• Anytime using the secure Contact Form, or direct e-mail to tech@csoft.net (technical issues), or sales@csoft.net (billing and accounting issues).
• During business hours, call our toll-free office number: 888-655-4977.
• Outside of business hours, call an admin's cell phone (provided on request).
• Some administrators (such as vedge@) are active on the Discord Channel.

Announcements concerning the service such as scheduled server maintenance, hardware upgrades and software installs/upgrade are available from your server's /etc/motd (message of the day) file. The MOTD is also shown on the Main Page of the Control Panel, or when you log in to your shell account with SSH.

• Test 50MB: https://resin.csoft.net/test.bin (OpenBSD)
• Test 100MB: https://lilly.csoft.net/test.bin (FreeBSD)

Monthly traffic is unlimited. The minimum bandwidth (guaranteed to be available at all times) is set according to your selected Hosting Plan.

Your current use of storage is displayed in the File Manager. You can also use the du ("disk usage") utility in your shell:

  $ du -hs ~
  $ du -hs ~/www/example.com
  $ du ~/www/* | sort -rn | head

Legal restrictions on content are detailed in the hosting agreement.

Yes. We do not have any policy against adult or pornographic material on our servers, as long as it is legal and labeled as such.

Whenever possible, we recommend that you test and debug experimental software on another server (or in an alternate location) before deploying it on your production server.

A wealth of tools are available to help debugging and testing, such as top, ps, pstree, gdb and valgrind. For C and C++ applications, use of the -g compiler flag is advisable, even for production binaries (the added debugging information makes a larger file, but is not actually loaded into memory when executing outside of a debugger).

Applications that execute persistently on our servers must use some method to insure that CPU is not being wasted unnecessarily when the program is not doing any useful work. Usually, synchronous I/O multiplexing is used:

• The traditional select and poll interfaces.
• The more modern kqueue interface on BSD servers.
• The libevent library (uses the best available method).
• Application servers / FastCGI programs can use PerCGI's query processing loop.
• The Perl POE framework (select() and poll() are also built into Perl, see perlfunc).
• Agar's main event loop AG_EventLoop() (uses best available method).

Server software is our speciality, so don't hesitate to contact us if you need help with code issues.

IRC bots such as eggdrop are permitted on our servers, but we ask that users please contact us after having set up a bot so we can verify that it is bound to the correct IP address. Bots should not be bound to shared IP addresses.

We allow web-based IRC clients such as CGI:IRC, but an IP-based plan (such as Budget) is needed, and the list of allowed channels must be restricted. The user must not be permitted to join arbitrary channels. Your script must also bind to your own v-host IP address. In CGI:IRC, we would therefore require the following settings in cgiirc.config:

vhost = your-vhost-ip
allow_non_default = 0

Network scanners such as nmap, scanners for security vulnerabilities or exploits are proscribed on all of our servers, regardless of their intended purpose. If you want to use our servers to perform specific security audits against your own equipment, please contact us about it in advance.

Yes. We already have a number of popular client programs installed on our servers. If you would like to run an IRC bot, see our Software Policy page.

Yes, screen comes standard on our servers and the detach feature can be used.

Yes. The limit on the number of concurrent processes you may run is set based on your hosting package.

If you have an SSL certificate purchased from a commercial certificate authority (for example, Thawte or GoDaddy), or a self-signed certificate, see: Setting up HTTPS (SSL) Service with a Certificate.

If you wish to obtain and use a free SSL certificate from Let's Encrypt, refer to: Setting up HTTPS (SSL) Service with LetsEncrypt.

Our recommendation for most webmail users would be to install Roundcube webmail, which is a package that we officially support. To perform the installation by yourself, download the Latest Stable Version and unpack it in your preferred location (such as ~/www/example.com). Follow the INSTALL instructions and Roundcube should work out of the box. You will need to create a MySQL database for Roundcube's use (you can do this from either the Control Panel Databases section or the Shell Interface command db mysql add).

We can also perform this installation if you send a request to tech@.

Yes, mod_rewrite is standard on our servers and is available to everyone. See the Apache mod_rewrite documentation for more information. mod_rewrite users may also find the following cheat sheet handy. As always, don't hesitate to contact us if you need help with this feature.

Other functions provided by the standard web server are described on this page.

Yes. All web applications (including PHP, CGI and FastCGI scripts) will run under your own Unix privileges.

Therefore, PHP/CGI script files on our servers can be assigned the permission mode 0700 (i.e., R/W/X by owner only), and any data file that needs to be accessed by a script may use the permission mode 0600 (i.e., R/W by owner only).

You can, but since Apache's suEXEC imposes restrictions on the environment variable names, the name must be prefixed with HTTP_ or SSL_. You can also pass any environment variable in suEXEC's "safe" list.

A number of different PHP versions are available on our servers. If you are using a dedicated web server instance, you will be able to compile your own mod_php (using whichever version and set of extensions you prefer). If you are using the standard web server, you can select your PHP version from the Control Panel (under "Server Settings").

We generally recommend using the "Current Stable" or "Old Stable" version (see the PHP Downloads Page).

See the standard web server settings page for a list of web server features, default index filenames and default file extension assignments.

Real-time logs are placed under the directory /logs/`whoami`/. The standard web server logs are named http, http-error, https and https-error. You can configure which logs are generated, and the log rotation settings from "Preferences / Server settings" in the Control Panel (or using the "conf" commands in csoftadm).

Hosting packages which feature a unique IP address (e.g., Budget) allow users to have multiple domains, each possibly pointing to different subdirectories of ~/www/. A single directory (or symbolic link) is required for each configured domain/subdomain.

Yes, use the ErrorDocument setting using an .htaccess file (see the micro-howto for examples).

Use an .htaccess file in the concerned directory, as explained by the htaccess micro-howto. Many settings that are not recognized in .htaccess files can be altered using csoftadm.

Yes, thanks to the FCGI module. Assign the script the .fcgi extension (or you could also map the fastcgi-script type using an .htaccess file). FastCGI scripts execute setuid so you can use a permission mode such as 0700 on the file. See this Example FastCGI Perl Script.

Yes. This is the method we recommend to our customers who require the highest performance attainable for a web application. See this Example FastCGI Program in C.

Yes, they are available on all of our standard PHP profiles. Please contact us if you need specific Pear modules installed.

Yes, as long as:

• It does not permit arbitrary compilation and/or execution of uploaded code (poorly written upload scripts with no validation are a leading cause of sites being compromised).
• You have a way to monitor the uploads for abuse.

Use the ini_set() function as explained here.

Yes, ImageMagick is standard on all our servers.

In order to remove your VirtualHost entry from the standard Apache configuration, rename your ~/www/ directory to something else. This is useful in case you're only using your domain for mail service, or if want to put your website offline temporarily.

Web applications such as CGI/FastCGI and PHP scripts all execute under your own credentials and theferore do not need to be readable by anyone but you. Note that many third party CGI and PHP scripts do not use secure permissions by default, so you should always double-check them yourself if sensitive content is involved. For all CGI and PHP scripts, we recommend permissions of 0700 (read/write/execute by you only). For all sensitive data files referenced by any web application, 0600 (read/write by you only) is recommended.

Language	Path
AWK	/usr/bin/awk
Bourne shell	/bin/sh /bin/bash
C shell	/bin/csh /bin/tcsh
Korn shell	/bin/ksh
Perl	/usr/bin/perl /usr/local/bin/perl
PHP	/usr/local/bin/php ( the latest "Old Stable" release ) /usr/local/bin/php81 (8.1.*) /usr/local/bin/php82 (8.2.*) /usr/local/bin/php83 (8.3.*) ( more information on available PHP version )
Python	/usr/local/bin/python /usr/local/bin/python2 /usr/local/bin/python2.x /usr/local/bin/python3 /usr/local/bin/python3.x
Ruby	/usr/local/bin/ruby

If you are on a Unix-style system, you can always use scp, sftp or rsync. If you prefer a graphical front-end, WinSCP (Windows) and Filezilla (Windows / MacOS X) are both free open-source programs we recommend.

Our servers require that your file-transfer program connect using a secure protocol (either SSH, SCP or SFTP).

To restore any files/directories from the latest available backup, please contact our Technical Support service.

We use a number of techniques to maintain multiple mirror copies of your data on different servers (you can see their status with csoftadm, and log into them at any time). Should the current main server suffer from any type of software or hardware failure, a secondary server takes over (carp permits a smooth transition).

• Your complete home directory is mirrored daily using the rsync tool.
• The backup copies of your MySQL databases are updated in real-time through the use of MySQL's replication mechanism (as of this writing, PostgreSQL databases are still mirrored on a daily basis).
• The backup copies of your configuration data (as managed by csoftadm) are updated in real-time through the use of csoftadm's replication mechanism.
• The complete firewall state is replicated over to the backup firewall system using pfsync. Should the firewalling router fail, existing connections will not be broken.

From the Control Panel, go to the Domain names section. If you are using the Shell Interface, the dns add command will create a new domain or subdomain. The web server will automatically look for a directory (or a link) named after the domain/subdomain in your ~/www/ directory. For example, if you want a specific webpage under "foo.example.com", configure that domain with the DNS feature and upload your contents to your ~/www/foo.example.com/ directory.

You can point multiple domains and subdomains to a same directory by creating links in your ~/www/ directory. By default, csoftadm will treat "www.example.com" sub-domains specially and automatically create a link from "www.example.com" to "example.com" when the "www" subdomain is added.

If you use the Control Panel, click on the domain in the Domain Names section to bring up the DNS editor. You can also use the Shell Interface (with the dns commands).

Any change in your DNS configuration will take effect on all of our name servers within 5 minutes. How long the change will take to propagate to other name servers depends on the TTL setting of the domain (default TTL is 1 hour).

We are using the Postfix MTA along with mailprocd, our home-grown local delivery agent which performs classification and spam filtering using secure, privilege-separated processes.

Mailing lists can be managed from the Mail section of the Control Panel, or the "mail list" commands of the Shell Interface. After you have created the list, you will be given an URL for its administrative web interface, where you can configure more advanced options, or access the mailing list archives.

You can use the "Mail service" area of the Control Panel, or the mail alias and mail mbox commands from the Shell Interface. E-mail addresses can have multiple destinations of different types, such as:

• Mailbox accounts ("joeuser")
• Pathnames to files ("./Mail/foo.txt")
• Pathnames to Maildirs ("./Mail/foo/")
• Forwarders to external addresses ("joe@example.com")
• Programs such as procmail and maildrop ("|procmail")
• Macros ("&myspamfilter") as described in the csoftadm documentation.

We don't enforce any type of mandatory or server-wide spam filtering. Our e-mail server will not deny incoming e-mails under any circumstance. Most users choose to configure their e-mail so that spam messages are only marked as such, moved to a "Spam" folder, and kept indefinitely.

Our local delivery agent (mailprocd) embeds the latest version of SpamAssassin. Dedicated processes (running under your own UID) are used to filter the incoming spam. You can set any SpamAssassin parameter in ~/.spamassassin/user_prefs, define custom tests, or load extra plugins of your choice.

Some features of SpamAssassin such as Bayes filtering and autowhitelisting (now TxRep) require the use of databases. Our system makes it possible for these databases to remain private and under your control (and accessible using the sa-learn utility).

For more information, see: Using Spam Filtering.

You can do so by adding a "relocated" entry for the address, using either the Control Panel or the mail relocated add command of the Shell Interface. Mail for the given address will be rejected with the given text, which usually contains contact information such as a new e-mail address or a website URL.

There exists a variety of semi-automated mail abuse reporting software, some of them are listed here and here.

The sending of messages to external addresses through our mail server ("relaying") requires your mail client to authenticate securely with our mail server. Enabling SSL should be straightforward with most mail clients that support it. If you are using Mozilla Thunderbird, for example, go to Account Settings/Outgoing Server (SMTP), enable Use name and password, enter your username (or the name of a mailbox account) and set Use secure connection to SSL. Other client program and devices can be configured similarly.

If you are only able to create subfolders of INBOX, your mail client fails to configure itself accordingly using the "NAMESPACE" IMAP extension. More information is available here. Our Control Panel provides a work-around: Bring up the mailbox settings page by clicking on a mailbox. It will allow you to manually create or delete IMAP folders. Of course, the proper solution is to use an IMAP client that is not broken.

It is located at /usr/local/sbin/sendmail, but you can also use /usr/sbin/sendmail. Internally, it works as a wrapper around Postfix.

Use an SSH (secure shell) client program to connect using your assigned username, password and server hostname. We have compiled a list of free SSH clients for most major operating systems.

Yes. GNU versions of standard commands (ls, cp, mv, tar, make, m4, etc) are available on all our servers. If you want to use them by default, create an empty file named ~/.prefer_gnu and reconnect to your shell. The login scripts will automatically configure a number of shell aliases for you (since the GNU utilities are installed system-wide with the "g" prefix).

Create a file called ~/.hushlogin if you wish to disable fortune cookies (responsible for printing confusing quotes which Unix neophytes sometimes take with extraordinary seriousness). You may also create ~/.fortune file specifying alternate arguments to fortune. Possible arguments include -a (all quotes), -o (offensive quotes), limerick, startrek and zippy. On FreeBSD servers, you can also use freebsd-tips, bible, bofh, epictetus and futurama.

You can edit your shell login script (e.g., ~/.profile or ~/.cshrc) to run specific commands when logging in. cal (display calendar) and calendar (reminder services) are notably useful programs to use from your login script.

This is a bug that is easily corrected by upgrading your jSch to version 0.1.52 (or later).

MySQL and PostgreSQL databases can be managed from csoftadm. From the Control Panel, these functions are under the "Databases" section. If you are using the Shell Interface, use the commands under db mysql and db pgsql.

Unless you are connecting to your database from a remote location, the database server address is localhost. For PostgreSQL databases, local Unix authentication is used by default so you can login with your account username and do not need to provide a password (all processes running under your account will have the rights to access your database). For MySQL databases, database users can be configured individually and a password must be provided.

For MySQL, the mysqldump command outputs the contents of a database to a text-based format. You would typically save this output to a file. This command accepts the same options as mysql.

  # Dump
  $ mysqldump -u myname_mydb -p myname_mydb > myname_mydb.dump
  # Import
  $ mysql -u myname_mydb -p myname_mydb < myname_mydb.dump

Similarly with PostgreSQL, use the command pg_dump to save your database to a file, and feed the contents of that file to psql to restore it.

  # Dump
  $ pg_dump myname_mydb > myname_mydb.dump
  # Import
  $ cat myname_mydb.dump | psql myname_mydb

This typically occurs when some field name in the dump contains keywords such as KEY and ORDER which are not properly quoted. You can pass the --allow-keywords option to mysqldump to work around this.

  # Run on the server:
  $ cvs -d ~/cvs init
  $ chmod 700 ~/cvs
  
  # If you are working on a remote client, use:
  $ export CVSROOT=:ssh:yourname@ssh.example.com:/home/yourname/cvs
  $ cvs login
  
  # If you are working on the server, you could also use:
  # $ export CVSROOT=/home/yourname/cvs
  # $ cvs login
  
  # Import a new module:
  $ cd ~/foomodule
  $ cvs import -m "My module" foomodule mycompany start
  $ rm -fR ~/foomodule
  $ cvs checkout foomodule

You can create new CVS accounts from the Control Panel, or using the csoftadm command "cvs add".

As of this writing, a bug exists in WinCVS / CVSNT's built-in ssh client (ssh 2.0.51d). One possible workaround is to set the "Version" field to "1" in both "Login settings" and "Checkout settings".

However, for better security, until a new WinCVS version is released, we recommend users switch to the ssh.exe and cvs.exe provided in the Cygwin distribution.

Using either the svnadmin create command, or alternatively, the Subversion section of the Control Panel. See the subversion micro-howto for more details.

Yes, thanks to the svnsync utility. See the micro-howto: Mirroring repositories read-only.

Yes. If you wanted to move the directory /trunk/foo from repo1 to repo2, you would use:

  $ svnadmin dump repo1 |svndumpfilter /trunk/foo |svnadmin load repo2

Refer to the Subversion book: Repository Maintenance