Frequently Asked Questions
Announcements concerning the service such as scheduled server maintenance,
hardware upgrades and software installs/upgrade are available from your
(message of the day) file, which is displayed
on the main page of the Control Panel
By default, it is also shown when you log into your shell or connect by
We may also send important service announcements by e-mail.
Monthly traffic is unlimited. The minimum bandwidth
(guaranteed to be available at all times) is set according to your
selected Hosting Plan
Your current use of storage is displayed in the File Manager
You can also use the du(1)
("disk usage") utility in your shell:
$ du -hs ~
$ du -hs ~/www/example.com
$ du ~/www/* | sort -rn | head
We do not have any policy against adult or pornographic material
on our servers, as long as it is labeled as such. We do not check
sites for content. Site owners are responsible for the contents
Web applications which permit a remote user to set an arbitrary
recipient allow spammers to send junk mail on your behalf.
Spammers have automated methods to easily detect and exploit such
We can track down accounts that have been used to relay spam even through
web applications, since our mail system will always record the user ID
of programs that have sent mail in a way that cannot
Whenever possible, we recommend that you test and debug experimental
software on another server (or in an alternate location) before deploying
it on your production server.
Feel free to use your second server to do your testing (e.g., if your
main server is foo.csoft.net, log into foo2.csoft.net
Keep in mind that if an installation fails, you can always recover the
previous contents from the secondary server.
A wealth of tools are available to help debugging and testing, such as
top(1), ps(1), pstree(1), gdb(1) and valgrind(1).
For C and C++ applications, use of the
-g compiler flag is
advisable, even for production binaries (the added debugging information
makes a larger file, but is not actually loaded into memory when executing
outside of a debugger).
Applications that execute persistently on our servers must use some
method to insure that CPU is not being wasted unnecessarily when the
program is not doing any useful work. Usually, synchronous I/O
multiplexing is used:
The traditional select(2) and poll(2) interfaces.
The more modern kqueue(2) interface on BSD servers.
library (uses the best available method).
Application servers / FastCGI programs can use
query processing loop.
The Perl POE framework
poll() are also built into Perl, see
main event loop
(uses best available method).
Server software is our speciality, so don't hesitate to contact us
if you need help with code issues.
IRC bots such as
eggdrop are permitted on our servers, but we
ask that users please contact us after having set up a bot so we can
verify that it is bound to the correct IP address. Bots should not be
bound to shared IP addresses.
We allow web-based IRC clients such as
CGI:IRC, but an IP-based
plan (such as Budget) is needed, and the list of allowed
channels must be restricted. The user must not be permitted to join
Your script must also bind to your own v-host IP address.
In CGI:IRC, we would therefore require the following settings in
vhost = your-vhost-ip
allow_non_default = 0
We have methods for detecting spam originating from accounts on our
servers in a timely manner.
Any account found to be spamming will be temporarily disabled (and
the owner notified).
Network scanners such as
nmap, scanners for security vulnerabilities
or exploits are proscribed on all of our servers, regardless of
their intended purpose. If you want to use our servers to perform
specific security audits against your own equipment, please contact us
Yes. We already have a number of popular client programs installed
on our servers.
If you would like to run an IRC bot
, see our
comes standard on our servers and the detach
feature can be used.
is standard on our servers and is available to
See the Apache
for more information.
users may also find the following
As always, don't hesitate to contact us if you need help with this feature.
Other functions provided by the standard web server are described on
Yes. All CGI and FastCGI applications (including PHP scripts) will execute
with your own unix account privileges.
To save on resources, many inexpensive shared hosting providers will execute
PHP scripts under a single account shared by all users of the system
(thus requiring users to open up their script data and databases to
unauthorized access and intellectual property theft by other users on
the same system).
On our systems, all web applications will execute under your own unix
privileges. Therefore, scripts can use secure unix permission modes such
as 0700 and data files used by scripts can use modes such as 0600.
You can, but since Apache's
imposes restrictions on the environment
variable names, the name must be prefixed with
You can also pass any environment variable in suEXEC's "safe" list.
Which PHP versions / extensions are available?
A number of different PHP versions are available on our servers. If
you are using a dedicated web server instance, you will be able to
compile your own mod_php (using whichever version and set of extensions
you prefer). If you are using the standard web server, you can select
your PHP version from the Control Panel
(under "Server Settings").
We generally recommend using the "Current Stable" or "Old Stable" version
(see the PHP Downloads Page
See the standard web server settings
a list of web server features, default index filenames and default file
You can obtain a certificate from a certificate signing authority like
or generate one yourself (see the
ssl option in csoftadm and create a ~/ssl directory
(with permissions of 0700).
Move the certificate text file to ~/ssl/cert and the private
key to ~/ssl/key.
If your certificate requires a passphrase, you must place it in
The certificate should be picked up by the server within 5 minutes
(if an error occurs, you will find the error message in
Real-time logs are placed under the directory /logs/`whoami`/
The standard web server logs are named http
You can configure which logs are generated, and the log rotation settings
from "Preferences / Server settings" in the Control Panel
(or using the
"conf" commands in csoftadm).
Hosting packages which feature a unique IP address (e.g., Budget
allow users to have multiple domains, each possibly pointing to
different subdirectories of ~/www/
A single directory (or symbolic link) is required for each configured
Yes, use the
setting using an .htaccess
file (see the
Use an .htaccess
file in the concerned directory, as explained
Many settings that are not recognized in .htaccess
be altered using csoftadm.
Can I use FastCGI with Perl?
Yes, thanks to the FCGI(3)
Assign the script the .fcgi
extension (or you could also map the
type using an .htaccess
file). FastCGI scripts
execute setuid so you can use a permission mode such as 0700
on the file.
See this Example FastCGI Perl Script
Yes. This is the method we recommend to our customers who require
the highest performance attainable for a web application.
See this Example FastCGI Program in C
Yes, they are available on all of our standard PHP profiles.
Please contact us if you need specific Pear modules installed.
Yes, as long as:
It does not permit arbitrary compilation and/or execution of uploaded
code (poorly written upload scripts with no validation are a leading
cause of sites being compromised).
You have a way to monitor the uploads for abuse.
Yes, ImageMagick is standard on all our servers.
In order to remove your VirtualHost entry from the standard Apache
configuration, rename your ~/www/ directory to something else.
This is useful in case you're only using your domain for mail service, or
if want to put your website offline temporarily.
Web applications such as CGI/FastCGI and PHP scripts all execute under
your own credentials and theferore do not need to be readable
by anyone but you.
Note that many third party CGI and PHP scripts do not use secure
permissions by default, so you should always double-check them yourself
if sensitive content is involved.
For all CGI and PHP scripts, we recommend permissions of 0700
(read/write/execute by you only). For all sensitive data files
referenced by any web application, 0600 (read/write by you only)
( the latest "Old Stable" release )
more information on available PHP version
If you are on a Unix-style system, you can always use scp(1)
If you prefer a graphical front-end,
(Windows / MacOS X) are both free open-source programs we recommend.
Our servers require that your file-transfer program connect using
a secure protocol (either SSH, SCP or SFTP).
You can restore files/directories from the latest available backup
in the following ways:
We use a number of techniques to maintain multiple mirror copies of
your data on different servers (you can see their status with csoftadm,
and log into them at any time).
Should the current main server suffer from any type of software or
hardware failure, a secondary server takes over (carp(4)
a smooth transition).
Your complete home directory is mirrored daily using the
The backup copies of your MySQL databases are updated in real-time
through the use of MySQL's replication mechanism (as of this writing,
PostgreSQL databases are still mirrored on a daily basis).
The backup copies of your configuration data (as managed by csoftadm)
are updated in real-time through the use of csoftadm's replication
The complete firewall state is replicated over to the backup firewall
system using pfsync(4). Should the firewalling router fail,
existing connections will not be broken.
From the Control Panel
, go to the Domain names
section. If you
are using the Shell Interface
command will create
a new domain or subdomain.
The web server will automatically look for a directory (or a link) named
after the domain/subdomain in your ~/www/
directory. For example,
if you want a specific webpage under "foo.example.com", configure that
domain with the DNS feature and upload your contents to your
You can point multiple domains and subdomains to a same directory by
creating links in your ~/www/
directory. By default, csoftadm will
treat "www.example.com" sub-domains specially and automatically create a
link from "www.example.com" to "example.com" when the "www" subdomain is
If you use the Control Panel
, click on the domain in the
section to bring up the DNS editor.
You can also use the Shell Interface
(with the dns
Any change in your DNS configuration will take effect on all of our
name servers within 5 minutes.
How long the change will take to propagate to other name servers
depends on the TTL setting of the domain (default TTL is 1 hour).
We are using the Postfix MTA
our home-grown local delivery agent which performs classification and
spam filtering using secure, privilege-separated processes.
Mailing lists can be managed from the Mail section of the Control Panel
or the "mail list
" commands of the Shell Interface
After you have created the list, you will be given an URL
for its administrative web interface, where you can configure more
advanced options, or access the mailing list archives.
You can use the "Mail service" area of the Control Panel
, or the
commands from the Shell Interface
E-mail addresses can have multiple destinations of different types, such
- Mailbox accounts (
- Pathnames to files (
- Pathnames to Maildirs
- Forwarders to external addresses (
- Programs such as procmail(1) and maildrop(1)
- Macros (
"&myspamfilter") as described in the csoftadm
We don't enforce any type of mandatory or server-wide spam filtering.
Our e-mail server will not deny incoming e-mails under any circumstance.
Most users choose to configure their e-mail so that spam messages are only
marked as such, moved to a "Spam" folder, and kept indefinitely.
Our local delivery agent
embeds the latest version of
Dedicated processes (running under your own UID) are used to filter the
You can set any SpamAssassin parameter in
define custom tests, or load extra plugins of your choice.
Some features of SpamAssassin such as Bayes filtering and autowhitelisting
(now TxRep) require the use of databases.
Our system makes it possible for these databases to remain private and
under your control (and accessible using the sa-learn(1)
For more information, see: Using Spam Filtering
You can do so by adding a "relocated" entry for the address, using either
the Control Panel
mail relocated add
command of the
. Mail for the given address will be rejected with the
given text, which usually contains contact information such as a new
e-mail address or a website URL.
There exists a variety of semi-automated mail abuse reporting software,
some of them are listed
The sending of messages to external addresses through our mail server
("relaying") requires your mail client to authenticate securely with
our mail server.
Enabling SSL should be straightforward with most mail clients that
If you are using
for example, go to Account Settings
/Outgoing Server (SMTP)
enable Use name and password
, enter your username (or the name
of a mailbox account) and set
Use secure connection
Other client program and devices can be configured similarly.
If you are only able to create subfolders of INBOX
, your mail client
fails to configure itself accordingly using the
More information is available
Our Control Panel
provides a work-around: Bring up the mailbox settings
page by clicking on a mailbox. It will allow you to manually create or
delete IMAP folders. Of course, the proper solution is to use an IMAP
client that is not broken.
It is located at /usr/local/sbin/sendmail
, but you can also
Internally, it works as a wrapper around
Shell Access / SSH Service
Use an SSH (secure shell) client program to connect using your assigned
username, password and server hostname.
We have compiled a list
of free SSH clients for most major operating systems.
Yes. GNU versions of standard commands (
m4, etc) are available on all
our servers. If you want
to use them by default, create an empty file named
reconnect to your shell. The login scripts will automatically configure
a number of shell aliases for you (since the GNU utilities are installed
system-wide with the "g" prefix).
Create a file called ~/.hushlogin
if you wish to disable
fortune cookies (responsible for printing confusing quotes which Unix
neophytes sometimes take with extraordinary seriousness).
You may also create ~/.fortune
file specifying alternate
arguments to fortune(6)
Possible arguments include
On FreeBSD servers, you can also use
You can edit your shell login script (e.g., ~/.profile
) to run specific commands when logging in.
(display calendar) and calendar(1)
(reminder services) are notably useful programs to use from
your login script.
This is a bug that is easily corrected by upgrading your
to version 0.1.52 (or later).
SQL Database Service
MySQL and PostgreSQL databases can be managed from csoftadm. From the
, these functions are under the "Databases" section. If
you are using the Shell Interface
, use the commands under
Unless you are connecting to your database from a remote location, the
database server address is
localhost. For PostgreSQL databases, local
Unix authentication is used by default so you can login with your account
username and do not need to provide a password (all processes running
under your account will have the rights to access your database). For
MySQL databases, database users can be configured individually and a
password must be provided.
For MySQL, the mysqldump(1)
outputs the contents of a database to a text-based format. You would
typically save this output to a file. This command accepts the
same options as mysql(1)
$ mysqldump -u myname_mydb -p myname_mydb > myname_mydb.dump
$ mysql -u myname_mydb -p myname_mydb < myname_mydb.dump
Similarly with PostgreSQL, use the command pg_dump(1)
to save your database to a file, and feed the contents of that file to
to restore it.
$ pg_dump myname_mydb > myname_mydb.dump
$ cat myname_mydb.dump | psql myname_mydb
This typically occurs when some field name in the dump contains
keywords such as
ORDER which are not properly quoted.
You can pass the
--allow-keywords option to mysqldump to
work around this.
Yes. If you wanted to move the directory /trunk/foo
, you would use:
$ svnadmin dump repo1 |svndumpfilter /trunk/foo |svnadmin load repo2
Refer to the Subversion book:
# Run on the server:
$ cvs -d ~/cvs init
$ chmod 700 ~/cvs
# If you are working on a remote client, use:
$ export CVSROOT=:ssh:firstname.lastname@example.org:/home/yourname/cvs
$ cvs login
# If you are working on the server, you could also use:
# $ export CVSROOT=/home/yourname/cvs
# $ cvs login
# Import a new module:
$ cd ~/foomodule
$ cvs import -m "My module" foomodule mycompany start
$ rm -fR ~/foomodule
$ cvs checkout foomodule
You can create new CVS accounts from the Control Panel
, or using the
csoftadm command "cvs add".
As of this writing, a bug exists in
built-in ssh client (ssh 2.0.51d).
One possible workaround is to set the
in both "Login settings" and "Checkout settings".
However, for better security, until a new WinCVS version is released, we
recommend users switch to the ssh.exe
in the Cygwin
Yes, our Advanced
plans allows users to run their
own virtual private servers.
A basic requirement for the virtualized operating system is support for
the AMD64 architecture.
Note our Advanced
packages include both
a standard server environment, in addition to a VPS with
This means that users are free to choose which service they want to
For example, one could choose to use our DNS servers (and manage their
domains using our own interface), but have the web and e-mail service
running under the VPS.
While VPS environments can be useful in many scenarios, they are far
too often deployed where their use is not warranted.
Fully virtualized environments (such as VirtualBox instances) also come
with an unavoidable performance reduction compared to a standard environment.
Our virtualization technology of choice (FreeBSD jails), however, does not
suffer from any performance reduction.
As of this writing, the majority of our Advanced/Corporate users tend to
rely on our standard environment for DNS and e-mail, and choose to use
their VPS to run things like web/application servers, as well as test
The standard environment offers many advantages, notably:
- If you have an Advanced or Corporate package, you can already
execute any type of web or application server under your account (e.g.,
if using Apache, you have full access on your own httpd.conf,
Our system effectively allows you to use low port numbers such as 80.
- A wide range of administrative tasks (normally done as
can actually be performed via csoftadm(1), or the control panel.
- Keeping a server secure is an endless task that cannot be automated.
Our system administrators are constantly applying relevant reliability
and security fixes for the operating systems, system libraries and
- More than 20,000 software packages are available on our servers via
the standard BSD ports / packages system. We are able to handle most
package installation requests within 2-4 hours.