- not root
- not root
- SuEXEC
- Depends. 644 for files and 755 for folders are a safeish default.
Don't change ownership of anything to www-data unless you want php to be able to edit the contents of that file/folder
Irrespective of anything else you do: folders need read and execute permissions for the user to find files; files need read permissions for the user to read them. If you get any permissions errors when changing things - you've managed to remove these fundamentally required permissions.
If you are not writing any files via your php application, you can leave files owned by you:you. In this circumstance the world permission (xx4/5) is the one which applies.
If you leave the files as owned by you:you with file permissions of 644 (files) what that would mean is that only you can edit the website files - www-data is not you - so it cannot edit the files.
If you want to restrict access to apache + you and block out all other access chown -R you:www-data *
. With file permissions of 640 and folder permissions of 750 you can edit, www-data can read - because then apache reads the group permission (x4/5x).
Restrict to a minimum the paths you allow apache/php to write to - if there's a tmp dir the application needs to write to - allow it to write to that folder only - and for any writable locations if at all possible make sure it's outside the document root or take steps to ensure this writable path is not web-accessible.
Note that "you" should not be root. Allowing direct ssh access as root is an indicator of other security lapses (such as not disallowing password login), but that's a whole bunch of questions unto itself.
Is 192.168.1.1 your router's IP address?
nameserver 192.168.1.1
suggests your router is advertising itself as a DNS server, rather than "sending the ISP's DNS servers".
What brand and model of router do you have? Does the web interface show log messages?
I'm wondering if your router is forwarding the request to your ISP's nameservers, but your ISP's nameservers are dropping the request, because they don't want you to know what their machine with IP 192.168.1.50
is called.
Suggestions:
- Double check your router's settings. It should answer requests for your own private network. Maybe you can add a static host entry in your router's web interface?
- Try installing Avahi on all the systems on your network.
- Tell your router to use Google Public DNS (
8.8.8.8
and 8.8.4.4
) or OpenDNS
Best Answer
Just bring the interface down. For example, with eth0:
To bring the interface back up: