How to Install Umbraco manually

Umbraco

Umbraco Installation

Umbraco is a fully-featured open source content management system with the flexibility to run anything from small campaign or brochure sites right through to complex applications for Fortune 500’s and some of the largest media sites in the world.

System Requirements

Browsers, The Umbraco UI should work in all modern browsers like

  • Firefox (Latest)
  • Chrome (Latest)
  • IE10+ (will not always work correctly in lower versions)

Local Development

  • Microsoft Windows 7 SP1
  • Webmatrix 3

Hosting

  • IIS 7+
  • SQL CE, SQL Server 2008 and higher or MySQL
  • ASP.NET 4.5 Full-Trust
  • Ability to set file permissions to include create/read/write (or better) for the user that “owns” the Application Pool for your site (NETWORK SERVICE, typically)

Follow these steps to do a full manual install of Umbraco.

Web Platform Installer method

Install Umbraco using the Microsoft Web Platfom Installer is the recommended method for installing Umbraco to IIS7.  The Web PI can be found here:

http://www.microsoft.com/web/gallery/Umbraco.aspx

and is also available as an extension for the IIS Manager:

http://www.iis.net/extensions/WebPI

When using the Web PI be certain to leave the Application Name field blank, otherwise the installer will place Umbraco into a sub folder under a web root, which is not supported.  Also, you may find that creating a SQL Login with dbo rights to your target database will make the installation process smoother.

Manual installation

Step 1: Download

If you want to install Umbraco manually, you have to download the binary release from here:

http://our.umbraco.org/download

After you have downloaded the package, you have to right click the file, choose Properties, and the click “Unblock”. Otherwise you will get errors when installing.

Step 2: Setup IIS

Extract the ZIP file to a folder on your computer. The norm is to create a folder under c:\inetpub\wwwroot\ for your website.

NOTE: If the downloaded ZIP file contains a “build” folder in the root, you have to move the contents “build” to the above mentioned folder.

Then, in IIS you create a new website by right-clicking on Sites and choosing Add Web Site.

Give your website a name and an address, and point the Physical path to the folder where you extracted Umbraco.

Step 3: Permissions

Follow one of the guides on the following page, but be sure to read the “Setting Permissions for ApplicationPoolIdentity” section.

http://our.umbraco.org/wiki/install-and-setup/set-umbraco-folder-permissions-from-command-line

You can find the name of the application pool by clicking on your website in IIS and the clicking on “Basic Settings” on the right side. The name of the application pool is in the top right textbox.

Step 4: Setup database

Open up SQL Server Management Studio and add a database by right-clicking on Databases and choosing New database. Give your database a name, and click “OK”.

The create a user for your database by going to Security and right-clicking on “Logins” and choosing “New login”. Give your user a name (for example: umbracouser), choose SQL Server authentication, and enter a password.

Then go to User Mapping and in the list that appears, check the database you just created. Then you check the following roles in the “Database role membership” list:

db_datareader
db_datawriter
db_ddladmin
db_securityadmin
public

 Click “OK”.

Step 5: Install Umbraco

Go to the address you set up for your Umbraco installation. It will automatically start the installer for you.

Follow the steps in the installer, and if you did everything above correct, you will mostly only click “next”.

Tweaks to Manual Install permissions-setting (from Eric Schrepel on 12/12/12 related to solving a few Umbraco 4.11+ issues)

To get the above steps to work on Windows 2008/IIS7 and Umbraco 4.11.1, I found I had to create and run a slightly different setPermissions.bat file.

My changes are noted in bold and described below:

icacls app_code /grant “IIS APPPOOL\umbraco”:(OI)(CI)RX
icacls app_browsers /grant “IIS APPPOOL\umbraco”:(OI)(CI)RX
icacls app_data /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls bin /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls config /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls css /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls data /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls macroscripts /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls masterpages /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls media /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls python /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls scripts /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls umbraco /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls usercontrols /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls views /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls xslt /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls web.config /grant “IIS APPPOOL\umbraco”:(OI)(CI)M
icacls web.config /grant “NETWORK SERVICE”:M
icacls robots.txt /grant “IIS APPPOOL\umbraco”:M

Changed R to M for app_data, macroscripts, and usercontrols satisfied permission errors that cropped up when trying to load the site the first time (to finalize the install).

Added views line to avoid YSOD during initial site load

And even though I’m using the APPPOOL\umbraco application identity for everything, the install screen where it sets up the SQL database locks up unless I add the web.config line granting NETWORK SERVICE modify rights.

It’s possible some of those changes weren’t necessary, but they did get me past the install hiccups.

References:

our.umbraco.org

Posted in Web Hosting | Tagged , , | Comments Off on How to Install Umbraco manually

How to install Drush for Drupal 7

drush

What is Drush?

Drush is a command line shell and Unix scripting interface for Drupal. Drush core ships with lots of useful commands for interacting with code like modules/themes/profiles. Similarly, it runs update.php, executes sql queries and DB migrations, and misc utilities like run cron or clear cache.

Simply put, you can perform administrative tasks far more efficiently with Drush than you can with the Drupal administration control panel in the web browser. An efficient Drupal 7 developer must use Drush.

Install Drush

Download and install the Drush command-line software. There are a few ways you can do this.

If you are running Linux, you can most likely install Drush with the operating system’s native package manager. Operating system’s package manager may install an older version.

CentOS/RHEL

# sudo yum install drush

OS X with Homebrew

# brew install drush

Ubuntu/Debian

# sudo apt-get install drush

Install Drush using Composer

If you have already  installed Composer on your system, you can use it to install Drush.

composer global require drush/drush:6.*

Also want to make sure the Composer binaries directory is added to your system path.

sed -i ‘1i export PATH=”$HOME/.composer/vendor/bin:$PATH”‘ $HOME/.bashrc

Install Manually Drush

Manually download and install Drush, but you must have Composer already installed first. When you’re ready to manually install Drush:

# Create a bin directory for your user account and add to system path
mkdir $HOME/bin
echo “PATH=$HOME/bin:$PATH” >> ~/.bashrc
source ~/.bashrc

# Download and unzip the Drush software
wget -O $HOME/bin/drush.zip https://github.com/drush-ops/drush/archive/master.zip
unzip -d $HOME/bin $HOME/bin/drush.zip

# Install Drush dependencies with Composer (assumes `composer` is on system PATH)
cd $HOME/bin/drush-master
composer install

# Create a symbolic link
ln -s $HOME/bin/drush-master/drush $HOME/bin/drush

Once you have downloaded and install the Drush software, you can open your Terminal/Console application, type drush, and hit ENTER.

Posted in Web Hosting | Tagged , , , | Comments Off on How to install Drush for Drupal 7

How to Alias (CNAME) Resource Record to a Zone

cname1.1png

A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the “canonical” domain. All information, including subdomains, IP addresses, etc., are defined by the canonical domain. CNAME record points domain or subdomain to the IP address of the destination hostname. So, if the IP of the destination hostname changes, you won’t need to change your DNS records as the CNAME will have the same IP.

Add an alias (CNAME) resource record to a zone using the Windows interface

Open DNS Manager.

  • In the console tree, right-click the applicable forward lookup zone, and then click New Alias.
  • In Alias name, type the alias name.
  • In Fully qualified domain name (FQDN) for target host, type the FQDN of the DNS host computer for which this alias is to be used.
  • As an option, you can click Browse to search the DNS namespace for hosts in this domain that have host (A) resource records already defined.
  • Click OK to add the new record to the zone.

Additional considerations

  • To open DNS Manager, click Start, point to Administrative Tools, and then click D

Add an alias (CNAME) resource record to a zone using a command line

  • Open a command prompt.
  • Type the following command, and then press ENTER:

dnscmd <ServerName>/RecordAdd <ZoneName> <NodeName> [/Aging] [/OpenAcl] [<Ttl>] CNAME <HostName>|<DomainName>

Posted in Web Hosting | Comments Off on How to Alias (CNAME) Resource Record to a Zone

How to Check WHM /cPanel Version

If you are running a cPanel Server, your priority administration task should be the security. Some tricks about Server Security can be read on this blog. If you are running a Web Hosting business you should provide to your costumers the high security level.

A basic security need is to keep cPanel last stable version. The  below instructions are intended specifically for checking your version of cPanel or WHM via the command line or the WHM dashboard.

Check Version of WHM / cPanel using the Command

/usr/local/cpanel/cpanel -V

Check the Version of  WHM / cPanel looking at the Version File

cat /usr/local/cpanel/version

Check the Version of WHM / cPanel login to WHM

Once you’re logged into WHM you can see version of cPanel / WHM displayed at the top:

How to Check WHM /cPanel Version

Check WHM /cPanel Version

Take in mind that keep your server with the last cPanel version is not sufficient to keep the server secure. It is a long process and you should keep always you eye open. Good look 🙂

Posted in cPanel Hosting, Web Hosting | Tagged , | Comments Off on How to Check WHM /cPanel Version

How to Minimize Spam on Drupal Website

Honeypot

Honeypot module Protects the Registration Forms, Password Reset Forms, Webforms, Node Forms with an additional option to protect all forms on your site.

Honey PotIt should be your first line of defense, quite simple to use and works invisibly, behind the scenes without adding any complexity to the form for your users. Just enable it and then select which forms you want it to protect.

Honeypot will now look to see if a hidden field (called URL by default) has been filled out or if the form was submitted too quickly. In most cases only a bot would fill in the hidden form or fill out the form too quickly. If either of these conditions is met then the submission will be stopped.

Honeypot is typically all we’ll use on a website and in most cases almost completely removes spam. However, there are additional options for further protection.

Webform Validation

Webform Validation is a very flexible add-on module that extends Webforms with additional validation options that include verifying that a field is numeric, meets minimum or maximum lengths, has a number of words, equals a specific value, doesn’t contain black list words and more. And if this wasn’t enough you can even enter Regular Expressions which can create very complex filters like meeting a area-code and phone number format.

The following validation rules are currently included:

  • Numeric values (optionally specify min and/or max value)
  • Minimum length
  • Maximum length
  • Minimum number of words
  • Maximum number of words
  • Equal values on multiple fields
  • Unique values on multiple fields
  • Specific value
  • Require at least one of two fields
  • Require at least one of several fields
  • Minimum number of selections required
  • Maximum number of selections allowed
  • Exact number of selections required
  • Plain text (disallow tags)
  • Regular expression
  • Must be empty (anti-spam: Hide with CSS)
  • Words blacklist
  • Must match a username

Mollom logo is an intelligent content moderation web service. By monitoring content activity on all sites in the Mollom network, Mollom is in a unique position to determine if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster.

In short, Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable. Therefore, Mollom enables you to allow anonymous users to post comments and other content on your site.

Mollom decision flowMachine learning.  It uses sophisticated machine learning techniques to block spam and malicious content automatically. Mollom uses a reputation-based system that keeps a continually evolving archive of user profiles to immediately discern an individual’s propensity to submit spam. This applies to everything from user registration forms to blog entries.

Protection against profanity. Using text analytics, it is able to detect harmful content such as profanity and other spam-related content. And Mollom adds language support, stopping unwanted content in 75 languages.

Centralized Captcha Service. Mollom provides a centralized captcha service that stop known spammers. Approved users are not required to solve a captcha.

The captcha is invoked for three specific use cases:

  • Upon user registration, when no content can be classified
  • When Mollom is unable to classify a user
  • When a site owner using Mollom opts for more privacy, and Mollom isn’t allowed to audit all content

Mollom audits the content quality by defining it across three dimensions:
Spam, Ham, and Unsure:

  • Ham is considered positive content and automatically published.
  • Spam is negative content and automatically blocked.
  • Unsure is anything in between. Mollom does not recognize the user, and they’re shown captcha’s, and the customer gets to decide if content is automatically published, blocked, or sent for manual moderation.

Captcha

Captcha Module Protects User Login, Contact Forms, Registration Forms, Password Reset Forms, Node Forms, Webforms and Custom Forms.

There are various types of captcha’s that can be selected from and more can be installed from other modules that extend the options.

A captcha is a challenge-response test most often placed within web forms to determine whether the user is human. Captcha module which allows you to present the user with a captcha challenge to prove they are not a bot. The purpose of Captcha is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can.

In our experience, captcha can be somewhat helpful in minimizing spam but can also aggravate your users who have a hard time figuring out the challenge. We prefer to use other methods that work silently behind the scenes without giving your users more work to do before they can submit the form. The captcha provides this feature to virtually any user facing web form on a Drupal site.

Custom Hooks

Another option for minimizing form spam is to create your own form validation function.

If you are creating your own forms using Drupal’s Form API then you can simply add your own validation function.

If you’re using a built-in form of any other type then you can use HOOK_form_alter() to add your own validation callback to an existing form.

Posted in Web Hosting | Tagged , , | Comments Off on How to Minimize Spam on Drupal Website

What is CloudLinux and its Hosting benefits?

cloudlinux

What is CloudLinux.

It is a hosting oriented Linux distributive based on CentOS which improves server stability, density, and security by isolating each tenant and giving them allocated server resources. Uses the LVE (Lightweight virtual environment) kernel technology that is similar to OpenVZ in some aspects or to other OS-based virtualization technologies. It

LVE and cPanel / WHM – CL has developed a plugin specifically for use on cPanel / WHM based systems. Installed through yum (CentOS package manager), the plugin allows you to view resource accurate up to the last second, and also allows you to edit default and individual LVE limits.

Improve the server stability by limiting the resources per user :

In shared hosting, the most common reason for server overloading or downtime is a single account slowing down other accounts on the server.

Using cPanel & WHM software with CloudLinux utilizes innovative Lightweight Virtual Environment (LVE) technology, improving the density and stability of your shared hosting environment for all tenants.

Advanced security for Servers

With unique CageFS technology, CloudLinux encapsulates each customer, preventing users from seeing each other and viewing sensitive information.

CloudLinux Prevents a large number of attacks, including most privilege escalation and information disclosure attacks.

Admin interface within WHM software to easily manage account usage

Within WHM, CloudLinux gives you and your clients the visibility and accessibility to see and control the exact resource usage of each website.

Increased efficiency

Monitoring and containing resource spikes, it eliminates the need to leave server resources idle, providing you with the ability to host twice as many accounts on your cPanel / WHM server.

Multiple PHP versions

Using CloudLinux together with cPanel & WHM software gives your customers with the flexibility to choose the PHP version that they need.

This includes versions 4.4, 5.2, 5.3, 5.4, and 5.5 as well as more than 50 PHP extensions and the ability to adjust php.ini settings.

Hardened kernel

The shared hosting environment is unlike any other and the CloudLinux kernel takes that into account.

It can protect against symlink attacks and trace exploits, while restricting the visibility of ProcFS to only what is necessary — making your cPanel & WHM servers more secure.

Posted in Web Hosting | Tagged , , | Comments Off on What is CloudLinux and its Hosting benefits?

django CMS Web Hosting Plan launched by WebHost.UK.Net

django-hosting-10-off

django-hosting-10-off

London, UK – June 8, 2016 – Webhost.uk.net one of the renowned name in Web hosting industry since 2003, is excited to launch django CMS Hosting Web Hosting in UK (Europe) powered by Django.  django CMS is one of famous Enterprise Content Management System which came into existence for developer and content editors to offer stability and security that other CMS application could not offer. While it’s lightweight core makes it easy to integrate with other software and put to use immediately. django CMS is free open source CMS application developed in 2007 since then used by thousands of developers.

For Developers:

Developers can integrate other existing Django applications very easily, or build brand new compatible apps that take advantage of django CMS’s publishing and editing features.

For Content Editors: django CMS is user friendly and has a very intuitive drag and drop interface. It is built around the needs of multi-lingual publishing by default, not as an afterthought: all websites, pages and content can exist in multiple language versions.

We are the most preferred UK django CMS Host because of below Django CMS Hosting Features:

1) Instant Django CMS Account Setup

2) Free Django CMS Installation

3) Great Django CMS tutorial

4) Django CMS Optimized Servers

5) Easy Django CMS Account Upgrade

6) 99.9% Uptime Guarantee

7)30 Day Money Back Guarantee

8) 24x7x365 Uninterrupted Support

The specialized Django Web Hosting plan is available just for £5.00 GBP per month and customers get 10% Discount on annual billing cycle which can be redeemed by using SPECIAL10 coupon code. WebHostUK offers 24/7 live chat and email support and servers are monitored round the clock. Confident in their network and support services, WebhostUK offers 99.9% uptime and 30 day money back guarantee. For more details on WebhostUK Django hosting, please visit https://www.webhost.uk.net/django-hosting.html

About WebHostUK:

One of the Best Hosting since 2003, WebHostUK LTD has made a name for itself by offering quality web hosting and support services. WebHostUK continues to offer most reliable, secure and cost-effective web hosting products in UK and US Data Centers. The wide array of web hosting products offered by WebHostUK includes Web Hosting, Reseller hosting, Cloud VPS HostingManaged Dedicated Servers, Ecommerce Hosting and many more.

For more details, please log on to https://www.webhost.uk.net.  or Visit our 24x7x365 Live chat support

Posted in Around the Internet, Web Hosting News | Tagged , , , | Comments Off on django CMS Web Hosting Plan launched by WebHost.UK.Net

How to Block Bots to Access Website

Block Bots to Access Website

What are bots:-

For those not familiar with the term Bots, are basically computer programs that surf multiple websites to perform a variety of automated tasks. It’s short for robots.

Examples of bots include those used by the search engines. Those bots retrieve a copy of your web page so that they can include relevant terms from that page in their search index.

Not all bots are benign however. Some bots go through your website looking for web forms and email addresses to send you spam.

Other bots probe your website for security vulnerabilities.

Inorder to block all bots from accessing your site, you should create a robots.txt file with the following content.

User-agent: *
Disallow: /

Note: Blocking all bots will get your site deindexed from search engines.

Prevent malicious bots from visiting Website. 

Targeted attack towards website is common that malicious bots will access your web site attempting to gain access via brute force force.  This in turn will commonly result in multiple script executions and will greatly increase the resource usage of the hosting account.

Its always good to have protection in order to avoid issues caused by such unauthorized access.

  • Add additional plugin for your application that prevents such attacks. For example a nice option for WordPress is the Wordfence security plugin.
  • Use a set of .htaccess rules that will prevent malicious requests towards your website. A good one that you can use out of the box for pretty much any general case is the 6G Firewall.
    The exact rules you can add to your .htaccess are also included below:

# 6G FIREWALL/BLACKLIST
# @ https://perishablepress.com/6g/

# 6G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000}) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
RewriteCond %{QUERY_STRING} (\’|\”)(.*)(drop|insert|md5|select|union) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REFERRERS]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000}) [NC,OR]
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
RewriteRule .* – [F]
</IfModule>

# 6G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (?i)([a-z0-9]{2000})
RedirectMatch 403 (?i)(https?|ftp|php):/
RedirectMatch 403 (?i)(base64_encode)(.*)(\()
RedirectMatch 403 (?i)(=\\\’|=\\%27|/\\\’/?)\.
RedirectMatch 403 (?i)/(\$(\&)?|\*|\”|\.|,|&|&amp;?)/?$
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\”\\\”)
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
</IfModule>

# 6G:[USER AGENTS]
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ([a-z0-9]{2000}) bad_bot
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
<limit GET POST PUT>
Order Allow,Deny
Allow from All
Deny from env=bad_bot
</limit>
</IfModule>

# 6G:[BAD IPS]
<Limit GET HEAD OPTIONS POST PUT>
Order Allow,Deny
Allow from All
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
</Limit>

To implement: include the entire 6G Blacklist in the root .htaccess file of your site. Remember to backup your original .htaccess file before making any changes. Then test your pages thoroughly while enjoying a delicious beverage. If you encounter any issues, please read the troubleshooting tips and the section on reporting bugs. As always, feel free to share feedback and ask any questions in the comment section

Posted in Web Hosting | Tagged , | Comments Off on How to Block Bots to Access Website