If I have a website that runs in online, how do i update my website? I do not want any client to see the progress. Only the output. Using c panel to edit my website.
Make a note on your website saying website is down for upgrading/maintenance. Take it off internet. Work on your code duly, update and host it back.
Configure the. htaccess to display maintenance mode then change to normal mode after making the changes
new to dreamhost here and have followed the wiki on this but still need some additional help if possible. I want to be able to preview a site while I work on it, before I point the live domain to my dreamhost server. I've added the domain via the Control Panel, and all my files sit in the directory, /home/user/mysite.com - which is correct I think. When trying to follow the wiki with regards the mirroring details, I find that the only option I have is as follows, where I can't change any of these details:
Create the mirror at: mysite.com
Mirror this site: existingsite.com
The existingsite.com is just a live site sitting on the same server space. Is there something I'm missing here? Probably a newb mistake no doubt :)
Mirroring is for you to point a domain to an existing site. Hence this means you can mirror on 1 site. ie. both existingsite.com and mirrorsite.com points to the same server space.
If you want to create a development site, you probably are talking about 2 installations.
In this case, a quick and dirty trick I use is to create a development subdomain, dev.existingsite.com and fully host it. You normally get a /home/user/dev.existingsite.com folder with this. When your site is fully ready, you can edit your fully hosted existingsite.com and point the web directory to dev.existingsite.com. A better way is to SSH in and move the files.
There's an option copy files over in the settings page. Anyway dreamhost live help is pretty good. This is definitely something they will answer.
We have our application stored on our server, it is an .exe file. The download page is only accessible from our site - using cookie authentication in PHP. I know there are better methods but there is a long story behind this...so I'm moving on. The issue is that the actual url of the .exe has been leaked and is appearing on other websites. What is the best method to protect a link to a file, not the page itself. That is where I'm having issues. I can make it difficult to get to the download page (with the link) but don't know where to begin to make sure the link is only accessible from our site... Is .htaccess (preventing hotlinking) the best way to go?
Yes, .htaccess is probably best. Find any online post about protecting images from hotlinking, the first in my google search looks like a nice and easy auto-generator you can use. Just change the image extensions to exe, or keep them if you want them protected too.
Now I didn't do the website design but a couple of months ago I ported an existing website over to wordpress for a client of mine.
I got a call from a client today regarding their website, and some sort of a security problem.
The websites homepage loads up fine, but if you try to navigate to any other page it brings you to - http://secure.wheelerairservice.com/main.php.
The nav appears to still be linking to the appropriate page (when you rollover contact us, the link displays in the status bar as /contact-us) but it redirects to the above url.
Just wondering if anyone knows what the problem is, and who or what might have done this and how.
Any suggestions on how I could fix this?
thanks!
Ok I've looking into the problem some more and found that the .htaccess file had been replaced somehow. I'm just wondering how someone might have done this? via ftp access, wordpess admin account or some hole in wordpress, any thoughts?
Typically when it's the .htaccess files that have been infected, it's usually the result of stolen (compromised) FTP credentials.
This usually happens by a virus on a PC that has FTP access to the infected website. The virus works in a variety of ways, but usually one of two.
First, the virus knows where the free FTP programs stores it's saved login credentials. For instance with FileZilla on a Windows XP PC, look in:
C:\Documents and Settings(current user)\Application Data\FileZilla\sitemanager.xml
in there you'll find, in plain text, all the websites, usernames and passwords that user has used FileZilla to access via FTP.
The virus finds these files, reads the information and sends it to a server which then uses them to login to the website(s) with valid credentials, downloads specific files, in this case the .htacces files, infects them and then uploads back to the website. Often times we've see where the server will also copy backdoors (shell scripts) to the website as well. This gives the hacker remote access to the website even after the FTP passwords have been changed.
Second, the virus works by sniffing the outgoing FTP traffic. Since FTP transmits all data, including username and password, in plain text, it's easy for the virus to see and steal the login information that way as well.
Change all FTP passwords immediately
Remove the the infection from the .htaccess files
Perform a full virus scan on all PCs used to FTP files to the infected website
If the website has been listed as suspicious by Google, request a review from Google's webmaster tools.
If the hosting provider supports it, switch to SFTP which encrypts the traffic making it more difficult to sniff.
Also, look at all files for anything that doesn't belong there. It's difficult to find backdoors, because there's so many different ones. You can't go by the datetime stamp either because these backdoors modify the datetime stamp of files. We've seen infected files with the exact same datetime as other files in the same folder. Sometimes the hackers will set the datetime stamp to some random earlier date.
You can search files for the following strings:
base64_decode
exec
fopen
fsock
passthru (for .php files)
socket
These are somewhat common strings in backdoors.
Change your passwords. See Hardening WordPress and FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation
If FTP has been used to access/modify the files in this wordpress site, then it could be more than possible that someone has got the username and password for FTP access and modified your .htaccess file. FTP is not secure at all. I would suggest using SFTP as a minimum.
Wordpress is not perfect (not many things are) but i highly doubt there would be a flaw like this, is possible but i very much doubt it.
I suggest you first, change your FTP username/password, upgrade wordpress to the latest version, change the default admin username to something else and change the password for the administrator user, ensuring that all passwords are at least 8-10 characters in length
We also getting same problem for word press website, once virus removed but it re-attacking again, So as said above first have to backup all files, then change passwords of FTP, Administrator and cPanel, then upload back the website. I did above steps for our website.
We've got an intranet which normally serves all info/documents that appl to the whiole company (employee handbooks, minutes, etc...)
Most of these work by having the web server parse a folder and present the files to the user.
The problem in this case is that the latest folder is restricted to cerain users. As Kerberos is not currently an option, I was planning to side-step the issue and just insert a link which opens up a UNC path:
file://\Server\SecureFolder\
I've just found out that since XPSP2 this hasn't been possible with standard HTML/JS.
Does anyone know of a nother way this can be done? It's internal so I've got a lot of control over the webserver (but domain config changes will have to be justified)
I'm wondering if there's something like .Net or an ActiveX [shudder] solution or similar?
Thanks in advance for any help.
Seems the solution was to do it without Javascript and without the file://
The following works:
Link