php

You can now easily determine if your ISP throttling and shaping Bittorrent traffi with simple online tool.

From the project web page:

Certain ISPs have been shown to rate limit or block BitTorrent traffic sent by their customers. While there are multiple reports of this on the web, only a few ISPs have admitted that they manipulate BitTorrent traffic. And, to date, it is hard for users without networking expertise to gain evidence about the behavior of their ISP.

This test suite creates a BitTorrent-like transfer between your machine and our server, and determines whether or not your ISP is limiting such traffic. This is a first step towards making traffic manipulation by ISPs more transparent to their customers.

=> Glasnost: Test if your ISP is manipulating BitTorrent traffic

You can also load this tool on your own server or laptop computer running Apache and PHP 4.3 or above:
$ cd /var/www/
$ sudo apt-get install libpcap0.8 libpcap0.8-dev
$ wget http://broadband.mpi-sws.mpg.de/transparency/glasnost-1.1.tgz
$ tar -zxvf glasnost-1.1.tgz
$ cd glasnost
$ make
$ su -c "chmod a+s bt_client"
$ mkdir logs
$ chmod 0777 logs

Fire a web browser and type http://localhost/glasnost/selftest.php or http://your-domain.com/glasnost/selftest.php

Updated for accuracy!

Gzip is the most popular and effective compression method. Most modern web browser supports and accepts compressed data transfer. By gziping response time can reduced by 60-70% as compare to normal web page. The end result is faster web site experience for both dial up (they’re not dead yet – I’ve dial up account for backup purpose) and broadband user. I’ve already written about speeding up Apache 2.x web access or downloads with mod_deflate.

mod_compress for Lighttpd 1.4.xx

Lighttpd 1.4.xx supports gzip compression using mod_compress. This module can reduces the network load and can improve the overall throughput of the webserver. All major http-clients support compression by announcing it in the Accept-Encoding header as follows:

Accept-Encoding: gzip, deflate

If lighttpd sees this header in the request, it can compress the response using one of the methods listed by the client. The web server notifies the web client of this via the Content-Encoding header in the response:

Content-Encoding: gzip

This is used to negotiate the most suitable compression method. Lighttpd support deflate, gzip and bzip2.

Configure mod_compress

Open your lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append mod_compress to server.modules directive:
server.modules += ( "mod_compress" )
Setup compress.cache-dir to stored all cached file:
compress.cache-dir = "/tmp/lighttpdcompress/"
Finally, define mimetypes to get compressed. Following will allow to compress javascript, plain text files, css file,xml file etc:

compress.filetype           = ("text/plain","text/css", "text/xml", "text/javascript" )

Save and close the file. Create /tmp/lighttpdcompress/ file:
# mkdir -p /tmp/lighttpdcompress/
# chown lighttpd:lighttpd /tmp/lighttpdcompress/

Restart lighttpd:
# /etc/init.d/lighttpd restart

How do I enable mod_compress per virtual host?

Use conditional $HTTP host directive, for example turn on compression for theos.in:

$HTTP["host"] =~ "theos\.in" {
  compress.cache-dir = "/var/www/cache/theos.in/"
}

PHP dynamic compression

Open php.in file:
# vi /etc/php.ini
To compress dynamic content with PHP please enable following two directives:
zlib.output_compression = On
zlib.output_handler = On

Save and close the file. Restart lighttpd:
# service lighttpd restart

Cleaning cache directory

You need to run a shell script for cleaning out cache directory.

See also:

I’ve already written about merging two feeds using MagpieRSS and FeedCreator php classes. However, I wasn’t aware of XQuery query language that is designed to query collections of XML data. It seems similar to SQL. You can use XQuery to speed your merging and filtering of RSS / atom information (feed) easily. In this tutorial:

You will learn the basics of XQuery processing of RSS and Atom feeds to turn a single feed into an HTML document. Then you produced a more complete solution for outputting the information in a format that suits your needs, including sorting, merging multiple feeds and even handling different feed and source information types. XQuery makes it much easier to merge and filter information from XML documents when you embed the filtering instructions right into the document that you use to generate the output format. You can use that functionality to aggregate information from RSS and Atom feeds into the format you need. In this article, look at the structure of the RSS and Atom formats and how XQuery can simplify the display of that information.

=> Aggregate RSS and Atom information using XQuery

Coverity is a company that creates tools for software development. Its premiere product is Prevent, a static-analysis code inspection tool. Coverity offers the results of Prevent’s analysis for free to open source developers.

From the project home page:

In collaboration with Stanford University, Coverity is establishing a new baseline for software quality and security in open source. Under a contract with the Department of Homeland Security, we apply the latest innovations in automated defect detection to uncover some of the most critical types of bugs found in software.

So the most notable use of Prevent is under a U.S. Department of Homeland Security contract, in which it is used to examine over 150 open source applications for bugs. Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects.

For example, over 75% of the defects Scan identified in Samba were fixed within two reviews of the Scan analysis.

(Fig. 01: Samba Project Code Scan Result)

=> More information about project and bugs (including charts) available at offical web site.

A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that’s being used in the review.

This project is really helping out to improve overall open source software quality.

phpBB final version 3 has been released and available for download. phpBB is a popular Internet forum package written in the PHP programming language.

New Features in phpBB3

* Modular design for the Admin Control Panel, Moderator Control Panel, and User Control Panel.
* Support for multiple database management systems, including MySQL, Microsoft SQL Server, Oracle, PostgreSQL, SQLite, and Firebird.
* Support for unlimited levels of subforums.
* Ability to create custom-defined BBCode.
* Ability to create custom profile fields.
* Greatly expanded permissions system.

From the announcement email:

The project has changed considerably since work on its second major release began. With a raft of new features requested by users and new ideas introduced by its developers, phpBB3 is more able than ever to support the new “social networking” trend. Security too has been a top priority with particular attention paid to reduce or eliminate the problems of the past. Indeed unusually for a project of this nature an independent security audit was performed to better ensure a safer future for its users.

So with great pride phpBB wishes to thank all of its developers, designers, team members and of course its community – please enjoy phpBB3.

Download phpBB version 3

=> Visit official web site to download phpBB stable version 3 (2.15 MiB)

This blog post provides good information about password hashing. The main point of this article is to use strong encryption and make attackers life hard. So if someone gains access to database, attacker could figure out your password using a brute force or rainbow tables.

Recently I wrote about installing and running Xcache under Red hat enterprise Linux and CentOS Linux. By default Xcache use /dev/zero for caching. All you have to do is create /dev/zero in chrooted jail. Type the following command (assuming that your jail is located at /lighttpd.jail directory):
# mkdir -p /lighttpd.jail/dev
# mknod -m 666 /lighttpd.jail/dev/zero c 1 5

Just restart your web server and xcache should work under chrooted lighttpd web server.

Many people asked me to write about setting up Lighttpd under CentOS or RHEL 5 Linux using chroot() call. The instructions are almost same but you need to make little modification as compare to Debian / Ubuntu Linux instructions.

For example purpose we will build jail at /webroot location.
=> Default document root : /home/lighttpd/default/
=> Port : 80
=> IP: Your Public IP address
=> Virtual domain1: /home/lighttpd/vdomain1.com/
=> Virtual domain1 access log file: /var/log/lighttpd/vomain1.com/
=> Default access log file:/var/log/lighttpd/access.log
=> Default error log file:/var/log/lighttpd/error.log
=> Default php error log file: /var/log/lighttpd/php.log

Assumptions

These installation instructions assume you have:

  • Linux distribution
  • Required RPMs (see below for installation instructions)
    • php, php-pear, php-common, php-pdo, php-ldap, php-gd, php-cli, php-mysql
    • mysql, mysql-server etc
    • lighttpd, lighttpd-fastcgi (rpm available here)
  • Installations were tested on Red Hat Enterprise Linux v4/5 or CentOS v4/5 or Fedora Linux 7

Step # 1: Install required packages

Install php and related packages:
# yum install php php-pear php-common php-pdo php-ldap php-gd php-cli php-mysql
Install mysql and related packages:
# yum install mysql mysql-server
Install lighttpd and mod_fastcgi for lighttpd:
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-1.4.18-1.el5.rf.i386.rpm
# rpm -ivh http://dag.wieers.com/rpm/packages/lighttpd/lighttpd-fastcgi-1.4.18-1.el5.rf.i386.rpm

Step # 2: Create /webroot and related directories

# mkdir /webroot
# cd /webroot
# mkdir etc
# mkdir tmp
# chmod 1777 tmp/
# mkdir -p usr/bin
# mkdir -p home/lighttpd/default
# mkdir -p var/run/lighttpd
# mkdir -p var/log/lighttpd
# chown lighttpd:lighttpd var/run/lighttpd/
# chown lighttpd:lighttpd var/log/lighttpd/
# chown -R lighttpd:lighttpd home/

Step # 3: Install chroot script

You need to download and install my script that will help you to build lighttpd in jail:
# cd /sbin/
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# mv l2chroot.txt l2chroot
# chmod +x l2chroot

Step # 4: Install php in jail

Now copy php-cgi binary and related shared libraries using l2chroot script:
# cd /webroot/usr/bin
# cp /usr/bin/php-cgi .
# l2chroot php-cgi

Step # 5: Copy required files to /etc

Now you must copy php.ini and related all files to /etc/
# cd /webroot/etc
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/nsswitch.conf .
# cp /etc/resolv.conf .
# cp /etc/php.ini .
# cp -avr /etc/php.d/ .
# cp -avr /etc/ld* .

Update (Oct-1-2008, 1:52pm) : You need to copy entire /etc/ and /usr/share/zoneinfo files to work with latest php version:
# cd /webroot/etc
# /bin/cp -avr /etc/* .

Copy all files from /usr/share/zoneinfo/:
# mkdir -p /webroot/usr/share/
# cd /webroot/usr/share/
# cp -avr /usr/share/zoneinfo/ .

Open group and passwd file and only keep entries for root and lighttpd user:
# vi /webroot/etc/group
Make sure file look as follows:
root:x:0:root
lighttpd:x:101:

Also open passwd file inside jail:
# vi /webroot/etc/passwd
Make sure file look as follows:
root:x:0:0:root:/root:/bin/bash
lighttpd:x:100:101:lighttpd web server:/srv/www/lighttpd:/sbin/nologin

Step # 5: Copy php modules

Now copy php mysql support, php gd and other all modules:
# cd /webroot/usr/lib/
# cp -avr /usr/lib/php/ .
# cd php/modules
# for l in *.so; do l2chroot $l; done

Step # 6: Configure lighttpd chroot call

Open /etc/lighttpd/lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Setup default document root and chroot directory:
server.document-root = "/home/lighttpd/default/"
server.chroot="/webroot"

Save and close the file.

Step # 7: Restart lighttpd

Type the following command:
# /etc/init.d/lighttpd restart

Jail size

# du -ch /webroot/
Output:

12K     /webroot/var/log/lighttpd
16K     /webroot/var/log
4.0K    /webroot/var/run/lighttpd
8.0K    /webroot/var/run
28K     /webroot/var
8.0K    /webroot/etc/ld.so.conf.d
36K     /webroot/etc/php.d
160K    /webroot/etc
8.0K    /webroot/home/lighttpd/default
12K     /webroot/home/lighttpd
16K     /webroot/home
5.3M    /webroot/lib
4.0K    /webroot/tmp
872K    /webroot/usr/lib/sse2
1.4M    /webroot/usr/lib/mysql
676K    /webroot/usr/lib/php/modules
4.0K    /webroot/usr/lib/php/pear
684K    /webroot/usr/lib/php
9.9M    /webroot/usr/lib
2.9M    /webroot/usr/bin
13M     /webroot/usr
19M     /webroot/
19M     total

Troubleshooting

Always go thought /var/log/messages and server log files:
# tail -f /var/log/messages

Download mysql testing script

Copy and test php mysql connectivity with this script.

Recently I’ve noticed that Redhat removed support for following php pear packages:

a) NET/SMTP : An implementation of the SMTP protocol

b) Mail : Class that provides multiple interfaces for sending emails

c) Net/Socke : Network Socket Interface

The simplest solution is downloading and installs these files from php pear repo.

Step # 1: Download files

Use wget command to download all files:
# cd /tmp
# wget http://download.pear.php.net/package/Mail-1.1.14.tgz
# wget http://download.pear.php.net/package/Net_SMTP-1.2.10.tgz
# http://download.pear.php.net/package/Net_Socket-1.0.8.tgz

Untar all files:
# tar -zxvf Mail-1.1.14.tgz
# tar -zxvf Net_SMTP-1.2.10.tgz
# tar -zxvf Net_Socket-1.0.8.tgz

Step # 2: Install files

Simply copy file to your webroot such as /www/usr/share/pear or standard location such as /usr/share/pear:
# cd /usr/share/pear
# mkdir Net
# cd Net
# cp /tmp/Net_SMTP-1.2.10/SMTP.php .
# cp /tmp/Net_Socket-1.0.8/Socket.php .
# cd ..
# cp -avr /tmp/Mail-1.1.14/Mail/ .
# cp -avr /tmp/Mail-1.1.14/Mail.php .

Step # 3: Test SMTP email

Now you have required files, all you have to do is send email using authenticated smtp server.

FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs. I’m very big fan of FastCGI. Almost all my Apache / Lighttpd servers are powered by php FastCGI.

Today Microsoft announced the official release of their FastCGI extension for IIS server version 5.1 and 6.0. New FastCGI module should improves the performance and reliability of PHP on Windows operating system.

Since early 2006, Microsoft and Zend have been working together on a technical collaboration with the PHP community to significantly enhance the reliability and performance of PHP on Windows Server 2003 and Windows Server 2008. As part of this collaboration, the IIS product group has been working on a new component for IIS6 and IIS7 called FastCGI Extension which will enable IIS to much more effectively host PHP applications.

=> Using FastCGI to Host PHP Applications on IIS 6.0 and IIS 5.1