Important – 777 Permissions To Be Removed From All Servers

Due to the large scale phishing attacks happening on many of our sites due to the lack of security on many of the domains, we are taking certain steps to protect our servers and the sites from such attacks.

As a part of this, we are disabling 777 access to any website. To accomplish this, we are migrating our servers to SuPHP to secure our PHP and apache configurations. This move will make sure files cannot be written by everyone and will prevent the issue caused by the 777 permissions that were previously allowed on all files.

We are implementing this change in our shared servers on 30-Oct-2010.
suPHP is a tool for executing PHP scripts with the permissions of their owners. With this we have following advantages in shared hosting environment

No folders or files can have 777 permission and it cannot be owned by user “nobody”. This is one of the greatest advantage where we can secure the files and folders in the site as none can do anything other than the site owners.

This change will go in at midnight on 29-Oct-2010 and as of 30-Oct-2010 we will not allow any 777 access on any of our servers.

Site Owner should make following in their site
1. Make sure no 777 permission files or folders/directories present in the site. The recommendation is to change it to 755 for folders and 644 for files.
2. .htaccess file should not contain any php_value. Please move those values under php.ini file instead.

Please feel free to contact us if you need any help with this.

Resellers please pass this is to the respective site owners.

Site Complaints Notification Process at Auro Infotech

In the past year or so, we have received an increasing number of website related complaints of various kinds. Some of the common categories of complaints against sites on the servers managed by us are:

1. Copyright violation notifications against sites
2. Phishing attacks originating from sites
3. Spam mails originating from sites
4. Malicious content such as spyware, worms, etc originating from sites
5. Other types of abuse notifications about the sites

The process to notify these complaints is defined below:

1. Please send an email to support@auroinfotech.com with the following information:
a. Name of the site
b. Exact Link where violation occured (This is mandatory for reporting copyright violations, phishing attacks or malicious content notification)
c. Short Description of the issue and the action expected to be taken
d. Name and email id of the team to whom response should be sent

2. We will forward the notification to our clients and we always insist our clients to provide a response within 24 hours on the action taken.

3. If the client provides a response within 24 hours, we will pass it to you. If we do not get a response within 24 hours from our clients, we will take necessary action as per your request and update you.

4. Upon receiving written legal notification postal letter under Indian laws, we will provide the name and address of the clients whose servers are managed by us.

Please note that we manage the servers and the sites on it. We are not responsible for the content that resides on these sites, but as a professional policy, we will follow up on such complaints against sites hosted on servers managed by us.

On a related note, we will write separate blog posts about each of the types of complaints listed above, and the steps that can be taken by our clients to protect their sites from such violations.

Please feel free to contact us if you have any questions about this.

Blackberry using SMTP and POP3

Some of our clients with hosting accounts on our servers have often asked us for details on how to connect their email accounts with their blackberry device.

Since we use Blackberry heavily at Auro Infotech, we are quite comfortable with the setup of Blackberry to be used with email accounts on Auro Infotech hosted domains. This post gives details of the steps involved in setting up the same.

Continue reading

WordPress upgradation from 2.9.2 to wordpress-3.0.1

From our previous post

We have successfully upgraded our wordpressmu from 2.9.2 to 3.0.1

Here are the steps we followed for this upgradation
http://wpmu.org/how-to-upgrade-wpmu-2-9-2-to-wordpress-3-0-in-5-easy-steps/

We have also upgraded all our plugins and we are happy to say that we are in WordPress-3 club.

Have fun!!

Magento Upgrade from 1.3.1 to 1.4.1.1

Magento is one of the preferred ecommerce open source platforms we specialise in at Auro Infotech. Recently, Magento announced upgrade to 1.4.1.1 and we also decided to upgrade on of the Magento based sites that we manage.

In version 1.3.1, we faced the following error when we checkout using paypal
“There was an error proccessing your request”

We did many studies to fix this and we finally we decided to upgrade the magento to the latest version as we thought this might fix the issue. Since we developed the skin(theme) for the site, we knew it should be done with great care as we need to merge our custom code with magento code.

As always, before upgrading the live site, we upgraded the testing site with many trial and errors and atlast we did it successfully in testing. We have the steps noted down below which we took while upgrading the production site. Below are the steps which we like to share

Continue reading

WordPress migration to php-5.3

Today we migrated one of our wordpress site from one server to another.
Present server has the version PHP-5.2.9 and the new server has PHP-5.3.2

Once we copied the files and database to the new server, it started showing has the following errors

Assigning the return value of new by reference is deprecated in /home/sitename/public_htm/wp-settings.php line xx

This error should be fixed by removing “&” in wp-settings.php where you have assigned a variable

For example, I have given below one assignment statement

$GLOBALS[‘wp_query’] =& new WP_Query();

Remove ‘&’ and make the line look like below

$GLOBALS[‘wp_query’] = new WP_Query();

Similarly remove “&” in all places whereever this error is thrown.

One more thing is function “set_magic_quotes_runtime()” in deprecated in php-5.3.2
Instead we should use the following
ini_set(“magic_quotes_runtime”, 0);

Also, the function split() is deprecated in php-5.3.2. Instead we should use explode ()

I had already posted a week back other functions that are deprecated in PHP-5.3.2.

Today I found other 3 functions. I will keep posting my updates whenever I find the old functions deprecated in PHP-5.3.2

Auro Infotech New Website Preview

We are working on revamping our existing Auro Infotech website.

While it is close to completion, we thought it would be a good idea to give a preview of what is coming.

Besides giving a cleaner look to the site, some of the key changes we have made are:

  • Social media integration with Facebook and Twitter
  • Contact form on all pages
  • Client login from home page itself
  • Enhanced Portfolio listing by industry, technology and category
  • Testimonials section
  • Easy access to RSS and Sitemap

The testing version is available here

The themes for the blog and forums are currently in progress. Once this is done, we hope to launch the site – hopefully within the next week or so.

Please do let us know your thoughts on these new changes to the website.

Google shows multiple results from same domain

Google has made a major change in its search results, which is going to affect Search Engine Optimization activity done on many sites.

All these days, when there is a search for an organisation, eg Yahoo, the results used to show one result from their website and then results from other sites with the information on Yahoo.

With the change made by Google, the results now show multiple results from Yahoo website. In some instances, there are as many as eight results shown from the same site. This change is tactical and is going to result in the following:

Continue reading

IE 7 and IE 8 Mess with Websites

I do not have words to describe the pain we went through with handling IE7 and IE8 on a recent release of a new website for one of our very important clients.

As always, we followed a very rigorous QA testing process and our QA team had signed off on the cross browser testing of the application, The QA team had tested the website on PC, MAC and mobile browsers. They had tested on Firefox (versions 2, 3 and 3.6), Internet Explorer (7 and 8), Opera, Safari and Chrome. This testing was done on different resolutions.

After taking care of all these variations, we confirmed to the clients that the website was fully ready to go live. The client also tested from a machine at home and said that everything was fine.

Then started the nightmare.

The client went to the office and tested again to realize that their entire left menu did not work. The best part is, it worked right on a few machines and did not work on a few. I tested on a IE7 machine and it was messed up, It worked fine on another IE8 machine.

As we continued our investigation, we found out that with IE7 and IE8, Microsoft has introduced a new feature called ‘Compabitibility View’. As per Microsoft’s explanations on Compatibility view, Compatibility view exists to accomodate those features that were used in older sites.

In addition, we noticed that Javascript was disabled by default in IE7 and IE8. It is very difficult to believe that Microsoft just decided to strengthen the security and make such huge change on Javascript related features. Many of the online users would not even know where to go to enable it.

This problem was solved by enabling compatibility view or by enabling javascript. We are still trying to find out the exact set of steps that happen when we enable compatibility view, so that we can try and see if we can programmatically enable it if required.

The best case scenario will be where we develop the sites, test it across standard browsers and it works without any exceptions. We do remember the nightmare we went through with IE6 testing and we felt better after taking the decision to discontinue support for IE6 and provide only on demand support for IE6 for the websites we develop.

Will provide an update after we investigate this further.