Change to the directory you want changed, then run these;

Will set permission for all files to 644 and all directories to 755.

This works for pretty much any Linux server.

If you run into this issue you have 2 choices.

1. Change mod_security
2. Use a simple workaround

I opt for #2. Changing mod_security is complex and the inability to use these words is there for a reason. They are commands that can cause some serious havoc to your server if abused. So, instead of gimping your security simply do the following:

use   (non-breaking space HTML element)

To use these words in this post I did the following:

Title: curl & wget in WordPress posts
In a sentence: “…the word wget in my code examples…”

Just make sure you never have the problem word, then a normal space, then any text. It will cause the 403 error.

Originally posted at www.jaguarpc.com by thisisit3

- START

Contrary to popular belief, spam is easy to combat. All it takes is a well configured SpamAssassin running on the server. Unfortunately the definition of “well configured” is very loosely defined in this context as its completely different for every domain/server.

One such example is the average person who blocks emails that contain the word “viagra”, but an actual medical doctor may use that word rather regularly.

So here is how to make SpamAssassin block 99% of spam:

STEP 1 - Raise score for Realtime Blackhole lists (RBL)

The default scores for RBLs are set too low. For example, if an email is marked as spam by SORBS then there is no reason giving it a score of 2. Based on my tests over a two year period RBLs are very safe to use. There are some issues with SpamCop but those always resolve after a few days.

Edit your “/etc/mail/spamassassin/local.cf” and add:

Code:

STEP 2 - Raise score for BAYES

The default scores for BAYES are set to the lowest possible. These scores are automaticaly generated by a special script used by the developers of SpamAssassin and its generates the score based on all the rules. Unfortunately the high probability scores are too low, for example a 90% probability is a definit spam, so there is no reason why its score should be 2.

Edit your “/etc/mail/spamassassin/local.cf” and add:

Code:

STEP 3 - S.A. Rules Emporium (SARE)

There is a special team of commandos who track daily spam. These guys have sat down and written rules that target specific strings within spam. One such tick is to scan for telephones and addresses used in spam, thus they don’t need to look for “viagra” in all its different variations instead they look for the phone or address of the guy selling them. As a result, their rules allow a doctor to get emails with “viagra” in them, while blocking spam at the same time.

These guys go even further, they have rules for:
- Rules to detect commonly abused redirectors and uri obfuscation techniques.
- Addresses and phone numbers harvested from spam
- Bayes poison using lists of words with equal length
- HTML coding rules that detect various spammer tricks applied through HTML coding within messages
- Header rules that are not found in other SARE rulesets.
- Rule set which flags specific spam and/or spam from specific spammers
- SARE Adult rules are designed to catch spam with “Adult” material.
- SARE “BML” rules are designed to catch “business, marketing and educational” spam.
- SARE Fraud rules are designed to catch “Nigerian 419″, “International Lotto”, etc. type scams.
- LOADS OF OTHERS…

Their website is at: http://www.rulesemporium.com/

Below are the safest rule sets which can be used everywhere. Just go to your “/etc/mail/spamassassin/” directory and run the following commands from the shell, thats all you need to do, they are automatically included when SA scans that directory.

Code:

STEP 4 - Final step

Finally, make sure your required score is still set to the default 5 because all the above rules expect that it hasn’t been changed.

Code:

Once you’ve run your system with the above and you are comfortable with the results, you may automaticaly delete spam with a score of 8 or more. The safest way is to create a filter rule in cPanel (Mail -> Email Filtering):

Code:

The result is this:

$message_headers contains “X-Spam-Level: ********”

- END

I’ll add that if you have PLESK you can make this last change by editing the ’spam filter’ setting instead.

Here’s how to do it:

1. Copy all email and folders over to the new server using scp. Make sure the email you are copying to is already set up on the new server.

   Log into the old server via SSH and type the following

   scp -p -r -P [port] /var/qmail/mailnames/[domain]/[email] root@[IP of destination server]:/var/qmail/mailnames/[domain]/
    

   You will be prompted for the root password of the server you are moving emails to. Once entered in you will view all the files being copied over.

2. Log into the new server and change the ownership of the files moved. Before you do this the ownership will be root.root and will not show up if you log into Horde.
   cd /var/qmail/mailnames/[domain]/[email]/
   chown popuser:popuser *.* -R
    

Done!

Note: Not all servers are the same, so (like any SSH command) do this at your own risk.

Change (”Horde”) to (”WhateverYouWant”). For me I changed it to (”DynamicMail”) seen below.

Change ‘bluewhite’ to the directory name of the theme you would like to use as the default. A great theme I use that does not ship with Horde is WPS Sober found here (read the README.txt in the download for installation directions). If you go with the WPS Sober you would change ‘bluewhite’ to ‘wps_sober’ after installing the theme.

Enjoy!

Open the following file in your text editor:

Around line 102 comment out the entire if() statement (lines 102-117).

If you upgrade Plesk, you will most likely have to repeat this process.

I am sure there is a more eloquent way of accomplishing this with mod_rewrite - but this gets the job done!

Can also be used to redirect to a landing page based on the requested domain:

Have a better solution? I’m no mod_rewrite guru so comments are always welcome!

What is Overselling?

When a company oversells hosting they are selling more resources than they currently have. For example, If you have a 200 GB Dedicated Server and you sell 30 X 10 GB Hosting Packages on that server you have sold 300 GB of server space and have oversold the server by 100 GB. However, the typical website uses about 50 Megs of space and 1 GB bandwidth per month, so the odds that any of your 30 clients will use up their resources is low.

Imagine the number of 50 Meg websites you could hold on a 200 GB server. For those not good in byte conversions, you could fit 4096 X 50 Meg websites on a 200 GB server!! So the temptation to do this and the potential profits are huge! But it doesn’t seem very ethical does it.

What types of hosting are there?

There are basically three types of hosting:

1) Shared Hosting – Your site is on a server with any number of other websites all sharing the resources of the same server. How many sites are on your server? Only your webhost knows for sure – and he’s not telling. The actual resources available for your site are largely unknown.

2) Virtual Dedicated – Here you in effect have your own server with all the control that comes along with it. You are allocated a set amount of resources and possibly might get them. The problem is, a Virtual Dedicated, just like Shared Hosting will have multiple accounts on one server. The difference is the host expects you to use more resources so they hopefully put less accounts on that single server. How many accounts? Again, only the webhost knows for sure.

3) Dedicated Server – Finally, a breath of fresh air! The resources you buy are the exact resources you get and you have all the control you need. The down side? You are going to pay for it: $80 - $400+ per month. The dedicated server is a computer in a datacenter with no other sites on it but your own. There is no sharing of the resources so you know they are all yours to use.

Ok, now that we have a better picture of the types of hosting, back to overselling.

How prominent is Overselling?

So, how many companies are actually overselling their resources? I think the following example should shed some light on this:

The following numbers are taken from GoDaddy.com as an example:

First let’s take the biggest pre-configured dedicated server currently at GoDaddy.com:

• 600 GB of Storage
• 2000 GB Bandwidth/month
• Price: $271.90/month

And now the biggest shared hosting option:

• 200 GB of Storage
• 2000 GB Bandwidth/month
• Price: $14.99/month

Already a little red flag should go up, why such a price difference for 400 GB more space? The truth is, every hosting company I have seen do not expect their ‘shared hosting’ customers to ever come near their resource limits (Remember when I mentioned the average site uses about 50 Megs of storage and 1 GB bandwidth per month). So the numbers are inflated to look like more than you will actually get. It’s a numbers game between hosting providers to out sell the competition through marketing. This concept is also where ‘unlimited’ storage and/or bandwidth comes from. But instead of flashing a number higher than they ever expect the average site owner to use they just say unlimited. Another marketing ploy. In my experience with shared hosting, the numbers will never reflect your actual resources.

Also remember, ‘shared hosting’ is really just multiple hosting packages on a single dedicated server. And with a dedicated server you actually get the exact resources you pay for. Here is what hosting companies do: Take the numbers in our previous example. How many of the ‘shared hosting’ accounts would have to be on the ‘dedicated’ server in our example to cover your costs? 19!! ($217.90 / $14.99) But that would mean we sold 3800 GB of storage and 38000 in Bandwidth for our 600 GB, 2000 GB Bandwidth server! This is a rough example, but is a good example of the sort of ‘overselling’ that is standard in the industry.

What happens if I use most of the resources on my ‘shared hosting’ account?

If you happen to actually use the resources stated in your ‘shared hosting’ agreement a few things will most likely happen. One, your site performance will be horrid. The server your site is on is sharing resources with potentially hundreds of other websites. As you use up resources you take away from all the other sites on the server. And as they compete for those resources your site will slow down and potentially just stop serving your site altogether (If you have ever seen a ‘too many requests to server’ or ‘server is too busy’ message when trying to visit a site this is one of the reasons for it). Two, your host will most likely contact you and either tell you they are shutting off your account or give you the option to upgrade to a virtual dedicated or dedicated server. You see, they were betting on you never using what they offered and they lost the bet. However, they have an out in their hosting agreement that says they can deny service for whatever reason they deem fit.

What type of hosting should I get?

For most sites shared hosting is where you want to be. You just need to know what it really is and that you could potentially outgrow it way before you hit your resource limits. Working with a host that is trustworthy and has a good reputation for taking care of their clients is key. If you need more they will let you know and move your site to a hosting option with more resources. Most sites never outgrow shared hosting.
For sites that you know will need a large amount of space or high traffic avoid shared hosting from large companies. If you are sure that your site will have a very large amount of traffic from day one a virtual dedicated or dedicated is better.

So is Overselling Wrong?

While I personally think overselling is unethical in many cases, fighting an industry standard is hard to do. When I was first exposed to this technique I was appalled, but as my business grew I came to understand it more. The concept is similar to that of the electric company. The reality is, if everyone turns on all the appliances in their house at the same time there will be a power shortage. Same goes for internet access: If everyone tries to download a huge file at the same time the download for everyone will screech to a halt. From a business standpoint you must maintain a healthy ratio of resources to demand and up the resources as the demand increases all while keeping everyone happy, your service strong and your business in the black.

So is overselling wrong? Not really, as long as the company behind it is responsible and makes sure everyone has a good experience using their service. I personally believe that if one site in a shared network is using most the resources the host should move them around to better spread the load for as long as physically possible without changing the package or affecting other sites. This however takes a great deal of management that is sometimes impossible with larger companies. It will also mean you are loosing money with that specific site. But those are the caveats of overselling from a responsible business standpoint.

Addition 5/7/08: Reading back over this article I wanted to add that I do feel that overselling is wrong in vps and dedicated servers. In these solutions you should be paying for the exact resources promised.