Best Linux Web Hosting ( Unlimited Domains, Disk Space and Bandwidth )

After i made a deep research and compared all Linux Web Hosting, i came out with this list. I was looking for a web hosting that support unlimited domains with unlimited disk space and bandwidth. After came across with all user reference i found the other good hosting that support unlimited domains. I put hostgator in the first position for all their benefit. As what all hostgator clients testified, hostgator really give them 24x7x365 service and they have a good support team also.

1. Hostgator

I found only good testimonial from all hostgator customers. They really satisfied with hostgator service.

Uptime: 9/10
Support: 9/10
Feature: 9/10
Price: 9/10

Price : start from $4.95/month.
Hostgator Coupon

2. Bluehost

Bluehost provide unlimited domains which you may control it from one control panel. They offered best deal with best hardware.

Uptime: 7/10
Support: 6/10 (They don't provide live chat)
Feature: 9/10
Price: 9/10

Price: start from $6.95/month
I can give your $50 rebate if you buy from my link.

3. Host Monster

It's the same hosting with Bluehost but with lower grade of hardware.

Uptime: 6/10
Support: 4/10 (They don't provide live chat)
Feature: 9/10
Price: 10/10

Price: start from $5.95/month
I can give your $50 rebate if you buy from my link.

4. Hostupon

They are a new hosting company. Just established since 2007 but they hosting really kick butt.

Uptime: 7/10
Support: 4/10
Feature: 9/10
Price: 10/10

Price: start from $4.95/month with 30 days money back guarantee.
Coupon: HPR50 (get $50 off)
They provide live chat but not for 24 hours. Supports team will away on weekend. I did sent email to ask about hosting package on Saturday and they replied on the next Sunday.

5. Webhostingpad

Quite new established hosting company. They established since 2005, customers review mixed. Some complain about uptime and support but most will give a good review. Unlimited domains from addon domains.

Uptime: 8/10
Support: 6/10
Feature: 9/10
Price: 10/10

Price: start from $3.96/month with 30 days money back guarantee.
Coupon:
- Webhostingpad Coupon $25 Off : revpad25, promo25 (valid for 2 & 3 years plan)
- Webhostingpad Coupon $12 Off : 12off

How to claim your rebate?
You must buy the hosting package from my given link, then send email stating transaction date, domain name and your paypal account. I will send the money after 3 month from your transaction date.

Source:
http://www.webhostingrally.com
http://hostjury.com
http://b2evolution.net
http://www.hostingreviewsbyusers.com
http://www.webhostingpadreview.org
http://www.webhostingstuff.com

How to configure tcp wrappers (hosts.allow and hosts.deny)

TCP Wrapper compatibility:
Check your application whether compatible with tcp wrapper or not.
How can you find out if your application is compatible? Use this command:

syntax: ldd /path/to/binary | grep wrap (general example)
ldd /usr/sbin/sshd | grep wrap (shows that the sshd refers to libwrap)
libwrap.so.0 => /lib/libwrap.so.0 (0x00007f142f0af000)

ldd /usr/sbin/apache2 | grep wrap (show that apache does not refer to libwrap)
result zero

hosts.allow and hosts.deny.

- host.allow ( Choose ip range that you want to allow )

ALL: 172.16.172.0/255.255.255.0 : ALLOW
ALL: 172.16.188.0/255.255.255.0 : ALLOW
ALL: 172.16.189.0/255.255.255.0 : ALLOW
ALL: 172.16.178.0/255.255.255.0 : ALLOW
ALL: 172.16.179.0/255.255.255.0 : ALLOW

- host.deny (Paranoid setting block all connection except in hosts.allow)

#(denying all services to all hosts)
ALL:ALL

The syntax of the hosts.allow and hosts.deny files are:

service(s) : ips or hosts

conclusion

The hosts.allow and hosts.deny files are very flexible and allow you to lock down your network in very granular ways. The limitation of some applications not honoring hosts.allow and hosts.deny is the biggest thing to remember. Make sure the service you are trying to block refers to libwrap.so before you start writing rules or you may sit and wonder why your rules don’t work, when its really the application itself not being compatible.

If you need to hardened you system more, please read about this Ubuntu Hardening guide.

Apache hardening guide with PHP

#1: Update, update, update

Just because it is Apache running on Linux doesn’t mean you shouldn’t bother to update. New holes and security risks are found all the time. You should always develop a sound update policy to keep on top of patches. If you have installed Apache with your distributions package manager, you can make the updates go seamlessly. If you have installed from source, make sure that upgrade is not going to break any modules or dependencies your Web site has. And if you update Apache, make sure PHP (if used) is updated as well.

#2: Use the right user:group

I have seen Apache installed under many groups and/or users. One of the biggest offenders is the root user. This can lead to some serious issues. Or say both Apache and MySQL are run by the same user/group. If there is a hole in one, it can lead to an attack on the other. The best scenario is to make sure Apache is run as the user and group apache. To make this change, open the httpd.conf file and check the lines that read:

User

Group

Change these entries to:

User apache

Group apache

If you get any errors indicating the group or user do not exist, you’ll have to create them.

#3: Turn off unwanted services

There are a few services and/or features that you will want to turn off or not allow. All of these services can be disabled in the httpd.conf file. Those services/features that could cause the most issues include:

* Directory browsing. This is done within a directory tag (the document root is a good place to start) using the Options directive and is set with “-Indexing”.
* Server side Includes. This is another feature that is disabled within a directory tag (using Options directive) and is set with “-Includes”.
* CGI execution. Unless your site needs CGI, turn this off. This feature is also set within a directory tag using the Options directive, with “-ExecCGI”.
* Symbolic links. Set this inside a (surprise, surprise) directory tag with “-FollowSymLinks”.
* None. You can turn off all options (in the same way you set the above) using “None” with the Option directive.

#4: Disable unused modules

Apache has a ton of modules. To get an idea how many modules your installation is running, issue the command (as the root user) grep -n LoadModule httpd.conf from within your Apache configuration directory. This command will show you every module Apache is loading, along with the line number it falls on. To disable the modules you don’t need, simply comment them out with a single # character at the beginning of the module line.

#5: Restrict access

Say you have an intranet that contains critical company information. You will want to deny anyone outside your private network from seeing this information. To do this, you can restrict access to your internal network by adding the following inside a directory tag in your httpd.conf file:

Order Deny, Allow

Deny from all

Allow from 192.168.1.0/16

where 192.168.1.0/16 is the configuration matching your internal network. As with all modifications to the httpd.conf file, make sure you restart Apache so the changes take effect.

#6: Limit request size

Denial of service attacks are always a possibility when you allow large requests on Apache. Apache has a directive, LimitRequestBody, that is placed within a Directory tag. The size of your limit will depend upon your Web site’s needs. By default, LimitRequestBody is set to unlimited.

#7: Employ mod_security

One of the most important Apache modules is mod_security. This module handles many tasks, including simple filtering, regular expression filtering, URL encoding validation, and server identity masking. The mod_security installation and setup is a bit beyond a one-paragraph description. But you can begin by adding the “unique_id” and “security2″ directives in the Apache modules section. Once you have added the entries, run the command service apache2 configtest. If you get returned Syntax OK you’re good to go.
#8: Do not allow browsing outside the document root

Allowing browsing outside the document root is inviting trouble. Unless you have a specific need to allow it, disable this feature. First, you’ll need to edit the document root Directory entry like so:

Order Deny, Allow

Deny from all

Options None

AllowOverride None

Now, if you need to add options to any directory within the document root, you will have to add a new Directory entry for each one.

#9: Hide Apache’s version number

The best offense is a good defense. And one of the best defenses is to obfuscate as much information about your service as you can. One crucial bit of information to hide is the Apache version number. By hiding it, you keep unwanted users from knowing how to quickly hack your Web server. To hide Apache’s version number, add the following in your document root Directory tag:

ServerSignature Off

ServerTokens Prod

#10: Immunize httpd.conf

One of the best security measures is to hide your httpd.conf file from prying eyes. If people who shouldn’t see your httpd.conf file can’t see it, they can’t change it. To immunize the httpd.conf file, set the immutable bit with the following command:

chattr +i /path/to/httpd.conf

where /path/to/httpd.conf is the path to your Apache configuration file. Now it will be very difficult for anyone to make any changes to httpd.conf.

Apache have a very close relation with php so i think we need to hardened php too.
- Disable unnecessary PHP variable

Edit /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini
Turn off some of this variable:
allow_call_time_pass_reference = Off
magic_quotes_gpc = Off
register_long_arrays = Off
register_argc_argv = Off
allow_url_fopen = Off
expose_php = Off
disable_functions = symlink,shell_exec,proc_close,proc_open,dl,passthru,escapeshellarg,escapeshellcmd,openlog, apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,virtual, phpinfo

This guide taken from this site. If you looking for full (more complicated) guide you may read guide from xianshield.org

Install Adobe Acrobat Reader on Ubuntu and CentOS

There is no Adobe Acrobat Reader package in Ubuntu Repository until now. How to install it on our Ubuntu Desktop?
Download latest Adobe Reader from Adobe Website choose Linux - x86 (.deb) from OS list.
From console, this is latest version until i post this article (21/01/2009):

wget http://ardownload.adobe.com/pub/adobe/reader/unix/8.x/8.1.3/enu/AdobeReader_enu-8.1.3-1.i386.deb

Install downloaded package. From Ubuntu Xwindow double click downloaded package file and install.
Console:

dpkg -i AdobeReader_enu-8.1.3-1.i386.deb

After installation finish go to Applications > Office > and find Adobe Reader shortcut.
This step by step also can be apply to CentOS since they use the same source package.

mysql clustering database replication vs file-based replication ( mysql+drbd+heartbeat )

You have a low budget to implement mysql clustering, i suggest you to choose Heartbeat+DRBD. I have used my old server (PIII+512Mb) to developt MySQL Clustering. I only need 2 server to implement this clustering method compared with MySQL Clustering use replication method you'll need at least 4 server and you also need good hardware with big memory size to implement this clustering.

Need to know more about MySQL Replication concept? You may check Mysql Clustering white paper.

How to check disk uuid

Since my fstab use disk-uuid to mount the disk therefore I need to know what is my disk uuid . This command will do uuid check for the disk.

blkid /dev/disk

How to create Apparmor configuration file for Apache

If you need to hardened apache service with apparmor. Here is the step by step how to create apparmor configuration file for apache.

First, activate profile generation. Skip for repository section, just answer later (L):

sudo genprof -d /var/log/syslog /usr/sbin/apache2

Setting /usr/sbin/apache2 to complain mode.

Please start the application to be profiled in
another window and exercise its functionality now.

Once completed, select the "Scan" button below in
order to scan the system logs for AppArmor events.

For each AppArmor event, you will be given the
opportunity to choose whether the access should be
allowed or denied.

Profiling: /usr/sbin/apache2

[(S)can system log for SubDomain events] / (F)inish

Keep this open, don't press (S) or (F) yet because we still have some task to be done.

Second, open new console and try to restart apache service.

sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start

Try to access or test your web application, this will help apparmor to cache all permission for your web access directories and files. After you finish with web application testing go back to console which still running genprof command then Press (S). Genprof will prompt some question, and you may choose whether you want to allow or deny the permission.

Once you finish with genprof, you will found this file /etc/apparmor.d/usr.sbin.apache2
Restart your apparmor then restart your apache daemon.

If some of your web application isn't accessible, see apparmor log to check is there any file permission has been blocked.

Jan 19 16:51:47 appserv02 kernel: [264251.884604] audit(1232355107.629:28228): type=1503 operation="inode_permission" requested_mask="r::" denied_mask="r::" name="/var/www/html/MyApps/index.php" pid=19234 profile="/usr/sbin/apache2" namespace="default"

This error log means you need to give read permission to this file "/var/www/html/MyApps/index.php". Edit and Add this below rules to your /etc/apparmor.d/usr.sbin.apache2

/var/www/html/MyApps/index.php r,

Try to restrat apparmor and apache server one more time. If you found more blocked permission from audit log, you may repeat above steps.

PSEXEC PORT

My firewall has blocked me when i tried to execute psexec. What is the psexec port to open so i can execute this command on target? PSEXEC port is tcp 445.

HOWTO: Set up VNC server in Ubuntu

I have 2 reference guide from:
1. http://ubuntuforums.org/showthread.php?t=259448
2. http://ubuntuforums.org/showthread.php?t=122402

What i need is to use vncserver to start kde when the user do remote desktop with vnc viewer client. IN my previous howto, i should login to kde first before i can do a remote desktop so this method will be no use if i put the server in host center and when the machine reboot, i couldn't manage to do a remote desktop to that server because kde/gnome desktop isn't activated.

I just copied this manual from the forum, just to prevent if sometimes the thread has been removed and i still have a copy in here :)

This guide is very similar to the Gnome Ubuntu HOWTO, located here:

http://ubuntuforums.org/showthread.php?t=122402

I have borrowed a lot of the notes from that author, only changing things to work for Kubuntu users. Most of the credit for the info goes to the author of that post. If you are having problems, I strongly recommend browsing through that thread first.

This guide is intended for Kubuntu users, and details how to enable Xdmcp for your KDE session. It was written using Kubuntu 6.06 (i386) as a reference. In the steps, I use kate as the text editor, but you can use whatever editor you prefer. In reality I use vi, but most people don't know vi commands so I stick with kate in these examples.

Required packages:

To make sure you have the proper software installed, execute the following:

Type in a terminal:

Code:

sudo apt-get install vnc4server xinetd xvncviewer

The latest versions are:
vnc4server: Xvnc Free Edition 4.1.1
xinetd: xinetd Version 2.3.14 libwrap loadavg
xvncviewer: VNC viewer version 3.3.7 - built Feb 20 2006 12:04:05

If you're using previous versions of any of these packages, there's no guarantee this will work. (Actually, there's no guarantee this will work anyway, but if you use versions below what I indicated, then you're just making it harder on yourself )

WARNING: Make sure you install vnc4server and NOT vncserver. These packages ARE different, and the latter will NOT work correctly.

Note to AMD64 users: The current version of vnc4server in the repositories has a bug, so you need to download and install the fixed vnc4 packages as shown below:

Code:

wget http://qt1.iq.usp.br/download/vnc4server_4.0-7.3_amd64.deb
wget http://qt1.iq.usp.br/download/xvnc4viewer_4.0-7.3_amd64.deb
sudo dpkg -i vnc4server_4.0-7.3_amd64.deb
sudo dpkg -i xvnc4viewer_4.0-7.3_amd64.deb

THE STEPS:

1. ENABLE XDMCP IN KDE

Type in a terminal:

Code:

sudo kate /etc/kde3/kdm/kdmrc

At the very bottom of the file, you'll see this section:

Code:

[Xdmcp]
Enable=false
Willing=/etc/kde3/kdm/Xwilling

Change it to look exactly like this:

Code:

[Xdmcp]
Enable=true
Port=177
Xaccess=/etc/kde3/kdm/Xaccess
Willing=/etc/kde3/kdm/Xwilling

Save the file and quit. Then type this in your terminal:

Code:

sudo kate /etc/kde3/kdm/Xaccess

This is a big file and can be confusing, so make sure you do this exactly as shown. Scroll down and find this line:

Code:

#*                                       #any host can get a login window

Remove the # from the beginning of that line, so it looks like this:

Code:

*                                       #any host can get a login window

Then find this line:

Code:

#*               CHOOSER BROADCAST       #any indirect host can get a chooser

Remove the # from the beginning of that line, so it looks like this:

Code:

*               CHOOSER BROADCAST       #any indirect host can get a chooser

Save the file and quit out of KATE.

Now we need to restart the KDM process so it will re-read the configuration file. The easiest way to do this is to just reboot the machine. The quickest is to do the following:

Code:

ps -ef | grep kdm

This will print out a list of processes with the letters 'kdm' in the name. Find the one that looks like the following (Specifically the one that ends in /usr/bin/kdm):

Code:

root    4530      1     0 0:09:20 ?          00:00:00 /usr/bin/kdm

See the number right after root? 4530 in my example, you will almost certainly have a different number. That's the process ID or PID. Type the following command to restart kdm (Substituting the PID number you have for the 4530 in my example):

Code:

sudo kill -HUP 4530

2. SET THE VNC PASSWORD

Type this in a terminal:

Code:

sudo vncpasswd /root/.vncpasswd

3. ADD VNC SERVICE TO XINETD

Type this in a terminal:

Code:

sudo kate /etc/xinetd.d/Xvnc

Enter this in to the new file:

Code:

service Xvnc
{
      type = UNLISTED
      disable = no
      socket_type = stream
      protocol = tcp
      wait = yes
      user = root
      server = /usr/bin/Xvnc
      server_args = -inetd :1 -query localhost -geometry 1024x768 -depth 16 -once -fp /usr/share/X11/fonts/misc -DisconnectClients=0 -NeverShared passwordFile=/root/.vncpasswd
      port = 5901
}

I recommend leaving all of that code alone, but you can safely change the 1024x768 to be a bigger or smaller resolution for your Xvnc window, depending on what you want. You can also change the depth, but understand that increasing the depth bits will cause more bandwidth to be used over your network, which could slow down your VNC experience considerably.


4. RESTART XINETD

If the following code does not work, try rebooting:

Code:

sudo /etc/init.d/xinetd stop
sudo killall Xvnc
sudo /etc/init.d/xinetd start

Don't worry if you see a message like "Xvnc: no process killed". This just means there was no open, active session of VNC running at the time. This is expected and is normal.


5. TEST

If you followed all of the above steps correctly, you should now be able to test your VNC server. Type the following in a terminal:

Code:

vncviewer localhost:1

You should be prompted for the VNC password, and then see the KDM login screen where you can login and start a new X session. If that works, you can now go ahead and try to connect from remote machine using your favorite VNC client (remember to first close the local vncviewer we started above). Remember to use the VNC server machine's domain name or IP address, followed by :1 (e.g. 192.168.0.100:1). If connecting locally as shown above works, but connecting remotely fails, then this means you have a problem with a firewall which is blocking some ports. See the notes below about how to deal with that.

Note about ports: The VNC server set up as shown uses TCP port 5901. If you are using firewall software (e.g. firestarter) on that machine, you need to allow incoming connections on this port. If you are using a router which assigns your machine a private address (e.g. 192.168.0.100) which is not accessible from the internet, then you need to forward TCP port 5901 from the router to this machine.

Note about security: This setup allows any user to start an X-session remotely by logging in using his regular password (after starting the VNC connection using the VNC password), so if the user disconnects without logging out, any other user which knows the VNC password can connect afterwards and resume the same session that the first user started. So if you do not want to log out before disconnecting, it's advisable to at least lock your VNC X-session screen. Also note that while a remote user is connected thru VNC, no other connection will be accepted. An idle VNC client will be disconnected after one hour, but this can be changed by using the "-IdleTimeout" option in the server_args line in /etc/xinetd.d/Xvnc. For example, you can add "-IdleTimeout 300" to change it to 5 minutes.


reference links:
Gnome VNC howto: http://ubuntuforums.org/showthread.php?t=122402
Xdmcp in kdm: http://klomdark.servebeer.com:8081/M...px?MsgNum=1967


Good luck!

My vncserver setting a bit different since i only can see a grey window from the screen when i do the remote desktop. I use this command to run the vncserver:

user # vncserver :0 -name kde -geometry 1024x768 -depth 16 -httpport 5800

I need to run this vncserver on port 5900 so i should use :0 because my firewall only opened to this port.

How to install & configure VNC in Ubuntu - Remote Desktop in Ubuntu

Install X11VNC and vnc-java packages.

# sudo apt-get install x11vnc vnc-java

Run the terminal command

# x11vnc -forever -usepw -httpdir /usr/share/vnc-java/ -httpport 5800 -shared

When you run above command, system will prompt you to create password and the password will be kept in /home//.vnc

*PS:
-usepw : use password
-shared: will allow more than 1 user to remote