PHP (Hypertest Preprocessor) is a server-side HTML embedded scripting language that is very popular for web development. When PHP is running on a web server, each and every request to the web server will return the following line of header with PHP version information to the browser.
X-Powered-By: PHP/[version]The X-Powered-By header info is controlled by expose_php core php.ini directive. expose_php determines whether web server will report that PHP is being used to process the request, and what version of PHP is installed to every request. expose_php is enabled by default, so the information is sent on each HTTP and HTTPS request.
While PHP is generally reliable and secure, older and outdated versions of PHP may contain security holes and bugs. Although there is no problem leaving PHP version info exposed, and enable expose_php is not classified as security risk, but malicious hackers looking for potentially vulnerable targets can use PHP version installed on a web server to identify a weakness. By turning off expose_php, the existence and version of PHP is hidden, and help lower threat to attacks that rely on simple reconnaissance techniques to scan for vulnerable targets. Although websites not using SEO-optimized URL structures may still potentially been seen by human as running PHP from link location (e.g. index.php?variable=value), but bots and automated scripts from novice attackers may be fooled.
So it’s recommended disable and turn expose_php off. Webmasters can disable expose_php in the php.ini file, usually located in /etc, /usr/lib, /usr/local/lib or /usr/local/lib/php/:
; Disable expose_php for security reasons
expose_php = Off
Tip: Setting expose_php to Off in php.ini does not prevent or stop php_info() function from executing.
Read more...
Showing posts with label webhosting. Show all posts
Showing posts with label webhosting. Show all posts
Monday, July 27, 2009
Solutions for Web Designers & Developers
Your customers come to you for your expertise in web development. Who you and your customers use to host their site is a decision not to be taken lightly, because ultimately the provider's infrastructure, SLAs and experts will impact the performance of your application. Network downtime, availability issues, lax security and poor customer support can simply render a website ineffective, no matter how solid the coding.
So even if finding the right hosting partner isn't technically considered web development, it still is an integral factor in the success of your application. The solution is simple, by combining your development expertise with Rackspace's hosting expertise, you'll be able to deliver the perfect product to your customers.
No matter how much time and thought you've invested in your application's development, it's only as good as the infrastructure, services and people that surround and support it. From the ground up, Rackspace was built to deliver the 100% network uptime, high availability, scalability, security, expertise and working partnership that relieves you and your customers of the endless concerns, strains and issues that could easily undermine the functionality of your customers' sites.
The partnership between you and Rackspace begins with our promise of Fanatical Support®. A team of experts is dedicated to you and your needs. They're not just available to you—they are accountable to you, knowing the intricacies of your configuration and the specifics of your company and its goals. Like you, they are dedicated to the perfection of your web applications, working to ensure that the infrastructure that you're dependent upon never fails you.
Beyond your dedicated Rackspace Support Team, Fanatical Support filters through all of Rackspace's people, processes and technologies, letting you work single-mindedly on creating the optimal applications for your customers. We handle the responsibilities of deploying, monitoring, optimizing and managing the servers, devices and network continuously, scaling on-demand as the sites that you invested so much time and effort into flourish and evolve.
Read more...
So even if finding the right hosting partner isn't technically considered web development, it still is an integral factor in the success of your application. The solution is simple, by combining your development expertise with Rackspace's hosting expertise, you'll be able to deliver the perfect product to your customers.
No matter how much time and thought you've invested in your application's development, it's only as good as the infrastructure, services and people that surround and support it. From the ground up, Rackspace was built to deliver the 100% network uptime, high availability, scalability, security, expertise and working partnership that relieves you and your customers of the endless concerns, strains and issues that could easily undermine the functionality of your customers' sites.
The partnership between you and Rackspace begins with our promise of Fanatical Support®. A team of experts is dedicated to you and your needs. They're not just available to you—they are accountable to you, knowing the intricacies of your configuration and the specifics of your company and its goals. Like you, they are dedicated to the perfection of your web applications, working to ensure that the infrastructure that you're dependent upon never fails you.
Beyond your dedicated Rackspace Support Team, Fanatical Support filters through all of Rackspace's people, processes and technologies, letting you work single-mindedly on creating the optimal applications for your customers. We handle the responsibilities of deploying, monitoring, optimizing and managing the servers, devices and network continuously, scaling on-demand as the sites that you invested so much time and effort into flourish and evolve.
Read more...
Friday, July 17, 2009
Download Free Blogging Software Zoundry Raven
Most of the internet user knows about WYSIWYG, which mean for “What You See Is What You Get”. The feature of WYSIWYG is very important especially when designing web site, writing blog, online drawing and etc. Zoundry Raven is a free WYSIWYG blog editing software that allows you to post your blogs faster and easier. It offers lot of tools that able to add link, tags, photos, music, video files and etc. Beside that, it is one of the great blogging tool that able to supports almost all the platforms and offers most of the features of Windows Live Writer.
Read more...
The Key Features of Zoundry Raven as below:
Currently, it is available for download
- True WYSIWYG writing and XHTML source editing.
- Drag and drop images, video, and text from the Web.
- Preview posts in your blog’s template.
- Improved content management.
- Built-in indexer allows you to see posts by blogs, links, tags, and images.
- View tag cloud and browse to posts containing specific tags.
- View posts independently of where they were published.
- Manage multiple media storage services.
- Set up different media services (Picasa, Image Shack, Ripway, FTP) for different blogs.
- Share single media service with multiple blogs.
- Manage multiple blogs offline.
- Publish and update the same post to multiple blogs.
- Manage multiple blogs within multiple accounts.
- Install Raven as a Portable Application on your flash/thumb drive.
- Raven will stay out of your Windows registry and let you take your blogging on the road.
- WordPress 2.2+ Page & Tag support.
- Use Raven to create and modify your WordPress Pages just like any other blog post.
- Set WordPress tags as well as import tags from all of your posts.
Currently, it is available for download
Read more...
Tuesday, July 14, 2009
This Site May Harm Your Computer On Every Sites Bug in Google Search Results
Google has been working flawlessly so far even though get hit with millions of requests per hour. But not today. Every search results in Google search engine now tagged with “This site may harm your computer”. The direct links to the URL of the sites listed in the search results are been redirected to a interstitial page labeled “Warning – visiting this web site may harm your computer!” and various links to Google and StopBadware.org.
To make matter worse, all major established sites are been labeled as possible harmful or malicious badware sites, such as Microsoft
, Yahoo, My Digital Life, and even Google itself. Even localized Google search engines in another languages such as French, German, Japanese, Chinese and etc. are affected by the major bug.
The bug appears to have happened for several hours, but not yet been fixed. It will only cause problem to webmasters though, as ads that appear with the search results appear to be working fine without problem. Only organic search results are been affected. Currently, the only workaround is to directly type in the URL into the address bar in order to access the website, or switch to Google Blog Search or Image Search or Google Mobile Search. More useful workaround is probably using Yahoo or Windows Live (MSN) Search.
Note: The bug has been fixed. Official Google blog explained that “unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.”
Read more...
To make matter worse, all major established sites are been labeled as possible harmful or malicious badware sites, such as Microsoft
, Yahoo, My Digital Life, and even Google itself. Even localized Google search engines in another languages such as French, German, Japanese, Chinese and etc. are affected by the major bug.
The bug appears to have happened for several hours, but not yet been fixed. It will only cause problem to webmasters though, as ads that appear with the search results appear to be working fine without problem. Only organic search results are been affected. Currently, the only workaround is to directly type in the URL into the address bar in order to access the website, or switch to Google Blog Search or Image Search or Google Mobile Search. More useful workaround is probably using Yahoo or Windows Live (MSN) Search.
Note: The bug has been fixed. Official Google blog explained that “unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.”
Read more...
Fix Internal Server Error When Accessing Easy Apache in cPanel WebHosting Manager
When trying to access Easy::Apache in cPanel WebHosting Manager (WHM) or EasyApache script on the server, an Internal Server Error may occur. The following error details may be displayed.
Internal Server Error
Premature end of script headers: usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.
Opening up the error_log, the following errors are recorded:
Acme::Spork version v0.0.8 required–this is only version v0.0.7 at /var/cpanel/perl/easy/Cpanel/Easy/Utils/BackGround.pm line 14.
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy/Utils/BackGround.pm line 14.
Compilation failed in require at (eval 28) line 3.
…propagated at /usr/lib/perl5/5.8.8/base.pm line 85.
at (eval 26) line 3
at /var/cpanel/perl/easy/Cpanel/Easy.pm line 15
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy.pm line 15.
Compilation failed in require at (eval 16) line 3.
…propagated at /usr/lib/perl5/5.8.8/base.pm line 85.
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy/Apache.pm line 8.
Compilation failed in require at /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl line 67.
The cPanel Easy Apache utility appears broken due to incorrect Acme::Spork perl script. In order to fix the Internet Server Error when trying to get into Easy Apache, just run or execute the following script to get all perl modules checked, and in the process fix the Acme::Spork.
./scripts/checkperlmodules
Alternatively, it’s possible to reinstall just Acme::Spork on the server, by following steps below to enter the commands accordingly.
# cpan
cpan> install Acme::Spork
A long list of output will follow……
cpan> reload cpan
cpan> quit
Once fixed, Easy Apache will start working immediately, and webmaster or system administrator can access the Easy Apache module again.
Read more...
Internal Server Error
Premature end of script headers: usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl: Please check / usr / local / cpanel / logs / error_log for the exact error.
Opening up the error_log, the following errors are recorded:
Acme::Spork version v0.0.8 required–this is only version v0.0.7 at /var/cpanel/perl/easy/Cpanel/Easy/Utils/BackGround.pm line 14.
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy/Utils/BackGround.pm line 14.
Compilation failed in require at (eval 28) line 3.
…propagated at /usr/lib/perl5/5.8.8/base.pm line 85.
at (eval 26) line 3
at /var/cpanel/perl/easy/Cpanel/Easy.pm line 15
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy.pm line 15.
Compilation failed in require at (eval 16) line 3.
…propagated at /usr/lib/perl5/5.8.8/base.pm line 85.
BEGIN failed–compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy/Apache.pm line 8.
Compilation failed in require at /usr/local/cpanel/whostmgr/docroot/cgi/easyapache.pl line 67.
The cPanel Easy Apache utility appears broken due to incorrect Acme::Spork perl script. In order to fix the Internet Server Error when trying to get into Easy Apache, just run or execute the following script to get all perl modules checked, and in the process fix the Acme::Spork.
./scripts/checkperlmodules
Alternatively, it’s possible to reinstall just Acme::Spork on the server, by following steps below to enter the commands accordingly.
# cpan
cpan> install Acme::Spork
A long list of output will follow……
cpan> reload cpan
cpan> quit
Once fixed, Easy Apache will start working immediately, and webmaster or system administrator can access the Easy Apache module again.
Read more...
Account Locks Out Due to Brute Force Protection in cPanel WebHost Manager (WHM)
Occasionally, when user or website administrator attempts to login to cPanel’s WebHost Manager (WHM), or remote or local log in via Telnet or SSH to Linux console to the web server, the login is denied and not allowed. The following error message may appear.
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
The brute force protection on cPanel-powerd web host is provided by cPHulk, which prevents malicious forces from trying to access the server’s services by guessing the login password for that service. When an account on the system has experienced too many failed login attempts, the particular account will automatically been “protected” by forbidding further login attempts, including all-important root account. cPHulk Brute Force Protection will also block out an IP address which has been detected to send too many unauthorized logon attempts.
As a result, server’s owner are potentially been locked out of the server if the cPHulkd is enabled, even the wild-guessing brute force hacking is done by hackers in another corner of the world.
When WHM locks out an user account, especially “root”, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persists, webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via following steps:
1. Type mysql at console to access MySQL client.
2. At MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:
mysql> use cphulkd;
Expected result: Database changed.
mysql> BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;
mysql> BACKUP TABLE `logins` TO ‘/path/to/backup/directory’;
Above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.
mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;
Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you’re familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP address that you want to remove only.
mysql> quit;
Exit MySQL client.
If you can’t login to the server due to brute force protection, you probably have to contact web hosting service provider support to physically access the server to remove the Brute Force Protection. To avoid future blockage or lock out, it’s recommended to add own IP address as Trusted Hosts List whitelist in cPHulk Brute Force Protection. To do so, go to WHM -> Security -> Security Center -> cPHulk Brute Force Protection. Inside “Configure cPHulk”, click Trusted Hosts List link.
Read more...
This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic.
The brute force protection on cPanel-powerd web host is provided by cPHulk, which prevents malicious forces from trying to access the server’s services by guessing the login password for that service. When an account on the system has experienced too many failed login attempts, the particular account will automatically been “protected” by forbidding further login attempts, including all-important root account. cPHulk Brute Force Protection will also block out an IP address which has been detected to send too many unauthorized logon attempts.
As a result, server’s owner are potentially been locked out of the server if the cPHulkd is enabled, even the wild-guessing brute force hacking is done by hackers in another corner of the world.
When WHM locks out an user account, especially “root”, the best way is to wait for 10 minutes to see if the account will be unlocked. If the locks persists, webmaster and administrator who still can remote login via SSH to the server as root can manually remove the lockouts via following steps:
1. Type mysql at console to access MySQL client.
2. At MySQL client prompt, enter the following commands (preceding with mysql>)one after one, pressing Enter each time:
mysql> use cphulkd;
Expected result: Database changed.
mysql> BACKUP TABLE `brutes` TO ‘/path/to/backup/directory’;
mysql> BACKUP TABLE `logins` TO ‘/path/to/backup/directory’;
Above command will backup the brutes table, the main table used by cPHulk to record locked accounts and denied IP addresses.
mysql> DELETE FROM `brutes`;
mysql> DELETE FROM `logins`;
Above commands will remove all blocked IP addresses and locked accounts from the system, enabling full access again. If you’re familiar with SQL statements, it’s possible to use WHERE clause to specify logins or IP address that you want to remove only.
mysql> quit;
Exit MySQL client.
If you can’t login to the server due to brute force protection, you probably have to contact web hosting service provider support to physically access the server to remove the Brute Force Protection. To avoid future blockage or lock out, it’s recommended to add own IP address as Trusted Hosts List whitelist in cPHulk Brute Force Protection. To do so, go to WHM -> Security -> Security Center -> cPHulk Brute Force Protection. Inside “Configure cPHulk”, click Trusted Hosts List link.
Read more...
Saturday, July 11, 2009
Free 2 Years Domain Name and Web Hosting at DreamHost for GeoCities Users
Yahoo!, which owned GeoCities, has decided to close down GeoCities a free web hosting service provider which was immensely popular during the dot-com bubble era, with FTP and FrontPage support but no ads. But it’s going downhill since Yahoo! acquire it. Currently, all new registrations for new web space on GeoCities has been stopped, and the existing accounts are expected to be shutdown, deactivated and terminated by end of 2009. Visitor will be shown “Sorry, new GeoCities accounts are no longer available.” on GeoCities homepage.
Read more...
Unfortunately, Yahoo! doesn’t provide GeoCities webmasters another free web hosting service. Instead, the homesteaders are offered a paid web hosting service by Yahoo! at $11.05 a month, with first 3 months at discounted price of $5.98. Dream Host (ref) decides to Counter-offer with two (2) years of free DreamHost web hosting account, including free domain registration, in part also to honor the Webring, which made the developer tens of millions dollars.
The free 2-year domain registration and web hosting offer is limited to the first 1000 GeoCities users who sign up. In order to take advantage of the promotion worth $214.80, GeoCities refugees need to login into GeoCities control pannel or File Manager, and then edit or upload a HTML webpage the following word:
I’m off to DreamHost!
The string can be placed on any web page or URL, including index.html. Then head off to Dreamhost (ref). Select top option “Host a Domain” and sign up for 2 year hosting plan (note: must be two year, else you can get Promo code error: To get two years free, you must pick the two year plan! error). Then, enter full URL (web address) that points to GeoCities page with “I’m off to DreamHost!” text string as the promotional code in the promo code box. Click “Proceed to Payment” and DreamHost will check for the string to verify that you are existing GeoCities customer. If everything goes through, the free domain registration for 1 year (another 1 year can be registered at the end of 1 year) and web hosting for 2 years will be processed, and ready within seconds.
If you “Promo code error: We couldn’t find the string “I’m off to DreamHost!” at that URL to verify your ownership!” error message, try to replace apostrophe (’) with titde (`) in the string. Better yet, enter all possiblities of the text on the web page to submit as DreamHost promo code.
I`m off to DreamHost!
I'm off to DreamHost!
I’m off to DreamHost!
Too long to remember your old GeoCities account. Out of luck then. Too bad DreamHost doesn’t allow multiple registration for one GeoCities account. If you try to use existing web pages with “I’m off to DreamHost!” on it, you will be asked to fix the “Promo code error: This Geocities Refugee has already signed up with DreamHost!” error.
Read more...
Free Web Hosting and Site Creator with Google Page Creator
Google Page Creator is a service from Google that allows users to create and publish their own attractive web pages, quickly and easily by using a free, easy to use and browser-based tool. Google Page Creator is very helpful for users who’re non-technical and not familiar to web site creation, to easily set up their websites in What You See Is What You See (WYSIWYG) rich text editor mode, just like creating a document in Microsoft Word. If you would like more control over your web pages, you can edit the page in HTML mode too. Once you’re done editing the page, just 1 click will publish the page to the Internet at googlepages.com subdomain, i.e http://userid.googlepage.com/. Each user is given 100 MB free web hosting space and storage space.
Read more...
Google Page Creator’s Page Editor has a simple interface that automatically inserts the user’s Google user name as the headline on the home page (”User name’s Home Page”) – Google Account is needed to use the tool. Below that are a pair of boxes for inserting a subtitle and text, plus a third box for inserting optional “Footer” information.
Buttons across the top of the work page provide the functions of “Back to Page Manager,” “Publish,” “Preview,” “Save,” “Redo,” “Undo,” “Change Look,” and “Change Layout”. Controls along the left side provide functions for inserting an image, inserting a web link, fonts, paragraphs, headings, subheading, “minor” headings, and editing the Web page html itself. Beside, Google Page Creator has Auto-Save feature like Gmail, to minimize changes of accidental loss.
You can also browse all your web pages and uploaded stuffs with Page Manager. You can create as many pages as you like, and upload as many files as you like, as long as it’s within space limit. If you upload image, a thumbnail will be automatically created too. The file formats allowed to upload to the Google Pages server include:
Images: bmp, gif, jpg, pcx, png, tga, tif
Markup Languages: htm, html, xml
Music: au, mid, mp3, s3m, wav
Compressed, Packed and Zipped Files: lha, zip
Programming Code: c, cpp, h, java
Documents: ods, xls, odp, ppt, pdf, ps, doc, lwp, odf, rtf, wp
Video: avi, gvi, mov, mpeg, wmv
Page Layout can be changed by using Change Layout button, which will show you available layout. For each layout, the dashed rectangles represent the parts of the page that you can edit.
Page Look can also be changed by clicking on Change Look, which will lead you to available designs and looks.
Currently there is no ads on the web pages that users created. The page is saved and published accurately despite the service still in Google Labs. Google Page Creator also copies feature from Picasa, where you can tell your friends about your website by using Gmail.
One significant downside to Google Page Creator is that when you save and publish your web pages with Page Editor, it will remove some of the HTML elements, such as
Read more...
Subscribe to:
Posts (Atom)
