What Would Prevent A File Being FTPed Immeidately And Showing Up On Website
Jan 29, 2007
I am trying to ftp some changes to my site. The strange thing is that while the FTP client (Filezilla) is accepting the new file, it will not show up on the new site. I've tried caching, refreshing browers, and rebooting but nada.
I then went back into my FTP client and checked the timestamp of the file being uploaded. For whatever reason, it will not show the most recent time of the file being uploaded, much less accept the most recent upload.
I recently configured a Centos 6.5 server with Java JDK1.8 and the bundled Tomcat server X64 application. I confirmed the web server port is not already in use and also installed the Tomcat APR libraires. The application starts fine and all the logs show no severe errors however when I navigate to te URL I see a blank page. All the configuration files are in tthe correct place and whether I use just :8080 or /licenseserver the page is still blank. If I run the element inspector in the browser it shows 404 file not found.
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
I have installed an SSL certificate on my website since last saturday the 1st of May, and forced redirection to https URLs via .htaccess.
Since then, I cannot see any statistics in AWStats. All values stops after the implementation of the certificate. How can I continue to have statistics for my secured web site ?
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server.
There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
I have a 2,3 and 5GB files that I need to download but everytime they appear as 1.4GB for some reason. I've tried IE, Mozilla and opera and the same result each time.
Is there some sort of limit to the size of a file that apache will serve?
When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download.
For example I uploaded a video with .vob extension file.vob --> does not show filesize when downloading
If I rename the same file to different extension: file.avi --> works fine shows filesize when downloading file.mp3 --> works fine shows filesize when downloading file.rar --> works fine shows filesize when downloading file.mp4 --> does not show filesize when downloading file.wmv --> does not show filesize when downloading
These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.
It would be private, accessed by about 40-200 students from my faculty. We would share scanned documents and Powerpoint slides that we receive from professors, as well as the latest news such as changes of lecture times etc.
Optimal would be something like Google Groups, but with larger storage (5 GB min). I am therefore considering running ubuntu LAMP on a basic Linode.
what software can i run that provides my group with a Google-groups-like web interface? RSS capability is a plus, so is an easy setup.
I have created a Cpanel full backup of my website. The file is 2.65GB in size, but when I log in with my FTP client, I get a LISTERROR - [filename] and the filename doesn't appear in the directory window.
Can I still use a custom command to download this file?
I have no intention of trying to make some video/file sharing website.
Some people might recognize me as being somewhat cynical in my replies to the people who post these sorts of messages.
What I'm curious about is, after having occasionally told people "You'll make significantly more money throwing the money you intend to waste on this project into a traditional investment..." I still see new people every week asking for the same help.
Now, I understand very few people are going to give up their dream and just throw in the towel because some random guy says their dream is stupid, they are stupid, and may god have mercy on their soul...
But, I don't (always) necessarily try to dissuade people from starting this sort of project simply to be a prick.
What I'd like to find out is if there are any people out there who've created a successful video/file sharing website who'd like to help others out...
Like, what advice they would have for people who want to get into starting a similar site.
How much bandwidth does your site use?
What's the URL?
How are you making money from the site?
How long did it take for your site to make a profit? etc etc...
Alternatively, if you've tried to start a video/file sharing website and given up on those plans...
We had written a free file sharing website like rapidshare,2shared,4shared n .... .
We let people add as many file as they want to upload. People also search and browse among files.
Do we need a dedicated server or a dedicated VPS ?
How much should the configuration be? i mean How much Ram?
We need to add extra hard disks in the close future.
Maybe sometime we need to add clustering and ... .
Please tell me in detail about the initial configuration needed to run this website so we ll be sure that the site will never be down or lacks of hard disk and ram or CPU.
and tell me your experience in best dedicated services with online support which will be good friends.
If I type google.com in my address bar, it forwards me to www.google.com. This is not happening for my website right now. I think its a good idea to do this, since then search engines will have only 1 main URL for the website to index.
My question is:
How do I implement this? I think this may involve mucking with CNAME settings...
Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?
Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.
Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?
We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.
I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?
How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....
