So you lost your partition table and need to get to find the filesystem it used to contain. Now what?

Typically Apache’s RewriteRule sets from mod_rewrite go in .htaccess files, but sometimes you have a good reason to put them in your general server config instead: your httpd.conf or apache2.conf file (or a file you Include from one of those). If you’ve done this before, you’ve probably been surprised that it didn’t work quite the […]

There are two ways to set up PHP to run via mod_fcgid. The majority of the steps are the same for both, the only difference is in your Apache VirtualHost configuration. This document will explain both. Step 1: Installation and Preparation Chances are you’ve already done these steps Install the PHP CGI binary Install and […]

So, the bad guys got your FTP password… And perhaps this wasn’t the first time. Often you’ll see this same issue on multiple accounts before you start to see the trend. So, how do you protect yourself? First of all, does he really know the password? The simplest way to check to see if the […]

The Apache module mod_reqtimeout is a simple and effective way to protect yourself from the Slowloris attack. But the cPanel team still does not include support for mod_reqtimeout in the EasyApache build utility, even though the module is a core part of the Apache web server distribution. But that doesn’t leave us completely powerless: we can add this support ourselves.

At TL Tech we spend a lot of time tracking down hackers. What we find often illustrates important lessons in what not to do in web security. In this example, a user was a victim of a previous attack caused by a vulnerable PHP extension that has since been removed. The site owner evicted the […]

Sometimes the simplest way to deal with Apache problems and exploits is to install Nginx (“Engine X”) as a reverse-proxy in front of Apache. Often this setup is temporary for the purpose of handling a DDoS attack or the like.

Often what you’re really looking for is just a simple master template inclusion system. Allow me to introduce an alternative. It’s simple, it’s intuitive, and it’s easier to work with than whatever mess you narrowly avoided making.

Do sites on your server have one of those “Tell A Friend” forms where visitors can instruct your server to send out email on their behalf? And do you find your server consistently on spam blacklists? Well, now you know why.

Depending on your server setup, you may find yourself needing to take closer control of how mail is sent from your site. Below is a drop-in replacement for PHP’s mail() function which uses the Mail::send function from PEAR internally.