ph7CMS not compatible with the ifast network

Admin · March 6, 2020, 3:58pm

Please keep in mind that we provide a completely free hosting service. This service costs money for servers, networks, datacenter space and staff to maintain, and you’re not giving us any. So, in order to be able to do this at all, we need to have quite harsh limits on free hosting. And for those who need more than what we can offer for free, there are the premium services which do make us money.

I’m sorry to have disappointed you if you expected something else. But please understand that restrictions in terms of server power and features is basically standard with free hosting. After all, we’re still a business, not a charity.

Like you said, InfinityFree is most suited to personal pages and basic usage. It’s not an enterprise level hosting platform.

But it is free. You don’t pay for hardware, you don’t need space to house it, you don’t pay for network connectivity and you don’t pay for power. And it’s easy, because you don’t need to manage any of those things yourself, and just get space to upload the website. And unlike your home computer, your website will run on proper server hardware on redundant power feeds and network connections. And for many people, this convenience is enough to make the service useful for them.

Regarding the flexibility argument, I see a few reasons why that’s a bad idea.

The first is abuse. Many free services get abused a lot. Ours is no exception. Bad people will try to upload phishing sites, hacking tools, stolen data, malware and worse. Seeing how these are usually pump and dump sites, being lenient in the first stage would help these criminals a lot, at the cost of people who we’ve known for longer and can trust.

The second one is that it would make the “bait-and-switch” argument much worse. Welcoming users with unrestricted accounts, and tightening the bolts later on, while having the premium ads? In my opinion, that’s far worse than a misunderstand about our service from the start.

A few other specific points you repeated and I want to comment on:

We know developers know math. And that’s exactly why we don’t give you the numbers.

We want people to stay within the limits of their hosting accounts. We don’t want them to know exactly how the usage is calculated and what the numbers are. Because if they did, they could try to skirt around the limits, by optimizing their usage so they can use as much free hosting server power without paying.

Our goal is not that people’s usage of A stays within B and X stays within Y. Our goal is that people don’t overload the free hosting services, and the metrics we calculate are a means to that end.

I would like to point out this section from the very home page of our website:

Is InfinityFree a demo, trial or sample for premium hosting?

Absolutely not! InfinityFree is fully featured, completely free website hosting. We provide promotional offers for alternative, premium services for people looking for more, but their services are very different. InfinityFree is not a representation of these offers.

If your goal is to test whether iFastNet’s premium hosting is suitable for you, then you should test iFastNet’s premium hosting. Please don’t go to the free alternative and complain it’s not premium enough.

I checked your account’s statistics, and I see your hits usage is well over half the limit and both your CPU usage and entry process usage is over the limit. So even if it’s just the two of you using the website, either you’ve been using the website quite intensively, or the software you’re using is just really heavy on server power.

Free hosting only supports PHP.

Robert_GG3 · March 7, 2020, 6:40pm

Ok,
My opinion is I would honestly have one of your people test all of those scripts individually from softaculous on the various account types you have.

Why?, because its listed as available so people are not going to expect there to be such issues right out of the gate.

If there was a section in the cp that lists recommended protocol it might help avoid early errors like I made installing these scripts.

I am trying simply to build an effective and efficient collaboration site for a group of people.

I have no idea yet of why that script uses so much processor or ram. Mainly because I’m technically not privy to live data about it.

Also, with the testing period I mentioned the service could limit the ip range which could access said site in testing to the IP of the logged in developer.

Then the developer would not have to worry about the site going live during testing and construction periods and it would help remedy the malicious users you mention that I’m aware of and agree with you about for sure.

I think if softaculous is going to offer these scripts up which is awesome of them, that they should offer information about each scripts default performance characteristics.
For instance
Ph7cms
Average inodes used-
Average space used-
Average cpu used per active user-
Average ram used per active user-

With scripts like ph7cms they would obviously need to break this down into categories per module I’m sure.

I signed up here to test the service and see if I would be able to build a collaborative site for a group of people.
Your logs should show more than likely no more up addresses than the following accessing that accounts site.
My laptop
My cell
My gf cell
Maybe a friends tablet or netbook if he took a look.

Mainly though it should show my laptop going into the user frontend and the admin frontend using a combination of firefox and vivaldi browsers.

I think I was just both shocked and aggitated because I was in the middle of trying to figure out how to modify the script to work best with your free service without cutting out the reasons the script is useful for my purposes.

I can see now that i will definitely need to build my rack sooner than expected.

I honestly did not expect this site to use what would be considered too many or too much resources from the cpu or ram categories. Mainly because I assumed that it would have no access to ffmpeg which is what I thought would use the real resources.

All in all even though I threw a temper tantrum like a child. I still think your service is good. I just wish it was easier to know what was up with the scripts so I dont get locked out while I’m trying to set things up. I have never used ph7cms before. But it was tempting because it looks as though it would save lots of dev time while allowing me to get them up and running quickly.

But if I cant even run it for essentially two users then that idea is shot down for this service.

But I will figure something out for sure.

Robert_GG3 · March 7, 2020, 7:13pm

Technical question.
Does the .htaccess files size or complexity contribute to this entry process usage being too high?
If this file is processed for every hit then I think ph7cms default .htaccess file is to blame. Its a massive .htaccess file. Its blocking very specific bots and doing rewrites etc… by default. I honestly dont think I’ve ever seen such a complex .htaccess file, but I have just gotten back into this after like a decade.

Admin · March 8, 2020, 2:18pm

The point of using an off the shelf installer (Softaculous) is precisely that we wouldn’t have to do that. Especially when there are new versions of software all the time, which can fix issues or create new ones with any version. That could be someone’s full time job.

Instead, we remove scripts only after knowing for sure they won’t work on our hosting. Which is primarily based on user feedback, like what you’re giving here.

What do you mean by recommended protocol?

That’s honestly quite hard to figure out, regardless of the environment you’re running on. Premium hosting does expose the “raw” resource metrics, but that doesn’t tell you which module of the application is generating the CPU usage. With a combination of access logs, tracing, APM and profiling, you can go a long way, but you’re still responsible yourself for correlating the data across different logs and reports and drawing conclusions from them.

There are IP whitelisting and password protection tools in the control panel you can use to do this. But by default, every website is accessible by everyone from everywhere. It’s up to you to use the tools we give you if you want to use them.

And malicious users can still visit a live site, so protecting the site only does so much in that case.

That last statement highlights one of the reasons is is not feasible.

Resource usage varies wildly from site to site. An out of the box WordPress site is quite light weight. But install dozens of big plugins in it and a poorly coded theme, and you’ll slow the site to a crawl while powering through your resource allocation.

So what would you base your measurements on? A clean site? That’s not representative for most sites, and could be considered misleading. The average of all sites we host with that script? That’s still not representative for most sites, and leads us to the problem of…

We also measure resource usage per hosting account. Not per domain, per website or per script. We try to keep our metrics collection light weight, because we ourselves have no use for detailed metrics, and collection more metrics takes away server power you won’t be able to use on your website.

There is also the question of what makes a user a user and when are they active. A forum with tens of thousands of registrations, most of whom never visit the site, probably won’t have any problems with resource usage. But a forum with a dozen users where everyone continuously refresh the page to see new posts is more likely to run into limits.

Calculating and showing such averages would take a massive effort to do, while being basically useless to anyone.

We don’t keep full access logs of your site. We only aggregate the number of requests for the purpose of calculating resource usage. This is done both due to cost of collecting, storing and processing these metrics, and for the privacy of your visitors.

Entry process usage is primarily affected by two factors:

Number of hits on your website.
Average request duration.

In almost all cases, PHP code, with or without database queries, is the main factor causing a high average request duration. A large .htaccess file could be responsible for this sure. But I suspect the PHP code of ph7CMS is complex enough to make the .htaccess file size irrelevant.

Although we do have a hard cap of 10 KB on .htaccess file size for this purpose.

Robert_GG3 · March 8, 2020, 7:42pm

So softaculous should not be able to generate or install an .htaccess file of 38kb then I would assume.
But that’s what happened, ph7cms installed a .htaccess file of 38kb which is I assume 28kb over the hard cap.
Now I’m not sure if anything in the admin panel of ph7cms modified the .htaccess file or not. So I’m assuming the file was installed in it’s current form.

The file does say that some of what is going on within it should actually be done elsewhere if appropriate rights are granted to the needed resources or files.

The Apache website also states that .htaccess usage should be limited if possible.

This is why I was thinking maybe this file trying to configure the server environment and block bots and such was the culprit.

If ffmpeg access was turned on then I would have assumed it was the culprit.

I would paste the files content here but I wouldn’t think anyone would appreciate that.

If much of what is being done in this file is unnecessary because your servers are already doing it then i would think i could comment out much of this default file.

Admin · March 9, 2020, 12:13pm

The file seems a lot like the .htaccess file shipped by ph7CMS out of the box:

github.com

pH7Software/pH7-Social-Dating-CMS/blob/master/.htaccess

####################
# Author:         Pierre-Henry Soria <[email protected]>
# Copyright:      (c) 2012-2022, Pierre-Henry Soria. All Rights Reserved.
# License:        MIT License; See LICENSE.md and COPYRIGHT.md in the root directory.
####################

## Note: You can remove some lines below if your Apache server already supports one of the parameters below (this will relieve Apache since this file is read on every request). ##
## Finally, if your host allows it, you are strongly advised to put these settings in your Apache configuration file (httpd.conf). ##

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        # Disable Directory Browsing
        Options -MultiViews -Indexes
    </IfModule>
    Options +FollowSymLinks

    RewriteEngine On

    ## Uncomment the below "#RewriteBase /" (remove "#") if pH7Builder is installed in a folder, and add the folder name after the slash "/"
    ## Example: If pH7Builder is installed in "/public_html/ph7builder/", then it should be "RewriteBase /ph7builder/", however it may depends of your Apache configuration.

This file has been truncated. show original

Our own security systems should already keep most bot traffic out, so I don’t think there is any harm in stripping out the bot protection from the .htaccess file. Although I don’t think the .htaccess file is the culprit in this case.

Robert_GG3 · March 9, 2020, 9:40pm

Yes, it should be the same file essentially. I did no manual text editing of the file only viewed it because it is so much larger than the default .htaccess file. So I wanted to know what all was happening inside of it. I will modify the file by stripping out what you say is not needed and see if it helps. It doesn’t hurt to try I guess.
I have not had a chance yet to go through and do full testing.

system · May 8, 2020, 9:40pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.