Announcements concerning the service such as scheduled server maintenance, hardware upgrades and software installs/upgrade are available from your server's /etc/motd
(message of the day) file, which is displayed on the main page of the Control Panel
. By default, it is also shown when you log into your shell or connect by FTP. We may also send important service announcements by e-mail.
Monthly traffic is unlimited. The minimum bandwidth (guaranteed to be available at all times) is set according to your selected Hosting Plan
Your current use of storage is displayed in the File Manager
. You can also use the du(1)
("disk usage") utility in your shell:
$ du -hs ~
$ du -hs ~/www/example.com
$ du ~/www/* | sort -rn | head
We do not have any policy against adult or pornographic material on our servers, as long as it is labeled as such. We do not check sites for content. Site owners are responsible for the contents they publish.
Web applications which permit a remote user to set an arbitrary recipient allow spammers to send junk mail on your behalf. Spammers have automated methods to easily detect and exploit such vulnerabilities.
We can track down accounts that have been used to relay spam even through web applications, since our mail system will always record the user ID of programs that have sent mail in a way that cannot be tampered.
Whenever possible, we recommend that you test and debug experimental software on another server (or in an alternate location) before deploying it on your production server. Feel free to use your second server to do your testing (e.g., if your main server is foo.csoft.net, log into foo2.csoft.net instead). Keep in mind that if an installation fails, you can always recover the previous contents from the secondary server.
A wealth of tools are available to help debugging and testing, such as top(1), ps(1), pstree(1), gdb(1) and valgrind(1). For C and C++ applications, use of the
-g compiler flag is advisable, even for production binaries (the added debugging information makes a larger file, but is not actually loaded into memory when executing outside of a debugger).
Applications that execute persistently on our servers must use some method to insure that CPU is not being wasted unnecessarily when the program is not doing any useful work. Usually, synchronous I/O multiplexing is used:
- The traditional select(2) and poll(2) interfaces.
- The more modern kqueue(2) interface on BSD servers.
- The libevent library (uses the best available method).
- Application servers / FastCGI programs can use PerCGI's query processing loop.
- The Perl POE framework (
poll() are also built into Perl, see perlfunc(1)).
- Agar's main event loop AG_EventLoop() (uses best available method).
Server software is our speciality, so don't hesitate to contact us if you need help with code issues.
IRC bots such as
eggdrop are permitted on our servers, but we ask that users please contact us after having set up a bot so we can verify that it is bound to the correct IP address. Bots should not be bound to shared IP addresses.
We allow web-based IRC clients such as CGI:IRC, but an IP-based plan (such as Budget) is needed, and the list of allowed channels must be restricted. The user must not be permitted to join arbitrary channels. Your script must also bind to your own v-host IP address. In CGI:IRC, we would therefore require the following settings in cgiirc.config:
vhost = your-vhost-ip
allow_non_default = 0
We have methods for detecting spam originating from accounts on our servers in a timely manner. Any account found to be spamming will be temporarily disabled (and the owner notified).
Network scanners such as
nmap, scanners for security vulnerabilities or exploits are proscribed on all of our servers, regardless of their intended purpose. If you want to use our servers to perform specific security audits against your own equipment, please contact us about it.
Yes. We already have a number of popular client programs installed on our servers. If you would like to run an IRC bot
, see our Software Policy
comes standard on our servers and the detach
feature can be used.
is standard on our servers and is available to everyone. See the Apache mod_rewrite documentation
for more information.
users may also find the following cheat sheet
handy. As always, don't hesitate to contact us if you need help with this feature.
Other functions provided by the standard web server are described on this page
Yes. All CGI and FastCGI applications (including PHP scripts) will execute with your own unix account privileges.
To save on resources, many inexpensive shared hosting providers will execute PHP scripts under a single account shared by all users of the system (thus requiring users to open up their script data and databases to unauthorized access and intellectual property theft by other users on the same system).
On our systems, all web applications will execute under your own unix privileges. Therefore, scripts can use secure unix permission modes such as 0700 and data files used by scripts can use modes such as 0600.
You can, but since Apache's suEXEC
imposes restrictions on the environment variable names, the name must be prefixed with
. You can also pass any environment variable in suEXEC's "safe" list.
Which PHP versions / extensions are available?
A number of different PHP versions are available on our servers. If you are using a dedicated web server instance, you will be able to compile your own mod_php (using whichever version and set of extensions you prefer). If you are using the standard web server, you can select your PHP version from the Control Panel
(under "Server Settings").
We generally recommend using the "Current Stable" or "Old Stable" version (see the PHP Downloads Page
See the standard web server settings
page for a list of web server features, default index filenames and default file extension assignments.
You can obtain a certificate from a certificate signing authority like Thawte
, or generate one yourself (see the SSL micro-howto
ssl option in csoftadm and create a ~/ssl directory (with permissions of 0700). Move the certificate text file to ~/ssl/cert and the private key to ~/ssl/key. If your certificate requires a passphrase, you must place it in ~/ssl/pp.
The certificate should be picked up by the server within 5 minutes (if an error occurs, you will find the error message in /var/log/users/`whoami`).
Real-time logs are placed under the directory /logs/`whoami`/
. The standard web server logs are named http
. You can configure which logs are generated, and the log rotation settings from "Preferences / Server settings" in the Control Panel
(or using the "conf" commands in csoftadm).
Hosting packages which feature a unique IP address (e.g., Budget
) allow users to have multiple domains, each possibly pointing to different subdirectories of ~/www/
. A single directory (or symbolic link) is required for each configured domain/subdomain.
Yes, use the
setting using an .htaccess
file (see the micro-howto
Use an .htaccess
file in the concerned directory, as explained by the htaccess micro-howto
. Many settings that are not recognized in .htaccess
files can be altered using csoftadm.
Can I use FastCGI with Perl?
Yes, thanks to the FCGI(3)
module. Assign the script the .fcgi
extension (or you could also map the fastcgi-script
type using an .htaccess
file). FastCGI scripts execute setuid so you can use a permission mode such as 0700
on the file. See this Example FastCGI Perl Script
Yes. This is the method we recommend to our customers who require the highest performance attainable for a web application. See this Example FastCGI Program in C
Yes, they are available on all of our standard PHP profiles. Please contact us if you need specific Pear modules installed.
Yes, as long as:
- It does not permit arbitrary compilation and/or execution of uploaded code (poorly written upload scripts with no validation are a leading cause of sites being compromised).
- You have a way to monitor the uploads for abuse.
Yes, ImageMagick is standard on all our servers.
In order to remove your VirtualHost entry from the standard Apache configuration, rename your ~/www/ directory to something else. This is useful in case you're only using your domain for mail service, or if want to put your website offline temporarily.
Web applications such as CGI/FastCGI and PHP scripts all execute under your own credentials and theferore do not need to be readable by anyone but you. Note that many third party CGI and PHP scripts do not use secure permissions by default, so you should always double-check them yourself if sensitive content is involved. For all CGI and PHP scripts, we recommend permissions of 0700 (read/write/execute by you only). For all sensitive data files referenced by any web application, 0600 (read/write by you only) is recommended.
/usr/local/bin/php (Latest Stable)
/usr/local/bin/php* (Specific version)
If you are on a Unix-style system, you can always use scp(1)
. If you prefer a graphical front-end, WinSCP
(Windows) and Filezilla
(Windows / MacOS X) are both free open-source programs we recommend.
Our servers require that your file-transfer program connect using a secure protocol (either SSH, SCP or SFTP).
You can restore files/directories from the latest available backup in the following ways:
- Copy the file from /backup/yourname/ on the server (/backup/ is a direct network filesystem mount on the backup server containing the most recent daily backup).
- Log in to your shell account on a backup server. If your primary server is named server.csoft.net, the backup server containing the most recent data is named server2.csoft.net. For an older backup, you can also connect to server3.csoft.net.
- Contact the technical support service.
We use a number of techniques to maintain multiple mirror copies of your data on different servers (you can see their status with csoftadm, and log into them at any time). Should the current main server suffer from any type of software or hardware failure, a secondary server takes over (carp(4)
permits a smooth transition).
- Your complete home directory is mirrored daily using the rsync(1) tool.
- The backup copies of your MySQL databases are updated in real-time through the use of MySQL's replication mechanism (as of this writing, PostgreSQL databases are still mirrored on a daily basis).
- The backup copies of your configuration data (as managed by csoftadm) are updated in real-time through the use of csoftadm's replication mechanism.
- The complete firewall state is replicated over to the backup firewall system using pfsync(4). Should the firewalling router fail, existing connections will not be broken.
From the Control Panel
, go to the Domain names
section. If you are using the Shell Interface
command will create a new domain or subdomain. The web server will automatically look for a directory (or a link) named after the domain/subdomain in your ~/www/
directory. For example, if you want a specific webpage under "foo.example.com", configure that domain with the DNS feature and upload your contents to your ~/www/foo.example.com/
You can point multiple domains and subdomains to a same directory by creating links in your ~/www/
directory. By default, csoftadm will treat "www.example.com" sub-domains specially and automatically create a link from "www.example.com" to "example.com" when the "www" subdomain is added.
If you use the Control Panel
, click on the domain in the Domain Names
section to bring up the DNS editor. You can also use the Shell Interface
(with the dns
Any change in your DNS configuration will take effect on all of our name servers within 5 minutes. How long the change will take to propagate to other name servers depends on the TTL setting of the domain (default TTL is 1 hour).
We are using the Postfix MTA
along with mailprocd
, our home-grown local delivery agent which performs classification and spam filtering using secure, privilege-separated processes.
Mailing lists can be managed from the Mail section of the Control Panel
, or the "mail list
" commands of the Shell Interface
. After you have created the list, you will be given an URL for its administrative web interface, where you can configure more advanced options, or access the mailing list archives.
You can use the "Mail service" area of the Control Panel
, or the
commands from the Shell Interface
. E-mail addresses can have multiple destinations of different types, such as:
- Mailbox accounts (
- Pathnames to files (
- Pathnames to Maildirs (
- Forwarders to external addresses (
- Programs such as procmail(1) and maildrop(1) (
- Macros (
"&myspamfilter") as described in the csoftadm documentation.
We don't enforce any type of mandatory or server-wide spam filtering. Our e-mail server will not deny incoming e-mails under any circumstance. Most users choose to configure their e-mail so that spam messages are only marked as such, moved to a "Spam" folder, and kept indefinitely.
Our local delivery agent (mailprocd
) embeds the latest version of SpamAssassin
. Dedicated processes (running under your own UID) are used to filter the incoming spam. You can set any SpamAssassin parameter in
, define custom tests, or load extra plugins of your choice.
Some features of SpamAssassin such as Bayes filtering and autowhitelisting (now TxRep) require the use of databases. Our system makes it possible for these databases to remain private and under your control (and accessible using the sa-learn(1)
For more information, see: Using Spam Filtering
You can do so by adding a "relocated" entry for the address, using either the Control Panel
mail relocated add
command of the Shell Interface
. Mail for the given address will be rejected with the given text, which usually contains contact information such as a new e-mail address or a website URL.
There exists a variety of semi-automated mail abuse reporting software, some of them are listed here
The sending of messages to external addresses through our mail server ("relaying") requires your mail client to authenticate securely with our mail server. Enabling SSL should be straightforward with most mail clients that support it. If you are using Mozilla Thunderbird
, for example, go to Account Settings
/Outgoing Server (SMTP)
, enable Use name and password
, enter your username (or the name of a mailbox account) and set Use secure connection
. Other client program and devices can be configured similarly.
If you are only able to create subfolders of INBOX
, your mail client fails to configure itself accordingly using the
IMAP extension. More information is available here
. Our Control Panel
provides a work-around: Bring up the mailbox settings page by clicking on a mailbox. It will allow you to manually create or delete IMAP folders. Of course, the proper solution is to use an IMAP client that is not broken.
It is located at /usr/local/sbin/sendmail
, but you can also use /usr/sbin/sendmail
. Internally, it works as a wrapper around Postfix
Shell Access / SSH Service
Use an SSH (secure shell) client program to connect using your assigned username, password and server hostname. We have compiled a list
of free SSH clients for most major operating systems.
Yes. GNU versions of standard commands (
m4, etc) are available on all our servers. If you want to use them by default, create an empty file named
~/.prefer_gnu and reconnect to your shell. The login scripts will automatically configure a number of shell aliases for you (since the GNU utilities are installed system-wide with the "g" prefix).
Create a file called ~/.hushlogin
if you wish to disable fortune cookies (responsible for printing confusing quotes which Unix neophytes sometimes take with extraordinary seriousness). You may also create ~/.fortune
file specifying alternate arguments to fortune(6)
. Possible arguments include
. On FreeBSD servers, you can also use
You can edit your shell login script (e.g., ~/.profile
) to run specific commands when logging in. cal(1)
(display calendar) and calendar(1)
(reminder services) are notably useful programs to use from your login script.
This is a bug that is easily corrected by upgrading your jSch
to version 0.1.52 (or later).
SQL Database Service
MySQL and PostgreSQL databases can be managed from csoftadm. From the Control Panel
, these functions are under the "Databases" section. If you are using the Shell Interface
, use the commands under
Unless you are connecting to your database from a remote location, the database server address is
localhost. For PostgreSQL databases, local Unix authentication is used by default so you can login with your account username and do not need to provide a password (all processes running under your account will have the rights to access your database). For MySQL databases, database users can be configured individually and a password must be provided.
For MySQL, the mysqldump(1)
command outputs the contents of a database to a text-based format. You would typically save this output to a file. This command accepts the same options as mysql(1)
$ mysqldump -u myname_mydb -p myname_mydb > myname_mydb.dump
$ mysql -u myname_mydb -p myname_mydb < myname_mydb.dump
Similarly with PostgreSQL, use the command pg_dump(1)
to save your database to a file, and feed the contents of that file to psql(1)
to restore it.
$ pg_dump myname_mydb > myname_mydb.dump
$ cat myname_mydb.dump | psql myname_mydb
This typically occurs when some field name in the dump contains keywords such as
ORDER which are not properly quoted. You can pass the
--allow-keywords option to mysqldump to work around this.
Yes. If you wanted to move the directory /trunk/foo
, you would use:
$ svnadmin dump repo1 |svndumpfilter /trunk/foo |svnadmin load repo2
Refer to the Subversion book: Repository Maintenance
# Run on the server:
$ cvs -d ~/cvs init
$ chmod 700 ~/cvs
# If you are working on a remote client, use:
$ export CVSROOT=:ssh:firstname.lastname@example.org:/home/yourname/cvs
$ cvs login
# If you are working on the server, you could also use:
# $ export CVSROOT=/home/yourname/cvs
# $ cvs login
# Import a new module:
$ cd ~/foomodule
$ cvs import -m "My module" foomodule mycompany start
$ rm -fR ~/foomodule
$ cvs checkout foomodule
You can create new CVS accounts from the Control Panel
, or using the csoftadm command "cvs add".
As of this writing, a bug exists in WinCVS
/ CVSNT's built-in ssh client (ssh 2.0.51d). One possible workaround is to set the
in both "Login settings" and "Checkout settings".
However, for better security, until a new WinCVS version is released, we recommend users switch to the ssh.exe
provided in the Cygwin
Yes, our Advanced (VPS)
and Corporate (VPS)
plans allows users to run their own virtual private servers. A basic requirement for the virtualized operating system is support for the AMD64 architecture.
Note our Advanced (VPS)
et Corporate (VPS)
packages include both
a standard server environment, in addition to a VPS with
access. This means that users are free to choose which service they want to administer themselves.
For example, one could choose to use our DNS servers (and manage their domains using our own interface), but have the web and e-mail service running under the VPS.
While VPS environments can be useful in many scenarios, they are far too often deployed where their use is not warranted. Fully virtualized environments (such as VirtualBox instances) also come with an unavoidable performance reduction compared to a standard environment. Our virtualization technology of choice (FreeBSD jails), however, does not suffer from any performance reduction.
As of this writing, the majority of our Advanced/Corporate users tend to rely on our standard environment for DNS and e-mail, and choose to use their VPS to run things like web/application servers, as well as test environments.
The standard environment offers many advantages, notably:
- If you have an Advanced (VPS) or Corporate (VPS) package, you can already execute any type of web or application server under your account (e.g., if using Apache, you have full access on your own httpd.conf, php.ini, etc). Our system effectively allows you to use low port numbers such as 80.
- A wide range of administrative tasks (normally done as
root) can actually be performed via csoftadm(1), or the control panel.
- Keeping a server secure is an endless task that cannot be automated. Our system administrators are constantly applying relevant reliability and security fixes for the operating systems, system libraries and applications involved.
- More than 20,000 software packages are available on our servers via the standard BSD ports / packages system. We are able to handle most package installation requests within 2-4 hours.