Saturday, March 27, 2010

setup 64bit centos php5 mysql memcached-ketama

SkyHi @ Saturday, March 27, 2010
<pre class="php" name="code">

if [ ! -d src ]; then
mkdir src
cd src

if [ ! -f php-5.2.5.tar.gz ]; then
tar xvzf php-5.2.5.tar.gz
sudo yum remove httpd

if [ ! -f memcached-1.2.5.tar.gz ]; then
tar xvzf memcached-1.2.5.tar.gz

if [ ! -d ketama ]; then
svn co svn://
cd ketama/libketama
sed -ri "s|PREFIX=/usr/local|PREFIX=/usr|" Makefile

sudo yum install \
libxml2 libxml2-devel \
openssl openssl-devel \
pcre pcre-devel \
bzip2 bzip2-devel \
curl curl-devel \
db4 db4-devel \
libjpeg libjpeg-devel \
libpng libpng-devel \
freetype freetype-devel \
gmp gmp-devel \
libc-client-devel \
openldap-devel \
libmcrypt libmcrypt-devel \
libmhash libmhash-devel \
mysql-devel \
ncurses-devel \
unixODBC-devel \
postgresql postgresql-devel \
sqlite sqlite-devel \
readline readline-devel \
net-snmp net-snmp-devel \
libtidy libtidy-devel \
libxslt libxslt-devel \
expat-devel \
httpd-devel \
libtool-ltdl libtool-ltdl-devel \
krb5-libs krb5-devel \
libevent libevent-devel \
autoconf \
bison \

if [ -d /usr/lib64 ]; then
export LDFLAGS=-L/usr/lib64/mysql

if [ ! -f /usr/lib/ ]; then
sudo mv /usr/lib/ /usr/lib/
sudo rm -f /usr/lib/
sudo ln -s /usr/lib64/ /usr/lib/

if [ ! -f /usr/lib/ ]; then
sudo mv /usr/lib/ /usr/lib/
sudo rm -f /usr/lib/
sudo ln -s /usr/lib64/ /usr/lib/

if [ ! -f /usr/lib/ ]; then
sudo mv /usr/lib/ /usr/lib/
sudo rm -f /usr/lib/
sudo ln -s /usr/lib64/ /usr/lib/


cd ketama/libketama
make clean
sudo make install
cd ../../
echo ${curr_dir}
rm -f php-5.2.5/ext/ketama
ln -s ${curr_dir}/ketama/php_ketama ${curr_dir}/php-5.2.5/ext/ketama
if [ -d /usr/lib64 ]; then
sudo rm -f /usr/lib64/
sudo ln -s /usr/lib/ /usr/lib64/

cd memcached-1.2.5
make clean
sudo make install
cd ../

cd php-5.2.5
make clean
rm -Rf autom4te.cache
./buildconf --force

'./configure' \
'--host=i686-redhat-linux-gnu' \
'--build=i686-redhat-linux-gnu' \
'--target=i386-redhat-linux' \
'--prefix=/usr/local/php-5.2.5' \
'--bindir=/usr/bin' \
'--sbindir=/usr/sbin' \
'--sysconfdir=/etc' \
'--datadir=/usr/share' \
'--includedir=/usr/include' \
'--libdir=/usr/lib' \
'--libexecdir=/usr/libexec' \
'--localstatedir=/var' \
'--sharedstatedir=/usr/com' \
'--mandir=/usr/share/man' \
'--infodir=/usr/share/info' \
'--cache-file=../config.cache' \
'--with-libdir=lib' \
'--with-config-file-path=/etc' \
'--with-config-file-scan-dir=/etc/php.d' \
'--disable-debug' \
'--with-pic' \
'--disable-rpath' \
'--with-bz2' \
'--with-curl' \
'--with-exec-dir=/usr/bin' \
'--with-freetype-dir=/usr/lib' \
'--with-png-dir=/usr/lib' \
'--enable-gd-native-ttf' \
'--without-gdbm' \
'--with-gettext' \
'--with-gmp' \
'--with-iconv' \
'--with-jpeg-dir=/usr/lib' \
'--with-openssl' \
'--with-libexpat-dir=/usr/lib' \
'--with-pcre-regex=/usr' \
'--with-zlib' \
'--with-layout=GNU' \
'--enable-exif' \
'--enable-ftp' \
'--enable-magic-quotes' \
'--enable-sockets' \
'--enable-sysvsem' \
'--enable-sysvshm' \
'--enable-sysvmsg' \
'--enable-track-vars' \
'--enable-trans-sid' \
'--enable-yp' \
'--enable-wddx' \
'--with-kerberos' \
'--enable-ucd-snmp-hack' \
'--with-unixODBC=shared,/usr' \
'--enable-memory-limit' \
'--enable-shmop' \
'--enable-calendar' \
'--enable-dbx' \
'--enable-dio' \
'--without-mime-magic' \
'--without-sqlite' \
'--with-libxml-dir=/usr/lib' \
'--enable-force-cgi-redirect' \
'--enable-pcntl' \
'--with-imap=shared' \
'--with-imap-ssl' \
'--enable-mbstring=shared' \
'--enable-mbstr-enc-trans' \
'--enable-mbregex' \
'--with-ncurses=shared' \
'--with-gd=shared' \
'--enable-bcmath=shared' \
'--enable-dba=shared' \
'--with-db4=/usr/lib' \
'--with-xmlrpc=shared' \
'--with-ldap=shared' \
'--with-ldap-sasl' \
'--with-mysql=shared,/usr/lib/mysql' \
'--with-mysqli=shared,/usr/bin/mysql_config' \
'--enable-dom=shared' \
'--with-dom-xslt=/usr/lib' \
'--with-pgsql=shared' \
'--enable-soap=shared' \
'--with-xsl=shared,/usr' \
'--enable-xmlreader=shared' \
'--enable-xmlwriter=shared' \
'--enable-fastcgi' \
'--enable-pdo=shared' \
'--with-pdo-odbc=shared,unixODBC,/usr' \
'--with-pdo-mysql=shared,/usr' \
'--with-pdo-pgsql=shared,/usr' \
'--with-pdo-sqlite=shared,/usr' '--enable-json=shared' \
'--enable-zip=shared' \
'--with-readline' \
'--enable-dbase=shared' \
'--with-mcrypt=shared,/usr' \
'--with-mhash=shared,/usr' \
'--with-tidy=shared,/usr' '--with-apxs2' \

sudo yum remove php php-dba php-ldap php-mysql php-mysqli php-pdo

sudo make install
cd ../
sudo cp ../php/php.conf /etc/httpd/conf.d/
sudo cp ../php/info.php /var/www/html/
sudo cp ../php/php.ini /etc/php.ini
sudo /usr/sbin/httpd -k stop

# PECL path problem - not sure why
sudo sed -ri "s|exec\(\"php-config --prefix\"\)|\"/usr/lib/20060613\"|" /usr/share/pear/PEAR/Builder.php
sudo pecl install --force memcache

sudo /usr/sbin/httpd -k start

cd ../



How to install mcrypt in Linux (Cent OS) and recompile php?

SkyHi @ Saturday, March 27, 2010
I realized that I need to install mcrypt libraries in order to operate your php encryption. In addition to installing mcrypt, I will have to re-compile php in order to include the support for mcrypt. Initially, I struggled hard and finally made it work. Hence, I am sharing this information whatever I collected from internet and tested at my site.

This has worked for me numerous times without anything breaking or failing to operate. Obviously, I’m not responsible for whether you try this or not. A healthy and current backup is always a good idea before diving into the world of re-compiling software packages.

What is MCrypt?

MCrypt is a replacement for the old crypt() package and crypt(1) command, with extensions. It allows developers to use a wide range of encryption functions, without making drastic changes to their code. It allows users to encrypt files or data streams without having to be cryptographers. Above all, it allows you to have some really neat code on your machine.

Site Source:

Mcrypt is a powerful encryption library containing 22 block algorithms. Specifically, the following algorithms are supported:















Safer-sk64 xtea







Simple steps: follow these steps to compile Mcrypt and build the extension into your PHP distribution:

1. Download the Mcrypt library

2. gunzip mcrypt-x.x.x.tar.gz

3. tar -xvf mcrypt-x.x.x.tar

4. ./configure –disable-posix-threads

5. make

6. make install

7. cd to your PHP directory.

8. ./configure -with-mcrypt=[dir] [--other-configuration-directives]

9. make

10. make install

However, complex and complete steps are given below:

FYI – My machine stats are:

Cent OS 5.0

Apache 2.0

PHP 5.0

Ready? Here’s how you do it.

As root:

1) Install libmcrypt (2.5.x or better)

-download and uncompress: tar z -xvf xxx.tar.gz

-cd into libmcrypt dir and type: ./configure

-when configure is done type: make

-when make is done type: make install

2) Add the library dir to /etc/

-edit /etc/ and add: /usr/local/lib

-save file and then type the command: ldconfig

3) Update/Install Mhash (0.8.15 or newer)

-download and uncompress: tar z -xvf xxx.tar.gz

-cd into libmcrypt dir and type: ./configure

-when configure is done type: make

-when make is done type: make install

-when make install is done type: ldconfig

4) Install latest version of mcrypt (2.6.x or better)

-download and uncompress: tar z -xvf xxx.tar.gz

-cd into mcrypt dir and type: ./configure

-when configure is done type: make

-when make is done type: make install

-when make install is done type: ldconfig

5) Take note of your current php info

-create a file somewhere on your webserver called phpinfo.php

-edit the file and add the single line:

-make sure a normal user owns the file (not root – ie: chown user.user phpinfo.php)

-issue the command: chmod 755 phpinfo.php

-open the file in a web browser ie:

-copy the contents of “Configure Command” to a text file somewhere.

-It will look something like this (probably all on 1 line – leave it on 1 line):

‘./configure’ ‘–with-apxs=/usr/local/apache/bin/apxs’ ‘–with-xml’ ‘–enable-bcmath’

‘–enable-calendar’ ‘–enable-ftp’ ‘–enable-magic-quotes’ ‘–with-mysql’ ‘–with-pear’

‘–enable-sockets’ ‘–enable-track-vars’ ‘–enable-versioning’ ‘–with-zlib’

-edit the command to remove all the ‘ ‘ marks so it looks like this:

./configure –with-apxs=/usr/local/apache/bin/apxs –with-xml –enable-bcmath –enable-calendar

–enable-ftp –enable-magic-quotes –with-mysql –with-pear –enable-sockets –enable-track-vars

–enable-versioning –with-zlib

-at the end, add the following (assuming mcrypt is actually found in /usr/local/bin/mcrypt):


-save the text file.

6) Go into your php source directory: /home/cpapachebuild/buildapache/php-4.3.1/

-type: make clean

-type: rm config.cache (yes, remove that file)

-issue your command you saved in the text file. Something like this:

./configure –with-apxs=/usr/local/apache/bin/apxs –with-xml –enable-bcmath –enable-calendar

–enable-ftp –enable-magic-quotes –with-mysql –with-pear –enable-sockets –enable-track-vars

–enable-versioning –with-zlib –with-mcrypt=/usr/local/bin/mcrypt

-when that is done, type: make

-when that is done, type: make test (most tests will fail… about 50%-60% or so)

-when that is done, type make install


enable support for php. requires php-mcrypt and php-mhash packages:

yum install php-mcrypt*

yum install php-mhash*

7) Restart Apache

-issue the command: service httpd restart

-go back to your phpinfo.php page and check to see that –with-mcrypt now shows up in the “Configure Command”


I am trying to have mcrypt support in php. I installed libmcrypt and mhash using yum. They installed okay, but they weren’t added to phpinfo(), so they do not work.

Reading mcrypt info it says I need to recompile php.

Answer: It is working!

While I was requiring to recompile php according to the information on the mcrypt package to enable mcrypt support. I found an alternative.

There are 2 solutions to this problem:

A) This is the painless way to do it.

After a lot of research, as I couldn’t find answers on forums and other places. I found on they released some rpm packages to integrate mcrypt and mhash with php.

First we need to install mcrypt and mhash as follows:

1) Install mcrypt & mhash

yum install mcrypt*

yum install mhash*

answer y to the question if matched your system (it should).

If it comes out

Setting up Install Process

Parsing package install arguments

No package mcrypt available.

Nothing to do

Manually install from the source after compiling as indicated from the start or the post.

2) enable support for php. requires php-mcrypt and php-mhash packages:

yum install php-mcrypt*

yum install php-mhash*

If you get an error saying packages not signed (unsigned packages), do the following:

edit /etc/yum.conf


gpgcheck=1 to gpgcheck=0

attempt step 2 again. Once completed change back yum.conf


How I updated PHP & MySQL on RedHat Enterprise Linux (RHEL) 5.3

SkyHi @ Saturday, March 27, 2010

This is my post about the steps which I used to update the versions of PHP and MySQL on RHEL 5.3. As of this writing the latest versions of PHP is 5.2.9 and that of MySQL server is 5.1.32-1. The installation of RHEL5 (after making updates) had versions of PHP/MySQL which were as much as 2.5 years old. You obviously don’t want so old versions of the software for security reasons. So I decided to upgrade versions of PHP/MySQL on the system. Obviously the default repository of RHEL does not have the updated versions of PHP and MySQL (and many other softwares I believe).

I searched online for making the upgrades and after a long search, I came across links on the web which helped me perform the upgrades. So, I decided to write a detailed post about my upgrade process so it could be helpful to others.

The packet management tool which I’m using is yum. So its a good idea to know few basic yum commands:

yum list available

yum list installed

yum list updates

yum install [package]

yum remove [package]

I guess all of above commands are self explanatory.

Since the repositories which are used by RHEL are not up to date, so we need to use and setup some other repository. One of the most popular and the one which I used is Remi’s repository which has latest packages for most of the software:

This repository is not there in the repository directory


yet so we need to enable it in order to use it. To do that we need to download some additional RPMs and install them first. The 2 RPMs which we need are:

epel-release and remi-release

My architecture is i386 so if yours is x86_64 then get the RPMs for it accordingly.

We can get the first one from here:



rpm -Uvh epel-release-5-3.noarch.rpm

Download the 2nd one from Remi’s site:



rpm -Uvh remi-release-5.rpm

2nd package is dependent on first one so we need to install 1st before the 2nd.

Now, I removed the older packages first (not sure if this was needed though) by using:

yum list installed

and looking for those packages which started with php or mysql. That also included php packages dependent on mysql and vice-versa. Remove them using:

yum remove [package]

IMPORTANT: I didn’t mention it here but if you have any data present (especially MySQL database) then please make sure that you back them up first before removing packages as that may result in loss of data also. I didn’t have any data when I started so I didn’t mention it before.

The steps will now create corresponding information for Remi’s repository in:


So, now we have the older packages removed and need to install the new ones. Before that we need to enable Remi’s repository. For that goto file called remi.repo in the repo directory and under the section [remi] there, change enabled = 0 to enabled = 1.

After doing this, run the following command:

yum install php

Now, run:

php -v

and you should get something like this:

PHP 5.2.9 (cli) (built: Feb 27 2009 14:42:58)

Copyright (c) 1997-2009 The PHP Group

Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies

as the output.

Now, run the following commands:

yum install mysql-server

yum install php-mysql

yum install mysql-devel

and it should install MySQL server and PHP-MySQL module along with necessary dependencies.

Now, you can check your working of PHP and MySQL server by starting httpd and mysql services and may be writing a phpinfo() file:

/sbin/service httpd start

/sbin/service mysqld start

So the PHP and MySQL should be working now. I have not yet done any configuration of any of those and its likely that I’ll run into some problems there and so may be I’ll make another post about it.

Some of the links which were useful to me and from where I used information for the installation process:

Since this thing worked for me for RHEL 5.3 so I believe it should work for CentOS as well.


How to Install Apache 2.2.x and PHP 5.2.x on CentOS 5

SkyHi @ Saturday, March 27, 2010

This guide assumes you have a minimal CentOS installation and are not planning on running a control panel such as cPanel, which install the webserver for you. Some of the software versions listed below may need to be changed as they are updated. As of the writing of this article, Apache 2.2.14 and PHP 5.2.11 are the latest versions.

# yum install bison flex gcc db4 db4-devel libxml2-devel libpng-devel mysql-devel make
# wget
# wget
# tar zxvf httpd-2.2.14.tar.gz
# tar zxvf php-5.2.11.tar.gz
# cd httpd-2.2.14
# ./configure --enable-so --enable-rewrite=shared
# make
# make install
# cd ../php-5.2.11
# ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql --enable-bcmath --enable-ftp --enable-magic-quotes --with-pear --enable-sockets --enable-track-vars --with-zlib --with-gd --with-freetype
# make
# make install
# cp php.ini-dist /usr/local/lib/php.ini

You can change the values passed to the configure lines of Apache and PHP to add/remove software from the build. Apache in this guide is built with DSO support and mod_rewrite as a shared module. PHP is built as an Apache DSO with MySQL, FTP, BCMath, magic quotes, PEAR, sockets, Zlib, and GD with TTF.

Finally, edit your Apache config:

# vi /usr/local/apache2/conf/httpd.conf

Add AddHandler application/x-httpd-php .php .phtml .php4 to a blank like. Now start Apache using /usr/local/apache2/bin/apachectl start.

Thats it, you're good to go! You may want to tweak your Apach configuration to suit your specific needs including adding Virtualhosts, however that is outside the scope of this article. Please refer to the Apache Docs for that information.


Installing PHP 5.2.x or 5.3.x on RedHat ES5, CentOS 5, etc

SkyHi @ Saturday, March 27, 2010
I’ve had to follow this tutorial a few times myself now so decided I should share it with the world.
A few of our applications which make use of SOAP get a Segmentation Fault if run with PHP 5.1.x or lower. We believe this is due to a bug in PHP but can’t be sure, regardless it works fine in PHP 5.2.4 and above.
Problem is, RedHat ES5 does not have support at this time for anything higher than 5.1.6, and we didn’t want to break RPM dependancys etc by installing from source.
To install PHP 5.2.5 (Highest in repository at this time) you can make use of a RPM repository maintained by Remi. He has a repository for each distro, but to save you translating for the ES5 one I’ll give you the commands here. Run the following to get up and running:
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm
You now have the Remi repository on your system, however it is disabled by default. Obviously you don’t want all of your packages been effected by this repository, however to enable it for a specific package, run the following:
yum --enablerepo=remi update php
You should now have the latest PHP5 installed:
# php -v

PHP 5.2.5 (cli) (built: Nov 10 2007 10:52:30)

Copyright (c) 1997-2007 The PHP Group

Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies

Update 12th Aug ’08:
There is now an English page on the Remi site on how to configure repositories for all sorts of distros:

Update 13th June ’09:
The download link for the ES5 package has changed, post updated above.:

Update 9th August ’09: It would seem this repo has now been upgraded to PHP 5.3.0.

Compiling PHP on CentOS 5 (64bit) with MySQL Support

SkyHi @ Saturday, March 27, 2010
If you try to build PHP 5.x.x on a 64bit CentOS install you may get this error:

checking for specified location of the MySQL UNIX socket... no
checking for MySQL UNIX socket location... /var/lib/mysql/mysql.sock
checking for mysql_close in -lmysqlclient... no
checking for mysql_error in -lmysqlclient... no
configure: error: mysql configure failed. Please check config.log for more information.

Looking further into the config.log you will also see:

configure:60376: checking for mysql_error in -lmysqlclient
configure:60395: gcc -o conftest -I/usr/include -g -O2 -Wl,-rpath,/usr/lib/mysql -L/usr/lib/mysql -L/usr/lib -Wl,-rpath,/usr/kerberos/lib64 -L/usr/kerberos/lib64 -Wl,-rpath,/usr -L/usr conftest.c -lmysqlclient -lz -lpng -lz -lcurl -lz -lrt -lresolv -lm -ldl -lnsl -lxml2 -lz -lm -lssl -lcrypto -ldl -lz -lcurl -ldl -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lidn -lssl -lcrypto -lz -lxml2 -lz -lm 1>&5
/usr/bin/ld: skipping incompatible /usr/lib/mysql/ when searching for -lmysqlclient
/usr/bin/ld: skipping incompatible /usr/lib/mysql/libmysqlclient.a when searching for -lmysqlclient
/usr/bin/ld: cannot find -lmysqlclient
collect2: ld returned 1 exit status

First things first, if you installed MySQL using yum you should make sure that you have the mysql-devel rpms installed. You can ensure they are installed by running the following command:

# yum install mysql-devel

Once you've ensured that the mysql-devel rpms are installed you need to tell PHP where it should also look for additional libraries. We will pass the following to the configure script:

# ./configure --with-libdir=lib64 --with-mysql

That's it, from there you can continue on with the normal build.


Friday, March 26, 2010

TCP: Treason uncloaked! Peer shrinks window Repaired.

SkyHi @ Friday, March 26, 2010

This is not causing the webserver slowness, or any crashes. Nor is it a kernel bug! What happens is that a client tries to shrink the TCP window. This would not be catastrophic anyway, BUT your kernel ignores/prevents this, so it should have absolutely no effect. That's why it says "Repaired." at the end.

It could be a broken router or broken/old OS on a hacked machine that is used for portscanning. It's not an attack because it does nothing, even if the kernel didn't prevent this all it would do is slow down the speed at which the server sends out data on that particular connection. Slow send can cause more overall Apache processes, but if you only see this a couple of times it's probably not an attack. Anyways, in 2007 nobody should use the preforking Apache MPM.


May 11, 2007 - 12:27am

I think the problem is not the error recovery code is not there, but that is is not fast enough and robust enough to handle a lot of these "window shrinkages". "Repaired", but how quickly?

Normally I am the first to recommend all the latest code. That means Apache 2.2.4 and kernel (as of 20070511). I'd like to see if anyone gets these problems with that combination.

I know that instead, people set up so-called "Enterprise" web servers running old kernels and old 1.3.X Apache (their "management" feels much more supported and would forbid anything else). I agree that those who do that deserve to crash, and should contact their so-called "enterprise support" when they get a crash. However, Apache is userspace and there are people reporting hangs/crashes with kernel 2.6.21. We are all reassured now by you that the old Apache causing these problems, perhaps that's why telnet port 23 can also shrink the TCP window?

The only reason for agreeing with you is that major enterprises rely on Linux web servers and if they could all be brought down by "treason uncloaked" then they would be, and they would demand an immediate fix. So perhaps a web server listening only on ports 80 and 443 is immune. Or maybe one with the kernel built properly, without enabling every single feature as "Y" or "M"? (i.e. Redhat, Suse, etc. "Enterprise").

Any moron who has port 23 open for telnet on a web server does deserve to crash.

So shame on all of you who are running web servers with old, so-called "stable enterprise" code. "Mr. Anonymous" tells us that your server crash is either caused by running old "stable" code, or that your crash "doesn't matter". I just wonder if Mr. Anonymous lives in Rumania, in charge of the spambot/phishing/identity theft project ... Don't try to fix the "treason uncloaked" problem, he needs this vulnerability to feed his family.


The below script may work a little better... Note that you'll need a rule in your firewall script to create the TREASON rule set, and jump to it in the beginning, and make a cronjob to run the script so it's automagic.

Something like the following should be in your main firewall script:


iptables -F TREASON

iptables -X TREASON

iptables -N TREASON

... (your rest of the rules)

iptables -j TREASON # insert before state established and other lines


Then, the below script should be in a cronjob (run once every whatever interval you feel fit).



# Stupid shell script to stop stupid TCP Treason attacks

# Setup cronjob to stop them

# First, flush and clean Treason rules

iptables -F TREASON

#iptables -X TREASON

#iptables -N TREASON

for ATTACKER_IP in $(dmesg | grep 'Treason uncloaked!' | cut -d' ' -f5 | cut -d':' -f1 | sort --unique)



for DONTBLOCK in $(route -n | grep -v Destination | grep -v Kernel | awk '{print $2}' | sort | uniq && ifconfig -a | grep inet | cut -f 2 -d ':' | cut -f 1 -d ' ' | sort | uniq)


# echo "Checking $DONTBLOCK against $ATTACKER_IP ..."

if [ "$DONTBLOCK" = "$ATTACKER_IP" ]; then

# echo "UHOH! Hacker using forged local IP! Don't block it!"




if [ "$FOUNDIT" = "0" ]; then

# echo "Hacker IP $ATTACKER_IP not found in don't block list... Dropping"

iptables -A TREASON -s $ATTACKER_IP/32 -j DROP



iptables -A TREASON -j RETURN



DDOS Attacks and how to handle them.

SkyHi @ Friday, March 26, 2010

Well, unfortunately we have recently had much experience related to DDOS attacks. However, DeveloWare LLC can now offer DoS and DDoS security prevention along with our hosting services. So here is a summary of what we have learned through the process…

What is a DDoS attack?

DoS and DDoS attacks flood a Web server with false requests for information, overwhelming the system and ultimately crashing it. The following graphics explain how such attacks work and how companies can possibly prevent them. In effect the server can not handle all the requests, no matter how big and bad your server is. The nature of the attack is quite simple but has complex results on the machine being affected.

How a "denial of service" attack works

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a denial of service attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again–tying up the service indefinitely.

Typical connection


DoS & DDoS attacks


How to block a "denial of service" attack

One of the more common methods of blocking a "denial of service" attack is to set up a filter, or "sniffer," on a network upstream. This means before a stream of information even reaches a site's Web servers. The filter can look for attacks by noticing patterns or identifiers contained in the information. It requires hardware for filtering. If a pattern comes in frequently, the filter can be instructed to block messages containing that pattern, protecting the Web servers from having their lines tied up.


DDoS attacks can happen to anybody!


As a webmaster or admin for any site, never ever think you are exempt from being attacked.  It can happen to anybody. Last month alone there was over 50,000 reported attacks. The attacks were directed towards major sites and small ones without regard. Twitter was taken down from such attacks just a couple weeks ago. Then the same malicious group targeted Google and Facebook.  Less than two years ago the department of defense was attacked and completely taken down. If they can take down Google, Twitter, and the US Gov they can most likely take down your site also.

Protect Your Website

To protect your site you must have hardware that can defend your servers. The problem is that it is expensive. If you find your site is being attacked and you host with one of those $5/month accounts at some cheap hosting company you will find that they will just shut down your site in the interest of protecting the other sites on there servers. You will be just flat out of luck. Make sure your hosting has the routers and firewalls in place to handle these vicious attacks.  Ask specifically about DDoS prevention before you purchase hosting if you want protection. Normal firewalls and routers WONT STOP THE ATTACKS.

Take if from me. We had a virtual server completely upgraded and screaming fast with the highest security you can imagine. But the nature of a DDoS attack does not even send up a red flag to most security prevention systems. You will most likely only notice when your site goes down or your hosting provider cuts you off. Not good at all because it is too late then!

The nature of an attack

What makes these kind of attacks almost impossible to handle without the proper hardware is that you can not just start blocking IP addresses. Because of a couple reasons. First, most of the time the IP doing the request is a real IP but most likely an IP that is not malicious. Usually the IP has been spoofed. Therefore, if you add an offending IP to your block list you may be blocking a true source of visitors. Second, the request is not what actually kills your http server. What kills the server is an incomplete "handshake". 

To explain the 3 way server handshake lets elaborate a little…

To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:

1. The active open is performed by sending a SYN to the server.

2. In response, the server replies with a SYN-ACK.

3. Finally the client sends an ACK (usually called SYN-ACK-ACK) back to the server.

In a DDoS attack its more like a 2 way handshake. This leaves your server hanging and waiting for the third response. What this does is flood your http server with incomplete requests. Most servers have a 30 second time out and a maxim number of connections around 300 or so. Hence, your server is doomed without protection.

DDoS attack symptoms and info

DDoS attacks generally WILL NOT eat up your bandwidth because the handshake never got completed. It just increases server load to the point of being rendered useless. Nothing ever gets sent to the requesting host so there is not usually a bandwidth issue.

DDoS attacks are basically impossible to track unless you have tons of resources. Like on a government level. One of the difficulties in tracking is because the offending IP's are usually spoofed and do not exist or are valid IP's that are non offending.

Blocking IP's wont help with a DDoS attack. You must have the proper hardware to defend against DDoS attacks. If somebody know software to hand attacks please let me and the world know about it.

Who is doing such malicious attacking?

To put it bluntly there are many groups of attackers out there. Some are religious based and some are politically based. But the most notorious ones are simply groups of hackers that get paid to take down sites. They get paid between $100 and $500 per 1000 http requests. There are actually bots for hire out there… SHeeesh! I think they should be hung upside down and have there toe nails pulled out.

Conclusions about DDoS attacks

Get a hosting company that has the hardware to handle these attacks. Firewalls and fast servers just wont help. As a result of the recent attacks on and the companies that host through us we have upgraded our equipment to handle this. We can now provide protection against DDoS attacks.


Extend phpMyAdmin Session Timeout Value (Expired Session)

SkyHi @ Friday, March 26, 2010
Edit phpMyAdmin's and

add or update LoginCookieValidity the value as follows:

$cfg['LoginCookieValidity'] = 3600 * 9; // 9 hours

Update: (2009-12-07)

If the variable above doesn't work for you maybe you can do this

<code>/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'your-root-pwd';
Note/Warning/Security Concern:

Do this only on your local/development machine and not on production server !!!


Thursday, March 25, 2010

Centos repositories

SkyHi @ Thursday, March 25, 2010
RPM Repositories

Tuesday, March 23, 2010

Path of the Current File in PHP

SkyHi @ Tuesday, March 23, 2010

There are various methods of find the path of the
current file in PHP. But the problem is to find one that is consistent
across all servers. The following is a list of the most commonly used
methods to find the location of the current file. The definitions are
taken from the PHP manual(Predefined
) and are modified slightly.


The filename of the
currently executing script, relative to the document root
. For
instance, $_SERVER['PHP_SELF'] in a script at the address would be /test.php/ The __FILE__
constant contains the full path and filename of the current (i.e.
included) file.

If PHP is running as a command-line processor this variable contains
the script name since PHP 4.3.0. Previously it was not available.


query string, if any, via which the page was accessed.


absolute pathname of the currently executing script.

Note: If a script is executed with the CLI, as a relative path, such
as file.php or ../file.php, $_SERVER['SCRIPT_FILENAME']
will contain the relative path specified by the user.


(not document root-) based path to the current script
, after
the server has done any virtual-to-real mapping.

Note: As of PHP 4.3.2, PATH_TRANSLATED is no longer set implicitly
under the Apache 2 SAPI in contrast to the situation in Apache 1, where
it's set to the same value as the SCRIPT_FILENAME server
variable when it's not populated by Apache. This change was made to
comply with the CGI specification that PATH_TRANSLATED
should only exist if PATH_INFO is defined.

Apache 2 users may use AcceptPathInfo = On inside httpd.conf to
define PATH_INFO.


the current script's path. This is useful for pages which need to point
to themselves. The __FILE__ constant contains the full path and
filename of the current (i.e. included) file.


URI used to access this page; for instance,
'/index.html'. Includes the query string.

full path and filename of the file. If used inside an
include, the name of the included file is returned. Since PHP 4.0.2, __FILE__
always contains an absolute path whereas in older versions it contained
relative path under some circumstances.

Microsoft-IIS/5.0PHP 4.4.0CGI/FastCGI/test/loc.phpH:\\test\\loc.php/test/loc.php

Apache/2.0.52 (Fedora)PHP 4.3.9Apache 2.0

Apache/2.0.55 (Unix) mod_ssl/2.0.55 OpenSSL/0.9.7a PHP/5.1.4PHP
Apache 2.0 Handler

Apache/2.0.54 (Unix) PHP/4.4.4 mod_ssl/2.0.54 OpenSSL/0.9.7e
mod_fastcgi/2.4.2 DAV/2 SVN/1.3.2
PHP 5.2.1CGI/FastCGI


If you have access to a server that is not in the above list, please
the below code to generate the results and send the result to me - I
will include it here.

<a href=""></a>