PHP.INI settings: Disable exec, shell_exec, system, popen and Other Functions To Improve Security

Posted on in Categories , , , last updated July 18, 2015

I run a small Apache based web-server for my personal use, and it is shared with friends and family. However, most script kiddie try to exploit php application such as WordPress using exec(), passthru(), shell_exec(), system() functions. How do I disable these functions to improve my php script security?

How To Secure Apache Proxy Server (mod_proxy)

Posted on in Categories , , , , , , , , , last updated May 31, 2008

I’ve proxy (mod_proxy) enabled for Apache under Debian Linux 4.0 server. I’d like to use this to improve performance, but I don’t want an open proxy that can be used by anyone on the Internet? How do I secure my proxy as limiting access is essential as I’m using a forward proxy?

How to: Measure the Lateceny and Throughput of Apache / Lighttpd / IIS Webserver

Posted on in Categories , , , , , , , , last updated November 21, 2007

Q. I can measure network throughput and packet loss using standard UNIX / Linux command line utilities. How do I find out the lateceny and throughput of a web server like Apache under Linux?

A. You need to use the program called httping. It allows you to measure the latency of a webserver and the throughput.

Task: Ping the webserver on host www.cyberciti.biz

Use the following command for measuring the latency. Press CTRL+c to exit the program. It will display a summary of what was measured.
$ httping -g http://www.cyberciti.biz
Output:

PING www.cyberciti.biz:80 (http://www.cyberciti.biz):
connected to www.cyberciti.biz:80, seq=0 time=981.08 ms 
connected to www.cyberciti.biz:80, seq=1 time=709.92 ms 
connected to www.cyberciti.biz:80, seq=2 time=1072.02 ms 
connected to www.cyberciti.biz:80, seq=3 time=903.81 ms 
connected to www.cyberciti.biz:80, seq=4 time=607.84 ms 
connected to www.cyberciti.biz:80, seq=5 time=660.01 ms 
connected to www.cyberciti.biz:80, seq=6 time=730.12 ms 
connected to www.cyberciti.biz:80, seq=7 time=781.49 ms 

The -g url option use selects the url to probe / ping. You can also specify the port with -p port option:
$ httping -g http://www.cyberciti.biz -p 81
You can also connect using SSL, for this to work you need to give a https url or a 443 portnumber:
$ httping -l -g https://www.cyberciti.biz
OR
$ httping -g http://www.cyberciti.biz -p 443

Task: Measure throughput of a webserver

The -G option force GET request instead of a HEAD request – this means that also the complete page/file must be transferred. You also need to pass the -b option with -G option to get the transferspeed (in KB/s).
$ httping -Gbg http://www.cyberciti.biz/
Output:

PING www.cyberciti.biz:80 (http://www.cyberciti.biz/):
connected to www.cyberciti.biz:80, seq=0 time=1738.39 ms  22KB/s
connected to www.cyberciti.biz:80, seq=1 time=1650.19 ms  20KB/s
connected to www.cyberciti.biz:80, seq=2 time=1759.65 ms  17KB/s
connected to www.cyberciti.biz:80, seq=3 time=1589.98 ms  21KB/s
connected to www.cyberciti.biz:80, seq=4 time=3709.87 ms  6KB/s
connected to www.cyberciti.biz:80, seq=5 time=3329.69 ms  7KB/s
....
.....
--- http://www.cyberciti.biz/ ping statistics ---
53 connects, 53 ok, 0.00% failed
round-trip min/avg/max = 1451.9/2013.6/11656.0 ms
Transfer speed: min/avg/max = 6/19/24 KB

Please note above in above command you’re no longer measuring the latency!

You can also pass -X option with -G to show the amount of data transferred (excluding the headers):
$ httping -XGbg http://www.cyberciti.biz/
Output:

PING www.cyberciti.biz:80 (http://www.cyberciti.biz/):
connected to www.cyberciti.biz:80, seq=0 time=1576.11 ms  22KB/s 19KB
connected to www.cyberciti.biz:80, seq=1 time=2620.26 ms  9KB/s 19KB
connected to www.cyberciti.biz:80, seq=2 time=1507.69 ms  23KB/s 19KB
connected to www.cyberciti.biz:80, seq=3 time=1522.08 ms  24KB/s 19KB
connected to www.cyberciti.biz:80, seq=4 time=1533.68 ms  23KB/s 19KB
connected to www.cyberciti.biz:80, seq=5 time=1581.92 ms  21KB/s 19KB
connected to www.cyberciti.biz:80, seq=6 time=1512.06 ms  24KB/s 19KB
--- http://www.cyberciti.biz/ ping statistics ---
7 connects, 7 ok, 0.00% failed
round-trip min/avg/max = 1507.7/1693.4/2620.3 ms
Transfer speed: min/avg/max = 9/21/24 KB

Test remote server CPU

The -B option along with -G option ask the HTTP server to compress the returned data – this will reduce the influence of the bandwidth of your connection while increasing the influence of the processorpower of the HTTP server.
$ httping -BGg http://www.cyberciti.biz/

Flood Webserver

The -f option used to flood ping i.e. do not sit idle between each ping but ping as fast as the computer and network allow you to (don’t run this on production or 3rd party servers):
$ httping -fg http://www.cyberciti.biz/

FTP site at osuosl to download Linux ISO / Software

Posted on in Categories , last updated July 9, 2007

Q. Can you give me FTP site address at osuosl, so that I can download Linux ISO and other software?

A. The Open Source Lab (osuosl) facilitates open source communities and the development and distribution of Open Source Software (OSS). They provide hosting projects and developing software via their web site. The Open Source Lab is a group at Oregon State University dedicated to supporting and developing Open Source software. A wide range of projects are hosted at the lab including Gentoo, Mozilla, Debian, Freenode etc.

osuosl FTP site

Visit ftp site to download Ubuntu, Apache, Slackware, Gentoo, and other OSS software.

Apache Address already in use: make_sock: could not bind to port 80 or 443 error and solution

Posted on in Categories , , , , , , , last updated September 26, 2007

Q. How do I fix an error, while restarting Apache ~ Address already in use: make_sock: could not bind to port 80?

A. If you are running SELinux disable temporary for port 80.

Apache Address already in use: make_sock: could not bind to port 80 error and solution

First make sure port 80/443 is not used by any other service or application with netstat command:

# netstat -tulpn| grep :80

If port 80 is bind to httpd, kill all process:
# killall -9 httpd

Now start the httpd:
# /etc/init.d/httpd start

Also make sure you are root while starting the httpd.