• Using the secure form. Sensitive information, such as passwords, may be transmitted with this form, and will be stripped from responses.
• Using our toll-free number 1-800-963-CSFT (technical issues only).
• Sending an e-mail to (tech or sales) at csoft.net. Plain text messages are preferred.
• Live chat on the Freenode channel #csoft.net. You can connect using this web interface. For shell users, IRC clients such as irssi are also available on our servers.

Announcements concerning the service such as scheduled server maintenance, hardware upgrades and software installs/upgrade are available from your server's /etc/motd (message of the day) file, which is displayed on the main page of the web interface. By default, it is also shown when you log into your shell or connect by FTP. Service announcements which we consider to be very important are also sent by e-mail.

We are not concerned with cumulative traffic or hits. We only measure the instantaneous amount of traffic. The minimum bandwidth (the bandwidth which is guaranteed to be available in case the link is saturated) varies depending on factors such as your hosting package and the server hosting your account. Please contact tech support if you have very precise bandwidth requirements.

Yes, because some services require lower latencies than other services. Interactive shell sessions and web traffic, for instance, is assigned a higher priority than bulk file transfers over ftp. IMAP is assigned a higher priority than POP. We use the excellent OpenBSD pf packet filter and ALTQ on our firewall systems to manage packet prioritization.

Yes, you can try our software repositories, or our old directory of hosted sites.

You can see your current disk space usage from the web interface.

If you're using your shell access, the du command can be useful. For example:

  $ du -hs ~/www
  $ du ~/SomeDir | sort -rn | head

The legal restrictions on content are detailed in the hosting contract.

No, as mentioned in our hosting contract, we do not allow pornographic material on our servers.

Yes, subject to the general server-side software restrictions.

No, IRC bouncers are proxies, and proxy software is not allowed on our servers, without prior approval.

Yes. We already have a number of popular client programs installed on our servers. If you would like to run an IRC bot, see our Software Policy page.

Yes, screen is already installed on all of our servers and the "detach" feature can be used.

Yes, mod_rewrite is standard on our servers and is available to everyone. See the Apache mod_rewrite documentation for more information. mod_rewrite users may also find the following cheat sheet handy. As always, don't hesitate to contact us if you need help with this feature.

Other standard functions provided by our shared web servers are described on this page.

Yes. All CGI and FastCGI applications (including PHP scripts) will execute with your own unix account privileges.

To save on resources, many inexpensive shared hosting providers will execute PHP scripts under a single account shared by all users of the system (thus requiring users to open up their script data and databases to unauthorized access and intellectual property theft by other users on the same system).

On our systems, all web applications will execute under your own unix privileges. Therefore, scripts can use secure unix permission modes such as 0700 and data files used by scripts can use modes such as 0600.

You can, but since suEXEC imposes restrictions on the environment variable names, the name must be prefixed with "HTTP_" or "SSL_". You can also pass any environment variable in suEXEC's "safe" list.

Seven different PHP configurations are available on all of our servers, with different PHP versions and sets of extensions. They can be selected from either the web interface or the csoftadm utility. They are php4, php4-fat, php4-unsafe, php5, php5-fat, php5-unsafe and php5-mb.

The php4 and php5 configurations support at least the following extensions:

• XML support
• Session support
• MySQL interface
• MySQLi extensions
• PostgreSQL interface
• SQLite interface
• DBA interface (gdbm)
• PDO Driver for SQLite (PDO_SQLITE)
• PDO Driver for SQLite2 (PDO_SQLITE2)
• PDO Driver for MySQL (PDO_MYSQL)
• PDO Driver for PostgreSQL (PDO_PGSQL)

The php4-fat, php4-unsafe, php5-fat and php5-unsafe configurations add the following extensions:

• GD 2
• TTF (FreeType)
• Zlib
• Iconv
• Gettext
• Libjpeg
• Libpng
• CURL

The php4-unsafe and php5-unsafe options are identical to php4-fat and php5-fat, except that the register_globals parameter is On by default.

The php5-mb configuration is similar to php5-fat, and it adds support for multi-byte strings (mbstring extension).

If you have an Advanced or Corporate package, you can always compile the version of PHP of your choice with any extension that you need.

Since the PHP developers are discontinuing support for PHP4, we urge you to use one of the php5 configurations.

See our global web server settings page for a list of web server features, default index filenames and default file extension assignments.

You can obtain a certificate from a certificate signing authority like Thawte, or generate one yourself (see the SSL micro-howto for details).

Enable the ssl option in csoftadm and create a ~/ssl directory (with permissions of 0700). Move the certificate text file to ~/ssl/cert and the private key to ~/ssl/key. If your certificate requires a passphrase, you must place it in ~/ssl/pp. When you are done, send a request to technical support for opening the SSL port for your v-host address.

You can also submit your certificate and key using csoftadm's web interface.

Hosting packages which feature a unique IP address (e.g., Budget) allow users to have multiple domains, each possibly pointing to different subdirectories of ~/www/. A single directory (or symbolic link) is required for each configured domain/subdomain.

The ~/www/logs/ directory contains access and error log files. The log files are not enabled by default, and must be activated using the account configuration feature of csoftadm. To avoid wasting resources, please disable the access/error logs when you do not need them.

Alter the ErrorDocument setting using an .htaccess file (see the micro-howto for examples). Please avoid large-sized HTML documents/images. Scripts are not allowed as ErrorDocuments unless they are executed under FastCGI.

Use an .htaccess file in the concerned directory, as explained by the htaccess micro-howto. Many settings that are not recognized in .htaccess files can be altered using csoftadm.

Yes, thanks to the FCGI module. Assign the script the .fcgi extension (or you could also map the fastcgi-script type using an .htaccess file). FastCGI scripts execute setuid so you can use a permission mode such as 0700 on the file. A minimal FastCGI perl script might look like:

use FCGI;
 
my $count = 0;
my $request = FCGI::Request();
 
while ($request->Accept >= 0) {
	print('Content-type: text/html', "\r\n\r\n");
	print 'Count: ', $count++);
}

Important note: warn() or die() will not produce any output in your error log, unless you explicitely request it like so:

$warn_handler = sub { print STDERR @_ };
$die_handler = sub { print STDERR @_ unless $^S };
$SIG{__WARN__} = $warn_handler if (tied (*STDIN));
$SIG{__DIE__} = $die_handler if (tied (*STDIN));

Yes. This is the method we recommend to our customers who require high-performance web applications. A minimal FastCGI program in C would look like:

#include "fcgi_stdio.h"
#include <stdlib.h>
 
int
main(int argc, char *argv)
{
	int count = 0;
	
	while (FCGI_Accept() >= 0) {
		printf("Content-type: text/html\r\n\r\n"
		       "Request: %d on host %s", count++,
		       getenv("SERVER_NAME"));
	}
	return (0);
}

You would compile it using:

  $ cc -I/usr/local/include -o foo foo.c -L/usr/local/lib -lfcgi

Csoft-cgi is a supported library for writing high performance FastCGI applications in C and C++. One example of a csoft-cgi application is our web interface. For more information, see the csoft-cgi homepage. We are also currently working on a collection of supported csoft-cgi applications.

Yes, the proper way to edit settings normally found in the /etc/php.ini file is through the functions ini_set, ini_file_set and ini_path_set. Note that since we invoke the PHP interpreter using the CGI method (as opposed to mod_php), the php_flag and php_value settings in .htaccess files will not be recognized. Using ini_set() is also good practice since it is portable to different web servers.

If you have a dedicated web server under the Advanced or Corporate package, you are probably using mod_php and in that case, you can use .htaccess to override PHP settings.

Yes. It is available and is included in the PHP include_path setting by default.

Yes, but only from the php4-fat, php4-unsafe, php5-fat and php5-unsafe configurations. You can select your PHP configuration from csoftadm or the web interface. Please contact us if you want specific Pear modules installed.

Yes, as long as -

• It does not permit arbitrary compilation and/or execution of uploaded code (which could lead to the compromise of your account).
• You log and carefully monitor all the uploads that occur.
• You acknowledge that the uploaded content must not violate our terms of service.

Use the ini_set() function as explained here.

Yes, ImageMagick is standard on all our servers.

Yes, but it must run it under the control of FastCGI, and even then it it will be slow. IMAP was designed as a persistent protocol for use with GUI-based MUAs (such as Mozilla Thunderbird), where sessions run persistently (and more or less in the background). Web applications have to respond quickly or they are frustating to use.

Our own webmail interface uses extensive caching with a different protocol to access mail data directly, so it is fast and it scales well to extremely large mailboxes. It is actually open-source and we provide official support for it, it can be installed under your account and customized for your website.

In order to remove your VirtualHost entry from the Apache configuration, rename your ~/www/ directory to something else. This is useful in case you're only using your domain for mail service, or if want to put your website offline temporarily.

Yes, see the webapps home page for more information.

Your home directory should preserve its default permissions (0711), because the o+x (execute by others) privilege is required if you are using mail services, cvs/subversion sub-accounts, or web service (the latter does not apply to custom web servers under the Advanced and Corporate packages).

Web applications such as CGI/FastCGI and PHP scripts all execute under your own credentials and theferore do not need to be readable by anyone but you. Note that many third party CGI and PHP scripts do not use secure permissions by default, so you should always double-check them yourself if sensitive content is involved. For all CGI and PHP scripts, we recommend permissions of 0700 (read/write/execute by you only). For all sensitive data files referenced by any web application, 0600 (read/write by you only) is recommended.

Even though it is supported, traditional FTP access should never be used to access private accounts, simply because it is the nature of the protocol to transmit data over the Internet "in the clear", and this data includes your account password and possibly other sensitive information.

Under Unix-based operating systems, secure file transfer tools like scp, sftp or rsync (with ssh) are available.

Under windows, we recommend the free WinSCP program. We have compiled a comprehensive list of SSH client programs freely available for a variety of platforms.

Make sure that your FTP client is configured to use passive mode (PASV) for data transfers. Contact your local network administrator to ensure that outgoing FTP connections are not being filtered. The FTP protocol is antiquated and very problematic with modern firewalls so it is best to avoid it whenever possible.

We use a number of techniques to maintain multiple mirror copies of your data on different servers (you can see their status with csoftadm, and log into them at any time). If the main server suffers from a failure, a secondary server immediately takes over (this is accomplished by the CARP system).

• Your complete home directory is mirrored daily using the rsync tool.
• The backup copies of your MySQL databases are updated in real-time through the use of MySQL's replication mechanism. PostgreSQL databases are still being mirrored periodically, but we are planning on implementing live replication shortly.
• The backup copies of your configuration data (as managed by csoftadm) are updated in real-time through the use of csoftadm's replication mechanism.
• Mail data is mirrored daily with rsync. We are working on a more efficient replication system to replicate mail data in real-time.
• Should a firewall machine fail and a backup firewall take over, current TCP connections will not even be reset. To achieve this, the firewall state (i.e., the status of current TCP connections) is propagated to backup firewall machines with the pfsync protocol.

All our servers have one or more backup servers containing a copy of all data on the master server. This mirror copy is updated at least every 4 hours. In addition, the master server also contains a local incremental backup updated weekly.

By contacting tech support, mention the name of the files/directories which you need restored. If the files were recently lost, you can also retrieve them from a secondary server by yourself (using your same password). The csoftadm command cluster status will show you the active secondary servers.

We do not provide domain registration services - we prefer to focus on hosting. We don't handle registrations and transfers of domains for our clients either, since most registrars now provide simple interfaces. Back in 1999, we did a small survey and received positive comments towards the registrars Gandi, Joker and BulkRegister.

From the web interface, go to the Domain names section. If you are using the shell interface, the dns add command will create a new domain or subdomain. The web server will automatically look for a directory (or a link) named after the domain/subdomain in your ~/www/ directory. For example, if you want a specific webpage under "foo.example.com", configure that domain with the DNS feature and upload your contents to your ~/www/foo.example.com/ directory.

You can point multiple domains and subdomains to a same directory by creating links in your ~/www/ directory. By default, csoftadm will treat "www.example.com" sub-domains specially and automatically create a link from "www.example.com" to "example.com" when the "www" subdomain is added.

Yes, those changes are feasible from either the web interface, or the shell interface.

The update should take up to one hour to become effective on our primary/secondary nameservers. World nameservers will generally take up to 6 hours. These delays are configurable, to a certain extent, from csoftadm (by editing the "SOA" record).

We are using the Postfix MTA along with mailprocd, a home-grown local delivery agent which performs classification and efficient/secure spam filtering. We are also using GNU Mailman as our mailing list manager.

Mailing lists can be managed from the Mail section of the web interface, or the "mail list" commands of the shell interface. We are using the GNU Mailman list manager software. When you create a list, you will be given an URL for Mailman's administrative web interface, where you can configure more advanced options or access list archives. Note that list archives are not available to the public by default, unless you specify otherwise in the Mailman settings.

You can use the "Mail service" area of the web interface, or the mail alias and mail mbox commands from the shell interface. E-mail addresses can have multiple destinations of different types, such as:

• Mailbox accounts ("foo")
• Pathnames to files ("./Mail/foo.txt")
• Pathnames to maildirs ("./Mail/foo/")
• Forwarders to external addresses ("user@domain.ext")
• Programs such as procmail and maildrop ("|procmail")
• Macros ("&myspamfilter") as described in the csoftadm documentation.

No, we do not perform any kind of spam filtering server-wide, and we do not use RBL databases. You need to explicitely configure spam filtering under your account in order to use it.

Most people will want spam delivered to a "Spam" folder of a mailbox. To configure this, go to the Mail Service / Mail Addresses section of the web interface, enter your new address in Configure a new address and select Mailbox (with spam folder) as the destination. This is all you need to do.

You can click on existing e-mail addresses to edit them. E-mail addresses (or wildcards) can be associated with a set of rules containing some condition and an instruction determining which action the mail server should take. A condition of spam>=5.0 evaluates to true when the SpamAssassin check returns a value greater than or equal to 5.0. A condition of spam<=5.0 evaluates to true when the check returns a value less than or equal to 5.0. If the condition is set to just "spam", mail is only tagged prior to delivery to the destination (i.e., a mail header is inserted to indicate the results of the spam test, and possibly harmful content is moved to an attachment).

Advanced users may want to perform more complex filtering and classification tasks. The standard programs procmail and maildrop are available for this purpose. To use those, configure e-mail addresses with a destination of |procmail or |maildrop. Setting the conditional to spam can be useful where you want mail to be checked and tagged prior to delivery to procmail or maildrop.

No. Although most hosting providers use "spamd" on multiuser servers, we use a better system. The problem with "spamd" is that it executes under a shared, system-wide UID, and important features such as Bayes filtering and autowhitelisting require access to persistent databases. Using a single shared database dramatically reduces the effectiveness of those features, as well as introducing security and privacy issues.

On our servers, a persistent process executing under your own UID does your spam filtering, and you have your own private SpamAssassin databases. This system also allows you to define custom anti-spam tests and change settings that would otherwise require administrative access.

You can do so by adding a "relocated" entry for the address, using either the web interface or the mail relocated add command of the shell interface. Mail for the given address will be rejected with the given text, which usually contains contact information such as a new e-mail address or a website URL.

There exists a variety of semi-automated mail abuse reporting software, some of them are listed here and here.

The sending of messages to external addresses through our mail server ("relaying") requires your mail client to authenticate securely with our mail server. Enabling SSL should be straightforward with most mail clients that support it. If you are using Mozilla Thunderbird, for example, go to Account Settings/Outgoing Server (SMTP), enable Use name and password, enter your username (or the name of a mailbox account) and set Use secure connection to SSL.

If you are only able to create subfolders of INBOX, your mail client fails to configure itself accordingly using the "NAMESPACE" IMAP extension. More information is available here. Our web interface provides a work-around: Bring up the mailbox settings page by clicking on a mailbox. It will allow you to manually create or delete IMAP folders. Of course, the proper solution is to use an IMAP client that is not broken.

Unlike our own spam filtering system (which uses a combination of SpamAssassin, Bayes filtering and autowhitelisting), the Gmail service provides a trivial Bayes spam filter, which frequently results in filtering errors, in particular for messages containing terms such as "credit card", which often end up in the "Spam" folder and are missed.

It is located at /usr/sbin/sendmail. If you are using sendmail from CGI scripts (or similarly, mail() from PHP scripts), please be extremely careful and verify that the recipient address cannot be set arbitrarily.

Use an SSH (secure shell) client program to connect using your assigned username, password and server hostname. We have compiled a list of free SSH clients for most major operating systems.

Yes. The GNU versions of the standard commands (i.e., ls, cp, mv, tar, make, etc) are available on all *BSD servers. If you want to use them by default, create an empty file named ~/.prefer_gnu and reconnect to your shell. The login scripts will automatically configure a number of shell aliases for you (since the GNU utilities are installed system-wide with the "g" prefix).

Since there are now SSH clients available for virtually all major platforms, we have, long since, disabled the traditional telnet service on our servers.

Create a file called ~/.hushlogin to disable both, or ~/.no_fortune to disable the fortune quotation (responsible for printing confusing quotes which Unix neophytes sometimes take with extraordinary seriousness).

You may also have a file called ~/.fortune with alternate arguments to be passed to fortune (the default is -s, for short apothegms). We advise you not to use the -o option (offensive quotes), unless you are willing to get offended.

Users on BSD servers may like to call the calendar reminder service from their shell login file.

MySQL and PostgreSQL databases can be managed from csoftadm. From the web interface, these functions are under the "Databases" section. If you are using the shell interface, use the commands under db mysql and db pgsql.

Unless you are connecting to your database from a remote location, the database server address is localhost. For PostgreSQL databases, local Unix authentication is used by default so you can login with your account username and do not need to provide a password (all processes running under your account will have the rights to access your database). For MySQL databases, database users can be configured individually and a password must be provided.

For MySQL, the mysqldump command outputs the contents of a database to a text-based format. You would typically save this output to a file. This command accepts the same options as mysql.

  # Dump
  $ mysqldump -u myname_mydb -p myname_mydb > myname_mydb.dump
  # Import
  $ mysql -u myname_mydb -p myname_mydb < myname_mydb.dump

Similarly with PostgreSQL, use the command pg_dump to save your database to a file, and feed the contents of that file to psql to restore it.

  # Dump
  $ pg_dump myname_mydb > myname_mydb.dump
  # Import
  $ cat myname_mydb.dump | psql myname_mydb

This typically occurs when some field name in the dump contains keywords such as KEY and ORDER which are not properly quoted. You can pass the --allow-keywords option to mysqldump to work around this.

Yes. If you wanted to move the directory /trunk/foo from repo1 to repo2, you would use:

  $ svnadmin dump repo1 |svndumpfilter /trunk/foo |svnadmin load repo2

See the Subversion book: Repository Maintenance

Our Advanced and Corporate plans allows users to run virtual private servers. The only requirement for the virtualized operating system is support for the AMD64 architecture which all of our servers are using.

However, we recommend against using virtualization solely for the purpose of running web, application servers and such. Our traditional hosting service differs from what the majority of "shared hosting" providers are offering. Most of them do not provide their customers with server arrays, and many are not competent at the (often technically challenging) task of properly securing their multi-user environments. Also,

• If you have an Advanced or Corporate package, you can already execute any type of web or application server. Under Unix, users normally cannot configure daemons to listen on privileged ports (i.e., 80), but we address this very simply by using transparent packet rewriting at the routing level. See the Dedicated Apache Installation Guide for an overview of the typical installation procedure (which we can also perform on request).
• The reliability and price/performance ratio for shared hosting service is better than VPS solutions (including our own), because our shared hosting users have multiple physical servers (with high capacity interconnects), at their disposal. The task of serving a web page, processing e-mail or issuing a database query, for example, can be distributed between multiple servers. Hardware failures do not impact the service. Increase in server load is addressed by adding more servers. No VPS providers that we are aware of are providing this service at any price approaching that of our shared hosting packages.
• You can install software "as root" through our standard ports/packages system.
• You can perform administrative tasks which normally require root access using csoftadm (OpenMGI).
• Your CGI/PHP scripts, your mail delivery system and even your spam filter, onr our system are already under your control, and executing under your own Unix privileges.
• Securing server software is a high-maintenance task. Our system administrators are constantly applying reliability and security fixes for the operating systems, installed libraries and applications. Administering a VPS involves handling these tasks by yourself, without accountability on the part of the hosting provider.