I'm trying to publish my program so that it can get updates and am told I have to publish my changes to a web server or file share server, but I have no idea about how I can go about getting one...are there free ones that will perform what I need to accomplish?
Ok, I don't know what to do and comments seem to go ignored.
I've tried setting the publish location to sites.google.com/site/mysite.com/filecabinetpage/PQCMFILES
and I got an error saying I needed "Front Page Server Extension Capabilities".
I tried setting it to http://productivityquotient.hostzi.com/PQCMFILES/ and it told me:
Error 1 Failed to connect to 'http://productivityquotient.hostzi.com/PQCMFILES/' with the following error: Unable to create the Web site 'http://productivityquotient.hostzi.com/PQCMFILES'. An error occurred accessing your site configuration files. Authors - if authoring against a web server, please contact the webmaster for this server's site. Webmasters - please see the server's application event log for more details. 1 1 Contact Manager
I tried setting it to a directory on the microsoft site and it said: "unable to create directory. files moved" or something like that.
I can't host it on an ftp server if I intend to use the updates feature and I don't know what to do...
Maybe Microsoft's free web hosting will allow you to do this.
000webhost.com is actually a pretty reliable host, with decent and free advertisement-free hosting. It also supports typical web server things such as FTP access, cpanel and e-mail accounts.
Their limit on free hosting is basically low disk space (1.5 GB) and bandwidth (100 GB/mo) and some minor content restriction. If that seems fine for you, then I highly recommend it. Even on free accounts, their ticket response time is blazing.
NearlyFreeSpeech, while not free, lets you host your application on a pay as you go plan. There are free web-hosts, but most lack the features of costies, such as FTP access.
Related
This is my first post under the Apache tag, so not sure if I have posted it in the correct spot. Apologies if it's not.
We recently had an audit done on our Apache server. It's running on a Windows Server 2012 R2, and I installed Apache 2.4.27 through WAMP.
The results from the Audit are fairly specific, but I don't know where to go in the Config file to fix these. My IMIT department has gone through a number of changes and we no longer have someone who can help me, so I'm stuck.
The three areas I need to correct are:
1) MISSING SECURITY HEADERS Recommendation: Implement HTTP security headers in the web applications to prevent exploitation of vulnerabilities.
2) Recommendation: Make sure that browsable directories do not leak confidential informative or give access to sensitive resources. Additionally, use access restrictions or disable directory indexing for any that do.
3) The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. Recommendation: Disable these methods.
I have looked in the config and in various documentation online but the Windows install for Apache seems to be unique, and I don't want to risk screwing up something that breaks the install.
Any ideas would be greatly appreciated.
Chris
Find httpd.conf file. It should be in the conf folder in the localization where Apache is installed like for ex:
C:/Apache/Apache/conf/httpd.conf
If you're not sure where that is - open task manager, find httpd.exe and check it's properties.
Then add required configuration there.
Check out this helpful github:
https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess
You can check your configuration files for syntax errors without starting the server by using apachectl configtest or the -t command line option.
I am new to Management System. Now I need to control a website. Some days ago, someone hack it — not SQL injection, just file change / new files upload.
I need to know the how can I prevent it; I want to learn.
Please, can someone give me some suggestions?
To prevent this, You need to update your server security with the mod_security, Mod_security is web server firewall so you will have to install and upadte mod_sec rules on your server to prevent this,
Also, Update your site scripts and plugin and themes which you are using for your site.
Use strong password for your cPanel, FTP and site admin panel
Also, Check WHM >> Security Center >> Security Advisor and fix all the Warning which you will get in that scan report.
Install maldet on your server and scan your all user home directory and remove infected files from your account.
On my site, I have an ability for users to upload a file into the server and be able to view all uploaded files in a directory called "public uploads" where users can view all files that's been uploaded by other users. It's the Apache directory page where it says "Index of /uploads". It's sort of a file sharing hub where people can download and share other people's files.
Would there be any security issues with this?
Can a user, say, upload a malicious PHP script, and execute it from the client side?
How can I resolve these issues, should they exist?
Possibly, it all depends on server, PHP and Apache configuration.
See OWASP's Unrestricted File Upload vulnerability page for some of the risks:
The impact of this vulnerability is high, supposed code can be
executed in the server context or on the client. The likelihood of a
detection for the attacker is high. The prevalence is common. As a
result the severity of this type of vulnerability is High.
The web
server can be compromised by uploading and executing a web-shell which
can run commands, browse system files, browse local resources, attack
other servers, and exploit the local vulnerabilities, and so forth.
This may also result in a defacement.
An attacker might be able to put
a phishing page into the website.
An attacker might be able to put
stored XSS into the website.
This vulnerability can make the website
vulnerable to some other types of attacks such as XSS.
Picture uploads
may trigger vulnerabilities in broken picture libraries on a client
(libtiff, IE had problems in the past) if the picture is published
1:1.
Script code or other code may be embedded in the uploaded file,
which gets executed if the picture is published 1:1.
Local
vulnerabilities of real-time monitoring tools, such as an antivirus,
can be exploited.
A malicious file (Unix shell script, windows virus,
reverse shell) can be uploaded on the server in order to execute code
by an administrator or webmaster later -- on the server or on a client
of the admin or webmaster.
The web server might be used as a server in
order to host of malware, illegal software, porn, and other objects.
See my other post for some general guidelines on making file uploads safe.
Allowing users to upload files to a public folder does not pose a risk for your server. They cannot run these files on your server.
It does pose a risk for users that download any of these files. These files may contain a virus or malware. Opening any of these files is a high security risk for your users. Not sure you're doing them a favor offering such a feature.
I've been trying to figure out why I can't add a website record to my domain on WebsitePanel.
The server is running `Win Server '08 R2 with IIS7.5
EDIT 1: Having tried going over this since before the OP date, I've downloaded the source for WebsitePanel and I've determined that the group that it can't find is in fact IIS_IUSRS.
Anyone got any idea why a web application wouldn't be able to find this group?
EDIT 2: After going through the code some more I've discovered that the web app (WebsitePanel) uses WMI to get a list of the user groups from the server. Thinking the issue could be caused by permission restrictions, I gave the web app full access to WMI which didn't improve anything.
This server is meant to host customer websites as well as my own (I deleted the website from IIS thinking there could've been a problem with the site already existing) so a speedy resolution to this will be greatly appreciated.
Thanks for your time.
Answer found...
In the WebsitePanels Web Server configuration, you can specify the group name that it'll use when creating websites.
Once I'd found this, I created the group that it was set to use and successfully added the website.
I work on quite a few DotNetNuke sites, and occasionally (I haven't figured out the common factor yet), when I use the Database Publishing Wizard from Microsoft to create scripts for the site I've created on my Dev server, after running the scripts at the host (usually GoDaddy.com), and uploading the site files, I get an error... I'm 99.9% sure that it's not file related, so not sure where to begin in the DB. Unfortunately with DotNetNuke you don't get the YSOD, but a generic error, with no real way to find the actual exception that has occured.
I'm just curious if anyone has had similar deployment issues using the Database Publishing Wizard, and if so, how they overcame them? I own the RedGate toolset, but some hosts like GoDaddy don't allow you to direct connect to their servers...
The Database Publishing Wizard's generated scripts usually need to be tweaked since it sometimes gets the order wrong of table/procedure creation when dealing with constraints. What I do is first backup the database, then run the script, and if I get an error, I move that query to the end of the script. Continue restoring the database and running the script until it works.
There are two areas that I would look at -
Are you running in the dbo schema and was your scripted database
using dbo?
Are you using an objectqualifier in either your dev or your
production environment? (look at your sqldataprovider configuration
settings)
You should be able to expose the underlying error message by setting the following in the web.config:
customErrors mode="Off"
Could you elaborate on "and uploading the site files"? New instance of DNN? updating an existing site? upgrading DNN version? If upgrade or update -- what files are you adding/overwriting?
Also, when using GoDaddy, can you check to verify that the web site's identity (network service or asp.net machine account depending on your IIS version) has sufficient permissions to the website's file system? It should have modify permissions and these may need to be reapplied if you are overwriting files.
IIS6 (XP, Server 2000, 2003) = ASP.Net Machine Account
IIS7 (Vista, Server 2008) = Network Service
Test your generated scripts on a new local database (using the free SQL Express product or the full meal deal). If it runs fine locally, then you can be confident that it will run elsewhere, all things being equal.
If it bombs when you run it locally, use the process of elimination and work your way through the script execution to find the offending code.
My hunch is that the order of scripts could be off. I think I've had that happen before with the database publishing wizard.
Just read your follow up. In every case that I've had your problem, it was always something to do with the connection string in web.config. Even after hours of staring at it, it was always a connection string issue in web.config. Get up, take a walk and then come back.
If you are getting one of DNN's error pages, there is a chance it may have logged the error to the eventlog table.
Depending on exactly what is happening and what DNN is showing you you might be able to manually look inside the EventLog table, pull out the XML data stored there, and parse it to find the stack trace and detailed information regarding the specific error at hand.
I have found however though that I get MUCH better overall experiences with deployments using backups and restores of my database, that way I am 100% sure that all objects moved correctly, and honestly it works better in my experience.
With GoDaddy I know another MAJOR common issue is incorrect file permissions, preventing DNN from modifying the web.config and other files that it needs to do.