Regretfully, there is some general and specific software we cannot permit on our customers' webhotels, for the sake of resource usage, security and service stability.
Webhotel is a shared service for websites, and is not designed for handling other types of services.
Here are some of the guiding principles for permissible and non-permissible software.
- OK: software executing briefly via PHP or CGI on the webhotel, or which supports webhotel maintenance on the login server
- Not OK: software with too long execution time, which uses too much memory (RAM/swap), CPU, intensive disk usage, and/or intensive database usage
- Not OK: software posing a security risk, sending of unsolicited email (spam), software suited for damaging third parties, or illegal software
About resource limits
Our PHP configuration has default limits that must not be exceeded, and software exceeding these limits may be forcably terminated and deactivated.
CGI software shall adhere to the same limits.
Even if software does not exceed the specific limits, it may still use too much resources, overloading the webserver. Your webpages will no longer work, and neither will any other webpages on the same webserver. In such case, we will temporarily deactivate the webhotel causing the problems.
The webservers are behind a firewall, which prevents software not using HTTP.
Some types of software is not permitted, no matter what the cause is, regardless of whether it is run on a webserver or login.domeneshop.no. The following list contains examples, and is not exhaustive:
- Bittorrent clients or servers, or other similar distribution services
- Chat or IRC robots/proxies
- Crypto-mining etc.
- DoS/DDoS tools
- File management scripts/software in PHP or CGI (regardless of language)
- Firewall circumvention, or attempts to circumvent
- Insecure software (known security vulnerabilities)
- Obfuscated/encrypted software that cannot be automatically verified as secure/original
- Performance tests for max capacity of our servers/computers/lines
- Port scanners
- Proxies (e.g. for anonymization)
- Remote shell via web
- Root kits
- Scam software (e.g. phishing)
- Spam software
- Spy software
- Video transcoders
- Viruses, trojans, etc.
The following software is specifically not permitted. Nor is it permitted to use software based on these listed here, except if all security issues and other problems are verifiably fixed and documented as fixed.
TimThumb - WordPress plugin, used by themes until 2009, no safe version exists, and the project was binned in 2014.
Updraft (Plus) - backup plugin which causes very high resource usage on servers, we recommend Duplicator or Akeeba Backup
WP File Manager - WordPress plugin, fundamentally insecure software.
- Adminer - MySQL admin tool, used as a backdoor by criminals
- BackWPup - Backup-plugin for WordPress with absurd resource usage, we recommend Duplicator or Akeeba Backup
- CcMail from Cicoandcico - no secure version exists, is unmaintained, and not updated since 2005.
- CuteNews - no secure version exists, is unmaintained, and not updated since 2008.
- Chronoforms 4 og 5 - permits automated spamming
- FCKeditor - Replaced by CKEditor in 2010
- eXtplorer - Joomla extension, fundamentally unsafe software
- FreeWebshop.org - no secure version exists, is unmaintained, and not updated since 2008.
- JetPack Sharing/Sharedaddy - modul for JetPack for WordPress, permits spamming, and the JetPack provider does not understand the problem.
- Joomla versions that have no secure versions and are unmaintained, e.g.:
- 3.0.x - 3.8.x
- Lightbox Photo Gallery - WordPress-plugin, no secure version exists.
- Lightbox Plus Colorbox - WordPress-plugin, no secure version exists.
- Mambo - no secure version exists, is unmaintained, and not updated since 2008.
- Nextcloud - part of the category "file management software", suitable for VPS/dedicated server
- Openads - no secure version exists, is unmaintained, and not updated since 2008.
- OpenX - no secure version is readily available, is essentially unmaintained, and not updated since 2012.
- osCommerce - no secure version exists, extremely bad security history
- Owncloud - part of the category "file management software", suitable for VPS/dedicated server
- PHP-Fusion - no secure version exists, is unmaintained, and not updated since 2013.
- PHP-Nuke - no secure version exists, is unmaintained, and not updated since 2007.
- PostNuke - no secure version exists, officially discontinued July 2009.
- Shortcode Excec PHP - WordPress plugin, fundamentally unsafe software, the project was removed from WordPress's pages in 2015.
- ShoutPro - no secure version exists, is unmaintained, and not updated since 2006.
- sNews - no secure version exists, is unmaintained, and not updated since 2011.
Avoid this software
We ask you not to install the following software in your webhotel, as they often cause problems. Users visiting or administering websites with this software risk locking themselves out due to extreme resource usage.
- Advanced Taxonomy Terms Order - WordPress-plugin, defect database handling
- All-in-One WP Migration - WordPress plugin for migration of WordPress sites, we recommend Duplicator or Akeeba Backup
- Backupbuddy - WordPress plugin for backups, we recommend Duplicator or Akeeba Backcup
- Backup to Dropbox - WordPress plugin for backups to Dropbox, triggers a bug in WordPress that makes tens of millions of error messages within a short time.
- Better Search and Replace - WordPress plugin, use Duplicator or Akeeba Backup instead when moving WordPress between websites
- Cherry Plugin - WordPress plugin
- Cornerstone (X Theme) - WordPress plugin
- Craft CMS - requires a dedicated or virtual webserver
- Imagify Image Optimizer - WordPress plugin
- JetPack for WordPress, because the module Sharing/Sharedaddy can be used for spamming
- Magento 2.3 and newer, which require up to 2 GB RAM (magento.com) for updates
- Merge + Minify + Refresh for WordPress, because it needs to start Java for each CSS/JS to be "minified", which requires unreasonable amounts of resources.
- Online Backup for Wordpress ("wponlinebackup") - backupsolution for WordPress, removed fra wordpress.org in 2015 or earlier, completely useless and creates an extreme amount of error messages
- Photo Gallery by Gallery Bank
("gallery-bank") - WordPress plugin
- Thrive Visual Editor - WordPress plugin
- Vaultpress - backup solution for WordPress, designed for use with websites hosted at wordpress.com and on dedicated servers, unsuitable for shared servers (webhotel)
- Wordfence - security for WordPress, has a tendency to fill either disk or database with many gigabytes of data
- WP-Optimize - optimization and backup plugin which causes very high resource usage on servers