pickupman

Any news on PHP version upgrades on shared hosting? Would like to have ability to at least PHP5.6. The PHP5.4 available is getting quite old at this point as it was originally release 4.5 years ago.

Thanks for the article. Good read. It seems some the PCI compliance stuff seems rather rigorous, and that fact that I am not storing CC# on my account/DB. When I searched the boards, I was surprised there are not more questions regarding this.

I recently created a PCI Compliance profile with Trustwave per my agreement with my gateway. The scan of my website failed due to the version OpenSSL on server. Is this a know issue with PCI scans with TCH, or are there any plans to upgrading OpenSSL to their recommended .9.8m?

Finally!!! Right on carbonize...tried on bespin and it worked perfectly. Thanks TCH-Dick and staff for getting this fixed.

I have this same issue on the Wordpress install I have running here on TCH. All 3 are a pain to update. I believe this a file ownership issue on the user/group for apache as well as php. On another host, I have about 6 wordpress installs, and all of them update flawlessly using automatic updates. I click "Update", I don't have to enter FTP credentials, package is downloaded and installed in generally under 5 secs or so. Even the core upgrades work with ease. On my TCH account, I almost always have to upgrade manually because of this issue. As popular as a platform wordpress is, it seems a little silly that this should be an issue. Even if I have to enter FTP credentials, it seems to be really slow downloading the packages and extracting them.

Is there a way to enable "add_header all Report _REPORT_" in user_prefs. Without seeing test scores for spam messages it's hard to create custom scores to flag some of these. I've add the rule, but there is no effect.

So another words Spam Assassin is not doing us any good.

I have as well noticed over the past two weeks and increase in spam. I have checked mail headers and these blatant spams are scored as a negative score or less than 1. Here's one that popped in while I was typing this. The message was only a link to a russian domain.

Natalie, Glad to see you taking a couple of steps to protect yourself. As for a robots.txt, just prevents a search engine crawling your site/directories. That doesn't mean, someone who knows the url to just type it in. Index listing is default of Apache webserver. If a index.html, index.htm, or index.php is not found, the directory is printed. This can be handy in some cases. I have Apache running on my computer at home. I have password protected a folder, and can login and retrieve any file from that folder. Yes, I wrote the php script myself. Here's a link that outlines the same idea. MP3 Streaming Script Since you are already using php & mysql running Mambo, you wouldn't need much more to put this into place. Upload files using a script that stores the info in the DB. Use php to create a cookie, check for valid cookie. If cookie is valid, get a file name from the DB, and stream to user. Let me know if you would like some help.

Natalie, Another issue looks like you should fix, is prevent directory listing. Login into cPanel go down to the bottom under Advanced section, and click on Index Manager. Click okay to select the default folder. From the folder tree click on your audio folder. On the following screen, choose "No Indexing" radio box and hit okay. Right now if you type in your address pointing to the audio folder, all of the folders and files are shown. This allows anyone to be able to download or access all of the content under this folder. Or you can upload a blank index.html file into all of your subdirectories, so the files are not shown. In regards to using .htaccess, it seems you are on the right track. Check if your audio folder also has a .htaccess file as subdirectories override the one in your webroot. If you can't get it working using .htaccess, you may consider using php and mysql database to handle the process. For I site I am working on, a user can upload a file (ie. image or mp3). The files are uploaded to random folders and added to a database. I use a php script that calls a file id (ie. http://www.natilie-brown.com/mp3/1), checks the user/referrer, gets the file location from the DB, and then streams the file to the browser. It would be very difficult for a user to ever guess the real filename and real directory to hotlink the file. This approach is transparent to the user, and offers a level of authentication.

I am using OsCommerce cart and now the UPS (XML) Shipping module doesn't function now either. It uses curl to submit & retrieve UPS rates. The checkout_shipping.php page hangs if this module is enabled. I have enabled the stock UPS shipping module for a temporary workaround. UPS XML has worked fine for the last year or so. No code changes. phpinfo() shows curl enabled and version libcurl/7.15.3 OpenSSL/0.9.7a zlib/1.1.4.

I use a gallery script, and have directory indexing off. I don't have any remaining install scripts left. Just thought it a little odd to have all of these errors in the log.

My site was recently hacked in a creloaded script directory, and my site was reprovisioned. Prior to that, and currently I see alot of hits in the error log on url's lite /mysite/some+term.php. All are different variants, and different ip's. I have seen an increase over the last 3 months. The hack was done in an images directory, and alot the urls point into other image directories. Any ideas, or concerns for this issue, or is it common among most sites.

dhilke, I don't know why, but I found that I could only create & edit my cgi scripts from within cpanel's file manager. At first I was using notepad, and ftp'ing them to my cgi-bin and then chmod the script. Everytime I tried that, I got error 500. Try creating, copying & pasting in cpanel once.

I found that the dashes (-) in the sa-learn command line where incorrect in TCH-Bruce's post. They were a longer ascii dash in the post, but should be a standard dash between [0] & [=]. Output is working example: Learning SPAM: .................... Learned (6) messages (15 examined). >#!/usr/bin/perl use CGI::Carp qw(fatalsToBrowser); my $salearn = "/usr/bin/sa-learn"; $|; print "Content-type: text/plain\n\n"; print "Learning SPAM:\n"; print `$salearn -p /home/tchaccount/.spamassassin/user_prefs --mbox --spam --showdots /home/tchaccount/mail/myspam 2>&1`; print "\n\n"; print "Learning HAM:\n"; print `$salearn -p /home/tchaccount/.spamassassin/user_prefs --mbox --ham --showdots /home/tchaccount/mail/myham 2>&1`; print "\n\n"; exit;