≡ Menu


Slowloris DoS Tool: It Can Bring Down Apache 1.x/2.x

Web server that use threaded processes such as Apache and others can be targeted using interesting HTTP DoS tool that has been released in wild. Tool can eat up all resources while it holds the connection open to server and keep sending incomplete HTTP requests. End result Apache run out of memory and comes under DoS attack.
[click to continue…]

Find Out What Is Happening With Open Source Software Project

Nice idea.

Michael Ogawa has created some stunning visualizations for open source software projects such as Apache, Python, Eclipse IDE, and Postgres. From the project home page:

This visualization, called code_swarm, shows the history of commits in a software project. A commit happens when a developer makes changes to the code or documents and transfers them into the central project repository. Both developers and files are represented as moving elements. When a developer commits a file, it lights up and flies towards that developer. Files are colored according to their purpose, such as whether they are source code or a document. If files or developers have not been active for a while, they will fade away. A histogram at the bottom keeps a reminder of what has come before.

  • Code Swarm - An experiment in organic software visualization. (via Digg)

Linux: Install Django Open Source Framework

Django is a high-level Python Web framework (open source framework) that encourages rapid development and clean, pragmatic design. Django is awesome programming framework. Red hat magazine has published excellent tutorial:

In today's world, web development is all about turnaround. Businesses want to maximize production outcome while minimizing development and production time. Small, lean development teams are increasingly becoming the normal large development departments. Enter Django: a popular Python web framework that invokes the RWAD (rapid web application development) and DRY (don't repeat yourself) principles with clean, pragmatic design.

This article is not about teaching you how to program in Python, nor how to use the Django framework. It's about showing how to promote your Django applications onto an existing Apache or Lighttpd environment.

=> Installing/Configuring/Caching Django on your Linux server

Lighttpd Install and Configure AwStats Software Log Analyzer

AWStats is a free powerful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.

You can easily configure awstats under Lighttpd web server.
[click to continue…]

mod_compress: Lighttpd Gzip Compression To Improve Download and Browsing Speed

Gzip is the most popular and effective compression method. Most modern web browser supports and accepts compressed data transfer. By gziping response time can reduced by 60-70% as compare to normal web page. The end result is faster web site experience for both dial up (they're not dead yet - I've dial up account for backup purpose) and broadband user. I've already written about speeding up Apache 2.x web access or downloads with mod_deflate.

mod_compress for Lighttpd 1.4.xx

Lighttpd 1.4.xx supports gzip compression using mod_compress. This module can reduces the network load and can improve the overall throughput of the webserver. All major http-clients support compression by announcing it in the Accept-Encoding header as follows:

Accept-Encoding: gzip, deflate

If lighttpd sees this header in the request, it can compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding header in the response:

Content-Encoding: gzip

This is used to negotiate the most suitable compression method. Lighttpd support deflate, gzip and bzip2.

Configure mod_compress

Open your lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append mod_compress to server.modules directive:
server.modules += ( "mod_compress" )
Setup compress.cache-dir to stored all cached file:
compress.cache-dir = "/tmp/lighttpdcompress/"
Finally, define mimetypes to get compressed. Following will allow to compress javascript, plain text files, css file,xml file etc:

compress.filetype           = ("text/plain","text/css", "text/xml", "text/javascript" )

Save and close the file. Create /tmp/lighttpdcompress/ file:
# mkdir -p /tmp/lighttpdcompress/
# chown lighttpd:lighttpd /tmp/lighttpdcompress/

Restart lighttpd:
# /etc/init.d/lighttpd restart

How do I enable mod_compress per virtual host?

Use conditional $HTTP host directive, for example turn on compression for theos.in:

$HTTP["host"] =~ "theos\.in" {
  compress.cache-dir = "/var/www/cache/theos.in/"

PHP dynamic compression

Open php.in file:
# vi /etc/php.ini
To compress dynamic content with PHP please enable following two directives:
zlib.output_compression = On
zlib.output_handler = On

Save and close the file. Restart lighttpd:
# service lighttpd restart

Cleaning cache directory

You need to run a shell script for cleaning out cache directory.

See also:

phpMyVisites is a free and powerful open source (GNU/GPL) software for websites statistics and audience measurements software. I’m currently using this software and it totally rocks. This software gives out lots of information on websites visitors, visited pages, software/hardware utilization. The installation is entirely automated and very simple. I'm currently using the same software here. This software is much better than old AWstats package. Web analytics is the study of the behaviour of website visitors. In a commercial context, web analytics especially refers to the use of data collected from a web site to determine which aspects of the website work towards the business objectives; for example, which landing pages encourage people to make a purchase.

From the project home page:

phpMyVisites is web statistics software. It is also often called web analytics. phpMyVisites is open source and free. You can download it, install it on your webserver, and get your first statistics after 2 minutes! Then all these numbers may be very useful to improve your website results. If you understand how your visitors behave, if you try to analyse your audience and extract information from the web analytics reports, you can definitely boost your website!

Software features

  • A clean and user-friendly interface to present data and to aid in data analysis.
  • Clear and concise graphics presenting important information in an easy-to-understand format.
  • Free: phpMyVisites is completely free.
  • Precise visitor statistics over a period of time (day/week/month/year).
  • Visitor Frequency: new visitors, regular (known) visitors, and how often visitors view the web site.
  • Management of web site statistics and all file types (PDF, Image, etc.).
  • Web site page classification available (by groups, by subgroups, etc.).
  • Visitor Analysis: Statistics for pages where visitors leave the web site and for pages where the visitors enter the web site.
  • Geographical Statistics: Classification by continent/country (interactive world map).
  • Technical Configuration Statistics: Web browsers, resolution, managed plug-in, etc.).
  • Complete and clear statistics about web site discovery: How do visitors come to the web site?
  • Live Clearly Defined Web Site Discovery Tools: Search Engines, Web Sites, Partner Sites, Newsletters and Direct Access
  • Able to detect more than 300 internationally-used search engines and keyword associations.
  • Define web sites as partners and add an unlimited number of newsletters.
  • One software installation and track all your website
  • Receive web site statistics everyday by e-mail, by RSS feed, etc.
  • And much more..

phpMyVisites free and open source websites statistics and analytics software

phpMyVisites free and open source websites statistics and analytics software
You can see sample reports and screenshots here

Download phpMyVisites

You need a webserver such as Apache, Lighttpd, IIS, etc.) that supports the following :

  1. php > 4.3
  2. Mysql database
  3. GD Library
  4. TTF support (Freetype) etc

=> Visit official site to download phpMyVisites software.

Security breach: Facebook index.php source code leaked

Facebook is one of the famous web 2.0 portal, its php source code was leaked on the Internet. This blog post has posted index.php home page source code. According to facebook:

Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way.

However a misconfigured webserver can easily give out php file to all end users.