Now that our persistent process feature is out of beta, this is the first in a series of brief tutorials designed to show how to make use of the feature. In this example, we’ll deploy a minimal Django site using WSGI. Although a lot of this is specific to Django, it also demonstrates most of the steps you would use with other frameworks, like Node.JS or Ruby on Rails. (And we’ll be adding how-to articles for those in the future.)
Continue reading How-To: Django on NearlyFreeSpeech.NET…
We are having a fairly consistent problem with spammers auto-exploiting a very common type of scripting vulnerability that appears on our members’ sites. Unlike most vulnerabilities that stem from a faulty version of some app a lot of people use, this one crops up primarily on sites containing PHP code that people write themselves.
Cleaning up the resulting messes is getting a little tedious and so, even though this is hardly a new exploit, I wanted to write a little bit about what the vulnerability is, how it works, how spammers exploit it, and how to keep your site safe.
Continue reading A PHP Include Exploit Explained…
One of our members’ WordPress blogs got heavily FARKed a bit ago. Alarms went off, we thought the server was going to crash. That’s pretty unusual, of course, so we looked into it and found something really interesting: the blog’s performance problem was entirely caused by the lack of a favicon.ico file.
Continue reading Quick WordPress Performance Tip: Create a favicon…
We received a note from Technorati today about a serious security problem with old versions of WordPress, including the version we were running, that is now being exploited on a widespread scale. We’ve thus hastily upgraded to WordPress 2.5. That did cause a brief bit of disruption to the “News & Announcements” portion of our member site, which is now resolved.
If you want to run WordPress, you too may want to check whether you’re running the most current version with the latest patches. Better safe than sorry!
The “traditional” web server just reads and sends out files in response to incoming requests. Consequently, the standard security configuration is therefore set up to give web accesses the bare minimum in terms of file permissions: the ability to read the site’s files, but not to change them.
But many PHP applications want to write files as well: forums that support uploading files, CMS applications, and many Wikis all create or update files as a normal part of their operation. Since the default permissions don’t allow it, many people run into trouble when trying to develop or install PHP applications that need this ability. This blog post will attempt to show how to do this on our system in a way that is easy to set up and very secure.
Continue reading Writing files in PHP…
Note: the content of this blog entry is deprecated. Please search our member FAQ for “canonical” for more information about replacement techniques.
We recently got a support inquiry about alternate methods of forwarding visitors from one URL to another.
We have a FAQ entry about using “decoy” sites to forward alternate URLs. This is one method, and probably the easiest, but there are many others that can be useful in different circumstances.
What I’d like to do here is talk about the reasons why we recommend this one and discuss some of the alternatives and when they might be more useful.
Continue reading Forwarding sites & URL rewriting…