Many folks here have said wonderful things about Media Temple. I’m seriously considering switching from my shared-hosting account at Web Site Source to a GS account at MT. The cost is about 3x what I’m paying now but it looks to be worth it.
However, I do primarily osCommerce sites. osCommerce has an admin section with an add product feature that uploads product images. On some servers this requires that the /images directory be set to 777. Everyone on those servers quickly finds new .php files in that directory (hacker attacks). I need to ensure that, on MT, I can upload images via admin with permissions set to 755. I’ve emailed MT but you guys probably know first hand and I respect your input more than some random tech supp guy.
Does anyone have experience with osCommerce on MT? Or any other programs with a similar situation? This would probably be a deal breaker so I’d hate to pay a year up front and then get surprised.
I noticed that you were down for a bit. They gave you a free month for that? That’s awesome!
Actually, I’ve discovered how difficult this can be on some servers. Some don’t allow permissions to be changed via ftp. It looks like they are changed but when you restart ftp you see that they are still at the original values so you have to go through cpanel. However, some hosts don’t supply a cpanel!!! One in particular, fasthosts (by far the worst I have ever seen) only allows permission changes via ssh. (Also, they charge to use their shared ssl and don’t allow you to use a full ssl).
That isn’t quite the problem. It’s a setup issue with a lot of hosts. If PHP is installed as a module (the wrong way), you have to have a directory set to 777 to be able to upload a file to it through a program running on that server. If PHP is setup as CGI, through phpSuExec (the correct way), the directory can be set to 755 and have everything work properly. The first scenario results in endless hacker attacks and oscommerce draws them like a magnet because of it’s out-of-the-box security issues.
I got hold of MT and fortunately they install PHP as CGI. They’re awesome!
It’s $20 a month or $200 a year. I figured that if I’d switch, I’d do it all the way.
Their website is amazingly impressive. They sound like an incredible company. When I called tech supp last night at 7:30pst, I got through the queue in 6 minutes to us-based tech supp, talked to a wonderful woman whose primary language was english (!) who talked to me without question even though tech supp is just for paid customers. I asked her if PHP was installed as a module or as CGI. She immediately understood what I was asking. She didn’t have an answer ready but returned in less than two minutes with the information.
I’ve never had such a wonderful tech supp experience in my life! I’m switching today and I’m so happy about their level of support I think I’ll get over my fears and start hosting clients through them myself. I’m so glad you guys let me know about MT!
Make that directory writeable by your app, not everyone. If your app can write to the directory, then your authenticated users can write to it. If your app insists it needs 777, find a new app or rewrite that part of it. (Not a plug for services :mrgreen: – I do Ruby, not PHP.)
The app doesn’t require it. It’s a security issue that arises from misconfigured servers. Unfortunately, it is very common for smaller hosts to install php this way.
Once I figured out what the server setting was that caused the behavior, I was able to find tons of info on the problem. All respectable hosts have corrected the problem but there are endless smaller hosts (and basement/garage hosts <shudder>) that know just enough to press reset when the server has a problem and how to call support when that doesn’t work.
You must be logged in to reply to this topic.