If this is not the correct forum for this question please tell me!
When one has an account on a shared server host running cPanel, the account runs in a jailed environment where access to files is restricted to /home/myaccount/ and its subdirectories. However PHP runs as root, so is there any security issue possible where another (malicious) user could craft php scripts in such a manner as to access files in another users file area. I have heard conflicting stories about this and would like a definitive answer from a "server guru".
Related
I've recently purchased a VPS running Centos and cPanel.
I have several domains setup, all with their own individual cPanels. However, I'd like for the websites to be able to access a private, shared folder on the server.
I've written PHP classes that I'd like all the sites to have access to and I don't want to have to upload the files multiple times for individual sites.
Is there a folder where cPanel 1 and cPanel 2 can access whilst existing on the same server? Or could I create one?
Any help would be much appreciated.
Thanks.
The cPanel environment is designed to host websites within individual accounts while keeping their content separate and secure from other cPanel accounts on the same server. While you can configure your server to allow this type of sharing, doing so is not officially supported by cPanel as it circumvents many functions specific to the type of environment cPanel is trying to create.
http://serversitters.com/share-a-folder-between-2-cpanel-accounts-on-a-server.html
I have a client who gave me the FTP credentials server to upload the web files to the public_html folder and a pre-existing MySQL database to dump the tables of the website, only, without complete information of the server, as I know the server host the number of other website as well(shared hosting).
After uploading the web files to the public_html directory and dumping the MySQL tables to the given database, When I browse the newly created website. It is too too much slow, even it says the resource limit is exceeded, with 3 or 4 more request to the server, and the website is created using the wordpress.
As in the most of the shared hosting the service provider provide the cpanel, which display the system status and the resource usages for each website, as the Server has not any c panel software installed (sysadmin use the CLI method) to view the resource usage by the each website.
I also create the <?php phpinfo(); ?> script to view the server information, but I couldn't get any clue from the output of this script.
Is there any php scripts which can show the information about the Bandwidth usage, CPU usage, ram usage, memory usage/allocated by php/mysql by the particular website so that we can put that script in the root directory of the website and execute it by calling it from the browser. If No is there any other alternative way to view the server resource usage by this particular website. OR Should I need to contact the server administrator about this issue
You need to contact the server administrator about this.
If it's a shared hosting service, you can't access files and directories outside the one that has been assigned for you to use and host your files.
In order to know the server load and resources you would need to access UNIX files outside your directory; otherwise you would need to access CLI on that server. As far as I understand you can't.
In addition, if a shared web hosting service is having performance issues, it should be the machine's administrator concern, not yours.
You should alert the machine's owner and if you still can't get to solve the problem just change hosting provider as the provider is probably overselling.
This morning I received notification from Google (noreply#gooogle.com) that several of my accounts on my shared Linux hosting reseller account had phishing links placed on them. They were all different hosted domains on the same reseller account. The links had something in common, so were probably placed by the same hacker. All suspicious links looked like this:
example.com/~cp/request/linkd/index.php?userid=aname%40domain.com
I contacted the hosting company about a possible vulnerability on their servers, but I was wondering if these links could have been placed on my accounts due to one of my admin passwords being compromised. I also would like to know where I could find these links and remove them myself. I'm not sure where to track down the /~cp/request/linkd/ Linux directory. Is this related to a cpanel directory? My search of my file system for index.php did not find any suspicious files or directories.
Also, some sites were running WordPress, but are all up to date and hardened installs, and some sites were basic html5 sites (no WordPress).
I think cp user is created on your server and that is the infected USER. I can see mod_userdir is enable on your server and that is the reason they can able to access that infected URL with your domain name (example.com/~cp URL), So please contact your hosting provider and ask them to disable mod_userdir and check that URL again.
This should be addressed by your hosting company. It seems that your hosting server is not configured properly and it allows to access any account using temporary URL using any domain hosted on the server. This is not recommended settings because if one of your accounts is compromised, Google may consider all domains have suspicious code.
You should immediately contact your host to fix this issue. They will have to adjust Apache mod_userdir settings to prevent such issue.
I want to provide free (website) hosting for some people.
Which are hosted on my own hosting account.
Now, I have a folder called "hosting_ftp".
In that folder, is a folder for every person who wants hosting.
They will get an FTP account which gives them access to that directory (and no other, as that directory is set as their root folder)
But, for example PHP scripts can still access files, which are put in the root folder (my personal website files).
Now what's the best way of preventing users from accessing those files in my root directory (just anywhere else than their own folder).
The simple answer is that you can't assure what you want to achieve here, unless you have a VPS or other form of cloud VM for your service. With this, you could do it the way that shared hosting providers do it, which is to use UID-based access control, with each account having its own UID and potentially (but not necessarily) being chroot isolated.
This type of solution uses suEXEC or suPHP wrapped PHP-CGI for each user, so that PHP runs in the users UID and thus other others can use file protection to prevent read to write to their content by others.
If you are on a shard hosting account, then you only have a single UID. All sub-accounts will have FTP access to their directory tree and if you've enabled PHP scripting in those directory hierarchies then their PHP scripts will have full R/W access to your entire directory hierarchy. Your hosting provider won't give you any root privileges.
So if you want to run your own VM, and have a reasonable knowledge of LAMP server admin, then what you suggest is doable. If you not then you must assume that anyone that you give FTP access to will have full access to everyone's data within your hierarchy. Sorry.
Good day!
I've searched for many sites on how I could deploy my PHP projet in the internet but I don't know how to do it because I am confused with some of the technical terms.
You see, I am using xampp for my local web server. Now I want to put it in the internet. I found some free web hosting sites so i've decided to upload all my htdocs files inside it.. But how can I put the xampp (apache server) and my mysql database on it? I'm confused. Please help. A step-by-step procedure of what should i do could be really helpful. Thank you in advance.
Get a hosting account (try www.bluehost.com for instance).They will set you up with a Linux server and MySQL. You don't have to install Apache or MySQL, you will use whatever they've got. All you need to do is upload your PHP files to the right folder, setup your database on their server and you should be good to go.
If you buy a domain-name and space, connect them using the NS settings
If you are using a free, then the settings are already okay.
Export the database from your XAMP.
Login to the remote server. There you'll find PHPMyAdmin. Import the database.
Upload the file.
Make sure file listing is off. That is if a user goes to any directory he can not see the file list!
Done :)
Simplifying a bit, there are two ways you can get your site online.
First, you could purchase or rent a server that is yours and yours alone. This is commonly called "dedicated hosting" and costs somewhere around $100 / month. If you choose this option, you have your own server housed in a datacenter somewhere, and you must install Apache, MySQL, and any other server software you care to use.
I doubt, given what you've described, you have chosen this option.
Second, you could rent "shared hosting" from any one of the dozens of hosting providers out there. If you do this, with a typical cost of $2 to $10 per month, the hosting provider is administering the server. You have no direct access at all. Your only access is through the tools they provide.
Given that, how specifically you can upload files is up to them (is it FTP? SSH? a horrifying web-based upload tool of some kind?) Similarly, how you access your MySQL databases (assuming they offer MySQL databases) is entirely up to them as well.
Many providers now use a tool called cPanel for this administration, so you may try browsing to www.example.com/cPanel (using your domain) on the off chance that works. If not, though, follow the instructions your host provides. Only they can correctly describe how their setup works.
The hosting will be already having apache and mysql installed you only have to put your files thats it
I suggest you contact your webhosting site. The web hosting needs to host php, and mysql. Then you can upload your files to their web server, and copy your mysql database to their mysql server.
You do not need to transfer xampp to your host: apache and mysql are running on nearly every server
Upload all your files in your htdocs directory via ftp to your server
To transfer your database, use phpMyAdmin. It is installed with xampp and alos installed on nearly every server. In phpMyAdmin, use the export/import functionality
In your php file where you connect to the db change the login settings to the settings the hoster gave you
That should work...
Hosting Company already have setup for apache,php, mysql. All you need to uploads all your
files from xampp htdocs to a right folder like public_html using a ftp software like
filezilla. They also provide a control panel like using which you can manage your mysql
database and all others settings like directory permission.