Jump to content

Striver

Members
  • Content Count

    216
  • Joined

  • Last visited

Everything posted by Striver

  1. I have read some about that option but some experts seem to think it opens more security holes than it closes...and of course I don't know enough about it yet to know who is right When I was doing a lot of PERL programming I noticed that password protecting a directory like this didn't seem to lock out local programs. Not sure exactly whether that would fix this and I would need to set up another server to test it to...hmmm...maybe time to fire up this old linux box I have sitting here...ack!
  2. LOL! I had a feeling that might be the case...now that leaves me with a dilema. I suppose I will have to do the same just to be safe... I wonder if there is a mod floating around that addresses this problem somehow...
  3. I set up an SMF first to give it a try...there are good reasons that phpbb is more popular I am actually running the cache at 755 and haven't had any problems. The file ownership of the files in the cache is set up a bit different so they aren't as easy to chmod but I have read you can set them to 755 as well. I was just hoping there might be a phpbb guru lurking around here somewhere and speaking of users uploading their own avatars...I tried to replace mine here but it wouldn't take the new one...it just deleted the old one. I had to link to the pic on my site. Lee
  4. I recently installed the latest version of phpbb (2.0.22). I know I can't make it bullet proof but I want to come as close as possible. One thing I noticed is that the cache and avatar directories and their content are chmod 777. That gives me the heeby-jeebies because that is a rather dangerous permission combination. Is this just the way this particular program needs things set up? Can it, or should it be changed? And most of all...what is your best tip for phpbb security that I may not know? in case you are curious the forum is here... http://www.verchi.com/forum002/
  5. It has been a while since I posted anything here. To be honest, TCH is easy to forget about. I get up every morning and check my e-mail and it is always there without fail. Day after day, week after week, month after month, year after year, it just keeps working without attracting any attention. My web site is always there. When I want to post a picture on some other site it always works. In fact I can't remember the last time I had a problem with TCH. It makes it real easy to completely forget about these great people here quietly working away every day providing a high quality service that never messes up to remind you it is there. So if your eyes are glazing over from crawling through page after page of google listings, trying to figure out which web hosting companies are for real and which are run by some 16-year-old kid out of his bedroom...well...just stop right here. This place is for real. They will do their very best for you at a very reasonable price. Lee
  6. So yeah...I have the hotlink protection set up with a custom image to replace any image linked from an unauthorized site. I have had it set up that way for a long time. I have noticed in the past that the replacement image didn't show up when I checked on unauthorized links. I just got the standard little red X. I didn't really care that much so I just forgot about it. I was trying to track specific traffic through my site last night and the recent visitors link wasn't being cooperative so I downloaded the full log file for the first time in years. To my surprise I was getting up to 10 requests per second almost continuously from single IPs for my replacement image used in the hotlink protection. My log file was so flooded with these requests it had become completely useless without loading it into a DB program and filtering them out. So my next step was to try to open a TCH help ticket and that was when I ran into the next problem. Now just about the number one error in customer support is the support desk guy who hears a single keyword, goes on autopilot and ignores everything else the customer says. Yeah...sure 99.999 percent of the people who request support on hotlinks just want to know how to set it up so it is pretty easy to just shut your brain off and go onto automatic. Unfortunately that often causes serious problems for users like myself who only contact customer support when the problem is non-standard. So it really astonished me when I discovered that, not only was TCH making this mistake, but they had actually installed a program that automatically makes this mistake for them. When I tried to open a help ticket asking if perhaps someone might know something to stop the steady stream of hits from the same IP number on my hotlink redirect image, my request was rejected automatically and I was sent to a standard help page telling me how to set up hot link protection. Sorry...I already know how to set up hot link protection. What I want to know is why that hotlink protection seems to be malfunctioning. But all I get is an automated customer service error generation system that automatically misinterprets my request and sends me to a totally useless page that, according to the nifty rating system at the bottom, the majority of visitors have found as useless as I found it. So I gave up and went to bed, got a good night's sleep and got up this morning to take another shot at the problem. That helped. It didn't take me long to figure out what was happening. The way Cpanel sets it up, any link to an image from an unauthorized site is redirected to another image. However, when that second image is requested in place of the first, the server looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. looks at the referrer, decides it is invalid, and redirects to another image. I think you get the point...and this happens up to 600 times per minute per IP requesting the image. So I fixed it by redirecting to an image in one of the directories that I have excluded from hotlink protection. You might think about adding that information to your automatic customer service error generation system Lee
  7. Crazy (remember? I've still got a Bob Wills album on Vinyl!)
  8. Cat (haven't we been here before?)
×
×
  • Create New...