Csoft.net - Frequently Asked Questions

Csoft.net - Frequently Asked Questions
<-- Back to Documentation

[en] [fr]

Requesting support

How do I request assistance?

Using the secure form. Sensitive information, such as passwords, may be transmitted with this form, and will be stripped from responses.
Sending an e-mail to (tech or sales) at csoft.net. Plain text messages are preferred.
Using our toll-free number 1-888-655-4977.
Unofficially, by live chat on the Freenode channel #csoft.net. You can connect using this web interface. For shell users, IRC clients such as irssi are also available on our servers.

Service announcements

Announcements concerning the service such as scheduled server maintenance, hardware upgrades and software installs/upgrade are available from your server's /etc/motd (message of the day) file, which is displayed on the main page of the web interface. By default, it is also shown when you log into your shell or connect by FTP. Service announcements which we consider to be very important are also sent by e-mail.

Connectivity

How much bandwidth/traffic do you provide?

We are not concerned with cumulative traffic or hits. We only measure the instantaneous amount of traffic. The minimum bandwidth (the bandwidth which is guaranteed to be available in case the link is saturated) varies depending on factors such as your hosting package and the server hosting your account. Please contact tech support if you have very precise bandwidth requirements.

Do you prioritize services over others?

Yes, because some services require lower latencies than other services. Interactive shell sessions and web traffic, for instance, is assigned a higher priority than bulk file transfers over ftp. IMAP is assigned a higher priority than POP. We use the excellent OpenBSD pf packet filter and ALTQ on our firewall systems to manage packet prioritization.

Do you have an address I can use for speed testing?

Yes, you can try our software repositories.

Storage space

How much disk space am I currently using?

You can see your current disk space usage from the web interface.

If you're using your shell access, the du command can be useful. For example:

  $ du -hs ~/www
  $ du ~/SomeDir | sort -rn | head

Content restrictions

What are the restrictions on content?

The legal restrictions on content are detailed in the hosting contract.

Do you allow pornographic material?

No, as mentioned in our hosting contract, we do not allow pornographic material on our servers.

Server-side software restrictions

Can I run background processes?

Yes, subject to the general server-side software restrictions.

Can I run an IRC or IM client from my shell?

Yes. We already have a number of popular client programs installed on our servers. If you would like to run an IRC bot, see our Software Policy page.

Can I use the screen utility from my shell?

Yes, screen is already installed on all of our servers and the "detach" feature can be used.

Web service

Is mod_rewrite enabled?

Yes, mod_rewrite is standard on our servers and is available to everyone. See the Apache mod_rewrite documentation for more information. mod_rewrite users may also find the following cheat sheet handy. As always, don't hesitate to contact us if you need help with this feature.

Other standard functions provided by our shared web servers are described on this page.

Do CGI/FastCGI/PHP scripts execute under my own UID?

Yes. All CGI and FastCGI applications (including PHP scripts) will execute with your own unix account privileges.

To save on resources, many inexpensive shared hosting providers will execute PHP scripts under a single account shared by all users of the system (thus requiring users to open up their script data and databases to unauthorized access and intellectual property theft by other users on the same system).

On our systems, all web applications will execute under your own unix privileges. Therefore, scripts can use secure unix permission modes such as 0700 and data files used by scripts can use modes such as 0600.

Why can't I pass arbitrary environment variables to my CGI script using SetEnv in .htaccess?

You can, but since suEXEC imposes restrictions on the environment variable names, the name must be prefixed with "HTTP_" or "SSL_". You can also pass any environment variable in suEXEC's "safe" list.

Which PHP extensions are available?

A set of standard PHP configuration profiles are available on our servers, with different PHP versions and compilation settings (note that these profiles do not apply to users of dedicated web servers who have their own PHP installation). They can be selected from either the web interface or the csoftadm utility. At the time of this writing, they are:

php4	PHP 4.x, basic (deprecated)
php4-fat	PHP 4.x, fat (deprecated)
php4-fat-unsafe	PHP 4.x, fat, register_globals (deprecated)
php52	PHP 5.2.x, basic
php52-mb	PHP 5.2.x, mbstring extension
php52-fat	PHP 5.2.x, fat
php52-fat-nomagic	PHP 5.2.x, fat, no magic quotes
php52-fat-mb	PHP 5.2.x, fat + mbstring extension
php52-fat-unsafe	PHP 5.2.x, fat, register_globals (deprecated)
php53	PHP 5.3.x, basic
php53-mb	PHP 5.3.x, mbstring extension
php53-fat	PHP 5.3.x, fat
php53-fat-mb	PHP 5.3.x, fat + mbstring extension

The basic php4, php52 and php53 configurations support at least the following extensions:

XML support
Session support
MySQL interface
MySQLi extensions
PostgreSQL interface
SQLite interface
DBA interface (gdbm)
PDO Driver for SQLite (PDO_SQLITE)
PDO Driver for SQLite2 (PDO_SQLITE2)
PDO Driver for MySQL (PDO_MYSQL)
PDO Driver for PostgreSQL (PDO_PGSQL)

The "fat" profiles add, notably, the following extensions:

GD 2
TTF (FreeType)
Zlib
Iconv
Gettext
Libjpeg
Libpng
CURL

The "unsafe" profiles have the deprecated register_globals option turned on by default.

The "mb" profiles add support for multibyte strings with the mbstring extension.

How is the web server configured by default?

See our global web server settings page for a list of web server features, default index filenames and default file extension assignments.

How do I obtain a SSL certificate?

You can obtain a certificate from a certificate signing authority like Thawte, or generate one yourself (see the SSL micro-howto for details).

How do I configure my SSL certificate?

Enable the ssl option in csoftadm and create a ~/ssl directory (with permissions of 0700). Move the certificate text file to ~/ssl/cert and the private key to ~/ssl/key. If your certificate requires a passphrase, you must place it in ~/ssl/pp. When you are done, send a request to technical support for opening the SSL port for your v-host address.

You can also submit your certificate and key using csoftadm's web interface.

How is the ~/www/ directory laid out?

Hosting packages which feature a unique IP address (e.g., Budget) allow users to have multiple domains, each possibly pointing to different subdirectories of ~/www/. A single directory (or symbolic link) is required for each configured domain/subdomain.

The ~/www/logs/ directory contains access and error log files. The log files are not enabled by default, and must be activated using the account configuration feature of csoftadm. To avoid wasting resources, please disable the access/error logs when you do not need them.

How do I customize my error pages?

Alter the ErrorDocument setting using an .htaccess file (see the micro-howto for examples). Please avoid large-sized HTML documents/images. Scripts are not allowed as ErrorDocuments unless they are executed under FastCGI.

How can I alter the web server configuration?

Use an .htaccess file in the concerned directory, as explained by the htaccess micro-howto. Many settings that are not recognized in .htaccess files can be altered using csoftadm.

Can I use FastCGI with perl?

Yes, thanks to the FCGI module. Assign the script the .fcgi extension (or you could also map the fastcgi-script type using an .htaccess file). FastCGI scripts execute setuid so you can use a permission mode such as 0700 on the file. A minimal FastCGI perl script might look like:

use FCGI;
 
my $count = 0;
my $request = FCGI::Request();
 
while ($request->Accept >= 0) {
	print('Content-type: text/html', "\r\n\r\n");
	print 'Count: ', $count++);
}

Important note: warn() or die() will not produce any output in your error log, unless you explicitely request it like so:

$warn_handler = sub { print STDERR @_ };
$die_handler = sub { print STDERR @_ unless $^S };
$SIG{__WARN__} = $warn_handler if (tied (*STDIN));
$SIG{__DIE__} = $die_handler if (tied (*STDIN));

Can I use FastCGI with C/C++?

Yes. This is the method we recommend to our customers who require high-performance web applications. A minimal FastCGI program in C would look like:

#include "fcgi_stdio.h"
#include <stdlib.h>
 
int
main(int argc, char *argv)
{
	int count = 0;
	
	while (FCGI_Accept() >= 0) {
		printf("Content-type: text/html\r\n\r\n"
		       "Request: %d on host %s", count++,
		       getenv("SERVER_NAME"));
	}
	return (0);
}

You would compile it using:

  $ cc -I/usr/local/include -o foo foo.c -L/usr/local/lib -lfcgi

For more complex applications, you may be interested in PerCGI. PerCGI is our supported library for writing high-performance FastCGI applications in C and C++. Our web interface, for example, is based on PerCGI. For more information, see the PerCGI homepage.

Can I set php.ini settings?

Yes, the proper way to edit settings normally found in the /etc/php.ini file is through the functions ini_set, ini_file_set and ini_path_set. Note that since we invoke the PHP interpreter using the CGI method (as opposed to mod_php), the php_flag and php_value settings in .htaccess files will not be recognized. Using ini_set() is also good practice since it is portable to different web servers.

If you have a dedicated web server under the Advanced or Corporate package, you are probably using mod_php and in that case, you can use .htaccess to override PHP settings.

Are the PHP Pear modules available?

Yes, they are available on all of our standard PHP profiles. Please contact us if you need specific Pear modules installed.

Can I use an HTTP upload script?

Yes, as long as:

It does not permit arbitrary compilation and/or execution of uploaded code (poorly written upload scripts are the leading cause of accounts being compromised).
You log and regularly monitor all the uploads that occur.
You acknowledge that the uploaded content must not violate our terms of service.

How to I edit the PHP include_path?

Use the ini_set() function as explained here.

Is ImageMagick/PerlMagick available?

Yes, ImageMagick is standard on all our servers.

Can I use this IMAP webmail client?

Yes, but it must run it under the control of FastCGI, and even then it it will be slow. IMAP was designed as a persistent protocol for use with GUI-based MUAs (such as Mozilla Thunderbird), where sessions run persistently (and more or less in the background). Web applications have to respond quickly or they are frustating to use.

Our own webmail interface uses extensive caching with a different protocol to access mail data directly, so it is fast and it scales well to very large mailboxes. It is open-source and we provide official support for it, it can be installed under your account and tailored to your website.

How do I disable web service for my domain?

In order to remove your VirtualHost entry from the standard Apache configuration, rename your ~/www/ directory to something else. This is useful in case you're only using your domain for mail service, or if want to put your website offline temporarily.

Which permissions should I assign to this file/directory?

Your home directory should preserve its default permissions (0711), because the o+x (execute by others) privilege is required if you are using mail services, cvs/subversion sub-accounts, or web service (the latter does not apply to custom web servers under the Advanced and Corporate packages).

Web applications such as CGI/FastCGI and PHP scripts all execute under your own credentials and theferore do not need to be readable by anyone but you. Note that many third party CGI and PHP scripts do not use secure permissions by default, so you should always double-check them yourself if sensitive content is involved. For all CGI and PHP scripts, we recommend permissions of 0700 (read/write/execute by you only). For all sensitive data files referenced by any web application, 0600 (read/write by you only) is recommended.

Where is the foo interpreter located?

Language	Path to interpreter
AWK	/usr/bin/awk
Bourne shell	/bin/sh
C shell	/bin/csh
Korn shell	/bin/ksh
Perl	/usr/bin/perl /usr/local/bin/perl /bin/perl (deprecated)
PHP/cgi	/usr/local/bin/php (alias for php52-fat) /usr/local/bin/php* (see available profiles)
Python	/usr/bin/python /usr/local/bin/python /usr/local/bin/python2.x

FTP service

Can I use a plaintext FTP client?

Yes, but this is strongly discrouraged. Plain-text FTP access should never be used to access private accounts, simply because it is the nature of the protocol to transmit data over the Internet "in the clear", and this data includes your account password and possibly other sensitive information.

Under Unix-based operating systems, secure file transfer tools like scp, sftp or rsync (with ssh) are available.

Under windows, we recommend the free WinSCP program. We have compiled a comprehensive list of SSH client programs freely available for a variety of platforms.

Why is my FTP client hanging while listing files?

Make sure that your FTP client is configured to use passive mode (PASV) for data transfers. Contact your local network administrator to ensure that outgoing FTP connections are not being filtered. The FTP protocol is antiquated and very problematic with modern firewalls so it is best to avoid it whenever possible.

Backups and reliability

How can I request a backup restore?

You can restore files/directories from the latest available backup in the following ways:

(Recommended) Copy the file from /backup/yourname/ on the server (/backup/ is a network filesystem share to the mirror server containing the most recent daily backup).
Log in to your shell account on the backup server. If your primary server is named foo.csoft.net, the backup server containing the most recent data is named foo2.csoft.net.
Contact the technical support service.

How do you implement backups and redundancy?

We use a number of techniques to maintain multiple mirror copies of your data on different servers (you can see their status with csoftadm, and log into them at any time). If the main server suffers from a failure, a secondary server immediately takes over (this is accomplished by the CARP system).

Your complete home directory is mirrored daily using the rsync tool.
The backup copies of your MySQL databases are updated in real-time through the use of MySQL's replication mechanism. PostgreSQL databases are still being mirrored periodically, but we are planning on implementing live replication shortly.
The backup copies of your configuration data (as managed by csoftadm) are updated in real-time through the use of csoftadm's replication mechanism.
Mail data is mirrored daily with rsync. We are working on a more efficient replication system to replicate mail data in real-time.
Should a firewall machine fail and a backup firewall take over, current TCP connections will not even be reset. To achieve this, the firewall state (i.e., the status of current TCP connections) is propagated to backup firewall machines with the pfsync protocol.

How often are backups updated?

All our servers have one or more backup servers containing a copy of all data on the master server. This mirror copy is updated at least every 4 hours. In addition, the master server also contains a local incremental backup updated weekly.

Name service

Can you register my domain name?

We do not provide domain registration services - we prefer to focus on hosting. We don't handle registrations and transfers of domains for our clients either, since most registrars now provide simple interfaces. Back in 1999, we did a small survey and received positive comments towards the registrars gandi.net and joker.com.

How do I set up additional domains and subdomains?

From the web interface, go to the Domain names section. If you are using the shell interface, the dns add command will create a new domain or subdomain. The web server will automatically look for a directory (or a link) named after the domain/subdomain in your ~/www/ directory. For example, if you want a specific webpage under "foo.example.com", configure that domain with the DNS feature and upload your contents to your ~/www/foo.example.com/ directory.

You can point multiple domains and subdomains to a same directory by creating links in your ~/www/ directory. By default, csoftadm will treat "www.example.com" sub-domains specially and automatically create a link from "www.example.com" to "example.com" when the "www" subdomain is added.

Can I edit the MX, NS, TXT or SOA records?

Yes, those changes are feasible from either the web interface, or the shell interface.

How long does it take until DNS changes take effect?

The update should take up to one hour to become effective on our primary/secondary nameservers. World nameservers will generally take up to 6 hours. These delays are configurable, to a certain extent, from csoftadm (by editing the "SOA" record).

Mail service

Which MTA (Mail Transfer Agent) are you using?

We are using the Postfix MTA along with mailprocd, a home-grown local delivery agent which performs classification and efficient/secure spam filtering. We are also using the GNU Mailman mailing list manager (although it is still possible to use other mailing list manager software under your account).

How do I set up a mailing list?

Mailing lists can be managed from the Mail section of the web interface, or the "mail list" commands of the shell interface. We are using the GNU Mailman list manager software. When you create a list, you will be given an URL for Mailman's administrative web interface, where you can configure more advanced options or access list archives. Note that list archives are not available to the public by default, unless you specify otherwise in the Mailman settings.

How do I configure e-mail addresses/mailboxes?

You can use the "Mail service" area of the web interface, or the mail alias and mail mbox commands from the shell interface. E-mail addresses can have multiple destinations of different types, such as:

Mailbox accounts ("foo")
Pathnames to files ("./Mail/foo.txt")
Pathnames to maildirs ("./Mail/foo/")
Forwarders to external addresses ("user@domain.ext")
Programs such as procmail and maildrop ("|procmail")
Macros ("&myspamfilter") as described in the csoftadm documentation.

Do you filter spam server-wide?

No, we do not perform any kind of spam filtering server-wide, and we do not use RBL databases. We will never block e-mail under any circumstances. You need to explicitely configure spam filtering under your account in order to use it.

How do I enable spam filtering?

See the quick guide: Using spam filtering.

Do you use the SpamAssassin "spamd" daemon?

No. Although most hosting providers use "spamd" on multiuser servers, we use a better system. As of this writing, the problem with "spamd" is that it executes under a shared, system-wide UID, and important features such as Bayes filtering and autowhitelisting require access to persistent databases. Using a single shared database dramatically reduces the effectiveness of those features, as well as introducing security and privacy issues.

On our servers, a persistent process executing under your own UID does your spam filtering, and you have your own private SpamAssassin databases. This system also allows you to define custom anti-spam tests and change settings that would otherwise require administrative access. This functionality was a key goal of the mailprocd project.

How do I bounce mail to a given address?

You can do so by adding a "relocated" entry for the address, using either the web interface or the mail relocated add command of the shell interface. Mail for the given address will be rejected with the given text, which usually contains contact information such as a new e-mail address or a website URL.

How do I report mail abuse?

There exists a variety of semi-automated mail abuse reporting software, some of them are listed here and here.

How do I send mail to external addresses?

The sending of messages to external addresses through our mail server ("relaying") requires your mail client to authenticate securely with our mail server. Enabling SSL should be straightforward with most mail clients that support it. If you are using Mozilla Thunderbird, for example, go to Account Settings/Outgoing Server (SMTP), enable Use name and password, enter your username (or the name of a mailbox account) and set Use secure connection to SSL.

Why can't I create top-level IMAP folders?

If you are only able to create subfolders of INBOX, your mail client fails to configure itself accordingly using the "NAMESPACE" IMAP extension. More information is available here. Our web interface provides a work-around: Bring up the mailbox settings page by clicking on a mailbox. It will allow you to manually create or delete IMAP folders. Of course, the proper solution is to use an IMAP client that is not broken.

I use a free e-mail service. Why do you keep telling me to check my Spam folder?

Unlike our own spam filtering system (which uses a combination of extensive SpamAssassin tests, Bayes filtering and autowhitelisting), most "free" e-mail services provide a trivial keyword-based spam filter, which frequently results in e-mails being placed in the "Spam" folder by mistake. Messages containing the words "credit card", for example, often end up in the "Spam" folder and are missed. Gmail, for example, is notorious for false-positives.

What is the location of the mailing program (sendmail)?

It is located at /usr/sbin/sendmail. If you are using sendmail from CGI scripts (or similarly, mail() from PHP scripts), please be extremely careful and verify that the recipient address cannot be set arbitrarily.

Why is my mobile device rejecting the mail server's SSL certificate?

Some devices may or may not recognize the SSL certificate of the mail servers. If the software has no option for permanently accepting a SSL certificate, you can probably import the certificate manually. The current certificates can downloaded from your server's information page (e.g., http://foo.csoft.net/ if your account is hosted on the "foo" server array), under the "Mail Server SSL Certificates" section.

Shell service

How do I log in to my shell account?

Use an SSH (secure shell) client program to connect using your assigned username, password and server hostname. We have compiled a list of free SSH clients for most major operating systems.

I'm on a *BSD server. Can I still use a GNU environment?

Yes. The GNU versions of the standard commands (i.e., ls, cp, mv, tar, make, etc) are available on all *BSD servers. If you want to use them by default, create an empty file named ~/.prefer_gnu and reconnect to your shell. The login scripts will automatically configure a number of shell aliases for you (since the GNU utilities are installed system-wide with the "g" prefix).

Can I connect using telnet?

Since there are now SSH clients available for virtually all major platforms, we have, long since, disabled the traditional telnet service on our servers.

How do I disable/customize the login messages?

Create a file called ~/.hushlogin to disable both, or ~/.no_fortune to disable the fortune quotation (responsible for printing confusing quotes which Unix neophytes sometimes take with extraordinary seriousness).

You may also have a file called ~/.fortune with alternate arguments to be passed to fortune (the default is -s, for short apothegms). We advise you not to use the -o option (offensive quotes), unless you are willing to get offended.

Users on BSD servers may like to call the calendar reminder service from their shell login file.

Databases

How do I create/manage databases?

MySQL and PostgreSQL databases can be managed from csoftadm. From the web interface, these functions are under the "Databases" section. If you are using the shell interface, use the commands under db mysql and db pgsql.

What connections settings must I use?

Unless you are connecting to your database from a remote location, the database server address is localhost. For PostgreSQL databases, local Unix authentication is used by default so you can login with your account username and do not need to provide a password (all processes running under your account will have the rights to access your database). For MySQL databases, database users can be configured individually and a password must be provided.

How do I produce/import a database dump?

For MySQL, the mysqldump command outputs the contents of a database to a text-based format. You would typically save this output to a file. This command accepts the same options as mysql.

  # Dump
  $ mysqldump -u myname_mydb -p myname_mydb > myname_mydb.dump
  # Import
  $ mysql -u myname_mydb -p myname_mydb < myname_mydb.dump

Similarly with PostgreSQL, use the command pg_dump to save your database to a file, and feed the contents of that file to psql to restore it.

  # Dump
  $ pg_dump myname_mydb > myname_mydb.dump
  # Import
  $ cat myname_mydb.dump | psql myname_mydb

I've imported a MySQL database from a dump and some tables are missing!

This typically occurs when some field name in the dump contains keywords such as KEY and ORDER which are not properly quoted. You can pass the --allow-keywords option to mysqldump to work around this.

Subversion service

How do I create a subversion repository?

Using either the svnadmin create command, or alternatively, the Subversion section of the web interface. See the subversion micro-howto for more details.

Can I set up a read-only mirror for a remote repository?

Yes, thanks to the svnsync utility. See the micro-howto: Mirroring repositories read-only.

Can I move files across different repositories, preserving their history?

Yes. If you wanted to move the directory /trunk/foo from repo1 to repo2, you would use:

  $ svnadmin dump repo1 |svndumpfilter /trunk/foo |svnadmin load repo2

Refer to the Subversion book: Repository Maintenance

VPS service

Do you provide VPS (Virtual Private Server) service?

Yes, our Advanced and Corporate plans allows users to run virtual private servers. The only requirement for the virtualized operating system is support for the AMD64 architecture which all of our servers are using.

We generally recommend against using virtualization solely for the purpose of running web, application servers and such. Our traditional hosting service differs significantly from what the majority of "shared hosting" providers are offering. Most of them do not provide their customers with server arrays (and many are not competent at the often technically challenging task of correctly securing their multi-user environments). Also,

If you have an Advanced or Corporate package, you can already execute any type of web or application server. Under Unix, users normally cannot configure daemons to listen on privileged ports (i.e., 80), but we address this very simply by using transparent packet rewriting at the routing level. See the Dedicated Apache Installation Guide for an overview of the typical installation procedure (which we can also perform on request).
The reliability and price/performance ratio for shared hosting service is better than VPS solutions (including our own), because our shared hosting users have multiple physical servers (with high capacity interconnects), at their disposal. The task of serving a web page, processing e-mail or issuing a database query, for example, can be distributed between multiple servers. Hardware failures do not impact the service. Increase in server load is addressed by adding more servers. No VPS providers that we are aware of are providing this service at any price approaching that of our shared hosting packages.
You can install software "as root" through our standard ports/packages system.
You can perform administrative tasks which normally require root access using either csoftadm or the web interface.
Your CGI/PHP scripts, your mail delivery system and even your spam filter, on our system are already under your control, and executing under your own Unix privileges.
Securing server software is a high-maintenance task. Our system administrators are constantly applying reliability and security fixes for the operating systems, installed libraries and applications. Administering a VPS involves handling these tasks by yourself, without accountability on the part of the hosting provider.