Jump to content
xisto Community
OpaQue

Open_basedir And E-accelerator To Be Activated Faster and Secured Hosting.

Recommended Posts

Faster and Secured Hosting.

 

Xisto - Web Hosting will be activating open_basedir permissions on all its servers. Previously, we had it active on only a few select servers, however to make our hosting envoirment secure, We have now decided to activate it throughout our cluster.

 

Some of you might be wondering, What is open_basedir protection exactly?

 

Open_basedir limits the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

 

If you try to open a file using your PHP program, you can open files only in PRESENT directory where your PHP program is OR sub-directories. So, suppose your php program is at :-

 

user1/www/mysite/myPhpProgram.php

 

You can open files and work with them using PHP in these locations:-

 

user1/www/mysite/ -> present folder

user1/www/mysite/subsite/ -> sub-folder

user1/www/mysite/subsite/subsubdir/ -> sub-sub-folder

 

You cannot open files in these locations :-

 

user1/www/ -> parent folder not allowed

/user2/www/HISsite/ -> other user folder not allowed, even if it has 777 permission --> [CASE-A]

 

Consider CASE-A.

 

With OpenBase_dir Protection ON:

 

You being the programmer are not allowed to VIEW "user2's" file. You are given an error in PHP saying, open_basedir protection enabled.

 

If you are user2 here with folder "HISsite" (permission 777), You get safe because someone could had accessed your FOLDER "HISsite" and tampered with its contents, created files, folders, modified your content etc.

 

With OpenBase_dir Protection OFF:

 

With Protection OFF, anyone can access ANY of your folders and files with permission 777. This permission is usually given to PHP config files, folders were user contents are uploaded by your program like "uploads", "cache" etc.

 

A simple fopen and fwrite function can be used to Inject Code or data into your files. And much more can be done to abuse this power.

 

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .

 

The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().

 

What if my PHP files are already using/including files from parent folder?

 

Good Question. The answer is, They will fail.

You will have to upgrade your script to better versions.

 

But, open_basedir is not something new and all php developers know about it. So, the amount of programs failing should be very rare.

 

Still, I am one of those rare cases? Now what ??

 

Don't worry, Contact us at https://support.xisto.com/.

Select the Right Dept. and Send us a support ticket.

 

We will take care of your situation. (applicable only to Paid Web Hosting Members only)

 

Okay, thanks Shree for explaining open_basedir, Now I know what open_basedir is,

so what is eAccelerator all about?

 

eAccelerator is a PHP accelerator derived from the MMCache extension for the PHP programming language. eAccelerator provides a bytecode cache and encoder. eAccelerator is open source and thereby free to use and distribute.

 

Every time a PHP script is accessed, PHP usually parses and compiles scripts to bytecode. Once installed, eAccelerator optimizes the compiled bytecode and caches this to shared memory or disk. Upon subsequent accesses to a script, eAccelerator will access cached bytecode if it is available instead of the script being compiled. This avoids the performance overhead of repeated parsing and compilation.

 

eAccelerator also provides functions for use in PHP scripts that allow access to shared memory, automatic web (content) caching, and other related tasks.

 

and... How does this eAccelerator affect me?

 

Simple, If you logon to your PHP forums/gallery or other application and say, "WHOA! That was FAST!". You can give the credits to eAccelerator! :-)

 

I hope, you appreciate and support our decisions. We thank you again for choosing Xisto - Web Hosting as your hosting provider.:-)

 

Regards,

 

Shree

Xisto Corporation

 

NEWS ARTICLE: https://support.xisto.com/index.php?_m=np;group=default

Share this post


Link to post
Share on other sites

Although I don't have a Xisto - Web Hosting account the open_basedir still a little confusing even after reading the FAQ, and so I try to break it down this way base on the info from the FAQ. Say if your using several scripts say like a counter, download script, and a gallery, I would have to put everything under one folder in order for everything to work instead of separate files?The next part that confuses me is the user folder and so I try to break it down this way. So basically if your doing mini hosting under your account the admin is literally locked out of those folders then? Or are the people outside the cpanel admin unable to log in and unable to get into the account without the password?

Share this post


Link to post
Share on other sites

Although I don't have a Xisto - Web Hosting account the open_basedir still a little confusing even after reading the FAQ, and so I try to break it down this way base on the info from the FAQ. Say if your using several scripts say like a counter, download script, and a gallery, I would have to put everything under one folder in order for everything to work instead of separate files?
The next part that confuses me is the user folder and so I try to break it down this way. So basically if your doing mini hosting under your account the admin is literally locked out of those folders then? Or are the people outside the cpanel admin unable to log in and unable to get into the account without the password?


I have updated the topic. I think I know where you got confused :P

Share this post


Link to post
Share on other sites

Opaque, Thanks for continuing to provide a secure Hosting environment for us, and for continuing to provide the service. Great job.question about the eAccelerator... what sort of time does the Server cache the pages for? Can a re-load or CTL-reload of the Browser over-ride the cached version? The reason I ask is: I am adjusting some css files and they do not appear to be working properly. Just curious if perhaps the caching at the server might be the issue?

Share this post


Link to post
Share on other sites

Opaque, Thanks for continuing to provide a secure Hosting environment for us, and for continuing to provide the service.

Great job.

question about the eAccelerator... what sort of time does the Server cache the pages for? Can a re-load or CTL-reload of the Browser over-ride the cached version?
The reason I ask is: I am adjusting some css files and they do not appear to be working properly. Just curious if perhaps the caching at the server might be the issue?


The caching happens server side and refresh will work perfectly. It will in no way affect CSS :-)

Share this post


Link to post
Share on other sites

I'm experiencing open_basedir restrictions in qupis since yesterday and I can't view my site. Am I suppose to configure something or put additional codes in my pages? Sorry I'm kinda new to open_basedir.

Share this post


Link to post
Share on other sites

Okey, my site hasn't been working for few days already.
I receive error
Unknown: open_basedir restriction in effect. File(/home/ssscream/public_html/forum/index_.php) is not within the allowed path(s): (1)
Why open_basedir is set to 1?

open_basedirLimit the files that can be opened by PHP to the specified directory-tree, including the file itself.
The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"

As I understand, there should be a path to the allowed folder.
So if I create file /home/ssscream/public_html/1/1/1/1/1/1/1/1.php ,it will work, all other files don't work.

If you try to open a file using your PHP program, you can open files only in PRESENT directory where your PHP program is OR sub-directories.

Tell me please which directory is PRESENT for me in the case of open_basedir = 1. Edited by Scream (see edit history)

Share this post


Link to post
Share on other sites

I'm thinking about moving hosts now. My Site and my forum are integrated, so users can use both the site and forum with one account. With this restriction it's not possible anymore. I'm so disappointed, this is very important for my site. What am I going to do now...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.