Posts filed under 'Guides'
For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait for patches and upgrades. But for those who make their own PHP scripts from scratch, Chris Shifflet outlines some measures and guidelines.
- The
register_globals directive is a security risk, so do not rely on it as much
- Filter input and sanitize output
- Filter all foreign data
- Filter data using a whitelist approach
- Use existing functions in data filtering
- Use a sctrict naming conventions
- Try placing all modules outside the document root
- Try escaping all characters that can be escaped
For further information, download Shifflet’s PHP Security guide here. You may also want to visit the PHP Security Consortium.
November 6th, 2008
Hotlinking is the use of any files (especially images) hosted on your site and posted on another site. This is technically called bandwidth theft because traffic on the offending site uses up your own bandwidth to serve the files/images.
Here’s a simple way to prevent hotlinking using your cPanel:
* Click on the HotLink Protection button on the home page.
* Enter any other addresses that you will allow to access your site other than the provided defaults in the central area.
* Enter the protected extensions in the Extensions to allow field. Make sure you separate each extension with a comma.
* Enter the address to redirect any hotlinking to in the Url to Redirect to field.
* Click on the Allow direct requests tick box if you want to allow direct URL access to non-HTML files, such as images.
* Click on the Activate button. You’re done!
September 2nd, 2008
The following settings should be used for your email clients. This includes MS Outlook, Outlook Express, Opera, Thunderbird, etc.
1. Default Email Account
Each hosting account has a pop3 email account setup automatically by default on creation. This email account is in the format of username@domain.com and the settings to use in your email program (eg Microsoft Outlook) are as follows:
Incoming mail(POP3): mail.domain.com
Outgoing mail (SMTP): mail.domain.com
Account name: main account username
Password: main account password
In the above settings, your username and password can be found in your welcome email. Also, replace ‘domain.com’ with your actual domain name.
2. Additional Email Accounts
If you have the option of more than one email account with your package you may setup additional email accounts from your cPanel. The settings to use in your email program when accessing these are slightly different and are shown below:
Incoming mail(POP3): mail.domain.com
Outgoing mail (SMTP): mail.domain.com
Account name: email@domain.com
Password: email account password
You should substitute ‘domain.com’ with your actual domain name. ‘email@domain.com’ should be substituted with the full email address you have setup and the password should be the password you entered when setting up the additional account (not your main hosting account password).
July 23rd, 2008
You can upload your files and wbepages using ftp clients such as WS_FTP. Follow the guide instructions below on how to upload files using this client.
1) Dowload a copy of WS_FTP here.
2) Unzip the file to a directory.
3) Run ws_ftp95.exe and you will be prompted by this window: click here to view screenshot.
4) With the access codes provided to you, fill up the window above with the ff. information:
Profile Name: < any name you want >
FTP Host: ftp.yourdomain.com OR < assigned ip address >
Host Type: < Automatic detect >
User ID: < username >
Password: < password > (also click on the save password checkbox)
Reminder: If you click on the Startup Tab (beside the active General tab) you can put public_html/ in the Initial Remote Site Folder field. The downloadble file is already configured with this so you need not do this step. You can also fill up the Initial Local Folder with the exact pass to your files in your PC. This way, when you connect to your FTP, the path to both the local and remote copies of your pages are already set.
5) Once connected, the left side of the window will reflect your local files and folders while the right side window reflects your files on the server.
6) To upload, select the file on the left and click the “arrow” button pointing to the right.
7) To download files, select the respective files in the right side window and click on the “arrow” button pointing to the left.
June 2nd, 2008
This is a short guide on how to use the File Manager in your cPanel.
1) Login to your cPanel and click on the File Manager link icon.
2) A new window will show with the File Manager below:
3) To navigate to a directory, click on the folder icon (encircled in red).
4) To upload files to the current directory, click on the arrow up icon (encircled in green).
5) To delete/copy/move/edit an item, file or directory, click on the text links and a Properties window will show on the top right side of the window as shown below:
June 2nd, 2006
Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enable it on your individual accounts thru .htaccess.
All you need to do is edit your .htaccess in the root folder of your account (or create one via the File Manager if none exist).
Place the ff. line of code in it:
php_flag register_globals on
That’s it.
May 16th, 2006
Tutorial on WordPress Installation: http://www.optiniche.com/blog/freeview.php?v=wp-install
The tutorial assumes that you are on a PC, you are brand new to WordPress (i.e. this is basic info to advanced users), your web host is using cPanel, and you have an understanding of how to manage and configure your FTP program.
Here’s another tutorial on using FTP clients: http://www.ploghost.com/forums/index.php?showtopic=345
April 10th, 2006
This is a cool new tool for searching WHOIS data or simply looking for available domains.
Check out: http://www.ajaxwhois.com
November 20th, 2005
An excerpt of the article written by Mr. Chris K. posted at thehostingnews.com sums up the ins and outs of becoming a hosting reseller:
What is a web host reseller account?
A web host reseller account is a web hosting account that allows you to create hosting packages to sell to your clients. You can also host multiple sites of your own using the disk space allotted to the one hosting account.
Typical features of web host reseller accounts:
They come with a reseller-level control panel that allows you to create your own packages.
You can allocate disk space and bandwidth to each site on the account and change the space and bandwidth specifications if the site’s needs change.
Most reseller accounts provide the option for private nameservers (also called private label, personalized nameservers, or virtual nameservers). For example, if your reseller account is with SomeName Hosting and your company name is ExampleName Services, your clients will enter ns1.examplename.com and ns2.examplename.com for the nameservers for their domains.
With a web host reseller account, you handle account setup, billing, and (usually) support for your clients. Your web host provider maintains the servers and answers your support questions.
While a few starter reseller hosting packages are as small as 500 MB, most reseller providers offer packages starting at 1 GB or larger. A range of packages is usually available, a few going as high as 30 GB of disk space.
Who should become a web host reseller?
1. Individuals or businesses with more than one website
If you have more than one website and the total disk space you need is 500 MB or more, you can benefit from having a reseller account. The cost for web hosting is lower than if you have individual accounts for each site. Also, you can adjust the disk space and bandwidth allocations for each site.
2. Related service providers
A reseller account is also useful for people who provide related services. If you’re a web designer, for example, why stop at designing sites? Provide your clients with web hosting under your company name, and you continue to earn revenue from your web design clients.
Let’s say that you pay $40 a month for a 3-GB reseller account. If you offer 30 100-MB packages at $7 a month, you could earn up to $170 a month (after subtracting your cost) from that reseller account. Add on additional services such as search engine optimization and website maintenance, and your revenue increases again.
Advantages of having a reseller account:
- You can have more flexibility with your web hosting accounts.
- You can save money.
- You can earn more revenue at little cost to yourself.
- You can focus on customer support and leave technical support to your web host.
- Your web host, not you, absorbs server maintenance costs.
Next: Steps to becoming a hosting reseller
July 29th, 2005
Promoting one’s website or web blog is a never-ending task. Most people would ask me how do I do it. It’s not a secret actually, as far as the common tricks are concerned, but a rigorous and consistent effort for SEO is something that must be considered regularly.
I will discuss some of the basic aspects of good search engine optimization techniques I have used and have found quite effective. Note however that these methods might not be the best solution for you but it could provide you with a good insight on how to go about it and maybe refine your own style as well.
1) Content is still king. The more content you have, the more phrases and key words there are for GoogleBot to crawl and index. This is very self-explanatory. Corollary to this is the use of English as the primary language in your texts. Well, if you’re using Tagalog or some other local dialect, chances are, you’d only get hits from people who search for these words and you’ll only get a handful of them.
2) Don’t forget the basic HTML standards. Make good use of the < TITLE > tags. I’ve seen a lot of sites (even corporate ones) that have “Untitled page” as their page titles. Others bother to put titles but they end up placing something like “Yugatech.com” alone and not adding any more descriptive phrases in it. Be more creative and be more descriptive. It would make a lot of difference if you had something like “Yugatech.com - personal portal and online folio of Abe Olandres”. Everyone knows that META tags don’t cut it anymore but hey, it still is a good practice if you do. The least you could do is place the description, keyword and author META tags.
3) A text is a text and an image is an image. We are often tempted to put all sorts of images in headings and titles just to make use of the coolest fonts you just installed yesterday. It’s no biggie but GoogleBot won’t be able to read that like us. If you are so tempted and really wanted to put an image instead of just plain text, don’t forget to fill up the < ALT > and be as descriptive as you can — that one GoogleBot can surely read.
4) Get linked. The more inbound links you have, the more important Google will think your site is, and the higher it will rank it. But they must also be relevant links, meaning, sites with similar theme, interest and content.
5) Update, update, update. Google will only crawl your site again and again if you have fresh content.
6) Make it public. Like any other internet user, if you password protect your content or you require login to areas of your site, then GoogleBot won’t be able to get in and crawl it as well. This is especially true with member sites like forums and the like.
7) Target your keywords. This means you have to be realistic about the keywords you choose to achieve higher page rank or search results for. If you want your site to show up in the first page for the keyword “web blogs“, then you’re up against millions and millions of other websites who are also vying for the same. Why not narrow it down to something like “pinoy web blog“? At least you only have a potential half a million or so competing for it. Case in point: search for these two key phrases in Google and you will see two of my websites on top of the list.
Study/monitor your site stats. And I am assuming here that you have one. Check your stats and see what key phrases and words are often searched for. Then, double check it with Google to see what page your site is positioned. Then, update your content and add more of them or much better place them to each other. If you have pinoy in one sentence and blog in another sentence, why not write “pinoy blog” the next sentence. The closer and the more often these words appear on your page, the higher the probability that it is more relevant to the search keys.
9. There is more to Google AdSense than just making bucks. Some of you may be aware of Google’s AdSense and it’s older brother, Google AdWords. The idea here is that, AdSense takes into consideration the quality and consistency of content on a certain page. The kind of ads that appear in it will ultimately dictate the keywords which are most relevant to that page.
Republished from ym old article in Pinoyblog.
June 22nd, 2005
Previous Posts
