlias www.xetaspace.net xetaspace.net
ErrorLog /var/log/apache2/users/xetaspace.net-error.log
TransferLog /var/log/apache2/users/xetaspace.net-access.log
# httpd dmn entry cgi support BEGIN.
# httpd dmn entry cgi support END.
# httpd dmn entry PHP2 support BEGIN.
php_admin_value open_basedir "/var/www/:/usr/share/php/:/tmp/"
# httpd dmn entry PHP2 support END.
<Directory /var/www>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I am on the end of my rope with Apache and feel like just formatting the server and reinstalling Apache. Which reminds me, I did try using apt-get to remove and install Apache again but nothing worked.
View 6 Replies
View Related
Mar 30, 2008
Here I am thinking about sites that are in top 10K according to Alexa. If yes please list few of them here...
View 10 Replies
View Related
Mar 8, 2009
Anyone else notice the huge outage at Surpass? My sites went down as I was editing one, and checking the server status returns a very, very long list of downed servers. Since the Surmunity Forums appear to be down as well, I was wondering if anyone here had found out what was up via other means, and whether or not there is any estimate on when it might come back up.
View 6 Replies
View Related
Oct 2, 2007
I have an issue here. httpd is slagging big time and my max clients is 300.
I see this when running netstat
Code:
root@server5 [~]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 websitesforafrica.com:http 190.42.243.192:1916 SYN_RECV
tcp 0 0 websitesforafrica.com:http 200.121.167.193:11641 SYN_RECV
tcp 0 0 websitesforafrica.com:http client-201.230.113.17:14327 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.42.84.253:3244 SYN_RECV
tcp 0 0 websitesforafrica.com:http 201.230.98.64:15059 SYN_RECV
tcp 0 0 websitesforafrica.com:http 166.114.122.41:62881 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.42.151.252:17097 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.41.24.108:3421 SYN_RECV
tcp 0 0 websitesforafrica.com:http 190.43.1.42:1392 SYN_RECV
tcp 0 0 websitesforafrica.com:http 201.230.79.5:60836 SYN_RECV
tcp 0 0 websitesforafrica.com:http client-200.121.153.56:27208 SYN_RECV
Code:
root@server5 [~]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
48 190.42.66.138
39 190.154.6.203
28 190.40.51.130
23 200.121.81.76
14 207.67.35.142
13 201.230.224.200
13
11 201.240.178.114
11 190.77.9.81
10 201.230.113.175
10 200.58.160.148
10 190.41.5.161
9 201.230.254.69
9 201.230.135.146
9 190.43.187.139
8 200.60.248.119
7 72.14.195.205
7 190.42.48.224
6 200.121.7.31
6 200.121.223.55
6 200.121.141.48
6 200.121.141.186
6 200.106.37.206
6 190.42.51.165
6 190.41.64.13
5 201.250.55.166
5 201.240.42.233
5 201.240.3.61
5 201.240.113.73
5 201.240.0.94
5 201.208.123.190
5 200.87.203.94
5 200.121.171.61
5 200.121.136.238
5 200.106.47.236
5 190.42.71.207
5 190.42.221.73
5 190.42.194.20
5 190.42.152.250
5 190.41.32.40
4 201.240.48.131
4 201.240.205.141
4 201.240.196.217
4 201.240.124.201
4 201.240.124.131
4 201.230.233.68
4 201.230.195.165
4 201.230.129.58
4 201.222.87.163
How do I find out the cause of this? I have no idea who websitesforafrica.com is anyway
root@server5 [~]# ps aux | grep -c httpd
502
View 12 Replies
View Related
Jun 20, 2008
I was a webhost from a while ago leasing dedicated servers and eventually went to work for the datacenter where I had my colo. For a while now I've working with a neat group of 5-6 other folks programming a new uptime monitor/geo-dispersed server load testing system/software. We were looking for possible partners to keep hosting costs down during the alpha stage of the project but while we were drawing up the papers, we saw just too much opportunity for a conflict of interest to arise and realized we couldn't realistically associate ourselves with any single company to that degree. So after a little work and fundraising, we're finally in a position to either lease some servers or colo.
Since I've been out of the loop for a while, I just want to know who the major/reliable players are when it comes to leasing or colo machines in multiple areas (ideally East, Middle, West, Canada and Europe/Asia? We would prefer to be with one company for ease of billing and have our network of monitoring stations spread out geographically. But we don't want all of our eggs in one basket so if a provider goes belly-up or decides to hike our rates 30-40% with little notice, we won't have too much to worry about.
We're watching what we spend during the alpha stage very closely, but I've been insisting we can strike the right balance between cost and reliability (connectivity).
View 7 Replies
View Related
Sep 18, 2008
I host a handful of domains, using a whm/cpanel setup. It came time for me to move to a new server, and here's the process I took:
1. I created accounts for all domains on the new server.
2. Created all relevant mail accounts for each domain on the new server
3. Restored all of the files for each sub account on the new server
4. Updated the DNS for each sub account to point to the new server
I didn't, however, move my main domain to the new server yet. On top of that, I use Google to manage the mail for my main domain.
Now when I try to send email to one of the accounts for any sub domains (that is on the new server), the email bounces back as undeliverable.
View 11 Replies
View Related
Jun 8, 2008
I have fairly a large web site that has a forum and a torrent tracker.
Currently MySQL server is handling about 150 queries an avarage per second.
Here is the server spec:
Core2Duo 2.66Ghz
4Gb RAM
320GB SATA 7200RPM (Server provider does not have 1.5K RPM nor 1.0k RPM)
100Mbit Connection (servers on the same switch and the switch does not have 1Gbit port)
MySQL Version: 5.0.51a
I had Master-Master Replication setup with forum running on one and the tracker running on the other.
Although this has been working for about few days, we started seeing lags in the replication process.
After a week, there is a major lag and the changes made on one of the servers takes about 5 hours to appear on the another.
So, this doesn't work.
What would be the other ways of splitting MySQL queries concerning the same database?
While I was researching, I read about MySQL Cluster with database storage engine being NDB.
But, let's say that there is a power failure on both the nodes at the same time, then I would lose the whole database as the database is stored on the memory correct?
I would not like to take that chance either, but if this is faster then replication method then maybe I will concider.
I thought about editing the forum coding to make all queries that concerns the tracker to go in to, say server B (with forum's primary MySQL server being Server A), and make the tracker use server B as MySQL backend, but it seemed like a heavy work so that will be the last choice.
View 6 Replies
View Related
Jun 11, 2007
1U colo, 1 mbps, 1 amp power in major China cities
Must have premium, mulit-homed bandwidth, with great connectivity to the US
Must have local cable TV cross-connect via coax, s-video, etc.
Prefer remote reboot
Some or all of the following:
Shanghai, Beijing, Chongqing, Tianjin, Wuhan, Harbin, Shengyang , Guangzhou
OK to have colo and cctv cross-connect in one or more cities - you dont have to do them all.
We do NOT need colo without the cctv availability.
Will need a /30 address space.
1 year minimum contract
View 2 Replies
View Related
Jan 30, 2007
It seems that all of the emails sent from clientexec to the major carriers (gmail, yahoo, msn etc.,) are being either blocked completely or marked as spam (msn).
When I send an email from outlook from the same domain client exec is on the email goes through fine.
I have added an SPF Record and my domain is not "blacklisted" for spam anywhere.
View 1 Replies
View Related
Mar 8, 2008
I recently switched over to SoftLayer for dedicated hosting and the servers are great. However we've been getting hit on and off with massive (50-80%) packet loss, which has been crippling our performance and causing all sorts of problems
I put in a support ticket and they linked me to the Internet Health Report website and said it was due to one of their bandwidth providers (I think Global CrossinG) and not on their internal network and to be patient as it could take time to resolve
Are any other SoftLayer customers going through this? Is this an unusual occurrence? I feel like if it was really one of their partners that it would be affecting a lot of their customers and it would be a high priority issue right?
I'm kind of stuck on what to do; I just invested a lot of energy into moving content onto these new servers and am concerned about whether to wait it out or whether to start finding a new company. This kind of packet loss is really unacceptable...
View 14 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Sep 27, 2009
What seemed to be a good company quickly turned to nightmares. I purchased a couple domains. All went well. Then paypal emailed me saying they are high risk and wanted me to confirm I made the payment and service was given. So until I did the payment was held. They blame the held on me and threatened me to release it or they will cancel my account.
So they finally gave them the money and all was well. Well I did a stupid thing and decided to get a VPS from them, they have good deals so I thought, whats the worse that can happen. Well shortly after, I get a email saying because your payments are unreliable, we are waiting a week to setup your vps which is complete udder crap.
So I just said screw it and said give me a refund then and about 2 hours ago I try logging into my client center and my account is gone.
I am hoping one of them see this so we can get this worked out. In the mean time I opened disputes on all of the payments.
I will keep you all updated.
View 14 Replies
View Related
Jul 16, 2009
I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
View 13 Replies
View Related
Feb 9, 2007
Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now
View 2 Replies
View Related