Recent Entries
- Recovering from a Broken Partition Table
- RewriteRule in htaccess vs httpd.conf
- Running PHP through mod_fcgid
- How They Got Your Password
- Installing mod_reqtimeout on cPanel
- Following the Hacker — passwords
- Using Nginx as a reverse-proxy
- Dead-simple templates in PHP
- Tell-a-friend SPAM
- PHP mail via SMTP
Recovering from a Broken Partition Table
So you lost your partition table and need to get to find the filesystem it used to contain. Now what?
RewriteRule in htaccess vs httpd.conf
Typically Apache’s RewriteRule sets from mod_rewrite go in .htaccess files, but sometimes you have a good reason to put them in your general server config instead: your httpd.conf or apache2.conf file (or a file you Include from one of those). If you’ve done this before, you’ve probably been surprised that it didn’t work quite the […]
Running PHP through mod_fcgid
There are two ways to set up PHP to run via mod_fcgid. The majority of the steps are the same for both, the only difference is in your Apache VirtualHost configuration. This document will explain both. Step 1: Installation and Preparation Chances are you’ve already done these steps Install the PHP CGI binary Install and […]
Section: Code
How They Got Your Password
So, the bad guys got your FTP password… And perhaps this wasn’t the first time. Often you’ll see this same issue on multiple accounts before you start to see the trend. So, how do you protect yourself? First of all, does he really know the password? The simplest way to check to see if the […]
Installing mod_reqtimeout on cPanel
The Apache module mod_reqtimeout is a simple and effective way to protect yourself from the Slowloris attack. But the cPanel team still does not include support for mod_reqtimeout in the EasyApache build utility, even though the module is a core part of the Apache web server distribution. But that doesn’t leave us completely powerless: we can add this support ourselves.
Following the Hacker — passwords
At TL Tech we spend a lot of time tracking down hackers. What we find often illustrates important lessons in what not to do in web security. In this example, a user was a victim of a previous attack caused by a vulnerable PHP extension that has since been removed. The site owner evicted the […]
Using Nginx as a reverse-proxy
Sometimes the simplest way to deal with Apache problems and exploits is to install Nginx (“Engine X”) as a reverse-proxy in front of Apache. Often this setup is temporary for the purpose of handling a DDoS attack or the like.
Section: Code
Dead-simple templates in PHP
Often what you’re really looking for is just a simple master template inclusion system. Allow me to introduce an alternative. It’s simple, it’s intuitive, and it’s easier to work with than whatever mess you narrowly avoided making.
Tell-a-friend SPAM
Do sites on your server have one of those “Tell A Friend” forms where visitors can instruct your server to send out email on their behalf? And do you find your server consistently on spam blacklists? Well, now you know why.
PHP mail via SMTP
Depending on your server setup, you may find yourself needing to take closer control of how mail is sent from your site. Below is a drop-in replacement for PHP’s mail() function which uses the Mail::send function from PEAR internally.