SnippetMaster Support Forums
Return to main website
 
February 19, 2018, 05:47:58 AM
* Show unread posts since last visit.
* Show new replies to your posts.
Welcome, Guest. Please login or register.
Did you miss your activation email?
February 19, 2018, 05:47:58 AM

Login with username, password and session length
Search:  
Advanced search
* Home Help Search Login Register
SnippetMaster Support Forums  |  General  |  How To's & FAQs  |  Topic: How do I secure my site while using SnippetMaster? « previous next »
Pages: [1] Print
Author Topic: How do I secure my site while using SnippetMaster?  (Read 2289 times)
PowerDad

Posts: 1


[-] How do I secure my site while using SnippetMaster?
« on: April 04, 2009, 04:54:37 PM »

OK, just having been recently the viictim of the insertion of malicious code, I gotta ask:  "How do I make my site more secure?".  I have read the various posts about permissions and even about changing to PHP5 ( I am at 4.4.9 by default) and then when I added a ".htaccess" file to make my site use PHP5, ("AddType x-mapp-php5 .php", so some kind of remode code execution doesn't work) SM quit working.  Something about Ioncube not being installed.  Then I read about the different versions of Ioncube....

I have upgraded to 2.2.3 (a little too late).  This is all I have accomplished.  My hosting company allows PHP3, PHP4, PHP5, but you have to put little files here and there to specify which one to use.  So now I have all of these ideas running around:  Do I sprinke php.ini files everywhere, fix the Ioncube thing, change extensions to php5 or...

What else can a relatively inexperienced person do?  Of course the hosting company is of little help (they suggested the "Add Type").

Thanks in advance for any advice, PowerDad
Report to moderator   Logged
admin
Forum Administrator
*
Posts: 3169

SnippetMaster Author


WWW
[-] Re: How do I secure my site while using SnippetMaster?
« Reply #1 on: April 04, 2009, 05:07:34 PM »

Hello,

To be very honest... I actually own a hosting company (we have over 3000 customers, all by word-of-mouth referral.. let me know if you'd like more info.. plus you can get snippetmaster PRO for free since I'm the owner..)... so this issue is very near and dear to my heart.

Of course, the first thing that pops into my head as a response is that your host should have given you a better response to your questions.. but not all hosts are as good as my guys.

So... What I recommend is first:

- Check to see what version of PHP 5 they are using. If it's latest version, then good.  If not, then ask them to upgrade.  There is no problem with php 4.4.9, but PHP 4.x has been discontinued by the PHP developers, so it's really any day now before some hacker figures out a security issue, and then you'll be in trouble if you're using any software with PHP 4.  It's better to switch to PHP 5 now.. this way, your host can upgrade and you won't have any problems.

- Second... you should use a hosting provider that runs PHP using "cgi mode".  This means that the PHP software runs as your account user, instead of under the "nobody" user.. so that you don't have to give world-write permissions to the files you want Snippetmaster to be able to edit. 

Any good hosting provider should run PHP like this.  Most don't because it is easier to run PHP using "nobody" user.. and also takes less resources, so the host can stick on a few more hundred users on the server to make more profit.  Smile 

Third... in order to make things as secure as possible.. you should always run the latest version of all software on your account. 

Other then that... not much else you can do.

Let me know if I can assist with anything.  Smile
Report to moderator   Logged
Pages: [1] Print 
SnippetMaster Support Forums  |  General  |  How To's & FAQs  |  Topic: How do I secure my site while using SnippetMaster? « previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!