Beginner PHP question

Connect with other users about what to run on your webhosting (and how to run it) here.
Post Reply
dustinandband
A semi-regular
A semi-regular
Posts: 22
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Mon Oct 05, 2015 7:38 pm

Beginner PHP question

Post by dustinandband »

Beginner web dev question - does NFO web hosting allow you to access 'httpd.conf' config file of apache? I'm wanting to install this web interface to test a web interface out, which contains sensitive database info. It looks like NFO installs Apache by default as well as keeping all pre-installed packages up to date, but when I FTP to the web server I only see a folder called public, and two inaccessable folders called access_log / error_log

It looks like the DB info is in a .txt file and not the php file, which is why I want to be sure that the public can't access / see this:
https://github.com/R1KO/Chat-Logging/tree/master/Web

I'm only using this plugin/ webscript as a test. In the future I plan to code my own stuff.

Anternative question:
From ordering a new web server via NFO - what's the best way to install this stand-alone PHP script and ensure the .txt file is kept private?
dustinandband
A semi-regular
A semi-regular
Posts: 22
Joined: Mon Oct 05, 2015 7:38 pm

Re: Beginner PHP question

Post by dustinandband »

Uh... I'm not 100% sure but are these other people's web folder names I'm looking at?

https://imgur.com/eY9zXDq

I simply SFTP'd to the server and enabled hidden files, to see if I needed to manually create a .htaccess file or it was just hidden. I accidentally went back a directory from my folder and noticed all these folders under /usr/www

At first I thought this was a newly created virtual server just for my website (perhaps a lot of library include files for python, php, etc), but then I noticed strange names like 'analbeads'. Furthermore I can't access most the files and tried changing the file permissions on one (was going to change it back - it was a test to see if this virtual server belongs to me and I just needed file permissions or it belongs to multiple users).

You can even access the "/" directory of the linux machine (before root folder).
Seems like a security breach but I don't know what I am looking at here. I'm 100% new to anything web related.
dustinandband
A semi-regular
A semi-regular
Posts: 22
Joined: Mon Oct 05, 2015 7:38 pm

Re: Beginner PHP question

Post by dustinandband »

Nevermind I should've used google translate to see that the .txt file was just a read me.

Facepalm moment right there.
User avatar
Spray
Former staff
Former staff
Posts: 630
Joined: Wed Dec 28, 2011 10:41 pm
Location: Oregon

Re: Beginner PHP question

Post by Spray »

To clarify, the reason you're able to see other customer folders in the /usr/www/ folder or system folders within the root (/) folder, is that your user account must be able to see shared folders on the system in order for components like SFTP or SSH to function properly. Customer files within each folder are not able to be seen or written to by default, and other customers can't access your files.

The http.conf file isn't able to be altered by any customer individually, as changes to this file effect all customers on a web hosting machine. You can instead use a ".htaccess" file within your "public" folder to apply changes to your site, specifically. Apache allows many things to be altered using this configuration file approach. Apache's site offers an introduction to htaccess files here: https://httpd.apache.org/docs/current/h ... ccess.html
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: Beginner PHP question

Post by Edge100x »

dustinandband wrote: Tue Oct 30, 2018 9:57 pm Beginner web dev question - does NFO web hosting allow you to access 'httpd.conf' config file of apache?
No. We maintain this file ourselves.

If you need to change PHP settings, you can change many of them through .htaccess or with php_ini at runtime.
I'm wanting to install this web interface to test a web interface out, which contains sensitive database info. It looks like NFO installs Apache by default as well as keeping all pre-installed packages up to date, but when I FTP to the web server I only see a folder called public, and two inaccessable folders called access_log / error_log
That sounds correct.
It looks like the DB info is in a .txt file and not the php file, which is why I want to be sure that the public can't access / see this:
https://github.com/R1KO/Chat-Logging/tree/master/Web
There are multiple ways to prevent the public from being able to read a file that you place on the hosting. For instance, the file could be stored outside of the site's root folder, access to it could be denied through the .htaccess file, or it could be integrated into a script (such as a PHP script). The last of these is most common. The software package itself should generally pick one of the methods for you.
Uh... I'm not 100% sure but are these other people's web folder names I'm looking at
Yes: viewtopic.php?f=19&t=5690
Post Reply