| Posted by ORiN, 01-30-2015, 02:46 AM | | I have gotten my server management provider to implement FastCGI as my server hosts some WordPress websites. However, it seems that even with FastCGI implemented, I am still faced with the typical uploading issues that require that I set wp-content/uploads to 777 write permissions which I am definitely against due to security concerns. FastCGI is supposed to solve this but yet I am still stuck with the same problem. How can I resolve this? Did my server management team missed out something?
Last edited by ORiN; 01-30-2015 at 02:49 AM.
|
| Posted by fabin, 01-30-2015, 10:39 AM | | Is there any control panel in the server? What is the ownership and permission of the upload folder? As which user is php scripts running?
|
| Posted by ORiN, 02-02-2015, 11:49 AM | | I use DirectAdmin as my control panel. After some in-depth checks, it seems that FastCGI was never properly deployed by the server management company which is disappointing.
|
| Posted by WPCYCLE, 02-03-2015, 05:56 PM | | I think they missed out on the management part. So far this sounds like someone (or someone's) that just figured this out from google last week.
Are they known on here and have people used them with good things to say?
777 should never be used and is an open door for anyone to do anything with that folder....especially that folder. Uploads and all folders are suppose to be 775.
The fact that it's all a mess, I would suggest you move elsewhere to a company that knows what they're doing. FastCGI is not something new. This is going to lead you down a very bad road...especially with WordPress.
|
| Posted by ORiN, 02-03-2015, 08:32 PM | | Ah, I did read something about using 775. Coming from suPHP which uses 755, I can understand the security of not having to use 777 file permissions.
|
| Posted by FastServ, 02-04-2015, 12:50 AM | | Is this a Cpanel machine?
|
| Posted by Hosting&Designs, 02-04-2015, 05:27 PM | | No DirectAdmin.
So if you are paying for management, make them fix it :-)
|
| Posted by iserversupport, 02-04-2015, 07:52 PM | | You don't have to use 777 permission with fcgi or suphp its definitely some configuration issue
|
| Posted by WPCYCLE, 02-05-2015, 01:38 AM | | My apologies after re-reading this......755.
Folders 755..files 644.
That's bad advice. If someone paid for a service that was done wrong...pay them again...to do it wrong again?!?!?!?!
|
| Posted by ORiN, 02-08-2015, 01:46 AM | | The service and management is already paid for. I do agree that the server management company should fix it for me since it is their responsibility to get FastCGI implemented and sorted out.
|
| Posted by WPCYCLE, 02-08-2015, 02:54 PM | | To be honest;
1. research other servers or management
2. move
3. get your money back from this company or cut your losses
If they're messing up this badly;
4. what else are they messing up?
5. if you get hacked or exploited....
5a. will you have the time to deal with it
5b. will they clean up their mess for free....and considering they don't see the mess they created, would you trust them to clean that up
My 2 cents and I hope it all works. I know paying for something failing can be a blow, but I've been down that road and lost money. It cost me less to move to a better solution.
|
| Posted by ORiN, 02-09-2015, 01:17 PM | | Your point is definitely valid. I am indeed researching on other potential VPS management providers who can handle both FastCGI and Directadmin. That is something uncommon as most management providers seem to be more knowledgeable with cPanel.
|
| Posted by OBH-Ridwan, 02-12-2015, 12:08 PM | | What the user permisson of that folder ?. you can set the permission to webserver's user. like www-data:www-data or any other.
|
| Posted by ORiN, 02-12-2015, 07:51 PM | | That's the whole purpose of implementing FastCGI, to run files as the user instead of apache.
|
| Posted by evohost Canada, 02-12-2015, 10:42 PM | | Personally I prefer Apache MPM ITK, mod_php, and Xcache.
On the upside:
- Xcache helps improve performance to make up for the speed loss on lack of threads
- you can set both the user, and group owner per virtual host
- everything is in one process, you're not executing extra scripts to parse php files
- more secure for traditional CGI apps (perl, python, etc)
- you can set strict with permissions like 0700 for directories, and 0600 for files.
On the downside:
- it is not supporet by cPanel. I'm not sure about Plesk or others.
- is based on MPM Prefork, so is not multithreaded and thus a little slower than MPM Worker or MPM Event.
|
| Posted by Apolo, 03-26-2015, 11:37 PM | | Thread moved to Hosting Security and Technology from Managed Hosting and Services forum.
|
|
 Add to Favourites
 Print this Article
|
