To avoid Joomla site to be hacked follow the following steps.
Disable RG_EMULATION for Joomla. When this option is enabled even the latest Joomla is
vulnerable to some variable injections. It can be disabled by placing the following line in
your configuration.php:
if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }
-------------
Secure your administrator's area. This will first prevent simple brute-force attacks. Along
with that, all components and modules' code inside this directory will be safe. For this
purpose:
- Place an .htaccess inside Joomla's 'administrator' directory. It should contain:
Deny from all
Allow from YourIP*
In case your IP changes, you should try securing the directory with Password Protection
If you are using PHP 5.2, make sure that the directive 'allow_url_include' is set to off;
If you are using PHP version below 5.2, make sure that the directive 'allow_url_fopen' is
set to off.
Also refer following blog to collect more information http://theperfectarts.com/
This blog is basically developed for the web hosting field members who are getting daily problems to sort out the client’s request/problem. I hope they will found out most of the solution on this blog.
Thursday, August 28, 2008
Wednesday, August 27, 2008
Enable private PHP Error Logging via .htaccess\disable PHP Error Logging for visitor
To hide PHP errors from visitors insert the following code in .htaccess
# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
Once disable the error logs for visitors enable the private PHP error logging by using following code in .htaccess
# enable PHP error logging
php_flag log_errors on
php_value error_log /home/path/public_html/domain/PHP_errors.log
The PHP_errors.log file needs to be permission 755 or 777.
Also refer following blog to collect more information http://theperfectarts.com/
# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
Once disable the error logs for visitors enable the private PHP error logging by using following code in .htaccess
# enable PHP error logging
php_flag log_errors on
php_value error_log /home/path/public_html/domain/PHP_errors.log
The PHP_errors.log file needs to be permission 755 or 777.
Also refer following blog to collect more information http://theperfectarts.com/
Connect and publish files by using Frontpage
Following are the steps to connect the Frontpage and publish the sites files/folders.
1.Begin by starting Microsoft FrontPage Explorer from your Windows Start Menu.
2.Select Open Web… from the File… menu. This will open the Open Web dialogue.
3.In the Open Web dialogue, select the My Network Places icon.
4.Now, enter http://www.yourdomainname.com into the Web Name field. Click Open to continue.
5.You will now be presented with a pop-up window entitled Enter Network Password.Enter your cPanel or FTP Username and Password without any space. Click OK to continue.
6.FrontPage Explorer will open a Folder List window at the left-hand edge of the Explorer screen that will contain the entire directory structure for your webspace.
7.To edit pages using FrontPage, double-click any of the web pages listed in the Folder List. A new FrontPage window will open for each page you select.
8. To upload newly-modified pages to the web, select File… then save… from the FrontPage Explorer tool bar. Your web pages will automatically reflect your latest changes.
Also refer following blog to collect more information http://theperfectarts.com/
1.Begin by starting Microsoft FrontPage Explorer from your Windows Start Menu.
2.Select Open Web… from the File… menu. This will open the Open Web dialogue.
3.In the Open Web dialogue, select the My Network Places icon.
4.Now, enter http://www.yourdomainname.com into the Web Name field. Click Open to continue.
5.You will now be presented with a pop-up window entitled Enter Network Password.Enter your cPanel or FTP Username and Password without any space. Click OK to continue.
6.FrontPage Explorer will open a Folder List window at the left-hand edge of the Explorer screen that will contain the entire directory structure for your webspace.
7.To edit pages using FrontPage, double-click any of the web pages listed in the Folder List. A new FrontPage window will open for each page you select.
8. To upload newly-modified pages to the web, select File… then save… from the FrontPage Explorer tool bar. Your web pages will automatically reflect your latest changes.
Also refer following blog to collect more information http://theperfectarts.com/
Monday, August 25, 2008
Install mod proxy
First login into your server with the root login details
cd /home/cpapachebuild/buildapache/apache_1.3.31/src/modules/proxy/
or
cd /home/cpeasyapache/src/httpd-2.0.63/modules/proxy
Then run command:
/usr/local/apache/bin/apxs -i -c *.c
Add the following module to the httpd.conf to load proxy module with the httpd configuration file:
LoadModule proxy_module libexec/mod_proxy.so
And then restart the Apache service:
service httpd restart
or
/etc/init.d/httpd restart
You can check proxy installed or not on your server by using following command.
/usr/local/apache/bin/httpd -l | grep proxy
Also refer following blog to collect more information http://theperfectarts.com/
cd /home/cpapachebuild/buildapache/apache_1.3.31/src/modules/proxy/
or
cd /home/cpeasyapache/src/httpd-2.0.63/modules/proxy
Then run command:
/usr/local/apache/bin/apxs -i -c *.c
Add the following module to the httpd.conf to load proxy module with the httpd configuration file:
LoadModule proxy_module libexec/mod_proxy.so
And then restart the Apache service:
service httpd restart
or
/etc/init.d/httpd restart
You can check proxy installed or not on your server by using following command.
/usr/local/apache/bin/httpd -l | grep proxy
Also refer following blog to collect more information http://theperfectarts.com/
Install Magento
Following are the steps to install Magento manually from Shell.
wget http://www.magentocommerce.com/downl...19870.4.tar.gz
wget http://www.magentocommerce.com/downl...0.19870.tar.gz
tar -zxvf magento-1.0.19870.4.tar.gz
tar -zxvf magento-sample-data-1.0.19870.tar.gz
mv magento-sample-data-1.0.19870/media/* magento/media/
mv magento-sample-ta-1.0.19870/magento_sample_data_for_1.0.19870.sql magento/data.sql
cd magento
chmod o+w var var/.htaccess app/etc
chmod -R o+w media
mysql -u DBUSER -pDBPASS DBNAME < data.sql
./pear mage-setup .
./pear install -f magento-core/Mage_All_Latest
rm -rf downloader/pearlib/cache/* downloader/pearlib/download/* .htaccess.sample data.sql index.php.sample ../magento-1.0.19870.4.tar.gz ../magento-sample-data-1.0.19870/ ../magento-sample-data-1.0.19870.tar.gz
find . -type d -exec chmod 777 {} \;
If after installation you are facing the "500 Internal Error Server" problem then check Apache logs and correct the ownership and permission for the folders as per logs.
Also refer following blog to collect more information http://theperfectarts.com/
wget http://www.magentocommerce.com/downl...19870.4.tar.gz
wget http://www.magentocommerce.com/downl...0.19870.tar.gz
tar -zxvf magento-1.0.19870.4.tar.gz
tar -zxvf magento-sample-data-1.0.19870.tar.gz
mv magento-sample-data-1.0.19870/media/* magento/media/
mv magento-sample-ta-1.0.19870/magento_sample_data_for_1.0.19870.sql magento/data.sql
cd magento
chmod o+w var var/.htaccess app/etc
chmod -R o+w media
mysql -u DBUSER -pDBPASS DBNAME < data.sql
./pear mage-setup .
./pear install -f magento-core/Mage_All_Latest
rm -rf downloader/pearlib/cache/* downloader/pearlib/download/* .htaccess.sample data.sql index.php.sample ../magento-1.0.19870.4.tar.gz ../magento-sample-data-1.0.19870/ ../magento-sample-data-1.0.19870.tar.gz
find . -type d -exec chmod 777 {} \;
If after installation you are facing the "500 Internal Error Server" problem then check Apache logs and correct the ownership and permission for the folders as per logs.
Also refer following blog to collect more information http://theperfectarts.com/
Saturday, August 23, 2008
Simply check server is SuExec or not?
From your shell run following command
[root@xx.xx.xx.xx ~]#/usr/local/cpanel/bin/rebuild_phpconf --current
DEFAULT PHP: 5
PHP4 SAPI: suphp
PHP5 SAPI: suphp
SUEXEC: enabled
or make a php file under any account and change the permissions on that file to 777 and open it in a browser. If it gives 500 Internal Server Error, your most probably running suPHP.
Alternatively,
If you have access to WHM - login, in the menu find Configure PHP and SuExec
Check the drop down box for "PHP 4/5 Handler" - and if beside that it says "suPHP" - then your server is running it.
SuPHP activity is logged in /usr/local/apache/logs/suexec_log. If you tail it, you will see if there is any current activity:
Code:
tail -f /usr/local/apache/logs/suexec_log
you can also get this information from PHP INFO page:
IF
Server API = Apache then server is not running PHP in SuExec mode
And if
Server API = CGI the server is running PHP in SuExec mode
That’s all now you are sure about your server is SuExec or not
Also refer following blog to collect more information http://theperfectarts.com/
[root@xx.xx.xx.xx ~]#/usr/local/cpanel/bin/rebuild_phpconf --current
DEFAULT PHP: 5
PHP4 SAPI: suphp
PHP5 SAPI: suphp
SUEXEC: enabled
or make a php file under any account and change the permissions on that file to 777 and open it in a browser. If it gives 500 Internal Server Error, your most probably running suPHP.
Alternatively,
If you have access to WHM - login, in the menu find Configure PHP and SuExec
Check the drop down box for "PHP 4/5 Handler" - and if beside that it says "suPHP" - then your server is running it.
SuPHP activity is logged in /usr/local/apache/logs/suexec_log. If you tail it, you will see if there is any current activity:
Code:
tail -f /usr/local/apache/logs/suexec_log
you can also get this information from PHP INFO page:
IF
Server API = Apache then server is not running PHP in SuExec mode
And if
Server API = CGI the server is running PHP in SuExec mode
That’s all now you are sure about your server is SuExec or not
Also refer following blog to collect more information http://theperfectarts.com/
Install and uninstall Frontpage for single domain from Shell.
First you need to login into your server with the root login details and then run followings commands one by one
/scripts/setupfp5:
What is the servername you want to setup? www.****.org
Saving .htaccess file: /home/****/public_html/.htaccess
Using Upgrade Mode
Saving .htaccess file: /home/****/public_html/_private/.htaccess
For remove /scripts/unsetupfp4
What is the servername you want to setup? www.****.org
Saving .htaccess file: /home/****/public_html/.htaccess
Using Upgrade Mode
Saving .htaccess file: /home/****/public_html/_private/.htaccess
Thats it enjoy
Also refer following blog to collect more information http://theperfectarts.com/
/scripts/setupfp5:
What is the servername you want to setup? www.****.org
Saving .htaccess file: /home/****/public_html/.htaccess
Using Upgrade Mode
Saving .htaccess file: /home/****/public_html/_private/.htaccess
For remove /scripts/unsetupfp4
What is the servername you want to setup? www.****.org
Saving .htaccess file: /home/****/public_html/.htaccess
Using Upgrade Mode
Saving .htaccess file: /home/****/public_html/_private/.htaccess
Thats it enjoy
Also refer following blog to collect more information http://theperfectarts.com/
Frontpage problem
If anyone facing problems with the FrontPage installation then first uninstall the installed FrontPage from shell /home/user/public_html (Change the user to your user name)
Then run the following commands one by one.
rm -rf .htaccess.*
rm -rf _vti_pvt/
rm -rf _derived
rm -rf _private
rm -rf _vti_*
If server is SuExec enabled then first disable it from the WHM
And install FrontPage for the specific domain where you have seems the problem and then try to publish site by using Frontpage. If you are still facing the problem then
remove all the .htaccess.* from/home/user/public_html and remove all _* (private,vti,etc)one by one carefully.
Now try to install it and check for the permission and ownership of public_html folder
Permission and ownership need to be as follows
chown user:user public_html -R
chmod 755 public_html -R
if the problem still persists then check whether the permission of public_html/_vti_pvt/service.pwd is 600 or not?
(try even setting an attr and set the permission to 600)
ie
chmod 600 service.pwd
chattr +i service.pwd
chattr -i service.pwd
It will sort out your problem enjoy
Also refer following blog to collect more information http://theperfectarts.com/
Then run the following commands one by one.
rm -rf .htaccess.*
rm -rf _vti_pvt/
rm -rf _derived
rm -rf _private
rm -rf _vti_*
If server is SuExec enabled then first disable it from the WHM
And install FrontPage for the specific domain where you have seems the problem and then try to publish site by using Frontpage. If you are still facing the problem then
remove all the .htaccess.* from/home/user/public_html and remove all _* (private,vti,etc)one by one carefully.
Now try to install it and check for the permission and ownership of public_html folder
Permission and ownership need to be as follows
chown user:user public_html -R
chmod 755 public_html -R
if the problem still persists then check whether the permission of public_html/_vti_pvt/service.pwd is 600 or not?
(try even setting an attr and set the permission to 600)
ie
chmod 600 service.pwd
chattr +i service.pwd
chattr -i service.pwd
It will sort out your problem enjoy
Also refer following blog to collect more information http://theperfectarts.com/
Subscribe to:
Posts (Atom)