Creating a dedicated server and installing more stuff

[taha116]

So i found a very intriguing tutorial on installing Apache php and mysql . Now before i check it out more I want to know how to install a control panel out of one of the 3 ones i know of.

I just read about the panels here
http://webhostinggeeks.com/blog/2009/05/01/free-control-panel-software-for-your-server/

Now It seems to me (correct me if im wrong) webmin is the only one compatible with windows and since im using windows it looks like thats what ill need to use right? so how will the instilation go? by this i mean what directory paths would i enter? and what paths will it ask for? If anyone knows please tell me.

Besides that i want to ask about security are thier any common mistakes that people make that result in secuirty holes? how can i check for them? And what i should i do to prevent malicious users from damagin my computer.

Ill probably post more questions here if i find people here to be helpful on the topic. Thank you in advance for taking the time out to help me out.

 

[qjqqyy]

dont do that
i did that
you know what happened???
ALL php scripts cant detect that MySQL is installed
i cant solve it

 

[Livewire]

dont do that
i did that
you know what happened???
ALL php scripts cant detect that MySQL is installed
i cant solve it

Not to be blunt at all, but given the sheer number of hosts that -do- have apache, mysql, and a ton of other addons installed, I don't think the problem is php.

The issue is likely directly related to a port conflict (mysql trying to bind to a port that's already been bound) or a firewall issue.



Back on the original subject, first and foremost, GET A GOOD FIREWALL AND ANTIVIRUS. That'll be good enough for starters; as for preventing bugs and hacks, keep up-to-date with the latest software (but stick away from "RC" Release Candidates, which may not be stable enough to use), hit up google and get in touch with other forums related to the software you're using (so you can see what others are reporting for bugs), etc.

The only major security hole I'm really aware of is allowing someone to run Exec obviously, but also allowing an SQL Injection. Best example of that is this: mysql_query("SELECT * From {$_GET['sql']}"); Works fine if sql is just a table. But what happens if instead of Table_Name it is this:

Table_name;Drop Table_name;

Drops the table as the second part of the query and page goes away. That's essentially what an SQL Injection is, so find a few tutorials on "Sanitizing" user input - it basically boils down to protecting the query by either commenting most of it out, or even better, just clipping any excess on the query that you -dont- need.




Wish I knew more on the control panel side, my own opinion is just DIY everything, but that's probably not the best of options if you're just getting started either

 

[taha116]

Ok so i have norton360 so the firewall and antivirus is not an issue. What about disabling Exec ? how do i do that properly also I know nothing when it compes to sql injection, except that i dont want people doing it to my database and its bad.

 

[leafypiggy]

edit the PHP configuration. It should be in %path_to_php%/php.ini

 

[taha116]

Ok can you give me a instruction like

Find
:line of code:

Replace with
:line of code:

 

[leafypiggy]

Google is your friend, first result shows you the answer.

Find:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions =

Replace with:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions = exec

Everything isn't going to just be given to you.

 

[taha116]

yah i undertsnd that, Didnt think alot of people ask that kind of question but i guess they do.

BTW the thing im gona use to install apache and everything is XAMPP if i dint mention that yet.
just so people who are wondering know

 

[TheMan177]

BTW the thing im gona use to install apache and everything is XAMPP if i dint mention that yet.
just so people who are wondering know

A word of warning: XAMPP is designed to be a development distribution of those technologies, to make development easier the services are configured to be very accessible and as a result are very insecure. The configuration XAMPP ships with by default is not suitable for production environments.

I highly suggest against exposing XAMPP to the public, though if you insist you need to lock it down and configure it to be suitable for production.

 

[taha116]

Yeah, i know but good point for other people to take note of, XAMPP however does offer instructions on how to secure your server so its suitable for public use as well

THe main issues are no passwords are setup for anything, but they give you fairly simple instructions on how to fix that

 

[taha116]

Yay! so ive set up the server... (haven port forwarded from my router yet) but everything works i did a test install of wordpress. I pached up security issues and installed a firewall and opened ports for inbound traffic: http, ftp, and smtp (i did smtp just in case i need it to send mail... not sure so if you can verify that would be great)

Now my main issue is sending mail.. No1 can recive

The below post is what i posted on the ubuntu support forums. Im new there but am too atached to x10... even if i have nothing to post about i drop by x10 anyways and maybe read a topic or 2.

http://ubuntuforums.org/showpost.php?p=7661068&postcount=5

Thanks for the help guys!

_____________

BTW yes i did get MYSQL to work.

 

[zapzack]

If your just sending mail, install sendmail.. apt-get install sendmail

 

[taha116]

Well is sendmail actually gonna send the mail for my scripts or is it just another thing like outlook express ???