How to protect your AjaXplorer installation

AjaXplorer helps you turn your web server into a powerful file management system : install once and access your files from anywhere. Organize, preview and share them, easily and securely. AjaXplorer comes fully equiped with a complete users management system, securing the whole installation at once. It can also be interfaced with existing authentication mechanisms, to implement a “Single-Sign On” system and make users life easier. Install AjaXplorer via Softaculous with just one click.

ajaxplorer logo

Here are some basic recommendations for securing your AjaXplorer installation :

1. Protect your folders from direct web access :

Under the main AjaXplorer installation folder, the following folders contents must be hidden from the web server. It is by default the case if you are using Apache, as .htaccess files are part of the distribution.

  • ajaxplorer_install/conf
  • ajaxplorer_install/data/[all subfolders except “public”], that is the default container for the « shared links » public files.

Note:  concerning the .htaccess files under Apache, be sure to allow override of the Limit directives on your web server (contact your Webmaster).

If you can, do not use the default « files » folder placed inside the distribution, but create a repository pointing to a folder outside your web « document root ».

2. Basic security rules :

HTTPS usage is recommended by AjaXplorer, but you have to configure your server for that, it cannot be done automatically by AjaXplorer.

Always use strong passwords. There is a password minimum length option that is set to 8 characters by default.

3. Check for upgrade :

Security issues are always released with high priority by the AjaXplorer team, use the integrated upgrade tool to check if updates are available and apply them! You can also upgrade your AjaXplorer installation using Softaculous.

Soruce : http://ajaxplorer.info

Features that make ownCloud a better data management application

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn’t need special permissions and is quick. You can also ownCloud by one click via Softaculous. ownCloud is extendable via a simple but powerful API for applications and plugins.

owncloud logo
1. Access Your Data :

Store your files, folders, contacts, photo galleries, calendars and more on a server of your choosing. Access that folder from your mobile device, your desktop, or a web browser. Access your data wherever you are, when you need it.

2. Sync Your Data
Keep your files, contacts, photo galleries, calendars and more synchronized amongst your devices. One folder, two folders and more – get the most recent version of your files with the desktop and web client or mobile app of your choosing, at any time.

3. Share Your Data
Share your data with others, and give them access to your latest photo galleries, your calendar, your music, or anything else you want them to see. Share it publicly, or privately. It is your data, do what you want with it.

4. Versioning
Did someone make a change to a shared file that you don’t like, or did you accidentally delete a section of the file that you need? With the Versions Application enabled, ownCloud automatically saves old file versions – you configure how much to save. To revert, simply hover over your file and roll back to a previous version.

5. Encryption
Do you want to make sure that your files remain secure on the server? With the Encryption Application enabled, all files stored on the ownCloud server are encrypted to your password. This is helpful if you store your files on an untrusted storage outside the ownCloud server. Add to this an SSL connection, and your files are secure while in motion and at rest.

6. Drag and Drop Upload
Working on a computer and don’t want to install the entire ownCloud client? Simply log into ownCloud in a web browser and drag and drop your files from your desktop into your desired target directory in the web browser. They will be automatically uploaded to the server.

7. Themeing
Want to make ownCloud look and feel like the rest of your site? Use the new theming directory functionality. Any style or image that you place in this directory will be used in place of standard ownCloud fonts, colors and icons.

8. Viewer for ODF Files
Want to read open document format files without downloading them? Enable this Application and you can click on any ODF formatted document (.odt, .odp, .ods) and read it in your web browser with no download required.

9. Application API’s
Want to add features and functions to ownCloud? New publicly defined APIs make creating applications for ownCloud much simpler, enabling add on functions a stable integration point for future versions.

10. Migration and Backup
Do you have multiple ownCloud instances, perhaps a primary and a backup installation? Now you can easily move your ownCloud user accounts between ownCloud instances, and have a backup ready when you need it.

11. Tasks
Want to keep track of that all-important to do list? With the Tasks Application, you can easily sync your to do lists with your ownCloud instance.

12. Application Store
Want to add one of the existing applications to ownCloud? Simply enable a new application in settings, and it will be automatically downloaded and installed in your ownCloud instance.

13. Calendars
Want to share your calendar with other users of ownCloud? Enable the Calendar Application, open your calendar, select share, and choose the users or groups you want. You can be sharing your important calendar and important events in no time.

14. File Notifications
Now you can notify others when a file is shared, making it faster and easier to start sharing those documents, home movies and whatever else you choose.

15. Galleries
Want better control over your shared photo gallery? Now you can specify the ownCloud photo directories, sort order, share your galleries with any email address you choose, and control whether they can share those photos with anyone else.

16. External Storage
Do you want one place to access all of your Gdrive and Dropbox files? Then this new experimental feature is something to look at. With the External Storage Application enabled, you can mount your external storage as a folder inside your ownCloud instance, and use 1 interface to access all of your files.

17. Logging
Want to integrate ownCloud into your existing syslog service? Now ownCloud can write to syslog log files as well as the existing ownCloud log file.

18. LDAP / Active Directory
Want to manage ownCloud users from a directory? Now ownCloud enables admins to manage users and groups from their LDAP or AD instance.

Source : https://owncloud.org

5 steps to secure your WHMCS installation

WHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control. Get started with WHMCS by installing it with one click via Softaculous.

whmcs logo

WHMCS has many features built-in to help keep your data safe, but here are several simple extra steps you can take to secure your WHMCS installation even further.

1. Change your WHMCS Admin Folder Name :

Malicious users who visit your site and recognise a WHMCS install will know that they can try logging into your admin area @ /admin/ To protect against this, you can rename the admin folder to something else. You then must tell WHMCS what the name of that folder is for things to work by adding the following line to the configuration.php file :

$customadminpath = "custom_admin_folder_name_goes_here";

Please note that if you have already created a cron job, or one has been created for you, you will need to update the path on the cron as well. eg :

php -q /home/mylogin/public_html/secure/myfoldername/cron.php

You can configure this step on the install form itself while installing WHMCS via Softaculous, just choose the “Admin Folder” you desire.

2. Password Protect the Admin Directory :

Add a second layer of protection to the admin directory by setting up .htaccess password protection. Most users can do this via the Password Protect Directories option in cPanel. Remember to keep your .htaccess username/password distinct and unique.

3. Move the attachments, downloads & templates_c folders :

The three folders “attachments”, “downloads” and “templates_c” need to be writeable by WHMCS and therefore require the permissions 777 (writeable by all). When folders have this permission level it is safer to place the folders outside of the public accessible folder tree on your website. WHMCS allows you to do this. If you do move the folders, then you must tell WHMCS where they have been moved to by adding the following lines to the configuration.php file :

$templates_compiledir = "/home/username/templates_c/";
$attachments_dir = "/home/username/attachments/";
$downloads_dir = "/home/username/downloads/";

In the above example, “username” is the cpanel username and so the 3 folders are located in the home directory, above public_html.

Note that if you are running suphp or phpsuexec you should not make the mode changes as the folders will already be writeable. In fact, you cannot set folder or file permissions to be 777 when running suphp or phpsuexec – the highest permissions are 755 for both folders and files.

If you are installing WHMCS via Softaculous the files will be in the data directory i.e. outside the public accessible folder tree by default.

4. Move the crons folder :

The “crons” folder contains the domain synchronisation file so this should also be moved outside the public accessible folder tree to prevent outside users from triggering it.

WHMCS allows you to do this. If you do move the folders, then you must tell WHMCS where they have been moved to by editing the /crons/config.php file and specifying the path to the WHMCS root directory, for example:

 $whmcspath = '/home/username/public_html/whmcs/';

In the above example, “username” is the cpanel username and whmcs is located in the directory “whmcs”.

5. Restrict Access by IP :

For added security, if your staff use fixed IP addresses, you can add even more protection to your admin area by restricting access to a specific set of IPs. This is done by creating a file with the name .htaccess within your WHMCS admin directory, with the following content:

order deny,allow
allow from 12.34.5.67
allow from 98.76.54.32
deny from all

You can specify as many different allow from lines as you require. Or you can even allow entire IP subnet’s by specifying just the first part of an IP, for example: “12.34.”. This is called Htaccess IP Restriction.

Source : http://www.whmcs.com

Why choose OrangeHRM ?

OrangeHRM offers a flexible and easy to use HRIS solution for small and medium sized companies free of charge. By providing modules for personnel information management, employee self service, leave, time & attendance, benefits and recruitment companies are able to manage the crucial organization asset – people. The combination of these modules into one application assures the perfect platform for re-engineering and aligning your HR processes along with the organizational goals. OrangeHRM can also be installed with just one click via Softaculous.

orangehrm logo

Few reasons to choose OrangeHRM :

1. Administration Module :
The admin module is the central controller of the system where the HR Manager or other appointed personnel perform all system administration tasks. This includes defining organization structure‚ pay scale, maintaining project information and other information that serves as the backbone for the rest of the system. Security issues are taken care of through this module as well by defining user rights and permissions.

2. Personal Information Management :
A complete employee information management system which acts as a central employee database. This enables HR administrators to utilize all employee information productively.

3. Leave Module :
A comprehensive holiday management module‚ with extensive possibilities of defining leave types and more. It caters for all leave application & approval processes and is able to display information on leave entitlement‚ balance‚ history etc.. Thanks to the web-enabled and self-service concepts‚ it significantly streamlines all leave related procedures‚ eliminates paperwork and saves costs.

4. Time Module :
This module automates timekeeping related processes. The offered functionality enhances the organization’s performance by eliminating paperwork and manual processes associated with project timekeeping and attendance management. The sophisticated module helps to efficiently organize labor data‚ improve the workforce management and minimize errors in enforcement of company’s attendance policies.

5. ESS Module :
Employee self service is a powerful tool providing employees of the company with the ability to view relevant information such as personal information‚ updating personal information with web – enabled PC without having to hassle the HR staff. The functionality of this module spans through the entire system‚ making information available anywhere‚ anytime. Of course all information is subject to company defined security policy‚ where everyone can only view the information he / she is authorized to. Time and cost saving effects from this solution are tremendous.

6. Recruitment/ Applicant Tracking Module :
A comprehensive solution for the entire recruitment process. The module allows HR professionals to streamline the entire applicant tracking process effectively.

7. Performance Module :
Another natural attachment to OrangeHRM. While simplifying the performance review process you can communicate the key performance indicators for each job title allowing the employees to understand and achieve your expectations.

Source : http://www.orangehrm.com

Create your classifieds website with Osclass for free

Osclass is an open source application that allows you to create your own classifieds website for free and with hardly any technical knowledge. There are thousands of websites powered by Osclass, and this number is constantly growing.


So, what are the advantages of using Osclass rather than other online tools?

1. It’s easy to install : Easy 3-step installation is compatible with private and shared hosting, so you don’t need to code or possess expert knowledge. The Osclass step-by-step installation guide will lead you through the whole process. In few minutes, you can manage your website from a user-friendly dashboard, consult statistics, reports, email notifications and more, accessible at any time and from anywhere. You can also install Osclass with a Click of a button using Softaculous.

2. It’s easy to customize : You can personalize your website easily thanks to plugins and themes available for free on the Osclass Market, add unlimited categories, subcategories, custom fields, videos, maps, set premium ads, switch your website to any language or have multi-language installation.

3. You can earn money : Thanks to PayPal plugin, you can offer paid premium ads, implement Google Adsense or place traditional banners to make money with your classifieds website.

4. Your visitors will be grateful : Because of how easy it is to place an ad on your classifieds website, with no need for one-time users to register, or by offering login with Facebook accounts. You can also enable sharing ads via email or Facebook, Twitter, etc., allow users to exchange comments directly on your website, create email subscriptions, customize listings with Google Maps, Images, Youtube Videos, and much more!

5. Best Quality : Osclass is SEO friendly (XML Sitemaps generation, robots.txt, nice URLs) and also has built-in anti spam features so you can have quality content on your website (Spam Filter, Akismet, reCaptcha, User Ban System). You can quickly check which ads were caught or cleared by Akismet and manage them from your dashboard.

6. Many other features : User ban system, templates for static pages, email alerts, CSRF in the forms, preview of the email templates, legend in the sidebar, integration with TinyMCE for WYSIWYG editors offers HTML formatting tools; customization of the time zone, date format, currency etc.

7. Community support : Being open source gives everyone the possibility to share their experiences and knowledge to all the members of Osclass community from around the globe. If you have any doubts, you can consult the Osclass forum, documentation, guides, blog or contact the Osclass Team directly.

Source : http://osclass.org

Getting Started with Concrete5

Concrete5 is a CMS made for Marketing but built for Geeks. When your website is built with concrete5, you can easily change content right from your web browser. When you see something you want to change, simply click edit and make your changes. It’s that easy! SEO is a breeze! Simply add meta data to any page or image live right in your browser. Get started with Concrete5 by installing it with one click via Softaculous.

concrete5 logo

 

1. Edit Mode

See a typo you want to fix? Put the page in edit mode and start changing content right there! Changing around basic content and functionality with concrete5 is simple.

  • Login to the CMS. This url will always get you to a login page: yoursite.com/index.php/login
  • Go to the page where you want to make an edit, just as you normally would.
  • To start making changes to your page, click Edit in the editing toolbar.
  • Once you are finished with making the changes click on the Editing button, you now have 3 options i.e. Discard, Preview, Publish.
  • Preview your changes and once you have the page looking the way you like, click Publish.

2. Add Functionality

Need some interactive functionality like a survey or guestbook? You can add a new block to any page. The Form Block gives you a fast way to make forms. All data can be found collected by the form can be accessed in the Dashboard.

How to Customize your form :

  • The Add tab allows you to add questions.
  • Edit tab allows you to change your questions or the order they are presented in. You can change the order with the up and down arrows.
  • Preview tab allows you to see how the form with look.
  • The Options tab adds contains some additional choices.
  • You can see all the results of your forms in the Dashboard. Just type “form” into intelligent search.

3. Add a Page

Wondering how to get a new item in that main navigation? Simply add a page. With concrete5, your whole site is organized in a tree. You can see what your site’s architecture looks like by going to the Dashboard > Sitemap

To add a new page to your site :

  • Pick where you want it to live. If, for example, you want to make a new page in the About area, you should first navigate to the About page and then roll over the edit button and click “Add a Sub Page”.
  • Choose your Page Type
  • Select a Page Type that includes the editable areas you want, you’ll be able to reskin this page later using Themes.
  • Click Add Page. Now you can select page information including title and description.
  • Click Add Page and voila you have a new page and you are dropped into edit mode.
  • You can add Blocks and get this page looking just right before hitting Exit Edit Mode and committing your changes.

4. Design Tools

Customize your theme or get a new one from the marketplace. Style content as you go. The Design button lets you select the Page Type and Theme that the page you are on will use.

  • Every page in your site must have a Theme and Page Type defined.
  • Page Types point to Template files in your Theme directory.
  • Frequently Page Types are used to define the look of a page (ie: left sidebar, right sidebar)
  • Sometimes Page Types are used to define the functionality of a page (ie: Product Page, Press Release). When you define Page Types this way, it’s easy to do things like get ALL of the Product Pages from across your entire site and put them in a single list.
  • Your site can use multiple Themes. Once you change a theme on a page, all new pages created under this page will follow that type.
  • If you want to change the Theme you’re using across your entire site, type “Themes” in intelligent Search and click Activate next to the Theme you like from that Dashboard > Themes page.

5. Reuse Elements

Page defaults and Stacks let you quickly make changes across your whole website. Stacks let you reuse a block or a combination of blocks in multiple places on your site.

How to Create a Stack :

  • Simply type “Stacks” into intelligent search to get to the Stacks Dashboard page.
  • Enter the New Stack name in the text box under Add Stack and click on Add button.

Add an Existing Stack to a Page :

  • Just put the page in Edit Mode, mouse over a block area and click.
  • You’ll get this add block interface.
  • Select the stack you would like to use.

Manage a Stack :

  • To update the contents of a stack put the page in edit mode and click on the stack, a popover menu will offer the option to Manage Stack Contents (if you have permissions to do so).
  • An overlay with the Manage Stack options called “Editors contents” will open.
  • Placing the stack in move mode will also open an overlay with the Manage Stack options called “Editors contents”.
  • After you move a block or add a block, you will have the option to Approve Changes to your stack.

Source : http://concrete5.org

5 reasons to use Magento E-Commerce

There are many tools available for e-commerce development but we want our e-commerce website to integrate with custom websites and new development for this the most preferable open source php script used is Magneto, it is not only easy to integration it is also an affordable choice for a whole range of business from small to huge international chain. Install Magento with one click via Softaculous and get started.

magento logo

1. Integration
To run an e-commerce we need to have a lots of integration like payment gateways, shipping service, database access, constant contacts with clients, google and many more all this are third party integration and Magento is easy to integrate with all this third party site for running a profitable e-commerce website.

2. Special tools and Features
Any product should have an extra edge over others when we have a website we need to be on top in search engines Magento come with a built-in SEO feature, it automatically updates international currency rate on your website, a user can even rate a product, have a wishlist, provide marketing tools and much more.

3. Multi-store
With just a one admin log-in you can create multiple stores, it does not restrict you to one store in-fact gives you a plus point of multiple store with just one back end. So all your information is available on a single admin panel. This is something that other platforms lack.

4. Customization
Magento platform is highly customizable and thus it is very easy to use for your online web shopping cart website. It can be tailored as per the needs and requirements of website owner and fits the budget size as its its source code is disclosed which encourage user for participating in customizing as its open source.

5. Support and Development.
Development of Magento is always on top, it give regular updates which is very good for any open source project with regular update you will get a taste of features and quick bug fixes.
It not only provides regular updates it also provides online support to its user which is a great help to users.

Source : http://cmsadgroup.com/

Steps to create a photo gallery using ZenPhoto

Zenphoto is a standalone CMS for multimedia focused websites. Zenphoto is easy to use and having all the features there when you need them (but out of the way if you do not.) Zenphoto features support for images, video and audio formats. This makes Zenphoto the ideal CMS for personal websites of illustrators, artists, designers, photographers, film makers and musicians. You can get started by installing ZenPhoto with just one click via Softaculous.

zenphoto logo

Steps to create a photo gallery using ZenPhoto :

  1. Login to your ZenPhoto installation and click on the upload tab which is located at the top.
  2. Here you will see a “upload to” section with a drop down list, where you can select the album you want to upload the images to or create a new album. To create a new album you can select “/” and give the title name and album name.
  3. Once the album is created click on the browse button and select your file(s) which you want to upload. To upload multiple files you can again click on browse button again and select your image.
  4. Once you have selected the file(s) which you want to upload you just need to click on the upload button at the end. After the upload is complete you will automatically be redirected to the albums page where you can further edit the album details.
  5. That’s it your image gallery is now ready.

What PrestaShop can do ?

PrestaShop is the most reliable and flexible Open-source e-commerce software. Since 2007, PrestaShop has revolutionized the industry by providing features that engage shoppers and increase online sales. The PrestaTeam consists of over 100 passionate individuals and more than 400,000 community members dedicated to innovated technology. You can get started with PrestaShop by installing it through Softaculous right away.

prestashop logo

1. Catalog Management
Manage a dynamic product list through the PrestaShop back-office. Whether the shop has one product or thousands, this incredible administrative interface lets merchants manage the most complex inventory easily and update with a single click. Import and export quickly, set attributes, sort products, bulk discounts, and much more. Managing products has never been easier with PrestaShop.

2. Product Displays
Display products in a unique way and provide customers with numerous options to view their desired products. Providing multiple views will help boost conversion rates. Merchants can reduce customer doubt by putting them at ease with zoom in features and multiple product views.

3. Site Management
Manage a site easily using PrestaShop. Business owners can enjoy editing content, managing product displays, and changing languages all through the back office. PrestaShop has a one-click  upgrade to keep a store running at the latest version and can also be upgraded from Softaculous panel.

4. Search Engine Optimization
One of the best forms of marketing is search engine marketing.Optimize a site and ensure major search engines are indexing the store. Simply through placing high tracked keywords in site tags, a
store can be placed on the rst page of Google! Discover countless possibilities with increased online traffic.

5. Checkout
An effective checkout page will push conversion rates through the roof! PrestaShop offers a one-page checkout among other features. Merchants can customize fields to gather certain information. From design to shipping, PrestaShop checkout process makes purchasing easy for  customers.

6. Shipping
PrestaShop allows flexible shipping modules and is fully integrated with major carriers. Provide customers reliable shipping options and the ability to include custom messages. Control logistics such as, fees, weight, shipping restrictions and more from the back-office.

7. Payments
PrestaShop is integrated with numerous payment options and business owners can install a desired payment option with one-click. Ensure payment is received and customers are comfortable providing their information.

8. Marketing
PrestaShop offers a variety of marketing and promotional tools built in. A successful merchant is the key to PrestaShop’s growth and guaranteeing effective marketing tools will build a path for online success.

9. Client Account
Customer satisfaction is key to keeping customers loyal and increasing sales all year around. Provide customers with an easy check-out through their own personal account and tailor messages to their needs.

10. Translations
PrestaShop is a global community and is proud to have community members in over 150 countries. A single store can be translated in 41 languages. Offering various translations will improve user experience and overall sales.

11. Security
Make customers feel secure about shopping online. A secure connection is critical to begin accepting payments. From PCI to SSL compliance, PrestaShop comes equipped with everything a
merchant needs to be secure.

12. Localization/Taxes
PrestaShop’s advanced tracking system can detect where a customer is located and calculate taxes or promotions set by the merchant. Additionally, configure exchange rates and let customers choose their preferred currency.

13. Analytics & Reporting
Reporting is key to tracking and optimizing performance. Merchants must monitor sales and visitor interactions to understand what efforts are working and which have room for improvement.

Source : http://www.prestashop.com

Checking for SSHD Rootkit hack

Since the past few days the SSHD Rootkit issue has caused havoc amongst server admins. It is still unknown how the attackers manage to get root access to the servers and modify the keyutils-libs package. This has been affecting mainly 64 bit Operating Systems with control panels like cPanel, Direct Admin, Plesk, Webuzo, etc.

We recommend every server admin to check whether your server has been affected. To do so please type the following command :
root> ls -la /lib*/libkey*
If the list displays any of the following files, your server may be compromised :

  • libkeyutils.so.1.9
  • libkeyutils.so.1.3.2
  • libkeyutils-1.2.so.2

The symlink of /lib64/libkeyutils.so.1 will be pointing to one of the above files instead of the following correct ones e.g. libkeyutils-1.2.so

In order to remove this, you will need to do the following :
1) Remove the wrong file which is there on your system, e.g.
root> rm -rf /lib64/libkeyutils-1.2.so.2

2) Remove the symlink as well, e.g.
root> rm -rf /lib64/libkeyutils.so.1

3) Make a symlink to the correct file :
root> ln -s /lib64/libkeyutils-1.2.so /lib64/libkeyutils.so.1

Then restart the system. Restarting the services will do no good. So please restart the system.

Though there is a possibility of the server being re-infected I have personally found from more than 20 servers I manage, that servers with NON-STANDARD SSH ports were not infected.
Hence please do change the SSH port for your servers safety.

Talk back: Have you noticed the SSHD rootkit on your servers? What have you done to clean up your infected servers? Please do share with everyone.