Using geoip in .htaccess files / banning IP based on geographic region

Question

I was wondering if you have any support for banning specific countries, such as geoip?

Answer

We do not support geoip by default due to the extra load it would add to every page request.

However you can use it or any other geographic based IP bans in your .htaccess files. Any tutorial for doing so should work fine on your account with us.

You can also upgrade to a Virtual Private Server (VPS) and install geoip support to the webserver on the VPS.

Why does my website run an old version of php?

Change php version control panel screenshot

Question:

I noticed my website is not running the latest version of php. Why not?

Answer:

You can change your php version at any time by going to the php section of your control panel. Normally, we do not update your php version (other than for security patches) automatically in case your scripts rely a certain version being used. We do force minor revision upgrades that address security issues, etc.

In the past we kept all users up-to-date on the latest php versions but found that in many instances the major updates (from 4 to 5, 5.1 to 5.2 to 5.3, etc.) would break client sites. It was rare but happened enough for us to change our policy.

To summarize:

  • You can change your php version in the “php” section of the control panel
  • We perform security related upgrades automatically
  • Major version upgrades are not performed automatically. Instead, use the (one click) version update selector in the control panel

How are docroot’s for multiple domain hosting configured (document roots)

Question:

How are the domains on a phpwebhosting.com hosting account configured? Am I free to set the docroot / document root to whatever I like?

Answer:

The way our system works is that you sign up with a username and then add your first domain.

By default the first domain goes in:

/home/your_username/www

however you can change this if you would like.

Other domains you add can go pretty much wherever you like. Some people use things off their www like:

/home/your_username/www/site1
/home/your_username/www/site2

(this is not the best method to do things as your extra domains are then viewable as directories on your primary domain)

Other clients organize their domains like:

/home/your_username/site1
/home/your_username/site2
/home/your_username/site3

or

/home/your_username/sites/this.com
/home/your_username/sites/that.com
/home/your_username/sites/etc.com

It is open-ended and should work with just about any method you prefer.

My access_log is filled with requests for scripts I don’t have. What’s going on?

Question:

I noticed that my access log has requests for things like wp-admin, phpmyadmin, phpbb, etc. – scripts that I do not have installed. The requests seem to come from all over the world and sometimes one right after another. What is going on? Do I need to be worried about this?

Answer:

This is, unfortunately, normal. The entries may resemble:

"GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 877 "-" "-"

These entries are attackers scanning to find servers they can exploit. You’ll see them scanning for most common web apps and scripts. As long as you don’t have a copy of the script they are looking for installed you are fine. Even if you do, you are good as long as your install is current.

Hackers know that popular scripts like WordPress, phpMyAdmin, phpBB, etc. have millions of installed instances. They also know that many users may install one of these scripts to test and then never use it again and worse, never update it. Once a security vulnerability is found in a particular version of a script, hackers use lists of randomly compiled domain names and start checking if each domain has the hackable version of the script installed.

You do not need to worry about these types of “scans” as long as you do not have old versions of scripts installed. We highly recommend that you remove or disable scripts that you no longer use and keep all scripts you do use up-to-date.

browser tries to download php

Browser tries to download php pages screenshot

Question:

Sometimes my browser tries to download or save php files from my website. What causes this? How can it fix it?

Answer:

This can happen for a variety of reasons. However we frequently see it when a page is timing out. If you are connecting to a remote database make sure that the database is up and that dns is resolving correctly for it.

Adding Silverlight support to Apache (mime.types)

Question:

Do I need to make any changes for the Apache webserver to support Silverlight apps?

Answer:

In most cases, no changes need to be made.

If you are having problems, try adding:

application/manifest manifest
application/xaml+xml xaml
application/x-ms-application application
application/x-ms-xbap xbap
application/octet-stream deploy
application/vnd.ms-xpsdocument xps
application/xaml+xml xaml
application/x-silverlight-app xap

to your mime.types file

Don’t forget to restart apache with:

/usr/local/apache/bin/apachectl graceful

after you make the change.