CloudFlare Hosting now included in every hosting plan

HelpingHost.com is happy to announce a new partnership with Cloudflare, the web’s easiest performance, and security solution. As a Cloudflare Certified Partner, we deliver their simple and free solution to help protect and accelerate your website. Once your website joins the CloudFlare community, it loads twice as fast and is protected from a range of online threats.

Getting started is super easy—you just need to log into your control panel and look for the Cloudflare icon. With two clicks, you can activate CloudFlare and your website will automatically be faster and safer around the world.

We are pleased to offer you the CloudFlare service for FREE. There is no commitment. Turning CloudFlare on and off takes two clicks of the mouse, so feel free to try it out. We think you’ll like it.

To learn more about Cloudflare, you can take a look at our Cloudflare Hosting page hereCloudFlare Hosting Logo

Securing and updating HSphere PHP using CloudLinux

With the recent Joomla exploit it became even more clear that we hsphere hosters have to find a way to get the latest PHP versions onto our servers.
We are using CloudLinux on every web server already to take advantage of its ability to keep customers resource usage in check.
CloudLinux also comes with alternative PHP packages (alt-php) including hardened PHP which are EOL php versions that the CloudLinux team keeps patching.


For several weeks we researched ways to use the alternative PHP packages as replacements for hsphere PHP.
Good news! We did it!
Before we go into detail on how this was accomplished, please keep in mind our hsphere web setup before any changes are made:

  • – Apache 2 worker mode
  • – FCGID active
  • – mod_hostinglimits active
  • – CloudLinux 5 with Hybrid Kernel (CL6 will work just as well)

Now on to how we accomplished the goal of replacing hsphere PHP with Cloudlinux PHP.
At first we tried to get a custom suexec from CL to replace the hsphere suexec. However, under hsphere, the pathnames to all PHP binaries are actually hardcoded into the suexec. So, a custom suexec with just adjusted parameters will NOT work.

Next, we decided to try to litterally replace the hsphere php binaries with cloudlinux binaries.
This turned out to work pefectly well even though sadly cagefs will not work within PHP scripts due to the missing custom suexec.

Here are the steps:

  • yum install cagefs lvemanager -y
  • yum groupinstall alt-php -y
  • yum install alt-php54-zend-guard-loader -y (only on CL5)
  • /usr/sbin/cagefsctl –init
  • Now copy the sample PHP ini files from one user to /etc. Reason is that under Hsphere, the suexec does not respect cagefs which means php is looking for the php.ini in /etc/cl.php..
    cp -r /var/cagefs/00/[SAMPLEUSER]/etc/cl.php.d /etc/
  • edit the global php ini file to your liking: /etc/cl.selector/global_php.ini. What you add here will be compiled into each global php.ini in the next step
  • /usr/sbin/cagefsctl –setup-cl-selector
  • The last step is to copy the CloudLinux php binaries over the old hsphere binaries.
    Reason this needs to be done this way is that the hsphere suexec containts the path to the php binaries hardcoded.cp -f /opt/alt/php44/usr/bin/php-cgi /hsphere/shared/php4/bin/php
    cp -f /opt/alt/php52/usr/bin/php-cgi /hsphere/shared/php5/bin/php
    cp -f /opt/alt/php53/usr/bin/php-cgi /hsphere/shared/php53/bin/php
    cp -f /opt/alt/php54/usr/bin/php-cgi /hsphere/shared/php54/bin/php
    cp -f /opt/alt/php55/usr/bin/php-cgi /hsphere/shared/php55/bin/php
    cp -f /opt/alt/php53/usr/bin/php-cgi /hsphere/shared/php-internal/bin/php
    (You need to use PHP 5.3 for internal PHP, otherwise the webshell will no longer work)
    rm -f /usr/bin/php
    rm -f /usr/local/bin/php
    ln -s /opt/alt/php55/usr/bin/php /usr/bin/php
    ln -s /opt/alt/php55/usr/bin/php /usr/local/bin/php

BTW, nothing stops you from for example doing a:
cp -f /opt/alt/php5.6/usr/bin/php-cgi /hsphere/shared/php4/bin/php

So, if nobody uses PHP 4.4 anymore on a server you convert it to PHP 5.6 this way, or if you are on CL6 you can use PHP 4.4 to be PHP 7.

Joomla 3 Security update – CVE-2018-8045

Please upgrade to Joomla 3.8.6

A security flaw has been discovered in Joomla version 3.5.0 through 3.8.5.

It has been assigned [CVE-2018-8045].
The User notes list view is missing a type casting of a variable which can lead to an SQL injection.

This means that somebody can make changes or read out data from your Joomla database without permission.
It can be achieved by simply calling the User notes list view with specially crafted parameters.

The Joomla team considers the severity of the flaw as low.

Please login to your hosting control panel and use our Softaculous installer to update your Joomla.
If you are unsure, please contact your HelpingHost.com support team to help you out.

Using the PHP Form Builder Class (PFBC) within your own Joomla Component.

Why?

I was in the need of professional forms for a Joomla component I’m currently writing. With “professional” I mean the forms have to look professional and also need to be validated in a professional manner. I first went through a lot of Javascript/CSS solutions. However, in the back of my mind I thought I still have to validate all input on the Server level (Within the Joomla component itself) Finally I found an actively maintained Forms Library that after some testing worked great within any Joomla Component.

Here are some basic notes on how I accomplished this:

I’m using a file called loader.php located in the library path in my component Directory. I call it from my main controller file like this:

require_once(JPATH_ROOT.DS.'components'.DS.'com_component'.DS.'library'.DS.'loader.php');

in my loader PHP I have this line:

JLoader::register('Form', JPATH_COMPONENT.'/3rdparty/PFBC/Form.php');

As you can see I just copied the PFBC folder into a folder called 3rdparty within my Joomla component folder. Now you can use PFBC anywhere in your component by creating the object like this and add a field for example:

$form = new Form("testing", 300) ;
$form->addElement(new Element_Textbox("My Textbox:", "MyTextbox"));
$form->addElement(new Element_Button);

Assign it to the View as usual:

Joomla Open Source logo

$this->assignRef('myform', $form);

And render it in the tmpl file:

echo $this->myform->render();