How can I turn off mod_security for my site?

Question:

One of my applications is triggering the mod_security rules. How can I turn off mod_security for my site?

Answer:

Add this line to your .htaccess file:

SecFilterInheritance Off

If there is only a certain portion of your site with errors due to mod_security, we recommend you put the disable command only in an .htaccess file in the directory for the part of your site with the errors. This will allow you to still have mod_security protection on the rest of your site.

All mod_security errors will appear as error status 500. Not all 500 errors are due to mod_security but if you have odd ones that you can not find the source of they may be from mod_security.

mod_security watches all incoming requests for certain known attack signatures and stops them. It is very effective against stopping common hacking attempts on your site.

See mod_security.org for more information.

How to turn off session.use_trans_sid

Question:

I’m trying to run PHProjekt and it says I need to turn off session.use_trans_sid. How can I do this?

Answer:

No problem.

If you are the default setup, just make a .htaccess file in your www directory (or the directoy below in which you want it to have effect) and put the line:

php_flag session.use_trans_sid off

Of if you are running the php cgi option (in the php section of the control panel), make the dir:

/home/your_username_here/etc/

and upload your own custom php.ini with the value set in side the php.ini

Let me know if you need more help!

Thunderbird will not let me change my outgoing SMTP setting

Question:

I was trying to setup Thunderbird. However when it came to specifying the outgoing server, Thunderbird said it would use my existing Earthlink outgoing server instead of yours. I tried to change this but it will not let me.

Answer:

Hi,

It is really not a problem to use earthlink for your outgoing. In fact many ISP’s (including earthlink) require you to use their outgoing SMTP. They firewall out external SMTP (port 25) to control all mail that leaves their network.

As long as your incoming POP3 is set to your domain with us it will work fine.

Do you support PayFlow Pro?

Question:

I am currently trying to get an ecommerce site hosted for a client of ours.

Our current host will not allow us to install Verisign’s Payflow Pro SDK on our account, and their support people are not very helpful.

Can you guys help?

Answer:

I think what you need would work out with our hosting.

We do not have a pre-installed global Payflow Pro install. However you are welcome to install it into your account space. We do not have any support for this but I believe other users have done so and gotten it working.

You are welcome to sign-up and give it a try. You can cancel service in the first 30 days and get a full refund if things don’t work out as needed.

How to password protect a directory (htpasswd + htaccess)

Password protecting a directory with .htaccess and .htpasswd

There may be parts of your site that you wish to restrict or allow access by “authorized users” only. You may have a family photo album or just some private files that you only want certain people to have access to.

To add a username/password pop-up box to a specific directory, follow these steps –

1. You must have SSH access. This cannot be done via ftp. If you have not already requested SSH access, please stop and submit a request for SSH access from the helpdesk section of your control panel. You will receive a confirmation email once SSH access has been granted within 24 hours. Once SSH access has been granted, proceed to step 2.

2. Create or open the directory you wish to protect.

If the directory already exist, type cd location/of/directory/

(Example – cd www/pictures/private_pictures/)

If you need to create the directory, type mkdir location/you/wish/

(Example – mkdir -p www/pictures/private_pictures)

3. Once you are in the directory that you wish to protect, use an editor such as vi or emacs to create a file called .htaccess (lower case letters with the leading period) that looks just like this:

AuthUserFile /home/YOUR_ACCOUNT_USERNAME/.htpasswd
AuthGroupFile /dev/null
AuthName “TITLE YOU WANT TO APPEAR ON THE PASSWORD BOX”
AuthType Basic
require valid-user

4. To create the password file, issue the following command –

htpasswd -c /home/YOUR_ACCOUNT_USERNAME/.htpasswd USER_NAME

(replace USER_NAME with the username you would like visitors to enter to gain access to the protected directory)

If you later on need to update a users password, use this:

htpasswd /home/YOUR_ACCOUNT_USERNAME/.htpasswd NEW_USER_NAME

(the same command without the -c option. The -c option tells htpasswd to create a new file. If you don’t use it, it will add a new user to the file).

5. The system will ask you to enter the password for this user.

6. If you wish to add multiple users, use the same command in step 4, but without the -c

htpasswd /home/YOUR_ACCOUNT_USERNAME/.htpasswd ANOTHER_USERNAME

(The -c option in step 4 is only for the initial creation of the file)

That’s all there is to it! If you experience any unexpected problems, or you change your mind about restricting access, just issue the command ‘rm .htaccess’ to remove (or use the regular delete function in your ftp program to delete the .htaccess file).

php command in .htaccess do not work

Question:

I’m having trouble changing PHP settings (e.g., setting magic_quotes_gpc to off) inside of .htaccess.

I put in command like:

php_flag magic_quotes_gpc 0ff
php_flag register_globals 0ff
php_flag html_errors 0ff

but they do not take effect.

Answer:

If you are running the php-cgi versions you’ll need to make the dir :

/home/your_username_here/etc/

and upload a default php.ini and modify that. php in your .htaccess won’t work. Instead the system will read your private php.ini in your etc directory.

How do I backup my database?

Question:

How do I download a backup copy of my database.

Answer:

The best method is to login to ssh and type:

mysqldump name_of_your_database -u your_username -p > database_dump.sql

it will ask you for your password, enter it and then wait 🙂

When it completes you can also type:

gzip database_dump.sql

which will compress the file (usually by a lot since it is highly compressable data in most cases).

The new file will be :

database_dump.sql.gz

You can then ftp this to your local computer, etc.

If you ever need to open it, most windows and mac decompressors (winzip, etc.) can decompress the file. All unix/linux servers will be able to decompress it.

You can also use phpMyAdmin in the control panel. However we have found that for larger backups it sometimes does not work as smoothly.

I hope this helps!

No input file specified – php custom 404 errors

Question:

I am trying to create a custom 404 using php. However I just get the error “No input file specified”

Any ideas?

Answer:

This occurs when you are running php as a cgi and an non-existant php page is called. When php runs as a cgi the webserver never checks for valid files – it just sends the request straight to the php parser. The php parser does not return a 404, instead it errors with “No input file specified”

Add the following to your .htaccess (or create a .htaccess file if you don’t already have one) and it should fix it

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule ^.+.php$ /file_that_does_not_exist

The code above will cause the server to check for valid files first and redirect to a file that does not exist and trigger the 404.

Google sitemap verification error (404 versus 200)

Question:

I have submitted my sitemap to google. During the verifiction process, google reports an error from their verification saying that the server is reporting a status 200 instead of an error 404.

Could you assist with this?

Answer:

This occurs when you are running php as a cgi and a non-existant php page is called. When php runs as a cgi the webserver never checks for valid files – it just sends it straight to the php parser. The php parse does not return a 404, instead it errors with “No input file specified”

Add the following to your .htaccess (or create a .htaccess file if you don’t already have one) and it should fix it

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteRule ^.+.php$ /file_that_does_not_exist

The code above will cause the server to check for valid files first and redirect to a file that does not exist and trigger the 404.