PHP Run Background Process using Exec


Hits: 8992  

If you need to start process in background and get its PID to manage it later using PHP.

<?php

function runInBackground($command,$log,$priority=0)
{
if($priority)
   $PID=shell_exec("nohup nice -n $priority $command > $log 2>&1 & echo $!");
else
   $PID=shell_exec("nohup $command > $log 2>&1 & echo $!");
return($PID);
}

?>
PHP Process
PHP Process

echo $! will return process ID
# Command & echo $!

 

Check if process is running

<?php

function isProcessRunning($PID)
{

if($PID==0)return false;
if($PID=="")return false;

exec("ps -p $PID 2>&1",$state);
return(count($state)>=2);

}

?>

 

Display Process Logs

<?php

function displayProcessLog($logfile)
{

exec('cat $logfile 2>&1',$log);
return implode("\r\n",$log);

}

?>

 

Kill Process

<?php

function killProcess($PID)
{
 exec('kill '.$PID.' 2>&1',$status);
 return implode("\r\n",$status);
}

?>

 

Save Process ID to file

#!/bin/bash
Command &
echo $! >/path/to/pid.file

How to prevent downloading and leeching media files


Hits: 15164  

How Do I Stop Hotlinking, Bandwidth Theft, Downloading and Leeching media files?

You can stop downloading / hotlinking / leeching your site’s files using .htaccess in your Apache root or directory. The Apache mod_rewrite must be enabled for this.

The 1st line of the above code begins the rewrite. The 2nd line matches any requests from svnlabs.com url. The [NC] code means “No Case”, meaning match the url is not case sensitive. The last line matches any files ending with the extension pdf|zip|gif|jpg|dmg|flv|mp4|mp3|rar have blocked access or 403 error.

Please find more media file extensions here…

You can see access is blocked for some files other are showing here….

Files on FTP….

Here is demo for JWPlayer…

Even you can download files any case you can play that file because it content below code 😉

We you try to download media file it will show following access error…

You can block some traffic using server’s firewalls 😉

Check your URL, if you see your media load, your media can be hotlinked.

There are actually quite a few reasons to use .htaccess

1. Make URLs cleaner and easier to remember for visitors.
2. Make dynamic pages appear as static for SEO.
3. Security / Protection for PHP sites.
4. Sub-Domain managements……

Demo: How to protect file leeching

The best and most practical way to stop theft is to use a streaming server like Red5, Wowza, FMS etc. HTTP Streaming is very insecure but RTMP / RTSP are best on streaming server 😉

Time is nature’s way of making sure that everything doesn’t happen at once. Space is nature’s way of making sure that everything doesn’t happen to you.

GIT – Cheat Sheet


Hits: 2131  

Git is a free distributed revision control, or software source code management project with an emphasis on being fast. Git was initially designed and developed by Linus Torvalds for Linux kernel development.

Reference Links:

http://zrusin.blogspot.in/2007/09/git-cheat-sheet.html
https://git.wiki.kernel.org/index.php/GitCheatSheet
http://www.lornajane.net/posts/2012/git-cheat-sheet
http://ndpsoftware.com/git-cheatsheet.html

How to clean malware from website?


Hits: 3694  

Malware, short for malicious software, is a software designed to secretly access a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Sucuri SiteCheck is a free & remote scanner. SCAN Website

You have seen above warning many times when you want to browse website using web browsers. This is the warning from search engine bots like Google for website is affected from malwares or viruses. If you still want to access website, it can affect your system or system resources.

Most of times websites are hacked or unauthorized accessed from hackers or cross-site scripting (XSS) or cross-site request forgeries (CSRF).

There may be lot of “holes” in website security that invite hackers to play their game.

The possible HOLES may be:
1. File/Folder permissions
2. Poor authentication for application
3. Cross-Site Scripting
4. Cross-Site Request Forgeries
5. Anti-Virus Software
6. File formats
7. Network “Firewalls/Filters”
8. Shell access & Logs

Please check some link to make web application secure and safe 😉
* http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
* http://advosys.ca/papers/web/61-web-security.html
* http://www.claymania.com/safe-hex.html
* http://shiflett.org/articles/foiling-cross-site-attacks
* http://www.ehow.com/how_6804695_remove-malware-website.html
* http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

You can review online Virus & Threat Scanner for cleaning malwares & viruses. These softwares are designed to run on your web server and scan your public web files for malicious code.

Google Safe Browsing Tool
http://www.google.com/safebrowsing/diagnostic?site=yoursite.com

Norton Safe Web
http://safeweb.norton.com/

You can search for more tools like…
Security Pro | SiteMonitor | IP trap | htaccess | AntiXSS | Check Permissions | KISS FileSafe

If you are running PHP website under Apache & MySQL, make sure file and folder should not be access public. You have to check PHP function’s security for more secure access.

PHP Functions may be used in hacking:
1. file_get_contents()
2. base64_decode()
3. eval()
4. exec()
5. preg_match()
6. gzuncompress()
7. urldecode()
8. error_reporting()
9. shell_exec()
10. setcookie()
11. chmod()
12. is_writable()
13. move_uploaded_file() and copy()

disable_functions:

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

The above functions can be used by hackers to write malicious code to your files. The malicious code executed using eval() that will execute every run of website. So, disable eval(), file_put_contents(), file_get_contents(), exec() etc. You can check safe_mode in php.ini for disabling shell access 😉

Most of the time websites are hacked using file_get_contents(), eval(base64_decode()), urldecode(), include() or iframes.

You can search infected file on web server “/var/www/” using below command:

# grep -iR ‘eval(base64_decode(‘ /web-root
# grep -iR ‘ # grep -iR ‘urldecode(‘ /web-root
# grep -iR ‘file_get_contents(‘ /web-root
# grep -iR ‘exec(‘ /web-root

As soon as infection found, you have to backup all application running on web server, now you have to remove infected files manually or using scanner.
Now all up to you how you can manage your web server more securely…

I’ve found that luck is quite predictable. If you want more luck, take more chances. Be more active. Show up more often. 😀

UTF-8 FTP Tools


Hits: 2876  

FTP Tools / Clients are most useful for transferring files and data to server.

There are many FTP clients used in File Transfer, please use wikipedia.org for more details…

http://en.wikipedia.org/wiki/Comparison_of_FTP_client_software

Some time file transfer is not secure and reliable using various tools, file become corrupted or some special characters added to files.

You have to use UTF8 encoding while files transfer. Only some FTP tools use UTF8 encoding while uploading and downloading files.

To remove special chars from live sites, you have to use UTF8 based FTP tools.

http://www.pureftpd.org/project/pure-ftpd

http://winscp.net/forum/viewtopic.php?t=7078

http://www.xlightftpd.com/

FileZilla now have UTF8 support. So, next time while you are creating webpages in different languages; you can use UTF-8 based FTP tools to avoid characters problems 😉

Open source – Port25


Hits: 2399  

If you have trouble getting the PHP’s mail() function to work on your server.
If the function returned true, but never send the emails to target account.
Some ISP’s block port 25 (mail port), so you can’t send directly but you can send indirectly using your ISP’s mail server. 😉

Many email providers keep lists of IP addresses and block incoming mail, or move it immediately to a junk/spam folder.

Amazon Simple Notification Service Command Lines

There are some Open Source solutions to filter your mail problems..
You can check Open Source MTA here http://en.wikipedia.org/wiki/Comparison_of_mail_servers

Here list some MTAs as

  1. postfix
  2. qmail
  3. exim
  4. sendmail

Above MTA don’t handle integrated reporting, bounce management, and spam management, reporting.

PowerMTA: PowerMTA (this is not open source) provides the unique features and capabilities required by email service providers and enterprises to maximize the effectiveness of email marketing and customer communications, handle integrated reporting, bounce management, and spam management, reporting etc.

http://www.port25.com/products/prod_features.html

Install geoip on xampp


Hits: 10554  

Geocoding (finding latitude/longitude for street addresses), Geotagging (tagging media with latitude/longitude coordinates), and Geolocation (finding latitude/longitude of computer with IP X-Forwarded-For). There are some options to install on linux environment:

# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# gunzip GeoLiteCity.dat.gz
# sudo mkdir -v /usr/share/GeoIP
# sudo mv -v GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat

geoIP-Dat-Files

Install geoip with php5
# sudo apt-get install php5-geoip (ubuntu)

# sudo yum install php5-geoip (centOS)

Or Try # yum install geoip-devel

# sudo pecl install geoip (with PECL)

In Windows environment we have to add extension “php_geoip.dll” with PHP

Download extension from here : http://blog.svnlabs.com/php-5.2.1_geoip-w32.zip

Copy “php_geoip.dll” to xampp “php/ext” .. add a line in php.ini
“extension=php_geoip.dll” and restart xampp

Linux: “extension=geoip.so”

This extension will work on development system using Windows, Apache 2.2.3 and PHP 5.2.10.
We can
check “geoip” with phpinfo() module is loaded.

<?php
$record
= geoip_record_by_name('www.svnlabs.com');
if (
$record) {
print_r($record);
}
?>

Array
(
    [country_code] => US
    [region] => CA
    [city] => Marina...
    [postal_code] =>
    [latitude] => 23.9776792798
    [longitude] => -128.435796741
    [dma_code] => 867
    [area_code] => 400
)

<?php
$result = geoip_record_by_name('78.aaa.yyy.xxx');
var_dump($result);
?>

There is alternative PHP version of the GeoIP API from MaxMind, but this solution is quite slow on servers. MaxMind uses MaxMind database to display geo locations. 

How to run cronjobs per second?


Hits: 4257  

Have you checked my previous article on cronjobs…

http://blog.svnlabs.com/tag/crontab-command-line/

To run cronjob per second you have to execute crontab/cronjob per minute and then have to run task in cron file per second using PHP function time_sleep_until().

<?php

$start = microtime(true);

for($ii=0;$ii<60;$ii++)
{

//……………………….

/// here is the tasks which need to run per second…

//……………………….

time_sleep_until($start + $ii + 1);
} // end for

if (!function_exists(‘time_sleep_until’))
{
function time_sleep_until($future)
{
if ($future < time())
{
trigger_error(“Time in past”, E_USER_WARNING);
return false;
}

usleep(($future – microtime(1))*1000000);
return true;
}
}

?>

Image2text


Hits: 1799  
1100011111000001011000000011100111100001110100010100101000101101101011
1111000100110110100110010100111100101110110000101101100010111111011011
0001111001110001100110000000011000010101010010010001010110000101000010
1111101110000011010011010110011110111110100110100100010011010001010001
1100111001001000101100011011101101100111110110111010010010110010010001
0100111001000111101100001011010100010100011000110100010100010001101001
0010011011001110110101000000001000110100001101000011010000000100000000
1100110100111010000111100101010100111011111001101000111000111011100110
0000101110111011011101001000010010010101001001100010111111011000101111
0100010010000010101001010111100011000011010100010000001111001000011101
0100000100011010011110111110100000001001111001110111011001000001111001
0001000001110000101001101100010000010111100011010001100101110011000101
0001111111001011101111110000000111111111010101110100110001001001111110
1100001011110100101000011011111110010101011011100000000001001001000011
1000100001000110010010101110111001111010111011101101111000111110010101
1111100001100110101011110001111110111010001101010001011110111111100100
1111100011000101010111111000011110100010001101110010100100011101110000
1100111010101011010011010100110001111100111111000010110001100101100100
0101011101001010001111010011000010011010101111000000100011111101001001
0000111100010000000100110111010101111100000000010011110100000111010011
0010000000100011010111100011110100010001111110111101001101011100101101
1000110100100001001010110011111110001110101011110100100001000111001111
1000000011101111010001001000001100110011001011001110011110110101110011
0000010000011010000011010001011110101100001111010111110111001110101100
1101101101111111001010100101111000101011111010110111100011100100010101
0000010110100011111001100000101111100000110110001001010110111111000111
1001010101111101110001111011100111001111010100111100110011111100110111
1100000100000100000110001011111110111011000110101100111000000001001000
0000010111010000001001011011011001100110100110110000010001111111111100
1001011110110100001011010101111010111000111000110100100001011011101110

# gocr -­h //short man page
# gocr sample.jpg //best case
# gocr ­-m 130 sample.jpg //database

Some great tips coming soon…. 😉