I recently visited http://www.directphp.com/index1.php and found that it may be what ive been looking for. Has anyone had any experience with this program before or having any suggestions as to another alternative?

May want to look at http://shadm.hostmentor.com

I am thinking of testing it, anyone got this to work?

I use the autosetup program from directphp.com

In fact, just a few hours ago I bought a second license for our new server.

From my previous experience with Kurth I only have positive memories. I went for the professional install (this time also) and he installed it within 12 hours. Also put zend optimser, phpMyAdmin and MySql on the server while he was at it.

I only use it for the automatic setup though. Who can live without it ;)

You send people right to the setup script?

Isn't that dangerous?

I was and still am worried about autosetup's security.
Even though I am a customer.

I was even able to crack Dim8's code (with him knowning it)
autosetp a site without him knowing it.

Would be a hacker or spammers dream to instantly set up a site without paying, this is why I don't give free trials.

Its a good program. However, you may want to do some checking up on some things. I've found that it has some MAJOR security risks in it...

Originally posted by ljprevo
You send people right to the setup script?

Isn't that dangerous?



Unfortunatly webhosting is a dangerous business :(

If it isn't spammers or hackers, it's chargebacks, creditcard fraud or warez sites. (lets not even talk about childpornography:( )

ok, where do you pay for your services?

Too much of a coincidence :P

You have received the following order:
======================================
I think I will cancel
a spammer here, not really own after this form is submitted
a
a, a
Afghanistan

Phone.: a
Fax: a
Email: my_hidden_email@yahoo.com

======================================
Hosting Package Pack1
======================================

That was me, but I wanted to canel before I entered my payment info. I wanted to show you that you are opening yourself up to hackers and spammers doing it this way.

I was never even offered to give my payment info.

I would highly suggest you not open yourself up with like that. Please don't take it as I am trying to scam you at all just trying to prove a point.

I was going to tell you it was me the second the setup email came, it just came.

There are a ton of hackers/spammers out there that would love a web host like you.

I am not putting your service down at all, just suggesting that you not open yourself up like that.

Who are you using as a payment processor, maybe I can help you set something up.

Originally posted by ljprevo


I was even able to crack Dim8's code (with him knowning it)
autosetp a site without him knowing it.



This would be the reason they no longer use the script and do it manually :).

I still use it, but I use it with authorize.net's script.

If the card is not approved, then the script will not run.

A suggestion would be to have that script in a htaccess and passworded area, upon signup or collection of the credit card data, their setup email would contain a link with a username and password to set their site up.

They need to work more on the security of that script.

I figured it was you ;)

Actually I am beginning to find this thread interesting. If it eventually leads to better security then I'm always interested.

I'm intrigued that you choose to register www.test.mydomain.net

I always figured that since you need to have a registered domainname with the DNS set correctly BEFORE you can send email that would minimise the risc of spammers. Domainnames trace back to owners. And there are easier and more anonymous ways for spammers (free email accounts galore)

Was www.test.mydomain.net a coincidence or did you do it on purpose because you know that the server will treat it as a subdomain for wbws.net and as such will allow you to send @mydomain.net emails out?

<edit: edited out a few urls to stay within forum policy guidelines>

In this case I did this to show that a site can be accessed.

If there was exploits, all a hacker would need is access to your server.

A spammer could host his DNS else where.

If for any reason you were to mis a non legit signup you could have a problem.

Again, I did not mean no harm at all.

Dim8's was not as easy as yours, his was in the source code, you have a direct link to it.

Only problem I see, is a customer could get as far as I did then decided, ah, I want to cancel, extra work on your part.

I also see your telnet is on. If I were you I would TURN IT OFF ASAP! Do you give users shell access?

All a hacker would need is shell access, a username and password.

If so/if not I would highly suggest you install SSH!

A spammer all they would need is shell access, FTP and CGI and wha la, a spam server.

No, users do not get shell access. The only account that has shell access it the main wbws site because for certain tasks I need root access. Turned if off for the time being.

A spammer could host his DNS else where

True, but that is not the problem. They can host it on the moon as far as I care. But to the best of my knowledge (lacking in certain parts) @theirdomain.com emails cannot be send out without that domain actually existing. Am I in error when I assume this?

Only problem I see, is a customer could get as far as I did then decided, ah, I want to cancel, extra work on your part.

Ofcourse. Happens all the time. People sign up, find another hosting site and sign up there as well. After the free month ends they get an email. No payment/response? Site deleted. Thats our business model. Works fine. Ofcourse sometimes there are rotten appels. One guy taped buffy the vampireslayer shows with his videocamera on tv and then uploaded them for everybody to see.

That is why new sites are carefully watched. After his site was suspended he registered another site. And then another. After all three of his sites were deleted before he even finished uploading the files he decided this was no fun and left to pick on some other host

]No, users do not get shell access. The only account that has shell access it the main wbws site because for certain tasks I need root access. Turned if off for the time being.

Telnet has problems in itself. I would suggest if only you are using it, still get SSH it is secure shell acess.

If you need help with this, let me know I will walk you through it.

True, but that is not the problem. They can host it on the moon as far as I care. But to the best of my knowledge (lacking in certain parts) @theirdomain.com emails cannot be send out without that domain actually existing. Am I in error when I assume this?

Do you give cgi access? That is all they need. They can run a spam script.

Ofcourse. Happens all the time. People sign up, find another hosting site and sign up there as well. After the free month ends they get an email. No payment/response? Site deleted. Thats our business model. Works fine.

Ofcourse sometimes there are rotten appels. One guy taped buffy the vampireslayer shows with his videocamera on tv and then uploaded them for everybody to see.

That is fine, just tried saving you extra work. I was just amazed you set the site up before getting any payment, or payment details at least.

I was never asked for any credit card info.

Ok, say I did not be as obvious and give the info I did, what if I entered info that looked real, when would I pay for the service? or give payment info?

I am just giving you something to think about.

I know we are competitors, but I would never want to see a competitor get abused.

You can't be too careful

Like I said....I find this thread interesting ;) Sorry for taking if of topic jdp29053

Payment works like this: First month free. After the free month customers get an email asking them to sign up within 5 days. Link to signup form is in the email. Reminder is send out after 3 days. No reply after 5 days=site gets suspended until payment is made. If still no payment is received 30 days after site gets suspended the site and all the files get deleted.

I'm still interested in the cgi spam script though. Suppose they set it up. How will they be able to send email through my mail server? The sever only accepts mail send from specific @theirdomain.com email addressess

are there some other alternatives to autosetup from directphp? The control panel looks kinda rough..

Is there free versions of similar software?