editor

Nice upgrade! I have two active domains hosted by TCH but only one shows up in the billing portal. Is there an easy way to add the other?

Thanks for your help. I checked my scripts against the Secunia database and found no matches. I rechecked all my cgi scripts as well as all my folders and sub folders, and they're all 755. I run NOD32 Anti Virus software (real-time protection) and also regularly scan with Spybot (also real-time protection) and Ad-Aware, so I'm reasonably certain that my computer is secure.

Thanks for your response. I appreciate your help. This begs an interesting question: How would the average Web site owner "check" his/her scripts? Do the TCH techs review scripts for safety if asked to do so? Is there some other way to ensure that scripts are safe? I use a number of very small PERL scripts on my site. I have only a minimal knowledge of PERL but enough to modify them as needed so that they do what I want them to do. I can't see anything in them that looks suspicious to *my* eyes, and most have been in continuous use by me for years with no issues. The only permissions that I have modified on my site are for the cgi scripts, and they are all set to CHMOD 755, which is rwxrxrx I believe. That's what all the instructions say to do. Is rwxrxrx safe? Based on this definition, I would say that I'm probably not using any unsecured applications. I'm not running a forum or other third-party applications. I use a simple shopping cart, but it's JavaScript-based. I've used it for many years without any issues. All this still leaves me scratching my head. I wonder if I'll ever know how those rogue files came to be on my Web site, and who put them there?

I discovered that my site was recently hacked. I found bad files that I had never uploaded, some that required help from TCH to remove. All is back to normal now (I hope). The TCH tech who helped me provided these tips to prevent hacking: (1) I understand what complex passwords are and am now using them. (2) I will be changing my passwords more frequently from now on. (3) I don't know what is meant by "unsecured scripts." (4) I don't know what is meant by "full permissions to files/folders." (5) I keep my site fully backed up. (6) I don't know what is meant by "unsecured applications." Could someone help me to understand points 3, 4 and 6, please. Thanks for whatever assistance you can offer!

Thanks for the tip. Before I password protected the single file in my directory (see my reply to Bruce above), I tried adding the trailing slash and found that it did indeed eliminate the multiple prompts. Knowing this may be useful in the future. Thanks again.

I was simply trying to protect the single file within that directory. I don't know why it didn't occur to me to try protecting THAT file rather than the whole directory. I've now done that and everything seems to be working well. Thanks for your input.

I'm trying to protect a directory with a password through cPanel using .htaccess. I followed the tutorial provided in cPanel and thought that I had done everything correctly. However, I now find that I'm routinely receiving multiple prompts for username and password. In other words, when I try to access the directory, I'm prompted to enter my username and password. I do so and hit enter, only to receive another such prompt. Sometimes I need to repeat this procedure three times before finally gaining access to the directory. Does anyone know what I'm doing wrong?

Thanks for the advice. I don't know perl or php well enough to write such a script from scratch. I've just spent more than an hour searching the Internet via Google as well as looking as sites like Hotscripts but can't seem to locate anything suitable. I've found scripts like dbsender and backup2mail but they're designed to work with MySQL databases. I'm dealing with a single file (which would probably require a much simpler script). Does anyone know of a script that will work for me?

I'm running a cron job that backs up a single directory every night. It looks like this: tar -czvf /home2/******/backup.tar.gz /home2/******/data/board/users Each time it runs it sends an e-mail that lists the files in the "users" directory that have been compressed into the tar file. Is there a way to change the cron job so that the actual backup.tar.gz file is e-mailed to me each night instead of the list?

I believe a program called Empty Temp Folders will do that for you. It can be set to delete zero byte files. http://www.danish-shareware.dk/soft/emptemp/index.html

I submitted the ticket, the modules were installed swiftly, and the script now works beautifully! Thanks again for all your help!

I appreciate the help. However, the modified script generates a "Premature end of script headers" error.

I have a perl script that records member logins on my Web site. Here's part of the code: _____ open(FILE, ">>$log_file"); {($sec,$min,$hour,$day,$month) = localtime(); $month++; if ($hour < 10) { $hour = "0$hour"; } if ($min < 10) { $min = "0$min"; } } if ($password ne "xxxx") { print FILE "$month/$day $hour:$min $password $ENV{'REMOTE_ADDR'}\n"; close(FILE); _____ The problem is that the time printed to the log file for each login is one hour ahead of the time where I live. Presumably, localtime() on the server where my Web site resides (Server 24) is Eastern Time, whereas I live in the Central Time zone. What changes could I make to the script so that the time it prints to the log file matches my own time zone?

Thanks to all who replied to this topic, and especially to TCH-Bruce. Just "talking" it through has given me clarity concerning how to proceed. I began by stating that "I'm a very happy TCH customer overall," and I remain so. The helpfulness demonstrated here is just one of many reasons why!

Thanks for stickin' with me on this, Bruce. I need just a little bit more help in order to get my head wrapped around what you're telling me... I've already asked my subscribers to whitelist "my_business@my_domain.com". If I send them mail that originates from "my_home@my_isp.com" but have "my_business@my_domain.com" in the "From:" and "Reply-to:" fields, are you saying that the message should make it past most spam filters? No offense, but aren't spam filters supposed to be "smarter" than that? Also, isn't it possible that some ISP's may have rules in place forbidding their users from doing this sort of thing (that is, from faking addresses in outgoing e-mail)?

I thought about doing that, but doesn't addressing e-mail in this way run the risk of triggering some types of spam filters? In other words, isn't there some potential that spam filters will stop mail from being delivered because it originated from someplace other than where the "From:" address indicates within the message (which in this case would be one of your domain's e-mail addresses instead of the real source, your ISP account e-mail address)?

My ISP allows 100 messages to be sent at a time to a maximum of 1,000 per hour. That rate would certainly be workable, however.... When one spends good money for the purchase of a domain name and spends years building a brand around it, sending mail from your home ISP seems -- no, IS -- just plain unprofessional!

Ummm.... Square me away concerning what, Steve? Are you asking me to submit a ticket to get my CGI sendmail question answered? Maybe you're hinting that TCH now has something available that will accommodate clients with large mailing lists like mine! That would be great (and worth paying extra for, by the way, if that's what it takes). Having to move my e-mail to another host is a pain and not something I would prefer to do!

Thanks for the suggestion. That's actually what I've been doing. I use GroupMail Pro to send individual, personalized newsletters and it takes about 9 hours to mail my list at a rate that's in accordance with TCH's limits. I managed okay when I sent my newsletter once every five weeks, but expansion plans may now have me sending a smaller, DAILY newsletter! Content for each issue will be heavily dependent upon timely feedback from the previous edition. A 9-hour+ send time means that I may find myself working on the new issue before subscribers have even received and read the previous one. That's simply not workable!

These are probably stupid questions, but here goes... I'm a very happy TCH customer overall, but their low sending limits may require me to have my e-mail hosted elsewhere (I publish a newsletter with 1300 subscribers and growing). Would doing so affect the sendmail function of my CGI scripts in any way? Would having my e-mail hosted on a different server affect any other common Web site function?

I've been examining the code in a CGI based discussion board system and have found that several internal directories that store posted messages, user data, etc. have .htaccess files in them that contain this simple text and nothing more: deny all Obviously the scripts associated with this discussion board can still access the contents of those directories, but does deny all make them essentially "bullet-proof" against all outside access?

Is the cgi-bin directory more secure than other directories? I'm aware that CGI scripts can run both inside and outside the cgi-bin here at TCH. I was just wondering if security was a consideration.

Here's one for the "It seemed like a good idea at the time" department. I installed the .htaccess code above on a couple of directories on January 1st and almost immediately began receiving complaints about inaccessible pages -- even when visitors clicked internal links to reach them. After some research I discovered that a number of my visitors are running security software which disables referrer logging. The Opera browser can do this, and so can Firefox with the Web Developer extension installed. Apparently Norton Internet Security, ZoneAlarm Pro and a number of other security programs can also disable referrer logging, and if this option has been knowingly or unknowingly implemented by Web surfers, this nifty little .htaccess code will stop them dead in their tracks! Rather than trying to convince visitors to re-enable referrer logging (assuming they even know what it is and how to do it), I chose to remove the code. Back to the drawing board, as they say!

Would I be correct in assuming that this .htaccess configuration will not allow access to search engine spiders?

Perfect! I gave it a try and it appears to do exactly what I want. Do you have any suggestions concerning where I can learn more about .htaccess and all the things like this that one can do with it? An online guide, perhaps? Many thanks for such a simple and elegant solution!