Jump to content

telcor

Members
  • Posts

    68
  • Joined

  • Last visited

Posts posted by telcor

  1. I really like the new look of the TCH web sites. Even more I appreciate the life the people of TCH are breathing into its community.

     

    The community is a more challenging aspect of running a modern tech company, and communication with the community can so easily go by the wayside.

     

    Thank you for all your effort.

  2. 99.129.232.64 - - [01/Dec/2009:19:34:02 -0500] "GET /cPanel_magic_revision_1187248694/webmail/x3/branding/favicon.ico HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; GoogleToolbar 6.2.1910.1554; Windows 6.0; MSIE 8.0.6001.18828)"

     

    99.129.232.64 - - [03/Dec/2009:21:36:41 -0500] "GET /cPanel_magic_revision_1187248694/webmail/x3/branding/favicon.ico HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; GoogleToolbar 6.3.1106.427; Windows 6.0; MSIE 8.0.6001.18828)"

     

     

    The above is pretty harmless. Some visitors to your webmail URL have the google toolbar installed. The toolbar is apparently confused and trying to load the favicon for the X3 webmail. As you noticed, there are two different versions of the toolbar doing this. That likely means there are two different comptuers, behind a firewall or proxy, that are accessing webmail.

     

    Based upon the log snippets you provided, this is a likely scenario ( using example.com in place of your website):

     

    1. Person1 accesses example.com/webmail

    2. Because /webmail is valid, a 200 status is logged in the domain log for example.com

    3. The google toolbar gets confused by something in the server response ( some conjecture here as hard data is not available )

    4. The google toolbar attempts to fetch the favicon for webmail, using an invalid URI. This results in the 404 entry in your domain log

    5. Person2 accesses example.com/webmail

    6. Steps 2 - 4 are repeated for Person2, who also has the google tool bar

     

    It looks like both requests are originating on AT&T's network from Milwaukee, Wisconsin ( i.e. milwwi.sbcglobal.net ).

     

    One thing to keep in mind is any domain on a cPanel server will serve up the webmail interface, regardless of whether the email account is associated with the domain or not.

  3. If you have a reseller account, are you backing up from the root account, or from the account of the actual site.

     

    Some time ago, I found that if I back up databases for sites in my reseller account from the root account, it looks like the backup is done, but the backup files do not include all the data from the database.

     

     

    When performing MySQL backups using the Root/Reseller override feature* then a valid .my.cnf file needs to exist in the user's home directory. Otherwise the resulting file with be zero bytes.

     

    * Root/Reseller override: this feature allows one to login to a user's cPanel interface using a combination of the username and the root or reseller password. In this scenario the login does not have access to the MySQL password ( since it is managed by MySQL which handles its own authentication ). Hence the need for a .my.cnf in the account's home directory. The .my.cnf file needs to contain the user name and password and often looks like:

     

    >
    [client]
    user='username'
    pass='temp123'
    

    Please note that the permissions on the .my.cnf file should be 0600 since the MySQL password is often the same as the account password.

     

    if a .my.cnf file exists in the user's home directory, but contains the wrong information then everything will appear to work but no backup will actually occur. If no .my.cnf exists then cPanel will generate an ugly error message.

  4. A few points to keep in mind:

     

    1. GPC is deprecated and will be removed in PHP 6 ( http://us.php.net/manual/en/info.configura...agic-quotes-gpc )

     

    2. GPC should not be relied upon to properly escape values intended for insertion into a Database. It was a kludge added to make string escaping easy and results in far too many XSS attacks. Instead, use one of the following methods.

     

    3. If using the regular MySQL PHP Extension, use the mysql_real_escape_string function ( http://us.php.net/manual/en/function.mysql...cape-string.php ). This function allows you to take into consideration character sets ( which GPC nor mysql_escape_string do not).

     

    4. If using the MySQLi PHP Extension, use Prepared ( http://us.php.net/manual/en/mysqli.prepare.php ) statements.

     

    There is a mysqi_real_escape_string function, but really one should learn how to use Prepared Statements. Or even better, use a Database Abstraction library such as the excellent ADODB ( http://adodb.sourceforge.net/ ).

  5. I have also noticed that the cPanel version is 11 while on the cPanel site they are advertising the 11.24 version.

     

    If you look at cPanel's version list (http://layer1.cpanel.net), cPanel 11.24 is only available in the EDGE and CURRENT branches of cPanel. These branches get updated rather frequently and tend toward a higher deficiency rate.

     

    TCH stays on STABLE (thank you TCH ;)) which tends toward a lower deficiency rate. cPanel 11.24 has to be pushed into the RELEASE branch before it can be pushed into STABLE.

     

    /me remembers to make a backup in anticipation :D

  6. TCH does not use EDGE builds on their servers so this will not work here.

     

    Thank you for the info.

     

    Yeah, I was a bit tired when I posted that. It should have read as more of "Look! New Feature that will be available sometime in the future!" So I'll do a little re-write of the original post.

    EDIT:

     

    OK, so I didn't know there was a window on Editing. Thus the better worded post is:

     

    The EDGE builds of cPanel currently have support for Proxy access to cPanel. This allows access to cPanel functionality via the following URLs:

     

    cpanel.example.com

    whm.example.com

    webmail.example.com

     

    Replace example.com with your domain name. This works for SSL and non-SSL access methods. As noted above, this is in the EDGE branch only at this time (for those unware, normal progression is EDGE -> CURRENT -> RELEASE -> STABLE; I believe TCH uses only the STABLE branch), hence not immediately available in our accounts.

     

    Access happens as with any other website, so those behind restrictive firewalls will be able to access the full functionality of cPanel, Webmail and WHM without current frustrations caused by firewalls.

     

     

    More information can be found in the cPanel change log (http://changelog.cpanel.net) and on the cPanel forum (search for cPanel Proxy).

  7. I'm a little late to the discussion here, too late actually because the thread prompting this is now closed (sigh). Thread in question: http://www.totalchoicehosting.com/forums/i...showtopic=25347

     

    The EDGE builds of cPanel currently have support for Proxy access to cPanel. What this means is we can finally access cPanel using the following URLs:

     

    cpanel.example.com

    whm.example.com

    webmail.example.com

     

    Replace example.com with your domain name. This works for SSL and non-SSL access methods. More information can be found in the cPanel change log (http://changelog.cpanel.net) and on the cPanel forum (search for cPanel Proxy).

     

    Access happens as with any other website, so those behind restrictive firewalls can rejoice in having full access to their account functions.

  8. I created sub-domains and inserted periods in them between words in the sub-domain name.

     

    Cpanel allowed me to create them fine. The web address appears when entered into a browser and the site displays perfectly.

     

    Cpanel returns my sub-domain as being created just fine upon creation. Everything is great!

     

     

    Well... is it really?

     

     

    I noticed a display message that had said to not create a sub-domain with a period.

    Is there an unseen problem with creating a domain like this?

     

    Will it impact my search results in Google? I've seen other operations with periods seperating sub-domains and I am wondering if I'm facing an unanticipated situation here or if I should go ahead since it's working great.

     

    Thank you for listening.

     

    If your primary domain is example.com and you created the sub domain two.levels.example.com, the only problem you will encounter (until fixed) is cPanel won't let you remove two.levels.example.com unless you first create levels.example.com.

  9. Discussion has started on the cPanel forum about this year's conference. Will any TCH'ers be there?

     

    Note: I did not provide a link to any posts on the cPanel forum as visitors must be registered to view the forum.

  10. Except ModSecurity 2.x disabled the ability to use those settings in .htaccess. They can only be used in the Apache configuration file now.

     

    Understandable. Really, the last thing a sys admin wants is a user disabling security.

     

    I understand, however, that the cPanel devs have reviewed the mod_security rules, removing those that break common applications.

  11. Are you looking for modules over and above those preselected in the cPanel EA3 (EasyApache 3) profiles?

     

    Are you going to deploy suPHP or Suhosin? What about mod_security 2?

     

    Final question for this post: will you be offering support for ASP.NET, now that it's available via EA3?

  12. The commotion of going to Current was minor compared to Release. More people tend to run Release than any other branch. A lot of nice little problems popped up, even for those that did prep their servers for the upgrade. The only show-stopper I've seen at this point (with Release) is a problem where /scripts was being updated, but nothing else. Seems something outside of cPanel was awry and causing some systems to be some strange mix of cPanel 10 and 11 ;)

     

     

     

    Edge is lots of fun though, I agree. There's a lot of things in EA3 that are really good (once the httpd.conf business is fully resolved), it's much better, simpler in many ways, than EA2 was, and trounces EA1 soundly :D

×
×
  • Create New...