|
I think they mean redirection is normally set up as a high-performance behind the scenes thing that doesn't make the client get forwarded through an extra page?
|
#
?
Apr 17, 2019 18:10
|
|
|
|
| # ? Jun 4, 2024 02:09 |
|
|
A 3xx HTTP forward is well known as a proper redirect, etc A web page that loads javascript will probably be considered your new index.html with no content.
|
|
#
?
Apr 18, 2019 00:20
|
|
|
I'm not sure if this is the right thread for this or not, so if it isn't, my apologizes. I've got an Apache2 web server which is currently serving up a lot of different content: a website, a REST API on flask-restful etc. The server is firewalled to hell and back: basically only HTTP and SSH ports are open, and we can't change this. Despite this, we'd need to listen internally to certain ports so a couple of different bots / servers can function correctly. I know this is something you CAN do with Apache2: have external directories and URLs direct to different internal addresses and ports, ie. have myserver.com/app2/login redirect to localhost:8001/login and myserver.com/app1/login redirect to localhost:4141/login for instance. But I'm not good enough at Apache2 magic to know how to do it myself. Can someone walk me through it, so I can learn and be smarter in the future? EDIT: turns out I was smart enough to do it after all and got it done after some trial and error. Shaman Tank Spec fucked around with this message at 11:30 on Apr 23, 2019 |
|
#
?
Apr 23, 2019 11:12
|
|
|
It's just configuring another Listen address with the extra port, and then setting up a VirtualHost section for that port. Looks like you figured it out.
|
|
#
?
Apr 23, 2019 11:31
|
|
|
nem posted:WordPress is only as safe as you let it be. People do stupid things, so if you can't trust your friend to not do stupid things then pass. Just today I handled a situation where a theme allowed a user to enter an arbitrary email address and send a copy to itself... sure enough that was exploited by a Chinese botnet of around 250 distinct addresses to spam. analogy i use with one of my clients: Each wordpress plugin/theme you install is like raw-dogging a random hooker off the streets. maybe you get lucky, or maybe your entire site ends up with herpes (Easy WP SMTP i am looking at you) also Why is wordpress so loving popular. IT IS SO BAD AND STUPIDLY DESIGNED (like 99% of php apps are). Elementor is pretty sweet I admit.
|
|
#
?
Apr 28, 2019 09:32
|
|
|
Alpha Mayo posted:also Why is wordpress so loving popular. IT IS SO BAD AND STUPIDLY DESIGNED (like 99% of php apps are). Elementor is pretty sweet I admit. Accessibility. Duration of existence. Technical debt. Node is slowly working its way into this pantheon of languages that attract some really bad developers. WordPress as a framework is fine; it could be faster and hopefully mandating PHP 5.6 minimum is a step towards achieving it. What people bolt onto WordPress, for the most part, is not. People that install 30 addons are also doing a great disservice to WP. Emergent SaaS panels (ServerPilot, Moss, RunCloud) that can't be bothered to update plugins/themes are further exacerbating this problem with WP. WordPress accounted for 90 percent of all hacked CMS sites in 2018
|
|
#
?
Apr 29, 2019 00:36
|
|
|
how do you h andle having hacked wordpress instances on your network at any given time? like, pro-actively or
|
|
#
?
Apr 30, 2019 02:20
|
|
|
I've been using Site5 as webhosting for years, pretty much just for email and the occasional image host. Today, my wife tells me she's not getting emails, I look into it, and it looks like the back end of my website no longer exists. I've been meaning to look into moving email to another, less costly option, but I'm lazy and unmotivated, and it was working, so I just took the path of least resistance, and it just bit me in the rear end. So now my website and all my files on it are gone (both our email accounts, though our local email clients seem to have downloaded everything, so we've got that at least), so I've got a REAL reason to move things over ASAP. I've got a support ticket open with Site5, but reading from back around page 103, it sounds like Site5 was bought out a while back and it's now a shitshow (which really sucks, because I just renewed my domain for 2 years last September, so I've still got about a year and a half left paid for). Is anyone else still using Site5, and did your website disappear, possibly around 4/26 (last time my phone synced with email)? Depending on how (if) they respond, I'm thinking of making a move. Since I pretty much just use it for email, it looks like I can transfer my domain from the current registrar to Google Domains, and then just have the email accounts to go their Gmail servers. Has anyone done this? Is anyone aware of any drawbacks to doing this, and assuming Site5 can restore from a backup, can I move all the old email from my old hosting to Gmail? Will the two accounts be separate in the Gmail interface, or will they all be interspersed but tagged with the different accounts? Is there a better/cheaper way to do what I'm doing (keep the same email addresses, possibly move all the old emails over assuming they can be restored, have a new email-only back end)? Edit: Got a response from Site5, looks like it's ACTUALLY a problem with my registrar, they've defaulted my nameservers. So I'm still going to look into moving my domain and killing off my hosting, but for now I'm trying to fix this nameserver issue! Wa11y fucked around with this message at 01:24 on May 2, 2019 |
|
#
?
May 1, 2019 23:33
|
|
|
StabbinHobo posted:how do you h andle having hacked wordpress instances on your network at any given time? like, pro-actively or Variety of layers.
No solution is 100% secure as policy evolves generally in response. Most of my recommendations evolved as means to combat vectors. As far as security plugins like WordFence go, high cost and very little payoff. Filtering needs to happen earlier in the processing axis rather than after connection + processing otherwise it's far too easy to induce a DoS. By the way, check out apnscp, which is a culmination of my work over these years. I've allocated an unlimited number of free lifetime licenses for SA as a thank you for bankrolling development through Hostineer over these years.
|
|
#
?
May 6, 2019 18:29
|
|
|
Very interesting post. Would you generally consider state-of-the-art, well maintained shared webhosting to be secure enough to run a private instance of nextcloud or is that still a horrible idea? How common is it for a shared webhost to get compromised to the point where an attacker has access to all user data on the machine? Surely the attack surface is huge with all the outdated scripts running on it. Is a cloud VPS really that much better in that regard, they also use shared resources after all?
|
|
#
?
May 7, 2019 12:13
|
|
|
eames posted:Very interesting post. Would you generally consider state-of-the-art, well maintained shared webhosting to be secure enough to run a private instance of nextcloud or is that still a horrible idea? A properly secured server isolates customer accounts so they cannot access other account data using containers or virtual environments. If a server is compromised at the root level, that changes everything. This is a lot less common among reputable hosting providers. Cloud VPS servers don't share all resources, the exception being CPU. Disk and memory are fairly dedicated on KVM VPS servers but CPU is almost always shared. On a properly balanced setup, this isn't really a bad thing. Nextcloud belongs on a VPS, most (not all) shared hosting providers don't allow file hosting services like OwnCloud or Nextcloud to run on those types of accounts. Be sure to check the ToS / AUP before getting Nextcloud setup and running 
DarkLotus fucked around with this message at 13:45 on May 7, 2019 |
|
#
?
May 7, 2019 13:41
|
|
|
Thanks this is all great info and exactly what I've been looking for, and I'll check out apnscp
|
|
#
?
May 7, 2019 13:48
|
|
|
DarkLotus posted:A properly secured server isolates customer accounts so they cannot access other account data using containers or virtual environments. Thanks for the response. I already have an "experimental" nextcloud installation running on a shared webhost and asked permission my local hoster before booking the package and installing it. Oddly enough they do allow it on their smaller hosting package but not on their "fair-use" offer, likely due to overselling/abuse/etc. I only need <1% of the 100GB webspace offered so that's fine with me. Because it is a shared webhost I currently only use it as an audioplayer, rss reader and to share files that I'd normally send via e-mail instead. I don't trust it with my contacts/calendar/documents for fear of the server getting compromised which admittedly kind of defeats the point of it. It seems like there's little point in having an updated, well maintained nextcloud installation with strong passwords and 2FA when an attacker could gain root access through a vulnerability enabled by some other user account's outdated wordpress from 2010 running on php 5.3. I did consider getting a KVM VPS but that would add large amount of maintenance burden for unattended upgrades/hardening/brute force protection/clean "A+" SSL cert setup/mailserver with spamfilter and spf/dkim/dmarc and all the many other little but important things that a hoster takes care of. BTW I was a customer of Lithium for years and always very happy with the service and support, highly recommended!
|
|
#
?
May 7, 2019 17:12
|
|
|
eames posted:Very interesting post. Would you generally consider state-of-the-art, well maintained shared webhosting to be secure enough to run a private instance of nextcloud or is that still a horrible idea? DarkLotus posted:A properly secured server isolates customer accounts so they cannot access other account data using containers or virtual environments. Pretty much this. If the server is properly managed, then accounts will remain isolated from one another. If a server falls several critical updates behind, bitrot sets in, and you've got some local privilege escalation then goodbye sensitive data. Every host runs their process differently; some follow tight policies whereas others duct tape things together and hope for the best. For example, when I moved operations from TX to GA, JaguarPC co-owned Gnax (Zayo ATL now). Their shared hosting outfit was consumer-grade tower PCs on baker's racks. You could've built out a similar spec'd system by going to MicroCenter and buying hardware from the discount bin. We've come a long way since the mid 2000s. Containers, which are namespaces internally, provide necessary isolation. But then again your host could always do something stupid like enable mod_includes that would allow a symlink to circumvent +SymLinksIfOwnerMatch and present any file wherever in plain-text. VPS isn't inherently more secure, especially if you approach it with a "set it and forget it" mentality. We're governed by the physical world and in the physical world poo poo breaks. A good shared hosting provider will have stringent security policies in place to safeguard customer data. A good VPS provider will apply appropriate microcode updates to protect against hypervisor exploits. A bad provider won't do any of this (and probably doesn't shred confidential documents either). I recommend budgeting 10 hours per week into learning how to manage a server if you go VPS. It is an extremely affordable solution, but should be approached from the perspective you're buying a dedicated server and saddled with equivalent responsibilities.
|
|
#
?
May 7, 2019 17:27
|
|
|
mewse posted:Yeah I'm gonna switch when I move to the new ispmail guide for the next debian release, I already have a new VPS, just need to get off my rear end. Lol I posted this in July last year. I've finally been setting up the latest ispmail guide for debian stretch, and I switched mail over yesterday. HOLY poo poo rspamd is amazing vs spamassassin! Password extortion emails aren't even being accepted by my server anymore. Having clamav set up with real signatures is awesome as well.
|
|
#
?
May 9, 2019 17:17
|
|
|
Does anyone have any experience of those apps/frameworks for managing lots of WordPress installs? Something that you install as a plugin on each individual site and then manage centrally... The number of WordPress sites I manage for various clients just hit 60, and while I have as much auto-updating enabled as possible, I still have a lot of busywork to do when there's an update to Yoast or whatever. Would love to handle it all centrally. Re: WordPress security chat from a few posts up, it used to be much more of an issue for me, but I've been relatively hack-free for a long time now. I don't do anything particularly elaborate either, just obvious stuff like Wordfence, minimising plugins, not calling your admin account "admin", etc.
|
|
#
?
May 14, 2019 10:13
|
|
|
How much management are you expecting? How much legwork do you expect to do? What plugins are you looking at? Different servers or the same? A breach in one plugin would allow a hacker to bypass the plugin on your WP site and allow carte blanch access to whatever the plugin would have been entitled to access.
|
|
#
?
May 14, 2019 17:17
|
|
|
I've been trying out ManageWP today and it seems good enough for what I want. Way better than when I used it years ago.
|
|
#
?
May 14, 2019 17:40
|
|
|
fuf posted:I've been trying out ManageWP today and it seems good enough for what I want. Way better than when I used it years ago. ManageWP was going to be my recommendation. We have around 70 sites in there, and it's been rock solid, especially since their 'Orion' update around a year ago. Pricing wise it's not too bad either if you just want backups and management.
|
|
#
?
May 14, 2019 20:34
|
|
|
frogbs posted:ManageWP was going to be my recommendation. We have around 70 sites in there, and it's been rock solid, especially since their 'Orion' update around a year ago. Pricing wise it's not too bad either if you just want backups and management. Thanks, good to know. I already have backups handled elsewhere but the backup option is tempting just because the site clone / migration tool looks handy.
|
|
#
?
May 15, 2019 09:34
|
|
|
Is there a WordPress/Webdev thread? If so, please re-direct me because I couldn't find it. I made a simple bootstrap landing page for a friend's small business, but every few months it re-installs wordpress. No biggie, delete WP files and upload my backup, but it's becoming a real pain in my rear end because I can't figure out what's causing the re-install. I figure there's some file in another directory causing this via WP update. I've looked through the log file, but nothing jumps out at me. They seem to just appear out of nowhere.
|
|
#
?
May 17, 2019 04:43
|
|
|
Noslo posted:Is there a WordPress/Webdev thread? If so, please re-direct me because I couldn't find it. Web Dev: https://forums.somethingawful.com/showthread.php?threadid=3554791 WordPress: https://forums.somethingawful.com/showthread.php?threadid=3161913 My question: If I wanted to snag a domain that's registered but not in use and expiring soon, what do people recommend for how to go about it? I have a stupid idea that I'm sure is going to make my life hell but I need a certain domain first.
|
|
#
?
May 21, 2019 02:24
|
|
|
How badly do you want it, how much do you want to spend, do you think it will autorenew, and how popular do you think it is If you really really badly want it, the place it's registered at likely auctions it off or otherwise has private partnerships of some sort to pick up dropped domains first. If it isn't overly necessary something I did was pick a domain reseller company iwth an API and just attempt a registration with a cron/bash script nonstop
|
|
#
?
May 21, 2019 19:51
|
|
|
I've only backordered 1 domain in my life. Prevailing wisdom I've heard through the grapevine is to backorder from the same company the domain is registered through, but registrars do sneaky poo poo. Namecheap and Netsol still do domain tasting anecdotally even though the practice was supposedly eradicated in 2009 by way of registration fees. You can try a backordering service from a registrar, e.g. GoDaddy, or even too hammering a registration API as Biowarfare recommends. Domain should drop 30 days after it expires.
|
|
#
?
May 21, 2019 22:15
|
|
|
I own a domain and pay monthly for economy hosting at the lithiumhosting.com . I installed OpenResty from the Debian repo, as well as LuaJIT. I want use a framework as suggested to complete my artistic vision as a website. Would my host be able to handle this, or am I stuck with their cPanel and whatever default stuff?
|
|
#
?
Jun 17, 2019 10:23
|
|
|
das crikstar posted:I own a domain and pay monthly for economy hosting at the lithiumhosting.com . I installed OpenResty from the Debian repo, as well as LuaJIT. I want use a framework as suggested to complete my artistic vision as a website. Would my host be able to handle this, or am I stuck with their cPanel and whatever default stuff? If you are going to use OpenResty, you will want a VPS running nginx as the web server and then whatever webapp you are managing. The hosting you have does not utilize nginx as the web server and you would have no control over it at that level anyways. If you want to leave the server management to us, you are stuck with what is provided in your shared hosting account.
|
|
#
?
Jun 17, 2019 15:10
|
|
|
DarkLotus posted:If you are going to use OpenResty, you will want a VPS running nginx as the web server and then whatever webapp you are managing. I will stick with what I got with you as I have been happy. I have so much to learn, and can find a lot to keep me busy with my humble web page. Thanks!
|
|
#
?
Jun 17, 2019 21:45
|
|
|
I want to make a very, very simple website for probably a dumb reason (archiving information on a dumb niche video game from the 90s after I discovered many of the fansites I used to visit have disappeared). I have a domain name through Google Domains. I have tried Squarespace, but it's too complicated to get it to do what I want. It's all templates and pre-installed graphics/images and its just a huge pain in the rear end. Back in high school, I used a  copy of Dreamweaver to write a lovely basic website with a list of pages on the left, and content in the middle. I basically want the 2019 version of that, since all it'll have to display is text and the occasional table with sprites.1. What service or tool should I use to create this? 2. What host should I look at for something like this? Thanks for any information you can share.
|
|
#
?
Jun 21, 2019 01:16
|
|
|
Annath posted:1. What service or tool should I use to create this? I may be jumping ahead here but if you do end up doing just plain HTML, maybe look at using Amazon S3 for hosting. It should be pretty low cost per month for this use case. If you just want a plain site and don't necessarily care about doing all the HTML yourself, maybe Google Sites? I'm pretty sure they're free, and they support custom domains.
|
|
#
?
Jun 21, 2019 02:09
|
|
|
Soaring Kestrel posted:I may be jumping ahead here but if you do end up doing just plain HTML, maybe look at using Amazon S3 for hosting. It should be pretty low cost per month for this use case. Thanks for the tip on Google Sites. Any ideas what's causing that? Nevermind, it was because the site was set to restrict who could view it. Annath fucked around with this message at 03:31 on Jun 21, 2019 |
|
#
?
Jun 21, 2019 03:29
|
|
|
Netlify and GitHub Pages are free. Wouldn't dick with S3 for that use case.
|
|
#
?
Jun 21, 2019 03:46
|
|
|
cPanel announces a price increase driving up the costs 3-4x for many high density providers. Expect some of the smaller players on narrow margins and resellers to hurt from this change. Welcome to the world of Oakley Capital 
|
|
#
?
Jun 27, 2019 18:33
|
|
|
Big ask here, but does anybody know of a VPS provider that (1) allows VMs to be provisioned by API (2) would build a relationship with me to host Tor exit nodes? In my experience you need to be a large company to fulfill the former and a small company to fulfill the latter. (I'm interested in reselling Tor exit nodes and handling the administrative overhead, spam blocking etc.)
|
|
#
?
Jun 29, 2019 03:30
|
|
|
DigitalOcean
|
|
#
?
Jun 29, 2019 03:49
|
|
|
jaegerx posted:DigitalOcean Their abuse department consists of a paper shredder so this would be a good idea.
|
|
#
?
Jun 29, 2019 12:53
|
|
|
nem posted:Their abuse department consists of a paper shredder so this would be a good idea. did you read the whole story? that company was on credit and they didn't follow the rules.
|
|
#
?
Jun 29, 2019 13:02
|
|
|
From what I can read DigitalOcean's policy is that you can run a Tor exit node but you're responsible for the traffic, which is hard to accommodate even if I set up a lot of filtering rules, an email address for abuse reports, etc. In a forum post they say you can run a VPN for your own traffic but not a public VPN, and that you can run a Tor exit node but only for your own traffic. Not sure if they understand what that means.
|
|
#
?
Jun 29, 2019 14:14
|
|
|
I'd start with this list then narrow it down based on your other requirements https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
|
|
#
?
Jun 29, 2019 14:30
|
|
|
jaegerx posted:did you read the whole story? that company was on credit and they didn't follow the rules. Which one? I’m referring to my experience with them never acting on abuse reports. It’s more effective to just block their ASN.
|
|
#
?
Jun 29, 2019 16:24
|
|
|
|
| # ? Jun 4, 2024 02:09 |
|
|
nem posted:Which one? I’m referring to my experience with them never acting on abuse reports. It’s more effective to just block their ASN. Every cloud vendor has abuse problems and I’ve personally worked there and I know their abuse team is on the ball. Sometimes excessively
|
|
#
?
Jun 30, 2019 03:20
|
|