Public Forums 71,145 posts

[2Patrick Friend 2PatrickJoin date: July 2008Posts: 256Downloads:0Uploads:19 Thanks: 74 Thanked: 11 times in 1 posts]

#265741

MJ’s raised the point that a hosting provider must have phpSUEXE so that security will be tighter on a Jooma site

I checked with Dreamhost and their reply :
——————————————————————————————————

Can you confirm whether you shared hosting servers run phpSUEXE.I need
> phpSUEXE so tha the Joomla hosting will be more secure .

Yep, I can confirm that for you! We do use phpSUEXE. All PHP is run as
your own user and not as the web server. If you happen to have anymore
questions please let us know!
———————————————————————————————————-
Can we trust the ” cheap ” hosting companies …ie its not just Rochenhost ( the company Joomla.org uses ) that have phpSUEXE installed then ?

Which hosting companies would be a good bet for shared hosting ( for users who are setting up their fisrt Joomla sites ) ?…off course we are talking about those who have phpSUEXE and are really serious about security etc

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#265742

Thanks 2Patrick, I’ve submitted a support ticket to my hosting company to ask them!

I’m not sure whether I found this sad or funny, but well worth a read:

http://docs.joomla.org/Top_10_Stupidest_Administrator_Tricks

Cheers
Chris

1 user says Thank You to questbg for this useful post

1. mj1256

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#265756

<em>@questbg 74037 wrote:</em><blockquote>Thanks 2Patrick, I’ve submitted a support ticket to my hosting company to ask them!
</blockquote>

Reply from my hosting company:

“Our hosting service runs php in your environment and it uses suexec for your scripts. Thus you don’t need to worry about that kind of security issues.”

That’s one bit of good news then :).

Another tip I just picked up on the Joomla forum was to rename ‘Admin’ user to something else as this is first point of attack. Joomla sets up a user named ‘Admin’ as default ‘SuperAdmin’, so half of the username and password is already known by potential attackers!!

Good advice, I just changed mine.

[2Patrick Friend 2PatrickJoin date: July 2008Posts: 256Downloads:0Uploads:19 Thanks: 74 Thanked: 11 times in 1 posts]

#265785

Hi Chris

Thanks for the link to the interesting article.

I contacted a few “cheap ” hosting companies like Dreamhost, Hostgator etc etc

They all claim they have phpSUEXE installed on their shared servers

wonder if there is a catch somewhere ……I am feeling a bit suspicious !>:(

[2Patrick Friend 2PatrickJoin date: July 2008Posts: 256Downloads:0Uploads:19 Thanks: 74 Thanked: 11 times in 1 posts]

#265786

Just got this from Hostgator ..

All servers are PhpSuExec. The php.ini file will handle all of the php_flag lines that were once in .htaccess.

If you have any further questions, please let us know.

Regards,
David K
HostGator.com

Chris …since your hosting company uses phpSUEXE …did you know about it when you first hosted with them ?….did you just install the quickstart and then make the changes on the actual site .?.I am asking because I want to know what difference a phpSUEXE server will make in the way we install Joomla and the JA template
thanks

[mj1256 Friend mj1256Join date: June 2007Posts: 1473Downloads:10Uploads:35 Thanks: 84 Thanked: 225 times in 118 posts]

#265837

phpSUEXE will have no effect on your install of joomla or the quickstart.

[njbarbour Friend njbarbourJoin date: June 2008Posts: 23Downloads:0Uploads:0 Thanks: 3]

#267188

mj1256

By any chance, can you suggest a cause of this ?

I made a huge leap of faith and updated from 1.5.3 to 1.5.6 and pretty well got away with it. The only thing is this strange message I get on the right hand side of the page in the link below..

Im still getting the rotating picture below but what is the error message text actually telling me ?

http://www.corcoranrecovery.ie/minde…d=11&Itemid=66

I would really appreciate your thoughts on this..

Cheers

njb

[mj1256 Friend mj1256Join date: June 2007Posts: 1473Downloads:10Uploads:35 Thanks: 84 Thanked: 225 times in 118 posts]

#267190

I personally don’t try to debug everything.

if an update fails, I reinstall from the backup I made before the update ( and I know you made one 😉 ) and try again.

it takes ten minutes to reinstall from backup, it could take days to debug and even then I may never get the answer.

[njbarbour Friend njbarbourJoin date: June 2008Posts: 23Downloads:0Uploads:0 Thanks: 3]

#267200

Hi

Thanks for your reply. In cPanel, I actually created a 100% backup in my www folder. I carried out the upgrade on one version.

All went fine but the only thing was my headers defaulted back and my flashrotator is behaving a little wierd.

I’ll keep trying.

All the best.

njb

[mj1256 Friend mj1256Join date: June 2007Posts: 1473Downloads:10Uploads:35 Thanks: 84 Thanked: 225 times in 118 posts]

#267206

go to joomla extentions and install joomlapack

thats the easiest way to do backups

and when istalling from the backup, it works just like a quickstart package

[Author]

Posts