Whether you're pressed for resources on a virtual/dedicated server, or simply looking for ways to improve web application performance, XCache is guaranteed to produce the desired result. Within minutes of installing XCache: page load times were cut in half, PHP/MySQL RAM consumption was under control, and overall PHP rendering/output performance dramatically improved. In this post I'll go over the process of installing, configuring, and enabling XCache in a php5-cgi+Lighttpd chroot jail on a Debian Lenny web server.
Ran into this issue after getting rid of the www-data user and group. The solution is simple and doesn't involve adding the account/group, assuming the objective is to run Lighttpd as a different user (not www-data). If the intention is to run Lighttpd with the www-data account, simply add the account. Otherwise, keep reading...
After the Lighttpd mod security post and the DDoS attack that followed, I began working on a script that parses the Lighttpd server-error.log and inserts matched records into MySQL. The result? Check it out here: security.nullamatix.com Daily Security Reports. With the abundance of ideas I have for the project, it's far from complete, but definitely worth a beta release. Plans for the future include, but aren't limited to:
Long time Nullamatix readers know how much I love reviewing log files. Logs can provide detailed incite into not only the overall health of a system, but information one can use to mitigate the risks of automated attacks. In this post, I'll go over a couple ways to harden a PHP enabled web server and hopefully prevent: fx29id1.txt, id23.txt, id.txt, id1.txt, fxid.txt, one.txt, fx1.txt, and several other automated attacks from successfully exploiting common weaknesses.
Although extremely useful, http server access logs are a mess in their raw form. If you're interested in watching your http server logs in real time with formatting rules and pretty colors, this post is for you.
This is a short post. A status update more than anything.
Before posting Madlib Site PHP code examples demonstrating how to use the content you've obtained from: Free Data Sources for Blue Hat SEO's Madlib Technique, I thought of a potentially interesting idea. Grep httpd server logs looking for Cross Site Request Forgery (CSRF), Cross Site Scripting (XSS), Blind SQL Injection, Remote Code Inclusion, and Remote Code Execution attempts, just for fun.
Note: This is a follow up to the original Make Money With a Poor Mans BANS (Build A Niche Store) post. If you haven't read that post, please do so before continuing with this one.
Over the past couple weeks MySQL crashed when spiked with large amounts of traffic. To remedy this, a cron job has been implemented to simply restart mysql and lighttpd every other day. Here's how it's done.