Tag Archives: Apache

eAccelerator for PHP5 on Debian Lenny

Posted on by
2

eAccelerator is an open-source PHP accelerator, optimizer, and dynamic content cache (to quote the official website of the project). It can effectively speed-up PHP processing on a server by caching bytecode.

As Wikipedia tells you, several tools of this kind exists. Why choosing eAccelerator in particular ? I really have no clue… I’ve never used any of these tools, so I had to start somewhere. That’s as simple as that !

Now, I have a Debian server as a target system. Unfortunately, eAccelerator is not bundled in Lenny. Browsing the web, I found some personal repositories of people kindly sharing their deb packages, like Andrew McMillan and schnuckelig.eu. The former provides a version of eAccelerator for the i386, the latter for the amd64 architecture. In this how-to, I’ve combined the 2 repositories to give both 32 bits and 64 bits users a chance to use eAccelerator on Lenny.

Let’s start the installation ! First, add the following lines to your /etc/apt/sources.list file:

deb http://debian.mcmillan.net.nz/debian lenny awm
deb-src http://debian.mcmillan.net.nz/debian lenny awm
deb http://debian.schnuckelig.eu/ lenny main contrib non-free

To kill annoying warning messages, register the cryptographic fingerprint of each repository:

$ gpg --keyserver keyring.debian.org --recv-keys 0x8f068012;
$ gpg --export --armor 0x8f068012 | apt-key add -
$ wget -O - http://debian.schnuckelig.eu/repository-key.gpg | apt-key add -

Then, update your package database:

$ aptitude update

And finally, you can install eAccelerator for PHP5 without any pain:

$ apt-get install php5-eaccelerator

Happy fine-tunning !

WordPress 2.2 Security Hole: Identity Theft

Posted on by
20

I’m running 4 WordPress blogs, for me and my friends. All of them are updated to latest version of WordPress as soon as a new one is available.

One of them, Maomium, was hacked last night. Someone created a user account on it then stole my admin identity to post content. As soon as I discovered the hack, I’ve put the blog down and changed all passwords which may have been exposed to the hacker (database, etc…).

Before the hack happened, my apache log show me that a person was looking for blogs powered by WordPress 2.2 and open to registration:

123.76-136-217.adsl-dyn.isp.belgacom.be www.maomium.com - [07/Jun/2007:00:51:55 +0200] "GET /category/wordpress/ HTTP/1.1" 200 2960 "http://www.google.be/search?hl=fr&q=%22powered+by+wordpress+2.2%22+Register&btnG=Rechercher&meta=" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

This person was my hacker. As you can see he’s a belgian guy and his broadband provider is Belgacom, to which I sent an abuse request. He register himself as Waryas with his myv4you@hotmail.com email. I know that, thanks to the email WordPress send me each time someone register. Then google told me that this hack was not his first.

If you want to disect his behaviour, you can download my apache log.

This event show us that the WordPress vulnerablility regarding guest account registration is still there. So the advice given by CountZero must be applied !

FeedBurner and e107 integration

Posted on by
2

In the context of my plan to move an e107-based website to WordPress, I need to take care of my RSS subscribers. To let people (and search engines) get my content via old URLs, I will use Apache redirections to do this transparently and permanently. My final goal is to have a WordPress website with all RSS feeds (blog posts and comments) managed by FeedBurner, to gather statistics about my audience.

Actually there is plenty of feeds format available in e107 (RSS 1.0, RSS 2.0, Atom and RDF) and one feed can be accessed through multiple URLs. We will reduce this incredible mess by using RSS 2.0 feeds only and redirect all others to it.

First, check that the e107 RSS feed plugin is activated. Then create an account on FeedBurner and setup there two feeds, one for your website’s news and another one for comments. Based on default e107 parameters, your news feed URL is like http://www.my-domain.com/e107_plugins/rss_menu/rss.php?1.2 and comments feed like http://www.my-domain.com/e107_plugins/rss_menu/rss.php?5.2.

Then, create (or edit) the http://www.my-domain.com/.htaccess file, and add following code:

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{QUERY_STRING} ^(5|Comments)
RewriteRule e107_plugins/rss_menu/rss\.php http://feeds.feedburner.com/myfeed-comments? [R=301,L]

RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC]
RewriteCond %{QUERY_STRING} ^(1|News|.*)
RewriteRule e107_plugins/rss_menu/rss\.php http://feeds.feedburner.com/myfeed? [R=301,L]

This code is inspired by the one written by Mike Atlas, who had a similar issue and wanted to outsource his e107 forum RSS feeds to FeedBurner.

The first rewrite rule will redirect all URLs that start with http://www.my-domain.com/e107_plugins/rss_menu/rss.php?5 or http://www.my-domain.com/e107_plugins/rss_menu/rss.php?Comments to http://feeds.feedburner.com/myfeed-comments.

The second rewrite rule will redirect all other URLs that start with http://www.my-domain.com/e107_plugins/rss_menu/rss.php (including http://www.my-domain.com/e107_plugins/rss_menu/rss.php?1 and http://www.my-domain.com/e107_plugins/rss_menu/rss.php?News) to http://feeds.feedburner.com/myfeed.

That’s all ! Thanks to this server-side redirection, nobody will notice that the feeds have moved and no subscriber will be bothered to update their aggregator.

In my case, the only remaining task to do is to move my e107 website to WordPress then install FeedSmith plugin. But that’s another story… ;)

Repository Moved thanks to Apache and 301 Redirections

Posted on by
4

Since the creation of my personal Mandriva repository (10 months ago) the number of my RPMs did not cease to increase. Currently all RPMs and SRPMs from 2006.0 and 2007.0 take 383MiB of space.

So I decided to move the http://kev.coolcavemen.com/static/repository folder to http://kevin.deldycke.free.fr/repository, which is a 10GiB (yes, ten gibibyte, this is not a typo) free web space offered by Free, my ISP.

To do this smoothly, I’ve just set up a generic 301 redirection thanks to Apache. This is the only line I added to my root .htaccess file to enable this:

Redirect permanent /static/repository http://kevin.deldycke.free.fr/repository

This move will normally be completely silent for you. So please, let me now if something bad happend while you play with my repository.

How to Publish .php files as Plain Text

Posted on by
2

Two months ago I was looking for a way to let apache serve python scripts as plain text. Today I had the same problem with php files. Here is my solution.

What you need is a .htaccess file in the same directory as the files you want to serve, with the following directive in it:

AddType text/plain .php

Be carefull: within the directory, anybody will be able to look the source code of all files with .php extension.

How-to locally Disable Python CGI scripts.

Posted on by
2

Since the beggining of this blog, my collection of python scripts were not readable. This was due to the fact that files with .py extension are seen by the apache web server as CGI scripts. To tell apache that python files can be published as-is, put a .htaccess beside your files. Then edit it to add the following directive:

RemoveHandler .py

That’s all ! This will let apache serve .py files as normal plain text files. More info about RemoveHandler can be found in official apache documentation.