Category: Web Hosting

How to password protect a webpage location

Mon 15 April 13 Comments are Closed

There are times for security reasons when you might want to limit access to a specific file or directory by using a login and password.  One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script.  Adding the following to your webpage root .htaccess file will require login access to the wp-login script:

<FilesMatch "wp-login.php">
 AuthType Basic
 AuthName "Secure Area"
 AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd"
 require valid-user
 </FilesMatch>

Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to password protect with the following:

AuthType Basic
 AuthName "Secure Area"
 AuthUserFile "/home/example/.htpasswds/webpage/wp-admin/.htpasswd"
 require valid-user

You just put the above information into a “.htaccess” file and upload to your location of choice. To create the “.htpasswd” file with users and passwords, please use the following online utility: http://www.htaccesstools.com/htpasswd-generator/

 

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to limit webpage access by a specific IP address

Mon 15 April 13 Comments are Closed

There are times for security reasons when you might want to limit access to a specific file or directory by IP address.  One reason to do this would be to protect your WordPress installation, by limiting access to the wp-login.php script.  Adding the following to your webpage root .htaccess file and it will limit access to the wp-login script to a single IP address:

(ensuring you replace 100.100.100.101 with your own IP address)

<FilesMatch "^wp-login.php$">
	Order Deny,Allow
	Allow from 100.100.100.101
	Deny from all
</FilesMatch>

Or to protect the administrator login page for Joomla instead of WordPress add:

<FilesMatch "^administrator/index.php$">
	Order Deny,Allow
	Allow from 100.100.100.101
	Deny from all
</FilesMatch>

Additionally you can protect all files within a specific directory by putting the .htaccess file in the directory (for example /wp-admin/ directory in the case of WordPress) you want to protect with the following:

Order Deny,Allow
Deny from all
Allow from 100.100.100.100
  • Optional: You can enter partial IP Addresses, such as, 100.100.100. This allows access to a range of addresses.
  • Optional: You can add multiple addresses by separating them with comma’s.
100.100.100.101, 100.100.100.102

You can also accomplish the above by using rewrite rules inside the .htaccess file, for example:

Single IP address access

To allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
 RewriteRule ^(.*)$ - [R=403,L]

Multiple IP address access

To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
 RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
 RewriteRule ^(.*)$ - [R=403,L]

If your IP address changes, or you have a very large amount of possible IPs you’re connecting from, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name

RewriteCond %{REQUEST_METHOD} POST
 RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com[NC]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteRule ^(.*)$ - [F]

 

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How do I optimize or repair a MySQL database

Wed 03 October 12 Comments are Closed

You can manage your databases by utilizing our web based online database tool at: https://database.imageway.com

Optimize Tables

  1. Select the database you want to optimize from the list in the left column, which should take you to the “structure” tab for the database.
  2. Select the tables you wish to optimize by checking the check box in front of each one, or clicking on Select All if you want to optimize all of them.
  3. On the drop down box that says “with selected…” select “Optimize Table.”  This will optimize the table and take you to a new screen.

Repair Tables

  1. Select the database you want to repair from the list in the left column, which should take you to the “structure” tab for the database.
  2. Select the tables you wish to repair by checking the check box in front of each one, or clicking on Select All if you want to repair all of them.
  3. On the drop down box that says “with selected…” select “Repair Table.”  This will repair the table and take you to a new screen.
Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

 

Can I block an IP or an entire region or country from seeing my site?

Wed 03 October 12 Comments are Closed

Yes, you can block visitors per their IP address. Countries will have a specific IP address range, and you can use that information to block all or some of their IP’s.  There are more than one way to do this:

Blocking a Country or Region using PHP

Searching the internet, we found a unique solution for blocking countries and regions via IP addresses with some PHP coding.

Visit http://timtrott.co.uk/block-website-access-country for more details about this method, including example code.

Blocking a Country or Region with htaccess Deny Rules

Another way to do it is to block IP ranges in the .htaccess file for your site.

For a current list of IP addresses by country, please visit http://www.countryipblocks.net/

On the resulting page, click the “.htaccess deny” link for the desired country. This is the exact code you should paste in your .htaccess file.

Usually the .htaccess in your webpage/ folder is best, as it can protect all your addon domains and subdomains.

I have a specific IP I want to block.

To block multiple IP addresses, list them one per line by editing your .htaccess file, for example:

order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all

You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file.

deny from 127.0.0

This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.

Instead of using numeric addresses, domain names (and subdomain names) can be used to ban users.

deny from isp_name.com

It bans users with a remote hostname ending in isp_name.com. This would stop all users connected to the internet via isp_name.com from viewing your site.

If you only want to allow certain IPs to connect to your website, you can set an option for deny from all, which will deny everyone.

This must be done by coding your .htaccess file as follows:

deny from all
allow from 70.24.291.52
allow from 216.130.49.223 #my house

Using .htaccess to block an entire range or name is likely to lock out innocent users. Use with caution.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

What is mod_rewrite and examples

Wed 03 October 12 Comments are Closed

What is mod_rewrite? Mod Rewrite allows you to change the URL that everyone sees when they visit your domain or a specific address. Just add the code to your .htaccess file (typically the one inside webpage/).

Please remember we do not offer support to code this, nor do we promise to make your code work. Some of these codes work in combination, and some do not.

EXAMPLES

#Specify a default home page (index page)
DirectoryIndex home.html

#Allow only specified IPs to access your site
deny from all
allow from 64.94.229.240
allow from 214.23.41.65

# Redirect all pages from olddomain.com
# to newdomain.com
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.olddomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^olddomain.com$
RewriteRule ^(.*)$ http://www.newdomain.com/$1 [R=301,L]

#Prevent subfolder loading. This goes
# in htaccess for the primary domain
RewriteCond %{HTTP_HOST} ^primary\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.primary\.com$
RewriteRule ^addon\.com\/?(.*)$ “http\:\/\/www\.addon\.com\/$1” [R=301,L]

#Prevent subdomain name loading.
#This goes in htaccess for the primary domain
RewriteCond %{HTTP_HOST} ^subname\.primary\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.subname\.primary\.com$
RewriteRule ^(.*)$ “http\:\/\/www\.addon\.com\/$1” [R=301,L]

# Never use www in the domain
# Replace ‘example.com’ with your domain name
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(([a-z0-9_]+\.)?example\.com)$ [NC]
RewriteRule .? http://%1%{REQUEST_URI} [R=301,L]

# Always use www in the domain
# Replace ‘example.com’ with your domain name
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([a-z.]+)?example\.com$ [NC]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .? http://www.%1example.com%{REQUEST_URI} [R=301,L]

# Set a default home directory, (this subfolder always loads)
# Replace ‘folder’ with your subfolder name
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^$ /folder/ [R=301,L]
</IfModule>

# Rename a directory and force visitors to the new name
# Replace ‘old’ with your old folder name
# Replace ‘new’ with your new folder name
RewriteEngine on
RewriteRule ^/?old([a-z/.]*)$ /new$1 [R=301,L]

# Always use https for secure connections
# Replace ‘www.example.com’ with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

# Block traffic from multiple referrers
RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} badforum\.com [NC,OR]
RewriteCond %{HTTP_REFERER} badsearchengine\.com [NC]
RewriteRule .* – [F]

#Do not allow these file types to be called
RewriteEngine on
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|exe|swf)$ – [F,NC]

Guides to dot-htaccess coding:
javascriptkit.com
apache.org
modrewrite.com
Great resource for mod rewrite lessons.
Great resource for mod rewrite examples.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Using robots.txt to restrict seach engines

Wed 03 October 12 Comments are Closed

What is the purpose of the robots file?

When a search engine crawls (visits) your website, the first thing it looks for is your robots.txt file. This file tells search engines what they should and should not index (save and make available as search results to the public). It also may indicate the location of your XML sitemap. The search engine then sends its “bot” or “robot” or “spider” to crawl your site as directed in the robots.txt file (or not send it, if you said they could not).

Google’s bot is called Googlebot, and Microsoft Bing’s bot is called Bingbot. Many other search engines, like Excite, Lycos, Alexa and Ask Jeeves also have their own bots. Most bots are from search engines, although sometimes other sites send out bots for various reasons. For example, some sites may ask you to put code on your website to verify you own that website, and then they send a bot to see if you put the code on your site.

Read Google’s official stance on the robots.txt file.

Where does robots.txt go?

The robots.txt file belongs in your document root folder. The document root folder name we use for our hosting is “webpage/”.

You can simply create a blank file and name it robots.txt. This will reduce site errors and allow all search engines to rank anything they want.

Blocking Robots and Search Engines from Crawling

If you want to stop bots from visiting you site and stop search engines from ranking you, use this code:

#Code to not allow any search engines!
User-agent: *
Disallow: /

You can also prevent robots from crawling parts of your site, while allowing them to crawl other sections. The following example would request search engines and robots not to crawl the cgi-bin folder, the tmp folder, and the junk folder and everything in those folders on your website.

# Blocks robots from specific folders / directories
User-agent: *
Disallow: /cgi-bin/
Disallow: /tmp/
Disallow: /junk/

In the above example, http://www.yoursitesdomain.com/junk/index.html would be one of the URLs blocked, but http://www.yoursitesdomain.com/index.html and http://www.yoursitesdomain.com/someotherfolder/ would be crawlable.

Keep in mind that robot.txt works like a “No Trespassing” sign. It tells robots whether you want them to crawl your site or not. It does not actually block access. Honorable and legitimate bots will honor your directive on whether they can visit or not. Rogue bots may simply ignore robots.txt.

View more robots.txt codes here.

Read about changing Google’s crawl rate.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How do I get a website disk usage report?

Wed 09 May 12 Comments are Closed

We currently offer the File Transfer Protocol (FTP) as the main interface to the website files located on our systems.  In addition we support encrypted FTP (Implicit and Explicit) if you need additional security when using FTP to transmit data. You can use FTP to upload and download your website files using the FTP login information that was provided in your welcome email (contact us if you lost this information). The FTP client software we suggest for our customers is “FileZilla“, which is available for multiple Operating Systems.  The only prerequisite we have is that “Persistent Mode” is turned on, which is normally the default setting.

We do not offer a control panel with website disk usage reports that is available on a global basis due to security and availability concerns. If you wish to have a disk usage report available for your website, you can easily use FTP to upload your own disk usage report software.  We currently suggest the following software for disk usage reports:

 

1. Disk Usage Reports

Ajax File Manager

Disk Usage Reports is a free Ajax space usage reporter with an easy-to-install explorer for remotely viewing disk usage on a web server. Its “rich client” layout and actions make it accessible to any end-user for a variety of reports. Only PHP (4 or 5) is necessary, no database needed.

  • Navigate the report using a sortable directory tree. Sort by name, size or file count.
  • Each directory has a separate JSON file, allowing the report to be very large with no impact on the client.
  • Errors encountered during scanning and report generation are displayed in the report for easy troubleshooting.
  • The original path of the scanned directory is hidden by default, just in case you want to keep it secret.
  • Lists top 100 largest files within a directory.
  • Last modified distribution, grouped by customizable time frames. Each time frame shows the total size and file count.
  • File size distribution, grouped by customizable size ranges (e.g. 500 KB – 1 MB). Each time size group shows the total size and file count.
  • File type distribution (e.g. .txt). Each file type shows the total size and file count.
Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to manage your website files

Wed 09 May 12 Comments are Closed

We currently offer the File Transfer Protocol (FTP) as the main interface to the website files located on our systems.  In addition we support encrypted FTP (Implicit and Explicit) if you need additional security when using FTP to transmit data. You can use FTP to upload and download your website files using the FTP login information that was provided in your welcome email (contact us if you lost this information). The FTP client software we suggest for our customers is “FileZilla“, which is available for multiple Operating Systems. If you want a mount point or drive letter so it looks like a local drive using FTP, then check out these software packages:

  • NetDrive (FREE Windows application) – http://netdrive.net
  • ExpanDrive (Windows & Mac pay application) – http://www.expandrive.com/
  • WebDrive (Windows & Mac pay application) – http://www.webdrive.com/products/webdrive/index.html
  • How to setup using Windows or Mac OS X directly without a application – http://www.ehow.com/how_6907638_mount-ftp-server.html

The only prerequisite we have is that “Passive Mode” is turned on, which is normally the default setting. We suggest using FTP with SSL so the connection is encrypted for security.

We do not offer a web based file manager that is available on a global basis due to security and availability concerns. If you wish to have a file manager available for your website, you can easily use FTP to upload your own file manager.  Here is a list of 7 examples of file managers that are available:

1. EXTPLORER

Ajax File Manager

eXtplorer is a web-based File Manager. You can use it to. Features include:

  • browse directories & files on the server and
  • edit, copy, move, delete files,
  • search, upload and download files,
  • create and extract archives,
  • create new files and directories,
  • change file permissions (chmod) and much more…

2. FILENICE

Ajax File Manager

fileNice is a free php file browser, particularly useful if you have a ‘dump’ folder on your server where you regularly upload files and you want to be able to see what’s there.

3. FILE THINGIE

Ajax File Manager

File Thingie is a small web-based file manager written in PHP. It is intended for those who need to give others access to a part of their server’s file system when FTP is not practical. Through File Thingie you and your users get access to the most common functions:

  • Simple — Just one file
  • Upload multiple files at once
  • Multiple users and user groups
  • Create subdirectories
  • Rename, move, delete and copy files and folders
  • Search for file and folder names
  • Control access to files based on black- or whitelists
  • Edit text files
  • Unzip files without downloading
  • Easy customization of the CSS based layout
  • Translate into your own language

4. MOOTOOLS BASED FILEMANAGER

Ajax File Manager

A MooTools based File-Manager for the web that allows you to (pre)view, upload and modify files and folders via the browser. Features include:

  • Browse through Files and Folders on your Server
  • Rename, Delete, Move (Drag&Drop), Copy (Drag + hold CTRL) and Download Files
  • View detailed Previews of Images, Text-Files, Compressed-Files or Audio Content
  • Nice User Interface
  • Upload Files via FancyUpload (integrated Feature)
  • Option to automatically resize big Images when uploading
  • Use it to select a File anywhere you need to specify one inside your Application’s Backend
  • Use as a FileManager in TinyMCE

5. RELAY

Ajax File Manager

Relay is a wonderful piece of ajax code written with the aid of the prototype ajax toolkit. It does a wonderful job of uploading / downloading and managing files on your private server, let’s check out some of its features:

  • drag-n-drop files and folders
  • dynamic loading file structure
  • upload progress bar
  • thumbnail view, including pdf
  • multiple users & accounts

6. KAE’S FILE MANAGER

Ajax File Manager

KFM is an online file manager which can be used on its own, or as a plugin for a rich-text editor such as FCKeditor or TinyMCE. KFM is Open Source, and you are free to use it in any project, whether free or commercial. Let’s check out some of its features: drag-and-drop everything, icon-view, list-view, plugins, image manipulations, slideshows, easy installation and upgrades, syntax-highlighting text editor, search engine, tagging, multi-lingual. plugins for mp3 playback, video playback.

7. AJAXPLORER

Ajax File Manager

AjaXplorer is a free Ajax file manager with an easy-to-install file explorer for remotely managing files on a web server. Its “rich client” layout and actions make it accessible to any end-user for a variety of purposes: file management/sharing, photo gallery, code browsing, etc. Only PHP (4 or 5) is necessary, no database needed.

  • Rename/Copy/Move/Delete/Download files or folders
  • Upload multiple files and track status with progress bar (Flash required and no https)
  • Create folders and empty files
  • Edit Text files and code files (js, php, html, java, sql, perl), syntax is highlighted in the editor
  • View Images online, preview images in the list, diaporama of a given folder
  • Listen to MP3sonline without downloading them
  • View Flash videos (FLV) online and full screen.
  • Browse and Extract ZIP files online
Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to change your MySQL database user password

Fri 23 July 10 Comments are Closed

The SQL statement you need to run on the MySQL database to change your personal database user password is:

SET PASSWORD = PASSWORD(‘biscuit’);

That will set the password for the current user your logged in as to “biscuit”. You can issue this SQL command by using a 3rd party MySQL client, or using our MySQL editor which is available at “http://www.imageway.com/support“.

Rate This Entry:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

back to top
×