Webnetics UK Ltd. - Forums - Server

Forum Etiquette and Common Sense

Sun, 27 Mar 2011 12:31:59 +0000

Common rules

1. Only one account per person is permitted.
2. Do not pretend to be/represent somebody else. Your account will be deleted if found to be in breach of this rule.
3. When registering, a valid email address has to be used. Disposable email addresses are not permitted. If found, we will remove the account in question.
4. Keep all posts on-topic.
5. All posts must be in English, unless posted in a specific international forum. If posting in a international forum, please use the language of that forum, and not English.
6. DO NOT SEND SUPPORT REQUESTS VIA PM, unless expressly invited to do so. Using PM to actively solicit work is not allowed. Post, in accord with the rules in the correct forum. Abuse of the PM system in this way can lead to your membership being removed.
7. Do not discuss illegal activities.
8. No useless posts. This includes: Thread bumping, useless one liners, repeated requests about new versions, Flamewars, Trolling and Spamming.
9. Do not propose/link to any site that contains warez/copyrighted software/materials that can be downloaded illegally.
10. Do not link to any site that contains adult content, sexually oriented material or might otherwise be considered offensive. Any post containing an inappropriate link will be deleted and the poster will receive a warning.

At all times

1. Keep all commentary civil, and be courteous at all times. Constructive criticism is welcome, but insults directed towards other users or the site admins will not be tolerated. Coarse/insulting language will not be tolerated.
2. Choose an appropriate subject line. Try to summarise the problem briefly in the subject, and elaborate in the message itself. A title like "Have you seen this..." or "Help needed!!!!" will be deleted.
3. Spend 10 minutes with the admin panel before posting common sense questions like "How do I see orders", or "How do I add products". If you go through each admin menu you will find all you need to know about the basic features.
4. Search before posting. You may need to search multiple variation of the terms.
5. Any posts deemed to be self promotion, advertising, or spam can and will be removed. NO SPAM - NO ADVERTISING eg. Posting and making excessive, inappropriate and unnecessary references to your products and websites is self promotion.
6. Don't lump sum mods and inquiries in one post. People asking for help and at the same time attaching a contribution should be avoided. Contributions go in the contrib thread. Help goes in one of the support threads, based on the affected element (modules, templates, languages, general, etc).
7. Bugs go into the bug area ONLY after you have searched the bug forum and found nothing similar.
8. Hijacking threads because you feel the need to whine or complain about your personal opinions that have nothing to do with the main topic of the thread will be instantly deleted at will!
9. If you feel a post violates any of these rules, or you need to bring it to the attention of a moderator (move threads/close/split), please use the â€˜report this postâ€™ link to notify the moderators.

Signatures & Avatars

1. Must be setup in your Profile (user Control Panel) , and not manually added to your messages.
2. May not contain any pricing, sales, product etc. details.
3. Only exact URLs allowed ie not LOOK HERE - No tinyurls, affiliate links etc either, only exact, literal URLs
4. Maximum font size should not be larger than normal +1.
5. Signature shall not have more than 4 lines (at a line width of 75 chars).
6. Any signature or avatar that is offensive or insulting to either us, our members, or our staff, is prohibited.
7. Signature size should not exceed the maximum size of 60 x 180 px (height x width).
8. Avatar size should not exceed the maximum size of 75 x 75 px (height x width).
9. Signature & Avatar images may not contain any copyright material (e.g. trademarks)
10. We reserve the right to ask you to change and/or remove your signature or avatar at any time, for any reason.

Failure to abide by these rules may result in an editing, negative moderation or deletion of your post.
We reserve the right to ban users from the site.
We reserve the right to change these rules at any time.

Securing your PHP installation

Wed, 06 Feb 2008 11:02:53 +0000

PHP is ideal for anyone looking to build rich, dynamic sites, but it can work against you if hackers discover a flaw in your web app. Security holes can be blocked, however, by customising your php.ini file (if you don't run the server yourself, creating the file in your site's root directory, usually public_html, will work fine).

For instance, a typical exploit uses PHP to read files it shouldn't be able to access. But employ the open_basedir directive and you can restrict PHP to a particular part of the directory tree. Set "open_ basedir = /var/wwwr for example, and it's able to run scripts under the web server root directory only.

The allow_url_fopen directive is another risky convenience. It lets programmers open a URL as a file, perhaps even executing the code it contains, allowing hackers to display private information or otherwise attack your server. If you don't need it it's best to turn it off: set "allow_url_fopen = Off".

PHP's file upload code is a complex area where future vulnerabilities could emerge. If you don't need to upload files, turn it off: "file_uploads = Off".

PHP maintains information on current users by creating a session. But this involves saving details in a file, by default the /tmp folder. Anyone with system access to that folder will be able to learn more about your set-up and maybe even hijack a session. Create a new directory only you can access and save the session data there ("session.save_path = /var/www/mysessions", for instance).

Displaying errors to users is a bad idea, as error messages may contain information that's useful to hackers. Disable this with the commands "display_ errors = Off" and "display_startup_errors = Off". If there are problems with the site then turn error logging on ("log_errors = On"). The error_log command will tell PHP where to save any errors (uk3.php.net/rnanual/en/referrorfunc.phbtkini. error-loq). Better still, make it harder for hackers to find out more about the version of PHP on your server by setting "expose_php = Off".

Real experts can even disable particular PHP functions through the disable_functions directive. Use "disable_functions = apache_getenv", for instance, and scripts can't be abused to find out more about your server set-up. Of course if your scripts use any of these functions, then disabling them could lead to odd behaviour. Add just one php.ini directive at a time, and test carefully to confirm everything still works.

Redirect to Files or Directories

Tue, 04 Dec 2007 13:18:40 +0000

You have just finished a major overhaul on your site, which unfortunately means you have renamed many pages that have already been indexed by search engines, and quite possibly linked to or book marked by users. You could use a redirect meta tag in the head of the old pages to bring users to the new ones, but some search engines may not follow the redirect and others frown upon it.

Enter this line in your .htaccess file:

Redirect permanent /oldfile.html http:// www. Your domain .com/filename.html

You can repeat that line for each file you need to redirect. Remember to include the directory name if the file is in a directory other than the root directory:

Redirect permanent /olddirectory/oldfile.html
http:// www. Your domain .com/newdirectory/newfile.html

If you have just renamed a directory you can use just the directory name:

Redirect permanent /olddirectory http:// www. Your domain .com/newdirectory

(Note: The above commands should each be on a single line, they may be wrapping here but make sure they are on a single line when you copy them into your file.)

This has the added advantage of preventing the increasing problem on the Internet, as people change their sites, of 'linkrot'. Now people who have linked to pages on your site will still have functioning links, even if the pages have changed location.

So, what is mod_rewrite for?

Tue, 04 Dec 2007 13:17:51 +0000

Simply, mod_rewrite is used for rewriting a URL at the server level, giving the user output for that final page. So, for example, a user may ask for http://www. Your site .com/page1 but will really be given http://www your site .com/page1.php?colour=blue by the server. Of course, the user will be none the wiser to this little bit of chicanery. We currently use mod_rewrite on a lot of our software at Virtual Web Designs, and we always give the user the chose to turn this on / off.

What do I need to get mod_rewrite working?

Thereâ€™s pretty much only one thing youâ€™ll need to get mod_rewrite working for you, and thatâ€™s to have the mod_rewrite module installed on your Apache server!

Iâ€™m going to assume that you donâ€™t have access to view or edit the Apache server httpd.conf file, so the easiest way to check whether the mod_rewrite module is installed will be to look on your phpinfo page. If youâ€™ve not already created one of these for yourself, just copy and paste the following code into an new text file using your favourite text editor, save it as phpinfo.php, and upload it to your server:

Load that page up in your web browser, and perform a search for â€œmod_rewriteâ€. All being well, youâ€™ll find it in the â€œApache loaded modulesâ€ section of the page. If it isnâ€™t there, youâ€™ll have to contact your hosting company and politely ask them to add it to the Apache configuration. Assuming the mod_rewrite module is loaded, then youâ€™re good to go!

Example mod_rewrite

This isnâ€™t going to be anything fancy; weâ€™re just going to redirect people who ask for wdesigns.htm to the page vrscripts.htm instead.

vwdesigns webpage

This is vwdesigns webpage

Weâ€™re going to add a couple of lines to your .htaccess file. The .htaccess file is a text file which contains Apache directives. Any directives which you place in it will apply to the directory which the .htaccess file sits in, and any below it.

To ours, weâ€™re going to add the following:

RewriteEngine on
RewriteRule ^indexl.html$ vwdesigns.htm

Upload this .htaccess file to the same directory as vwdesigns.htm and index.htm, and reload vwdesigns page. You should see index page being displayed, but vwdesigns URL. If you still see vwdesigns page being displayed, then check youâ€™ve followed the instructions correctly (you may have to clear your cache).

Follow that domain name!

Tue, 04 Dec 2007 13:15:38 +0000

If your site is hosted on a Unix or Linux server which runs Apache, you may already be familiar with your .htaccess file.

What is the .htaccess file?

The .htaccess file is a text file which resides in your main site directory and/or in any subdirectory of your main directory. There can be just one, there can be a separate one in each directory or you may find or create one just in a specific directory. Any commands in a .htaccess file will affect both the directory it is in and any subdirectories of that directory. Thus if you have just one, in your main directory, it will affect your whole site. If you place one in a subdirectory it will affect all the contents of that directory.

From Site-A to Site-B, seamlessly.

Redirection is the name of the game but one must be careful about how it's done. The engines prefer certain redirects over others and the circumstances will dictate which is the best to choose. To illustrate, let's take a close look at the following most common scenario â€“ redirecting from a Mirror Site to a Main Site.

In this situation we have â€œdomain-aâ€ and â€œdomain-bâ€ both pointing to the same content on the server.

A visitor who reaches the mirror site by typing in the domain URL into the address line of their browser would not be able to see any difference between the two sites. This is a very common internet presence strategy but it does have drawbacks â€“ let's examine them:

Drawbacks to mirror sites

Can confuse search engines as to which site it should list.

Once upon a time, when duplicate sites meant more listings, these mirrors helped increase a company's presence in the rankings. However, now that duplication filters eliminate such sites from the listings we see instances where the lesser sites are ranking higher than the main sites. In most cases this is disadvantageous and a problem that needs correcting.

It helps to understand that most search engines, today, "discover" pages. The most frequent scenario being that someone posts a link to a site and the search engine spider discovers that link. From there the spider proceeds to the site to crawl and index it.

If this newly discovered site happens to be a mirror (duplicate) site, this is where the trouble begins. Sometimes the engine will list the â€œdomain-aâ€ page instead of the domain-b.com page â€“ quite possibly assigning it a lower ranking than what the main page would otherwise be ranked at. That's because there are fewer links pointing at this newly discovered site.

This is an inefficient use of incoming links because it spreads them among two pages instead of combining the link popularity into a single page. The end result is lower PageRank (i.e. the "popularity value" given to a certain page by Google) for both pages and, consequently, lower ranking.

But wouldn't the duplication filters kick the page out? Probably â€“ in most cases the search engines will list the site with the most incoming links but we've seen exceptions and, even though engines like Google normally do a good job of figuring out which site is the main site, we've seen instances where they've dropped the main company site and listed the mirror site instead.

B) Can confuse humans as to which site is the correct one to use

By having two or more domains resolving to the same content, you run the risk of having people list the domain you don't want them to in directories, publications, bookmarks and even email addresses. There is also the sales conversion aspect, whereas a customer may be distracted that the domain name in his browser says one thing, but all the contact information on the site talks about a different domain name. This may cause a point of distraction that could be costing sales dollars.

C) Traffic Statistics can be misleading.

Depending on how you have your server setup, you may not be able to generate log files and use them for statistics on the extra domains. Without this information, it may be difficult to know just how many people are actually visiting your site(s).

D) Using robots.txt is tricky.

One solution has always been to use a robots.txt file â€“ the generally accepted way to tell a search engine spider robots NOT to index a site. However you must have your server setup to work correctly in this situation so that you don't also block access to your main site as well. To use the robots.txt file effectively, your server will have to be configured specifically for this purpose. If all your domains share the same root directory, blocking spiders using the robots.txt file method may be difficult to achieve.

Regardless of the drawbacks, there can be good reasons for aliasing your extra domains to your main domain name especially if it's a cost effective way for you to store them while they are active.

You might even have domains that generate browser type-in traffic â€“ the kind where net-surfers guess at a domain name by typing keywords directly into the address line. Just be aware of the drawbacks listed above to avoid shooting yourself in the foot. In most cases you'll find that consolidating the traffic is the better choice.

Use a server 301 "Move Permanently" redirect

Once you've decided to shut down a mirror site to consolidate traffic the method you should use â€“ the method most favored by the search engines â€“ is the 301 redirect.

The "301" header code is generated by the server and tells both the search engine robot and your site visitors that the URL has moved permanently. And, because the evidence we've gathered over the past six months or so indicate that Google and the other engines are doing a good job responding to 301's, this is the method we recommend.

By the way, we've seen numerous instances where Google is transferring the PageRank from an old site to a new one via a 301 redirect. So this is also the method to use if you're moving your site from an old domain to a new domain name.

To generate a 301 redirect

On an Apache server (running UNIX) a 301 redirect is very easy to do. Just enter the following statement into the Apache .htaccess file;

redirect 301 / http:// www .your domain. com/

By placing the above line in the .htaccess file within the root directory, you'll be redirecting all traffic from the old site to whatever site you specify.

If you only want to redirect portions of the old site to the new site, you can place the following text within a single line in the .htaccess file:

redirect 301 /directoryname http:// www. Your domain .com / directoryname

Be forewarned, that doesn't mean that the 301 is a permanent fix-ideally you should seek out and update all incoming links to the new domain name if you wish to maintain your PageRank.

Redirecting traffic using a meta refresh tag, javascript redirect or a server "302" page moved temporarily header.

All of these methods can cause problems with search engines. Search engines like Inktomi sometimes index and list URLs with these kinds of redirects only to index the content on the target page. This will often result in more than one page being listed in the engine in spite of them having the same content.

Example of a 0 (zero) second meta refresh tag

Example of a 0 (zero) second javascript redirect

Example of a .htaccess 302 redirect

To employ a 302 redirect on a UNIX based website (Apache server), enter the following statement into the Apache .htaccess file:

redirect 302 / http:// www. your domain .com/

By placing the above line in the .htaccess file within the root directory, you'll be redirecting all traffic from the old site to whatever site you specify.

If you only want to redirect portions of the old site to the new site, you can place the following text within a single line in the .htaccess file;