Core PHP vs PHP Framework

This article is not dealing with technical terms and concentrates to deliver the content simple. If you are a programmer let me tell you, why you should prefer Framework ahead of Core PHP for your projects. If you are a business guy let me tell you, why it is so important to insist your software vendor to develop your web applications and websites with PHP Framework.
The comparison between Core PHP and PHP Framework can be related to Mathematics.

  • To solve a complicated problem in scientific mathematics, you can either take a paper to work out, or you can use a scientific calculator to solve it.
  • Working out mathematics in a paper is like coding in Core PHP, tapping a scientific calculator is like coding in Framework.

So what do I mean?

Core PHP vs PHP Framework

Core PHP – Maths With Paper

  • Best student can solve the problem in few steps. Accuracy level – 75% to 100%.
  • Average student may or may not solve the problem, he will write down few more steps to solve the same problem.
  • Accuracy level – 50% to 75%.
  • Poor student cannot solve the problems. Still he will write down, lot and lot of steps to solve the problem. Accuracy level – 0% to 50%.

Framework – Scientific Calculator

  • Every student can solve the problem with 100% accuracy, once they learnt how to use the calculator.
  • The predefined formulas in the calculator will provide you accurate results faster for any problem.

Problem With Core PHP

Core PHP becomes complicated, when people start writing their own logic in it.
One can bring the output in few lines of code, where the other can take a few hundred of lines to bring the same. Both of them cannot read each other’s code. So the problem starts here, that is inconsistency.

Why Choose Framework?

Framework assures reliability, consistency and a big time-saver. It has rich set of functionalities, so you don’t need to reinvent the wheel again and again. You will have almost all the functionalities to develop a PHP web application. Since it has been developed in OOPS, you can extend the existing functionality and create your own to have a full control over the application. Framework will not let you to write bad code, unless you purposely do it. When you work as a team, integrating your entire module becomes very easier, also it helps a lot in understanding each other’s code.

When you start developing a project, there are a lot of things, which you have to take care about, but we know only half of the things in it. Framework does everything for you, so you can be assured that your application is clean and safe. Inputs can be sanitized easily. MVC is one of the key functionality of Frameworks, separation of logics from views is a very good practice.

Modification Projects

We all know that the client will surely come back to us one day to enhance the website with lot of his innovative requirements. If the project was done in Core PHP, you will have to say no for 50% of his new requirements, or simply you can tell him that the project is expired. But if the project was done is Framework, the beauty of Framework can be witnessed here. All you have to do is a cakewalk and give the updated project back to the client. I can assure this to you with the personal experiences I had.

Is Core PHP That Bad?

No, not at all. Core PHP helps you to understand the logics behind framework. Your logical thinking can be improved with Core PHP. The Core PHP becomes bad only when it goes to a bad programmer’s desk. Don’t dive into Framework without learning or coding in Core PHP. Please make sure that you read the full documentation before you start coding in Framework, writing Core PHP inside Framework has become common nowadays, it’s an insult to Frameworks.

We suggest our clients to prefer frameworks for their web applications. Choosing a framework depends upon the requirement of the project, will explain you about the functionalities and unique features of frameworks and how should you pick a framework in upcoming blogs.

Source: PAMIR WEB HOSTING

How to prevent your hosting account from being hacked

Tips on how to prevent your account from being hacked

The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account.

The security of our clients is of the highest priority for us. On our servers we have an effective firewall system along with a complex of other security measures.
However, some aspects of cPanel account protection depend not on Namecheap but on the owner of the account. In this article you will find several useful tips you can use to significantly improve your cPanel account’s security.

 

1. Use safe username and password

This is a quite obvious thing but having a secured password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere except for memory. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you especially if you have an account in any of social networks. In Internet security there is even a special term «social engineering» which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of e-mail, forum, chat or in social network. So in case your password is a date of your mother’s birth then do not be surprised if your account gets hacked.

Also, hackers have special tools for cryptanalytic attacks (also known as Brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.

It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel -> Change Password:

Another important aspect is a cPanel username.

By default in a hosting welcome guide you receive a generated username which consist of a part of your main domain name in complex with several random letters. cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however they are not permitted as the first symbol in the username). Also cPanel username cannot be longer than eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.

2. Change your password regularly

It is strongly recommended to change your password from time to time. Also we advise changing the password right after receiving a hosting welcome guide e-mail. cPanel password can be changed in cPanel > Change Password. By the way, we recommend checking Allow MySQL password change as this option lets you synchronize the password with the password for phpMyAdmin:
security_03.jpg

Additionally, it makes sense to change passwords for your e-mail accounts as well. This can be done in cPanel > E-mail Accounts:

3. Keep your username and password in a safe place

For example, avoid keeping your hosting welcome guide in the inbox of an e-mail account in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop especially if you are not the only user of this computer. You can use roboform, lastpass or any other similar password saving software in that case.

Needless to say it is not recommended to share your username and password with anyone.

4. Pay attention to security of your computer.

It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please, perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program so do not forget to check your PC regularly.

5. Use a secured connection when it is possible

For example, with Namecheap you can connect by FTP in two ways. You can use a conventional port 21 or you can connect using a non-standard secured port 21098. If there are no network restrictions then it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083 then, please, use link which looks like https://yourdomain.com:2083

6. Scan your webspace

To avoid having the files located in your hosting account being at hazard it is recommended to use different means of scanning for malicious software. First of all you can use an in-built cPanel virus scanner:

Also you can use some free online scanners such as this:
http://sitecheck.sucuri.net/scanner/

It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers. In case you have any suspects regarding your account’s security then, please, feel free to contact our Support Team at any moment.

7. Always have a backup

Even though backups are scheduled on a weekly basis on our shared servers it is recommended to keep a backup of your account somewhere in a safe place on your PC or third party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel > Backups. Note, that if your account gets bigger than 10GB or contains more than 150 000 inodes then it will be automatically excluded from weekly backups:

Even more advanced and convenient solution for creating backups is CodeGuard (later, CG). It’s main advantage is the possibility of creating *automatized* backups of your site. Using CG you can partially completely restore your site if there any changes arose, which you wish to get rid of. As CG is fully integrated in your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!

8. Enable CloudFlare

We recommend you enabling CloudFlare in your cPanel. It is a great solution which improves your account’s performance and security. It can help you in protecting your account against DDoS attacks, SQL injections and other similar threats.

You can find more information in our guide How to enable CloudFlare for your domain name.

Update all third party scripts to the latest versions (e.g. Joomla!, WordPress, Magentoo or any other CMS).
Don’t load your website with every script, theme, gadget, feature, function, and code snippet you can find on the web. Each of them could let a hacker into your site. Before you use something new, read its vulnerability report.

9. CMS security tips

If your site is build on WordPress we recommend you to read our WordPress security guides:

CMS Security Issues. WordPress Security and Optimization
Internal Protection “.htaccess” (Manual setup)

and use the security tips listed there to prevent hack attempts in the future.

Following these simple recommendations you can improve your account’s security greatly. From our side we do our best to keep your account safe but if you undertake these measures a level of security increases drastically. We recommend our clients not to ignore the safety of data and always feel free to contact our Support Team in case you have any questions or complications.

How to setup internal protection for .htaccess

This part is applicable only for cases, when you wish manually set up all the necessary settings and rules. All these settings can be done automatically with secure plugins (especially BulletProof Security). We recommend using the secure plugins first and only if they fail to deliver necessary control, perform manual configuration. If you do need to make specific changes to the .htaccess file manually, kindly use the guide provided below:

.htaccess (hypertext access) is the default name of directory-level configuration file specific for web servers running Apache

It is the one most often modified when dealing with redirects and is often used to change file types to make them executable. It is also the one you will be using to harden your environment.

To protect it you apply a few simple rules:
Set Low Permissions
Deny Access

Apply Low Permissions
The basic guidance for permissions is simple, the lower the number the harder access becomes. Good rule of thumb is keep the number as low as possible where the performance or functionality is not impacted. For most users, setting it to 640 will grant level of access that you need.
Add .HTACCESS Directives
What’s important to note here is that this only works if the attack is external. This won’t protect you from internal attacks (if entire cPanel accout is hacked, for example)
This is the .htaccess directive you can use:

#PROTECT HTACCESS
<Files .htaccess>
Order Allow, Deny
Deny from all
</Files>

Note: this only protects the file from external access.

  • Disable directory browsing

If you do not want to allow your visitors to browse through your entire directory, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog:

# disable directory browsing
Options All –Indexes

  • wp-config file protection

Wp-config.php is important because it contains all the sensitive data and configuration of your blog and therefore it should be locked through .htaccess. Add the code below to the .htaccess file in the root directory:

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files> 

The code denies access to the wp-config.php file to everyone.

  • Access to wp-content directory

Wp-content contains all content for your WordPress installation. This is a very important folder and it should be secured. Users should be only able to view and access certain file types like images (jpg, gif, png), Javascript, css and XML.

Place the code below in the .htaccess file within the wp-content folder (not the root):

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpeg|png|gif|js)$”>
Allow from all
</Files>

  • wp-admin files

Wp-admin should be accessed only by you and your fellow bloggers (if any).  You may use .htaccess to restrict access and allow only specific IP addresses to this directory.
If you have static IP address and you always blog from your computer, then this can be a good option for you. However, if you run a multiple user blog then either you can opt out from this or you can allow access from a range of IPs.

Copy and paste the code below to the .htaccess in wp-admin folder (not root folder):

# deny access to wp admin
order deny,allow
allow from xx.xx.xx.xx # This is your static IP
deny from all 

The above code will prevent browser access to any file in these directories other than “xx.xx.xx.xx” which should be your static IP address.

  • Prevent script injection

To protect your WordPress blog from script injection, and unwanted modification of _REQUEST and/or GLOBALS copy and paste the code below to your .htaccess in the root:

# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

That’s it!

Why is it beneficial to have a dedicated IP address?

When it comes to hosting a website on a shared server, there is always quite a common controversial issue: Is it necessary to have a dedicated IP address for your website and why, if you just can use a shared one? Using dedicated IP address provides with certain crucial advantages, but let’s start with the definition first.

What is Dedicated IP Address?

IP stands for Internet Protocol and is defined as unique address assigned to each computer that is connected to a certain network. Internet Protocol address plays the role of unique identifier that is used to provide actual location of a machine or a website in a given network.

What is the difference between Shared and Dedicated IP address?

The difference between shared and dedicated IP addresses is quite simple. Shared IP address is a single address that is used by multiple websites within one web-server. In this case web-server should do some extra work, parsing user’s request to the correct website. Having Dedicated IP address means that the website has its very own address and you can use whether this IP address or domain name of your website to access it from the Web. For more illustrative example, please check the diagram below:

SNI_01.jpg

Why having dedicated IP address is beneficial?

There are a lot of reasons why it is recommended to use Dedicated IP address for a website, hosted on a Shared server, but we shall look through the main ones here:

  • It provides a higher stability

The fact that multiple websites share single IP address on the Web gives a clear picture about difficulties that may appear with a separate website. Just imagine that one of the websites hosted on a Shared server as well as yours, was suddenly flagged as a malicious one or the actual IP address of the server was blacklisted due to possible spamming activity of one of the users. Unfortunately there is a possibility that your website would suffer the consequences as well, however dedicated IP address will allow to control reputation of the website on your own in this case, and it won’t be affected by the others activity.

 

  • It grants access to your website anytime you need

Sometimes it is quite necessary to check how website is going to look before pointing domain name to the server and launching your website on the web. Dedicated IP address will provide with ability to access server directly without changing DNS settings for the domain name.

  • It is beneficial for email sender’s reputation

As it was already mentioned above, having your website run over a single IP address may cause unpredictable difficulties and email service may also be affected in this case. There are some situations when some user, sharing the same IP address with you gets banned or blacklisted for spamming which may possibly affect your email service as well. Using dedicated IP address for email, isolates your service from being affected by consequences of abuses made by others.

 

  • It is good for a business identity

If you are going to host your own online-store or other e-commerce related website, and you are not going to use some additional third-party services for handling payments, it is quite necessary to grab some Dedicated IP address and SSL certificate for the website, in order to provide security for your customer’s data. Customers will feel more safe making transactions on the website which uses dedicated IP address.

 

  • It is required for particular third-party applications/scripts

Sometimes a particular application or a script that you may wish to run on your server, requires a dedicated IP address.

 

  • SNI technology and incompatibility with some old browsers

With a recent cPanel update, we started to support SNI technology that allows to install multiple SSL certificates on a Shared IP address. However having a few SSL certificates on a shared IP address may cause issues with older versions of some browsers. In this case, all the visitors of such websites will receive a message containing information about untrusted connection, indeed the website is going to be available via HTTPS protocol. Dedicated IP address helps to avoid such issues.

ELS – Easy Linux Security

ELS stands for Easy Linux Security. ELS was created by the Server Monkeys Founder, Richard Gannon. ELS takes many of the tasks performed by our Administrators and puts it into an easy to use program for anyone to use. It is released under the GNU/GPL so it is free to use.

This program is always being improved with new features and bugfixes, so be sure to keep it up to date. If you found a bug or would like an improvement, please let us know! This program was made and is maintained in Rich’s free time (which isn’t often anymore). If you really like this program, donations are more than welcome! The only donation isn’t a monetary donation. If you have experience with coding in Linux Shell or other languages, anything you can add to improve this program is very welcome.

Supported Operating Systems

  • Red Hat Linux 9
  • Red Hat Enterprise Linux 3, 4
  • Fedora Core 1, 2, 3, 4
  • CentOS 3, 4

What ELS Does

  • Install RKHunter
  • Install RKHunter Cronjob which emails a user-set email address nightly
  • Install/update APF
  • Add SM/TP monitoring IPs (view information on these in Orbit)
  • Install/update BFD
  • Install CHKROOTKIT
  • Install CHKROOTKIT Cronjob which emails a user-set email address nightly
  • Disable Telnet
  • Force SSH Protocol 2
  • Secure /tmp
  • Secure /var/tmp
  • Secure /dev/shm
  • Install/update Zend Optimizer
  • Install/update eAccelerator
  • MySQL 4.0 and 4.1 Configuration Optimization (cPanel only)
  • Upgrade MySQL to 4.1 (cPanel only)
  • Tweak WHM Settings for security and stability
  • Configure RNDC if not already done (cPanel only)
  • Change SSH port (also configure APF as necessary)
  • Add wheel user and disable direct root login over SSH
  • Optimize MySQL tables
  • Install/update Libsafe
  • Install/update ImageMagick (from latest source)
  • Uninstall LAuS
  • Harden sysctl.conf
  • Install Chirpy’s Free Exim Dictionary Attack ACL
  • And more!

To install ELS, simply run the following command as root:
wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh

UNIX vs. Windows Hosting

UNIX vs. Windows Hosting

In the world of web site hosting there are two main types of operating system platforms on which you may host your web site, namely: UNIX and Windows. Each has its own set of unique features, advantages and disadvantages.

While it is difficult to say which one is the better choice, it is not as difficult to answer which is the better choice given your needs. The language which your site is programmed in is what primarily dictates the type of hosting you need.

Note: The operating system that you use on your desktop computer (the vast majority of people use some flavor of Windows) has absolutely nothing to do with the one that your host needs to serve your web site. Most personal sites are created with MS FrontPage and even although that is a Microsoft product, it can be hosted perfectly on a UNIX web server with FrontPage Extensions installed.

Stability:
UNIX systems (we actually use Linux but for comparison purposes they are identical) are hands-down the winner in this category. There are many factors here but to name just a couple big ones: in our experience UNIX handles high server loads better than Windows and UNIX machines seldom require reboots while Windows is constantly needing them. Servers running on UNIX enjoy extremely high up-time and high availability/reliability.

Performance:
While there is some debate about which operating system performs better, in our experience both perform comparably in low-stress conditions however UNIX servers under high load (which is what is important) are superior to Windows.

Scalability:
Web sites usually change over time. They start off small and grow as the needs of the person or organization running them grow. While both platforms can often adapt to your growing needs, Windows hosting is more easily made compatible with UNIX-based programming features like PHP and MySQL. UNIX-based web software is not always 100% compatible with Microsoft technologies like .NET and VB development. Therefore if you wish to use these, you should choose Windows web hosting.

Compatibility:
Web sites designed and programmed to be served under a UNIX-based web server can easily be hosted on a Windows server, whereas the reverse is not always true. This makes programming for UNIX the better choice.

Price:
Servers hosting your web site require operating systems and licenses just like everyone else. Windows 2003 and other related applications like SQL Server each cost a significant amount of money; on the other hand, Linux is a free operating system to download, install and operate. Windows hosting results in being a more expensive platform.

Conclusion:
To sum it up, UNIX-based hosting is more stable, performs faster and more compatible than Windows-based hosting. You only need Windows hosting if you are going to developing in .NET or Visual Basic, or some other application that limits your choices.