en fr nl de
About Contact Charter News
all2all

Web hosting

Questions about Apache Web server software used to serve websites and apply .htaccess rules. , file upload, permissions, CGI, .htaccess, statistics and shell access.

Questions

Which file transfer programs can I use?

Choose a client that supports encrypted transfer, preferably SFTP Secure File Transfer Protocol: file transfer over SSH, normally used instead of legacy FTP. . FTP remains available mainly for legacy compatibility.

Common recommendations:

  • FileZilla: the universal classic on Windows, macOS and Linux Linux is a Unix-like computer operating system family. Linux is one of the most prominent examples of free software and of open source development; its underlying source code is available for anyone to use, modify, and… ; good for quick drag-and-drop hosting work. Download it from the official project site, not from third-party mirrors.
  • WinSCP: the Windows power-user choice; strong for SFTP, scripting, automation and synchronisation
  • Cyberduck: clean and simple on macOS and Windows; useful for occasional transfers and cloud storage workflows
  • Transmit: polished macOS-native client; appreciated by professional Mac web workflows, but paid and macOS-only
  • rsync: command-line tool for Linux/server/admin work; excellent for backups, migration and incremental synchronisation

In practice, FileZilla, WinSCP and Cyberduck are the tools most often encountered in hosting support. For larger migrations or repeated synchronisation, rsync, scp and sftp from the command line are often more reliable than manual drag-and-drop.

all2all hosting accounts include shell access, so files can also be transferred directly on the server when needed.

How do I configure my file transfer client?

Use the credentials provided when the hosting account is activated.

Typical settings:

  • hostname: server hostname
  • username: all2all username
  • password: all2all password
  • protocol: SFTP recommended; SCP Secure Copy Protocol: file transfer over SSH. for command-line or automation; FTP only for legacy compatibility

SFTP and SCP are handled through SSH/OpenSSH, usually on port 22. Legacy FTP File Transfer Protocol: legacy file transfer protocol, usually replaced by SFTP or SCP. is handled by the FTP service, typically ProFTPD, usually on port 21 plus passive data ports.

With FTP, the client usually opens directly in the hosting home directory. With Secure File Transfer Protocol: encrypted file transfer over SSH. or SCP, you may need to change into the hosting home directory manually; it is normally located under /var/www/htdocs/username.

Use the server hostname rather than the domain name when DNS Domain Name System: the service that connects domain names to servers and other Internet services. changes are still propagating or the domain is not active yet.

Upload website files into public/. If your client opens in the home directory, enter public/ before transferring files.

Alternative methods include shell access, rsync and the Virtualmin A web-based hosting control panel used to manage domains, files, mailboxes, databases and related settings. file manager.

Why do I get FTP error 530 or too many simultaneous connections?

This usually means the server refuses extra simultaneous connections from the same client.

Common causes:

  • too many parallel transfers
  • old sessions not closed properly
  • repeated reconnect attempts
  • blocked passive data sessions

Reduce the maximum number of simultaneous connections in the client settings. A value of 2 or 3 is usually enough.

If the problem persists, disconnect fully, wait a few seconds and reconnect. Restarting the client can also clear hanging sessions.

For errors such as 425 unable to build data connection, check passive mode, firewall settings and blocked sessions.

Whenever possible, use Secure File Transfer Protocol: encrypted file transfer over SSH.. It avoids many classic FTP session issues.

How can I send website form data by email?

The historical shared CGI Common Gateway Interface: classic way to run server-side scripts for web forms. FormMail service is no longer recommended.

Forms should usually be handled by the website application itself, for example through:

  • PHP Server-side scripting language widely used by WordPress and web applications. form handlers
  • WordPress Content management system for websites and publishing. form plugins
  • authenticated SMTP Simple Mail Transfer Protocol: the protocol used to send mail. submission The SMTP service used by mail clients to send outgoing mail, usually on port 587 with authentication.

Authenticated SMTP with a proper sender address improves delivery and reduces abuse risks. It also works better with SPF Sender Policy Framework: DNS rule that lists which servers may send mail for a domain. , DKIM A mail signature system that helps receiving mail servers verify that a message was really sent by an authorised domain. and DMARC A mail policy that tells receivers how to handle messages that fail SPF or DKIM checks. .

Custom form processing remains possible with shell access and standard scripting environments.

Where are sendmail and Perl Perl is a dynamic programming language created by Larry Wall and first released in 1987. Structurally, Perl is based on the brace-delimited block style of AWK and C, and was widely adopted for its strengths in string… located?

Some legacy scripts still need explicit system paths.

Typical paths:

  • sendmail: /usr/sbin/sendmail
  • Perl: /usr/bin/perl

A typical Perl script header is:

#!/usr/bin/perl

/usr/sbin/sendmail points to the local mail transport agent, usually through Postfix Mail server software used to send and route email. compatibility. Some older software may also refer to /usr/lib/sendmail.

Modern applications usually use native mail libraries or authenticated Simple Mail Transfer Protocol: protocol used to send email. instead of direct sendmail calls.

How do I set file permissions correctly?

Permissions define who can read, write or execute files. They can be changed through SFTP/FTP, shell access with chmod, or the Web hosting control panel for domains, files, mailboxes, databases and settings. file manager.

Typical values:

  • ordinary files: 644
  • directories: 755
  • executable Common Gateway Interface: classic way to run server-side scripts for web forms. or shell scripts: 755
  • sensitive configuration files: often 600

Use the minimum permissions required. Avoid 777, because it gives write access to everyone and creates serious security risks.

Do not manually change system directory permissions such as cgi-bin/ unless there is a specific technical reason.

How do I configure Apache using .htaccess files?

A .htaccess file applies Apache Web server software used to publish websites and apply .htaccess rules. directives inside a website directory.

Typical uses:

  • redirects and URL rewriting
  • forcing HTTPS Encryption protocols used to protect web, mail and other Internet connections.
  • directory protection
  • MIME type adjustments
  • custom index behaviour

Place the file in public/ or in a subdirectory. Rules apply from that directory downward.

On current all2all hosting environments, .htaccess support is normally enabled by default.

If Apache returns 500 Internal Server Error after a change, rename the file temporarily or undo the last directive. Invalid syntax is the most common cause. Also check the Apache error log, because it often contains the precise directive, path or syntax error that caused the failure.

More examples are available in the documentation section. Contact support if you need a specific rule and are unsure whether it is allowed.

How do I set up password protection with Apache?

Web server software used to publish websites and apply .htaccess rules. authentication can protect a directory with a username and password.

It usually requires:

  • a .htaccess file in the protected directory
  • a password file with authorised users

Web hosting control panel for domains, files, mailboxes, databases and settings. also provides an interface for protected directories. It can create realms, define paths and manage authorised users without editing files manually.

Use Apache authentication for temporary private areas, staging pages, restricted downloads or internal documents.

For modern websites with user accounts, application-level authentication is often better, for example Content management system for websites and publishing. users, PHP login systems or framework authentication modules.

How do I access and read website statistics?

Website statistics are available through Web hosting control panel for domains, files, mailboxes, databases and settings.. Depending on the hosting setup, Webalizer The Webalizer is a GPL application that generates web pages of analysis, from access and usage logs, i.e., a web log analysis software. It is one of the most commonly used web server administration tools. It was… and AWStats may be available.

In many cases statistics can also be reached at:

  • https://your-domain.example/stats/

Authentication may be required.

Webalizer gives a compact overview. AWStats usually provides more detail, including user agents, robots, downloads and monthly comparisons.

Useful indicators:

  • Visits: visit sessions
  • Pages: actual page views
  • Hits: all file requests, including images and scripts
  • Bandwidth: transferred data volume

Hits are often much higher than visits because each page loads images, CSS, JavaScript and fonts. Visits and pages usually better represent real audience activity.

How do I activate version control Revision control, also known as version control and source control (and an aspect of software configuration management), is the management of changes to documents, computer programs, large web sites, and other… and shell access?

Current hosting accounts include shell access by default. This allows SSH Secure Shell: encrypted remote shell access and secure tunnelling. , SFTP, SCP and command-line maintenance.

For version-controlled deployments, Git In software development, Git (/ɡɪt/) is a distributed revision control and source code management system with an emphasis on speed. Git was initially designed and developed by Linus Torvalds for Linux kernel… is the usual choice. Subversion Subversion is a revision control system which allows computer software and other electronic works to be developed in an incremental and controlled fashion. Subversion is a collaborative tool that allows different… (SVN) can still be used when required for existing workflows.

Shell access is useful for:

  • direct file management
  • script execution
  • log inspection
  • repository checkout
  • command-line maintenance

Use dedicated users for separate tasks when useful, for example deployment, application or maintenance users. This improves traceability and limits accidental changes.

For repository support or server-side integration, contact support with the domain name, preferred tool and expected workflow.

Can you help when my website is hacked?

Yes, but it is important to distinguish server responsibility from website responsibility. all2all manages the hosting platform, operating system, mail and server infrastructure. The website, CMS A Content Management System (CMS) is a software system for organizing and facilitating collaborative creation of documents and publishing websites. A web content management system is often used to manage and control a… , plugins, themes and web applications installed by the user remain the responsibility of the site owner or webmaster.

Most shared hosting providers simply suspend compromised sites when they send spam Sending e-mail to a large number of recipients, without their preceding acknowledgement, is called Spam. Generally this is commercial e-mail, but can also be fraudulent messages. , host malware, redirect visitors or overload the server. At all2all we usually try to do more: we protect the infrastructure first, then help the responsible person understand what happened and what options exist.

The usual workflow is:

  1. detection of spam, phishing, malware, suspicious files, redirects, high load or abuse reports
  2. protective mode for the site when needed, for example disabling vulnerable scripts or limiting web access
  3. contact with the responsible webmaster or site owner
  4. escalation to the website contact address, then the account contact, and finally historical contact addresses if needed
  5. remediation by the client, by their webmaster, by a third-party specialist, or by all2all if availability allows

The client may clean the site independently. If they need help, we can suggest a webmaster or, when we have availability, make an estimate for direct intervention by all2all. A typical compromised Content management system for websites and publishing. cleanup often takes around 2 to 3 hours at EUR 60/hour, depending on the state of the site, plugins, backups and logs.

For indicative hourly rates, see the technical service rates.

For technical first steps, see also: My WordPress site seems hacked or redirects: what should I do?

When useful, we can also create a forensic archive snapshot and make a first assessment. This may include suspicious files, relevant logs, IP addresses involved in the attack, timestamps, redirects, cron Unix scheduler for recurring commands and maintenance tasks. jobs or injected code. Such a report can help if the incident must be documented internally, sent to insurance, or reported to public authorities.

You normally do not need to file a formal report for a minor website defacement or a test site compromise without personal data, fraud, extortion or wider impact. A report becomes important when personal data may have been accessed or altered, when there is financial fraud, identity theft, extortion, phishing against third parties, or a legal obligation to notify a data breach. In Belgium, personal data breaches may need to be notified to the Data Protection Authority within 72 hours. Cybersecurity incidents can also be reported through Safeonweb/CCB, and criminal offences should be reported to the police.

My WordPress site seems hacked or redirects: what should I do?

Contact support first: .

Avoid overwriting evidence before the situation is understood. Do not reinstall blindly, delete suspicious files or restore a backup before making a minimal assessment. We can help make a forensic assessment and create an archive snapshot of the affected site. This can be useful if you later need to document the incident for insurance, an internal report or public authorities.

Common signs are unexpected redirects, unknown administrator users, modified .htaccess rules, strange Server-side scripting language widely used by WordPress and web applications. files, suspicious cron jobs or old plugins calling external scripts.

Recommended first steps:

  • contact support with the domain name and a short description of the symptoms
  • keep the current state available until a snapshot has been made
  • change Content management system for websites and publishing. administrator passwords after the snapshot or when advised
  • clean up the compromised site, then update WordPress core, themes and plugins once evidence has been preserved
  • remove unused plugins and themes
  • check .htaccess, wp-config.php and recently modified PHP files
  • restore from a clean backup if needed

You normally do not need to report a simple defacement or test-site compromise if there is no personal data, no financial fraud, no identity theft and no wider impact. Still document what happened and which steps were taken.

Reporting may be necessary when personal data may have been accessed, copied or altered. In Belgium, data breaches may need to be notified to the Data Protection Authority within 72 hours. See https://www.dataprotectionauthority.be/.

If there is fraud, extortion, identity theft, financial loss or a criminal threat, report it to the police. Belgian organisations can also report cybersecurity incidents to the Centre for Cybersecurity Belgium via https://notif.safeonweb.be/. Suspicious phishing messages can be forwarded to verdacht@safeonweb.be.

If the site sends spam, hosts malware or redirects visitors, we may temporarily disable affected scripts to protect the server and other users while the incident is handled.

Why does my Let’s Encrypt certificate not renew?

Certificate renewal needs the domain to point to the correct server and the HTTP Hypertext Transfer Protocol (HTTP) is a method used to transfer or convey information on the World Wide Web. Its original purpose was to provide a way to publish and retrieve HTML pages. HTTP is a request/response… validation path to be reachable.

Frequent causes are:

  • DNS Domain Name System: connects names such as example.org to servers and Internet services. still pointing to another server
  • redirects blocking /.well-known/acme-challenge/
  • restrictive .htaccess rules
  • missing virtual host aliases, for example www
  • one or more alias domains included in the certificate are no longer active or are not pointing to the server anymore
  • wrong file permissions
  • an old Apache or Web hosting control panel for domains, files, mailboxes, databases and settings. configuration

This is especially important when one website has several domain names or alias domains. Check that every DNS name included in the certificate is still active, renewed and resolving to the hosting server. One out-of-order name can prevent the whole Let's Encrypt Certificate authority providing automated TLS certificates for HTTPS. certificate renewal process, even if the main domain itself is correct.

If an alias domain should remain active, renew the domain name and correct its DNS, or exclude that alias from the Let’s Encrypt configuration in Virtualmin Web hosting control panel for domains, files, mailboxes, databases and settings. . If the alias is no longer needed, delete the alias domain via Virtualmin; this also removes it from future certificate requests.

If renewal still fails, contact support with the domain name and the exact certificate error. We can check Web server software used to publish websites and apply .htaccess rules., Virtualmin and the ACME Automatic Certificate Management Environment. A protocol used by Let's Encrypt and similar services to issue and renew TLS certificates automatically. validation path.

My site stopped working after migration: what should I check?

Migration issues usually come from DNS Domain Name System: connects names such as example.org to servers and Internet services. , database settings, PHP version differences or paths that still refer to the old hosting.

Check first:

  • DNS points to the intended all2all server
  • website files are inside public/
  • database name, username, password and hostname are correct
  • Content management system for websites and publishing. wp-config.php points to the new database, with the correct database name, username, password and host, rather than to the old database
  • old absolute paths or hardcoded URLs were updated
  • Server-side scripting language widely used by WordPress and web applications. version is compatible with the application
  • .htaccess does not contain old redirects or rewrite rules

During migration, keep temporary access available, for example through yoursite.all2all.org, until pages, forms, media and login areas have been tested.

Why is my hosting space full?

Hosting space is often filled by local backups, cache directories, logs, uploaded media, old archives or duplicated migration copies.

Check the largest directories through shell access, SFTP or Web hosting control panel for domains, files, mailboxes, databases and settings.. WordPress backup plugins are a common cause when they store repeated full backups inside the same hosting account.

Remove obsolete archives and rotate backups outside the hosting space when possible. If the project genuinely needs more storage, contact support so the plan or quota Storage limit for a mailbox or hosting account. can be reviewed.

Order