Gushi Systems Web Hosting

Now with Indexing

(I didn't do this at first because I figured everyone should read this whole thing...but "where is this in the FAQ" started to become an FAQ of it's own...so this is my answer):

WEB
How do I edit my site via ftp?
How do I edit my site without ftp?

How do I make a password protected directory?
How do I get a subdomain?

How do I see my logfiles?
How do I keep people from stealing my (your) bandwidth by hotlinking
?

How do I get custom error documents?

SCRIPTS

How do I make CGI scripts run
?

How can I make a counter?

SECURITY
I think someone got my password or accessed my site without my permission (maybe because I use the same password everywhere so any crooked admin can access EVERYTHING I do), what do I do
?

I lost my password because I didn't use something I can easily remember or because I didn't change it like I was told to in your welcome letter or because I simply relied on my ftp program to "keep it safe" for me (meaning anyone who got to my computer could do anything at all with my site). How do I reset it.?

EMAIL

How do I sort my mail or selectively send it places?
[UPDATED] How do I turn off the *****SPAM***** flagging of email?
Why did I get an email saying my message was blocked or "How are you stopping the Klez Virus"
?


Q: How do I edit my site via FTP?

A: The hostname is prime.gushi.org. The username and password, you should know. For most ftp programs, the host directory can be safely set to either public_html or /public_html. Any other options can be safely ignored.


Q: Is there a way to edit my site without needing FTP? I'm used to the editor that Geocities gave me.

A: We have two editors installed. Both require you to know and understand HTML One is at https://editor.gushi.org, it will work with almost any browser and is fairly rudimentary. The second is installed at https://prime.gushiorg:8443/file, because it's heavily java based it tends to work better on faster computers with faster connections.

Both require your username and password. We are looking into a WYSIWYG editor, ala hotmail, but don't hold your breath. Download a trial of Dreamweaver instead.


Q: How do I password protect a directory?

A: Protecting a directory is easily done with Apache .htaccess files (note the leading dot). The web server looks for these files in every directory for configuration commands.

For reference, the commands you would need in such a file are:

AuthType Basic (tells the server you wish to use authentication)
AuthName "My Users" (this shows up in the password prompt box)
AuthUserFile /home/yourusername/users (this tells where to find the actual password file)
Require valid-user (this tells the server that anyone in the password file can get in).

Note that you also need to create the password file. If you can ssh into the server, you can run:

htpasswd -c /home/yourusername/users username

to create the file and create a password for "username" (it will prompt you twice for the password). From then on you can use:

htpasswd /home/yourusername/users anotherusername

(You can drop the -c, the -c is just to create the file).

The people who make our webserver wrote this article on it.

Also, if all of this scares you, there are many free scripts around to do this, like the one here.


Q: What do I have to do to make CGI scripts run?

A: You need to set their permissions to 755. This means the owner can read/write/execute and anyone else can only read and execute them. Any time you have a script which says a file needs to be 777 (world-writable), IGNORE IT. Our system is smarter than that.*

If you're having trouble getting scripts to run, check your error log. If you don't have your own error log, let us know and we'll get one installed for you. We find that 95 percent of people don't care about their error logs, so we don't enable them by default :)

If you have shell access to the server, the two BIGGEST things to check if your script is bombing are (1) uploading the wrong way will mangle the first (#!/usr/bin/perl) line in the script, so try deleting this line and rewriting it and (2) Check your permissions. 755 at the MOST. Same goes for the directory. 755 at most.

Finally, if for some reason you want scripts to run INSIDE your public_html folder, instead of in your cgi-bin where they belong, you need a .htaccess file with Options +ExecCGI in it.

*Note, for the technically minded, that this does not apply to PHP scripts, which run as the WEBSERVER. The logic behind this is that most major php scripts store things in a database, not in flat text files, and php is smart enough to only read things that are owned by your UID if you're the one running it.


Q: What outgoing and incoming mail server do I use?

A: prime.gushi.org. If you have a choice, use POP3 rather than IMAP, it's easier on our system and you don't need most of the advanced features of IMAP like folder management, that can all be done client-side.

Also please note that due to the internet spam problem, many dialup and cable ISPs block access to the SMTP server port (port 25). It is possible to configure your mail client to use port 2525, our mail server will answer on that port as well.

Also under anti-spam, you need to "authenticate" yourself to the mail server in one of two ways:

1. Tell your mail client that your server requires authentication. (which requires your system username and password)
2. Check your mail at least once at MOST thirty minutes before you try to send. (because checking your mail would have required your password)

For the first one in Outlook Express it's tools...accounts...properties...servers...and then click the box that says "My Outgoing Server Requires Authentication". Do not click the box that says "use secure password authentication". For those mail clients that don't support SMTP AUTH (both Outlook Express and Netscape do, as well as Eudora and Pegasus), you can always fall back to the above "check before send" hack, but the first option is much preferred.


Q: How do I get a counter on the system?

A: The counter we use, available here is written in C and needs to be compiled to work on the system, on a per-user basis. You can spend two hours wrestling with it and tweaking the options, or email/IM us for help and we can build it in about ten minutes. For reference, this counter will allow you to create as many counters as you want on your site(s), and do things like invisble counters, custom start numbers, non-incrementing counters, and the like. Actually running the counter requires that you read the manual for the thing, the options are somewhat complex (depending on what you need).


Q: How do I create a subdomain?

A: For security reasons, subdomains require system administrator intervention. Please create the necessary whatever_html folder in your homedirectory and email us with what you need pointed at it and we will create it for you. Note that all subdomains will count against your disk quota. (it is not, for example one gig each).


Q: How can I get access to my logfiles?

A: We normally log all system hits to the same (central) logfile for statistical purposes, and to keep file descriptors low. If you require your own error_log and/or access_log, please email us. There is no charge, it's just been our experience that 90 percent of out users do not use this information.


Q: Some Salicious Crumb is hotlinking to my webspace, how can I stop this behavior?

A: Assuming Mr. George Lucas doesn't sue you for using "Salicious Crumb", you can put the following in a .htaccess file in your image directory.

SetEnvIfNoCase Referer "^http://yourdomain\.com/"    local_ref=1

SetEnvIfNoCase Referer "^http://.*\.yourdomain\.com/" local_ref=1

<FilesMatch "\.(gif|jpg|jpeg|JPG|GIF|JPEG)">

Order Allow,Deny

Allow from env=local_ref

</FilesMatch>

The first two lines say to the webserver "set a variable called local_ref to 1 if the browser tells us that the referer is either yourdomain.com or anything.yourdomain.com (yes, the \. is really a regular . because of the matching syntax).

The next four lines say that if any file of type gif, jpeg, or jpg, to allow it if the above variable was set, and to deny it with a 403 error otherwise.

If you wanted to be truly rotten, you could put

ErrorDocument 403 /logo.jpg
right before the last line. And then put a file called logo.jpg in your public_html folder. Make sure it's not protected by the rules above, this way with most browsers, your logo will be substituted instead of the desired image. You've seen this with Angelfire no doubt. Naturally, you can add more "allowed" referrers easily. It's left as an exercise for the reader.

NOTE:These procedures are meant to keep people from hot-linking from you, not from saving your images. There's no real way to protect against that. But if they're stealing your (and out) bandwidth, then they should be stopped. Gently or by force.


Q: How can I customize my error documents?

A: This is another one of those nifty things that can be done with those tricky .htaccess files

It's as simple as:

ErrorDocument 404 /404.html

In this example you would create a document called 404.html in your main public_html folder and whenever you got a 404 well, the server would send that file instead. More info is avaiable here. Note that there are four common errordocuments you will probably need...

401: For when access is explicity required to get into a place and the user fails to supply a valid password
403: For when something is forbidden without the chance to do access control (for example, in a directory where you have indexing turned off)
404: We all know this is when the server just can't find the file.
500: This is when a script bombs for some reason or you have something misconfigured

There are others, but those are the ones you're likely to use. Also, as the Apache FAQ says, for error type 401, you CANNOT use http:// in the error code, it MUST simply be a forward slash.


Q: How do I get rid of the "Forbidden" when I don't have an index.html? I just want people to be able to see the contents of the folder.

A: Understand that because there are a great many non-tech-savvy artists on the server, the default is to not allow their art to be stolen by them forgetting to upload an index file. However, this too can be changed with .htaccess files.

Simply put:

Options +Indexes

in a directory's .htaccess file to turn it on, and (you guessed it):

Options -Indexes

to turn it off (if for example you turned it on in a directory and wanted it not to apply in subdirectories of that directory).


Q: Holy Crap I think someone got access to my site (or my mail, or my password, or your server (if they have one, they likely have all four)). Maybe because I use the same password for everything so if some cheezy bulletin board admin feels like nabbing my password, they can.

A: Change it. Change it now at https://editor.gushi.org If you further suspect that the access someone has has been USED, and things go back to that account (for example, your paypal password), you have a LOT of work to do. Ask us to check site access logs for possible use. If you think someone beat you TO that step, then see the next question.


Q: I lost my password because I didn't use something I can easily remember or because I didn't change it like I was told to in your welcome letter or because I simply relied on my ftp program to "keep it safe" for me (meaning anyone who got to my computer could do anything at all with my site). How do I reset it?

A: Contact Gushi. ASAP. Via email or IM. Be prepared to verify your identity. In the future we may implement some sort of "password recovery" system, that asks you to pick an obscure question and answer.


Q: How do I selectively send my mail to places?

A: Email is handled by the very powerful procmail system, the config file for this is .procmailrc in your home directory. (again, note the leading dot.)

The lines you would need to put in to send email for (say, importantemail@yourdomain.com) an address to your hotmail account (let's not get into semantics here), would be:

:0
* ^X-Envelope-To.*importantemail@yourdomain.com
! you@hotmail.com

Our mail server always adds the X-Envelope-To header so you can always see what address an email at your domain was intended for. We are sorting based on this. The line immediately following tells procmail what to do with the email. (in this case, forward it to your email address. If you wanted to delete it, you could just put:

:0
* ^X-Envelope-To.*garbage@yourdomain.com
/dev/null

You can add as many of these rulesets as you like, and do some VERY complex things with them (for example, have it stick the address the message was sent to in the subject line), or add additional headers based on size, or spam status or whatnot. If you want to see more of the advanced things that procmail can do, have a look here.


Q: How can I turn off that "Spam Assassin" thing, it's getting annoying.

A: In your homedir you will find a folder called .spamassassin, inside there's a file called user_prefs, in there, you'll see a few lines that look like this:

# required_hits 5

Change it to:

required_hits 100

(you can change it to another number too, spamassassin scores email based on appearance, servers it came from, as well as formatting to arrive at an overall score. A score of 7 or 10 will block MOST spam and let MOST legitiate mail through. Keep in mind, our system only TAGS potential spam, NEVER deletes it, and will usually tell you WHY it thinks a piece of mail is spam.)

More info is at www.spamassassin.org.

[NEW] There's also a windows tool I just found that is located at http://www.cleanmymailbox.com/sauptool/ that should help you edit your user_prefs file for spamassassin. I'm also working on a web-based way to do this, which would integrate with our user login.


Q: What about the Klez Virus?

A: We have another set of filters in place that blocks Klez, Nimda and a few other nasty virii, as well as some common email attachment filenames that are known to contain virii. Note that this set of filters will block exe files as well. If somsone is attempting to send you an EXE, tell them to Zip it first.

More info is at http://www.impsec.org/email-tools/procmail-security.html.


Q: I still need help!

A: You can always Email Us with more questions. (Note: this address changes periodically). So far this FAQ is inspired by user questions, the more questions that get asked (frequently) the more helpful this document will become.