A Question about Media Temple

[mikes]

Many folks here have said wonderful things about Media Temple. I’m seriously considering switching from my shared-hosting account at Web Site Source to a GS account at MT. The cost is about 3x what I’m paying now but it looks to be worth it.

However, I do primarily osCommerce sites. osCommerce has an admin section with an add product feature that uploads product images. On some servers this requires that the /images directory be set to 777. Everyone on those servers quickly finds new .php files in that directory (hacker attacks). I need to ensure that, on MT, I can upload images via admin with permissions set to 755. I’ve emailed MT but you guys probably know first hand and I respect your input more than some random tech supp guy.

Does anyone have experience with osCommerce on MT? Or any other programs with a similar situation? This would probably be a deal breaker so I’d hate to pay a year up front and then get surprised.

[mikes]

"Some guy pretending to be chriscoyier" wrote:

Funny time to ask, because just the last few days they have been having some minor downtime (30 minutes-ish) so there has been some moaning. CSS-Tricks was down a bit. They were on the case though, and restored service fairly quickly and credited us a free month.

I noticed that you were down for a bit. They gave you a free month for that? That’s awesome!

"chris coyier’s evil twin" wrote:

Obviously you can change permissions to folders/files like on any other server,

Actually, I’ve discovered how difficult this can be on some servers. Some don’t allow permissions to be changed via ftp. It looks like they are changed but when you restart ftp you see that they are still at the original values so you have to go through cpanel. However, some hosts don’t supply a cpanel!!! One in particular, fasthosts (by far the worst I have ever seen) only allows permission changes via ssh. (Also, they charge to use their shared ssl and don’t allow you to use a full ssl).

"The guy that lives next to chriscoyier" wrote:

… but as far as changing the default value for uploaded files, I’m not sure. I suspect there would be a way, but I’d actually email/call MT and ask. I have no particular experience with osCommerce.

That isn’t quite the problem. It’s a setup issue with a lot of hosts. If PHP is installed as a module (the wrong way), you have to have a directory set to 777 to be able to upload a file to it through a program running on that server. If PHP is setup as CGI, through phpSuExec (the correct way), the directory can be set to 755 and have everything work properly. The first scenario results in endless hacker attacks and oscommerce draws them like a magnet because of it’s out-of-the-box security issues.

I got hold of MT and fortunately they install PHP as CGI. They’re awesome!

"chriscoyier’s arch-nemesis" wrote:

I also don’t think you need to pay a year up front? Maybe the deal has changed but I definitely remember only paying month-to-month when I signed up.

It’s $20 a month or $200 a year. I figured that if I’d switch, I’d do it all the way.

"That guy who kinda looks like chriscoyier" wrote:

Overall I really like them. Good value for the power you get, and easily the nicest administration tools of any provider.

Their website is amazingly impressive. They sound like an incredible company. When I called tech supp last night at 7:30pst, I got through the queue in 6 minutes to us-based tech supp, talked to a wonderful woman whose primary language was english (!) who talked to me without question even though tech supp is just for paid customers. I asked her if PHP was installed as a module or as CGI. She immediately understood what I was asking. She didn’t have an answer ready but returned in less than two minutes with the information.

I’ve never had such a wonderful tech supp experience in my life! I’m switching today and I’m so happy about their level of support I think I’ll get over my fears and start hosting clients through them myself. I’m so glad you guys let me know about MT!

[lowell]

"mikes" wrote:

However, I do primarily osCommerce sites. osCommerce has an admin section with an add product feature that uploads product images. On some servers this requires that the /images directory be set to 777.

Make that directory writeable by your app, not everyone. If your app can write to the directory, then your authenticated users can write to it. If your app insists it needs 777, find a new app or rewrite that part of it. (Not a plug for services :mrgreen: – I do Ruby, not PHP.)

[mikes]

The app doesn’t require it. It’s a security issue that arises from misconfigured servers. Unfortunately, it is very common for smaller hosts to install php this way.

Once I figured out what the server setting was that caused the behavior, I was able to find tons of info on the problem. All respectable hosts have corrected the problem but there are endless smaller hosts (and basement/garage hosts <shudder>) that know just enough to press reset when the server has a problem and how to call support when that doesn’t work.

[Author]

Posts