atesin

it worked finally.. thank you so much i hope with our new collaborator i will add through the panel now we will be more attentive to suspensions

hi... "my" hosting account was disabled (i mean the website of organization where i am volunteer sysadmin, because i have another account for personal use) - account = alanoncl - email = alanon.cl@gmail.com - domain = al-anon.cl ... i was not aware the account suspension because this last month i had to travel a lot because family businesses and couldn't access the mail/website too often ... recently a new member has arrived, interested in computing and help with our website (at last), i was showing the website/panel and found it was suspended i would appreciate if you reactivate the plesk panel and website .. thanks in advance

could be 2? ... "al-anon.cl" and "officenet.cl" ... the one of my organization (i am currently wotking on it) and the one of mine (later i will work on it) thank you so much

really?? ... could you please also disable "display_errors" just for me at least? .. which is the formal procedure to request it??? to see errors in both places is redundant... i would prefer not to see errors printed on page if they are already shown on logs, is cleaner another huge complication with "display_errors = on" is for example ajax... some ajax pages take the response in json, xml, csv, text or whatever format or api, in background, parse it and you see result in page accordingly.... if some unexpected error occurs, error messages will be inserted between the response that will break the entire parsing, turning pages and apps a disaster thanks for your diligence

oh i see ... "we already have postfix" i didnt know that we have postfix, and why i didnt imagine? xD ... i understand having posfix is better than to have some smaller smtp relay,,, and that the most common user case is to want a full featured smtp server to use email with his/her own domain, something not possible with a simple smtp relay i also understood that maybe i am asking for some elaborated solution, and that i am not in my home server anymore (i feel dumb)... so i think the better alternative i have to not to bother others is what you suggested me: to try a php mail library..... i am already doing tests with PHPmailer, is a little hard to adapt my scripts, but i am learning thanks for your patience

i never meant the ability to edit the WHOLE php.ini file, i am aware of the risks... i mean things related with scripts and development and runtime like log system, timezones, charsets and that kind of things, mainly aimed to logging development and production... managing logs is important in development stage to "hear" what the program is saying, and in production debugging errors later if needed for example, i think we should have these php.ini configurations in the server, at least i would like being able to configure these directives, in my admin panel: log_errors = FIXED: "1": to always send error messages to file pointed in "error_log" (next directive) instead of server syslog error_log = FIXED: "/home/<user-folder>/logs/php_error.log" or some file inside user logs folder, to separate from apache error.log display_errors = customizable by user in admin panel, any default value (on|off)... to print messages breaking the page, depending on development status and personal preferences (still messages will go to "error_log" (above) anyway) error_reporting = customizable by user in admin panel (so some crazy user could even disable logging as you suggested if he/she wants), any default value date.timezone = customizable by user in admin panel, any default.. sometimes affects logging and script behavior

hi wolstech ..... yes i know this can be achieved with a common include amongst thousand other ways of doing, but all of these involve modifying code in many files, and many times that code is not mine ... additionally i am not currently using wordpress, maybe in the future i will install mybb or some other (cakephp?, laravel?, drupal?, kumbiaphp?) i am actually asking for a way to EDIT PHP.INI FILE server side trough admin panel or something, at least partially, by user (except shell_exec and critical configurations)... that will give us a little more control, making the hosting a little better... and will release you some work anyway... "error_reporting(0)" will disable error reporting completely, eveywhere... i instead would like to modify "display_errors", to not disable errors at all, but just hide them from output buffer, globally in my site, maybe with other variables too, from admin panel or some other way, to not having to modify too much files, even files with code i dont know

i understand.... but could you at least give us the chance to custom this value as desired, in admin panel, per user?.... because... ... that would mean in a program with, lets say, 50 php files, we must add "error_reporting(0)" in almost ALL files... the thing gets much more complicated with third party written apps/libs that we dont know the code ... applications breaks layout or just show blank screens, or stuck in infinite loops.. we dont know what happens and debugging is a nightmare because code turn a mess .... additionally, more skilled users could just disable error_reporting if they wish, and enable if they need, directly without staff intervention, releaseing your responsibility to do it (i.e. against related support requests you could simply answer "do it for yourself in admin panel").... in addition, i think the security (exposing site internals, increasing hacking chances) is a strong enough reason to try leave disabled by default server wide, but if you get flooded with support messages at least give us the chance to disable it by ourselves moreover... it could be fantastic if we could customize some other php ini values per user in admin panel.. i think in a bunch of php ini options that will be very useful for us to customize, without compromising server stability ... please consider, thanks maybe i could help with some scipt or coding (bash?, php?)

hi... i feel very happy and comforable here .... i am bringing some sites and webpages from my home server to here, step by step however i had to adapt some pages to these conditions, nothing too serious .... but some things i noted is about php logs management DEFAULTS making debuging applications very hard and risky... i know it could be changed at runtime with ini_set().. but for every php file in the sites?, i don't think so, that is for i mean the default server wide php values error_log is not defined = that means php error logs (actual errors or error_log() messages) finally got "mixed" with apache/nginx error.log, making difficult to isolate and read... i think better it should have its own <user folder>/logs file display_errors is on = meaning that on some error, log messages are mixed with http body/html code, turning the responses and pages a mess making debugging very hard, and site dangerous because risk of exposing site internals additional question: is there some "tail -f | grep" admin panel, or php script? .. thanks

hi... greetings from chile .. (chilean flag, not texas, we were before) chile is located in south america, his official language is spanish (so i am a native spanish speaker :P) somebody call chile "the edge of the world" because its long and narrow "vertical" shape at the western border of the continent, limited between its long pacific ocean coast and los andes mountains chain to east ... that means the country crosses through many latitudes, acquiring many different climates, from dessert to jungle, from beaches to mountains, making it with many diverse natural resources, apropiate for production and ecotourism... we also have territories in antarctica and easter island (officially called "rapa nui") we are about 20 million people in the country, half of wich live in the capital city Santiago... chile have traditions, and is also a modern country thanks to its economic stability (mainly thanks of years of pinochet's military regime.. but at a high price cost)... we are more famous because of being the (greatest?) productor of copper, by our tasty wines, and because our natural beauties (landscapes and women ) .... we are smart, tough but affectionate people

hi kairion, i appreciate your interest in the conversation... i am always passionate to learn new things do you know msmtp? i know original sendmail is an ancient program (maybe from 70-80's) and was possibly the only (or the easiest) way local users were able to "send mail" that days (hence the name) (but you need an outgoing mail service running locally).... so as it was a popular program, many later applications have "sendmail mode" like qmail or postfix (i never installed, i always try to skip the headache xD).... but ssmtp and msmtp (and others?) are special as they are small outgoing mail CLIENTS compatible with "sendmail mode" i mean, to send mail locally, normally we have to install and configure an outgoing mail server on your machine like postfix (a real headache)... to operate in "sendmail mode" like others, postfix have a /bin/sendmail binary that is overwritten when installed... so normally you have to install postfix, then configure the mailbox, dns, aliases, queues, network, etc etc, so you can then use /bin/sendmail [sendmail options] to send mail same way than before... posfix sends the mail directly to recipient mail server through smtp, the protocol that mail servers use between them but instead install and configure a whole mail server yourself, you can get a mail account in some already working mail server, and just install a "sendmail mode" smtp client to connect that server and let send your mails =D .... with some "sendmail mode" smtp relay (like ssmtp or msmtp) you can actually use php mail() with an external mail server ... configuration is tricky but easy, can even make it scriptable so that opens a lot of possibilities, i have also done in windows because windows php mail() sucks ... the only little downside is your mail address will have the "@extserver" suffix, but i dont care considering i didn't have to install the server and is not consuming MY disk space =D i mean... imagine msmtp is installed server wide, and an admin panel is added to configure parameters by user.... take a look of ssmtp and msmtp: https://wiki.debian.org/sSMTP https://marlam.de/msmtp/

hi... i think i messed up composer.. ... i am trying to install PHPmailer by hand, then delete (sent to .trash/) ... then i noted there is composer an run, it detected my deleted PHPmailer files... i went to wipe the .trash/ folder, now composer stuck... it complains about aplication folders "trash/" and suggest me to change editing composer.json, but the file appear empty ... maybe is because of the dot in .trash/ i cannot change/remove the application, even removing the whole folders, even emptying ./trash folder and delete .composrt/ fomder permanently... plesg regenerates the folder and still complains about the non-existing .trash/PHPmailer aplication... cant change path or remove app from composer either

who is the most powerful (human) being in the planet? some uber millionarie like bill gates, elon musk or jeff bezos? ... or a whole family like the rockefellers, rotschilds or bilderbergs?... or some group of people like the illuminatis or the francmasons or the khazars? ... or even out of this world beings like the anunnakis, or the grey ones? i think the most powerful and wealthest person in the world coluld be not interested to be known who he/she/it is, or even could be paranoid and wants to not being known at all... the millionares in the above paragraph are the known ones, but i think it could be others even more millionare/powerful that are unknown i think the most poweful person in the world could even not be a person... it could be a supercomputer or a superbeing living inside a tank, communicating with other less poweful people (i.e. bill gates, rockefeller, etc) through cables in his/her/its head, or through telepathy... telling them what to do next the most richest/powerful person don't has necessarily to be known

hi.... in my home server, i invented a system that tracks ip addresses to avoid spam in html forms, ip's are written in include files hidden by nginx.. by extension .inc = i use these with php include, the inclusion and execution works despite the extension, but i want to hide direct download/execution for security .dat = i use these files as little text databases/tables, for example to store csv-like data... i want to block direct viewing/downloading .404, .hidden, etc = generic hidden files ... how could this be achieved server wide, here in heliohost?? ... or are files starting with dot hidden by webserver at least?

for languages other than english (and for english symbols itself) , for example: spanish (Ñ, accented letters), portugese and french (cedilla), nordic countries (umlaut), etc etc sometimes my spanish pages (i am chilean) show some garbage characters... is very tedious to change every single html file to add <meta charset='UTF-8'/> or add html entities in all html + text files !! .... in my home server (nginx) i have a wide configuration to add Content-Type: text/html; charset=UTF-8 header always , but i dont know how to do it here.... until now.... go to plesk .... > left panel > websites + domains .... > conent view > hosting + dns tab .... > lower view > apache + nginx settings ... > content view > common apache settings > mime types > check "enter custom value" .... in textarea you can add one custom mime type each line ... the last word (separated by space) must be the file extension plesk search for the first space and cut the string there .. as the string text/html; charset=UTF-8 have a space in the middle it gets truncated... the soultion i found is to enclose with quotes (silgle or double) ... for example, these are the configurations i have of course, for this to work you must ensure save your files with utf-8 encoding, or set mime types and files encoding accordingly (i like utf-8)... a little issue is plesk lowercases all characters, turning UTF-8 into utf-8 ... dont know if is non-standard, but pages seem to work ok

hi.... i dont remember where i read mail() was disabled, but thanks for clarify is there some documentation on how can we configure mail() / sendmail here in heliohost? .. for example, to use an external smtp server, with different ports and auth protocols (tls, starttls, xoauth2, etc), different hostnames, etc? i am doing some tests with PHPmailer... seem very powerful (no need to try it before) ... i am finding how to write my own php mail() function on top of it, did some test and luckly tcp ports i tested are open.... i can tell you what i installed in my server... i have no postfix or other mail server installed .. i never tried because i found configuring a mail server a titanic task, i always skip and never dare to try (need static ip by isp, configure dns, configure mailboxes, configure rules, configure certificates, configure filters, configure routes, and who knows what more... )... i had seen people configuring postfix/exchange before and looks a real pain in the assss ... .... so i took advantage on mail servers already established, with mailbox, certificates and everything configured and woking, and just connect by smtp so i installed ssmtp or msmtp clients on my server (the latter also works in windows), and use as sendmail bin .... i wrote a bash wrapper to enable multiple mail accounts/services/configurations, and to add an extra layer of security... then set php sendmail_path variable to it .. and in mail() function i need to add a third parameter according the desired mail configuration these days i noticed the php variable mail.add_x_header to add the mail() caller php script path.... with a wrapper we can intercept this header to get the originating script, and generate a unique token for that script in the admin panel, that must be added as additional mail() parameter i am a little crazy

this is what i imagine ... i think we are talking the same thing

hi... i like this conversations, find them very interesting... i am very passinate about technology, i imagine electrons inside computer buses/registers and system processes as little beings to avoid this issue the procedure should be: 1 you previously write the script that adds/modify the domains list table when a user modifies some his primary domains in admin panel - 2 once the auto-modify function is implemented you block the panel function temporarily to avoid race conditions and run a query to populate the table initially - 3 you unblock the panel and as you already wrote the auto-update script, the function should run ok from now ..... doesnt matter if some user never changes his primary domain because anyway it was already added in step 2 dont understand too much what you mean.. but just in case, i didnt mean to change domain content, but create another additional database+table with indexes, specific for this function... reading initial and later data from existing production plesk databases (as read only) to build this database initially, reads on all servers must be made.... maybe putting a dedicated computer for this (and old recycled laptop with a new ssd drive would suffice?) then this table need to have 2 columns, primary domain and owner... and lookups need to be aimed to catch different accounts instead of simply different domains... however i agree it could (unlikely) generate some false positives with publicly generated content like in forums or blogs as you cleverly noted, a single account hosting multiple sites/domains is not against the ToS, so as i observed above, the key point is try to find different sites referring each other, owned by **different user accounts**, recurrently about making money.. maybe making money using HH is not considered harmful, but i found turning millionare at cost of your work questionable at least (it that thing is possible of course ... or maybe i think too much sillinesses ) p.s.: i posted a topic analyzing php mail() as i said :

hi... new user here... i am very glad to be here imagine a story... you are a volunteer of a non-profit organization that helps people in africa (animal conservation, find water, child healthcare or some like) ... but your talent is to build computers and run servers, so you offer them to develop a website to spread the cause so, as they have no money (and you either) you go to some junkyards and build a pc from scraps, and install linux, and http server, and colocate the server in your house, connect to internet using your home connection, configure router for outside reachability (by port forwarding, dmz or whatever), install dynamic dns... and put a website with information about your work and some contact info soon you realize that a better way to being contacted (besides publishing your oranization phone number, email address or physical address) is to put a contact form page, faster and more comfortable for who wants contact to offer/search for help... you contact a couple people a week, but is very important for everyone but mail servers costs money and your people dont have it (like you), they are poor farmers so they have no even banks... so you search and find some free email services that can also send email by smtp (gmail, hotmail, yahoo, yandex, etc), so you pick and configure one of them.... this is when your problems start you quickly learn that to make the system work is not so easy because of the SPAMMERS... they previously paved your road full of obstacles, so now everyone are paranoid about spam, and now mail delivery systems are very very restrictive... so you have to think in develop something anti-spam system first you have to design some bulletproof contact form with many anti-spam protection measures like captchas, unique hidden codes, referer checkings, short live tokens, time synchronization, timeouts, ip/cookies lookups, browsing sessions, etc etc etc.. so your PUBLICLY ACCESIBLE contact form wont be found and exploited by spammers with bots or anyway next step is make php mail() function work in php, next step is sendmail (or similar) work in linux, next step is to make your mta (outgoing mail program) and your external mail delivery service talk each other, next step is ensure you wont be blocked by your external service ..... i read that heliohost also offer mail delivery service, but is also put in blacklists because of some spammers (ex?) members... so i think maybe the best option is to rely in some external mail delivery service using smtp, and use php mail() function to give them the mails to be sent... but mail() function is also blocked here due bad experiences with (fcking) spammers... so i was thinking, what way could we enable and make use of mail() function safely? certainly in my website (currently hosted on my house, searching a free and more reliable webhosting... my isp scratches his back and my websites go to hell) i use mail() function sometimes to send important messages like account creation validation or some desperate people looking for help (our real website is more related to women and alcoholism) and i am interested in make it work by give users mail() function access BUT forcing them using an external smtp server, heliohost frees the responsibility and risk of being blacklisted (anyway the system wont work other way because are already blacklisted)... so.. how this could be done??, i started by doing some research to write a /bin/sendmail wrapper i was thinking many ideas to be implemented on my home server, one of them are sending quotas in a certain amount of time.. say 12 mails/hour, that is not the same as 12 mails each clock hour... think on a database that take note the time each time you send a mail, and calculate the time difference between this mail and the 12th last sent email wont be more than 1 hour, so this way you can safely send an email each 5min, or if you prefer send all 12 mails at once having to wait 1 hour STARTING FROM NOW to send mails again another system i actually implemented in my server is a /bin/sendmail wrapper that accepts an additional parameter, so if some hacker/spammer accesed my filesystem and manages to inject some script with mail() function, it wont work because he doesnt know the additional parameter code.... before this i had to do some tests/research to make it work to know EXACTLY how mail() function and /bin/sendmail works together internally going further, i imagine a send mail code generator in admin panel, that accepts the path where the mail sending script (the one containing the mail() function) is located, that generates a unique additional parameter code depending the location of the script, that you have to put in your actual script code... maybe this could be done and would be fantastic but if mail() function doesnt/wont work, maybe this could be made work with some external php mail library like PHPmailer or SwiftMailer... i never tried before (remember you cant send email directly and have to use an external smtp server, because of heliohost ip blacklisting) ... i found this related page = https://forum.infinityfree.net/t/how-to-send-email-with-gmail-smtp/49239

move this last comments to a new topic to keep focus of original post one of my personal projects is to develop a cheap irrigation system for little farmers using arduinos... i imagine somebody could offer cheap (or free) webhosting + website design for little neighbor markets, so a single guy could effectively have many accou... not really, he can still have all these sites under his single heliohost user account, so this is still against the rules, especially if he is making money with you (at hh) so i still think your best bet is to catch referer headers and compare against a database table with primary domains

i think these last 2 -3 comments should be moved to its own topic back with the referer cross hosting thing.... you could create an indexed database table with just a single text column, and write a script that everytime a user modifies his/her primary domain(s) this table will be updated... then lock the "modify primary domain" option for while scan all domains in your system to populate the table... .. then use this fast table to lookup referer info to catch cross hosting requests... warn the user first (depending on amount of requests/traffic) to correct the issue before blocking .. because for example, imagine i am browsing the web and i found a very interesting info that i put on my website, without knowing that info is ALSO hosted in heliohost ... additionally, if some user deploy a public modifiable content (say a forum or blog) ANYBODY could publish heliohost cross hosting links in his/her site, triggering the alarm .... i have more thoughts about php mail() function that i will search info before open a new topic

.... what about registrar whois information ??? (for people owning a domain) there are still exceptions .. for example, you could find troubles in asking for gov id number because of different countries, me as example, i am chilean... other options are asking for banking acount info, and require a transfer lets say for $0.001, with an immediate refund compromise, just for verify identity... i had seen this method in some other places but it is very very bureaucratic and annoying.. I HATE IT, i dont even have an international credit card! (and process may be very complicated and expensive) another method i had seen is to ask for a phone number and send a code by sms/whatsapp (but i dont use whatsapp!!)... sms's have a sending cost, somebody like me dont like the idea to give their phone number, somebody even dont have a phone!, somebody even can use his/her parents/spouse/sister/colleage phone, etc there are some biometric systems, i which you are asked to put your face in front of the camera (cell phone or pc+webcam) doing circular movements to 3d scan your face... because i have a webcam, but my pc dont have fingerprint scanner.. anyway we have 20 fingers so a single person can make 20 accounts (21 the men xD ) anyway, back to whois method... you will find my both domains registered by me (andres salinas), we are managing to get a legal person for my organization.. when accepted then i must transfer the domain titularity (www.nic.cl -> consulta whois) some exception could be, for example... sombody could explicitly ask for a second account creation by ticket (like me) and your staff analyze the situation.. then in case of being approved, remark the accounts were marked for close behavior observation... so... i think your best chance is to check referer headers for cross hosting activity

this is me... no problem, and thanks again maybe analyzing access.log? .. finding cross sites between referers?... or big files served between different heliohost websites/accounts?, anyway sounds like a pretty heavy process, maybe write a wrapper that intercepts logs before being written to access.log? idk... in this case you can suggest to host big files through dropbox public http folder (or other big files hosting that also offers http... i have a couple movies this way) about finding same people logged at same time... sounds difficult to detect, and may be not necesarily ilegal... some isp's (or colleges, or companies) uses nat, so different users may appear with same ip... additionally they could still open web config in different browsers (like me sometimes xD) ... i think maybe detecting cross site hosting could be more important though i return to cracking my head on sites migration..