Hoaxblog.com

I think my estimation was really wrong :-S , No php cacher works perfectly with the suphp environment Its really very much disappointing Xcache would work, but for some photo galleries and some kind of sites which needs to system process will get locked with xcache. Eaccelerator doesn’t work at all with suphp. I m thinking to try apc, though i m really not interested in running apc as i havent heard good regarding its transition intelligence. But finally i have to say, if you are running your server with suphp or phpsuexec then you may need to forget using a php cacher with it. Even in some cases it will conflict with suhosin too lol!

This is really the most handy tool for mysql databases. A built in mysqldump can be used via shell to dump mysql databases within a few minutes. Sometimes dumping backups using phpmyadmin is too hazardous. So it’s really a necessary tool and fast too. I have listed this commands and i believe this should be useful to lots of system admins

Taking Database Backup

mysqldump -uuser -pmysqluserpassword database_name > database_name.sql

Restoring a Database

mysql -uuser -pmysqluserpassword database_name < database_name.sql

Here, you need to replace the user with the proper database user who has access to that specific database and the mysqluserpassword directs the password of that specific user. Here, one important thing is database_name.sql file can be replaced with the location of the sql file, suppose if you want to save it or retrieve from /home/backup then you can put /home/backup/database_name.sql to do that.

Finally i made this decision. Its really hard to block a full country from accessing the server, though i was forced to block the traffic from some region located in Iran and China. Our main Proxy server was being abused at high level from these countries and most of my proxy customers were dis-impressed with the performance for last few days. This is the first time i saw my customers informing regarding the degrade in performance, so i was forced to take this hard decision. Although, i do not use cisco hardware firewall to block these traffic or a software firewall. I found the easiet and efficient way to do this is using the maxmind tool to create an artificial intelligence. It shows a page saying an error. I really do not like the stuff to directly drop the full request of a n user. So firewall wasn’t a perfect way to do so. Now my soft works like a charm

DDOS has become a real headache for me in these days. Everyday, around 40% of the load with a good amount of bandwidth is being licked by these lame attackers. From starting i m using the ddos deflate a well known ddos protector to all the server admin. This ddos protector uses “netstat” to find out the connections on the server and ban them for a period of time using a firewall automatically. Whats the main disadvantage of this protector is its not a real time protection, and for running netstat it creates a good amount of load on the server. More Importantly, this ddos protector just bans the ip at a certain ideatically. In lots of cases you may find this that, ddos deflate has banned someone who is not really doing ddos on your server. So if you are trying to fetch for a best ddos protector for a loaded server, specifically for a hosting service, then definitely ddos deflate wont be a good choice without any modification.

When a real time syn flood protector concerns, then the first one comes, is Cisco Guard or that typo firewall software. They uses some artificial techniques to determine the syn flooding and filter the requests. Its good, but in lots of cases when more pure attacks are in effect, it wont perform the best too. Though, it may reduce the load on the server by filtering a good amount of ddos traffic. But i have found that, most of the DC don’t provide this service to buy. Its only available to use for 24 hours so. Moreover, for not having it available in market to buy directly from vendor, no individual businessman going to have it by paying too.

As runtime filtering is not possible without a big artificial intelligence, thats why i m really thinking to modify the ddos deflate to its best. According to my inspection certain modification on this script can make it more perfect and better in lots of ways. But one of the disadvantage of taking high load will kept alive as we cant proceed without checking or analysing the traffic details. Though, the modified ddos deflate should work fine in lots of cases when loaded dedicated boxes concern. My main motive is to make the protector ban the IPs who are estabilished means alive in the network and basically using http protocol. I m also working on it to make it more simple and working faster in the network. I will definitely be posting the download when i m done with the project and tested it in my network It should be more perfect comparing from both side i explained

PHP Cachers like Eaccelerator, Xcache, APC are really worthy to give a try. For highly loaded server with around 10+ load constantly, and running php as the major scripting, then definitely a cacher can lowers the load to 1-2. I usually do lots of proxy hosting on one of my server. From last month i was having over 10 load constantly on the server. Usually it covers up the 30-40 Though, having it highly optimized, i hardly face any sort of speed or crashing problem. Though the response time for that server was around .05 seconds per KB, which is slow comparing with other web proxies in the world. One of my made a complaint on this issue that the loading time is comparatively slow and needs to be fixed asap. In the meantime i was running php with CGI instead of Apache to make it more secure and perfect. Though today i made the change from Cgi to apache, so that i can use Eaccelerator. The major reason of choosing eaccelerator is it was installed previously though it wasn’t working as it doesn’t support threaded mode. I knew that Xcache is better than eaccelerator, but before installing xcache, i was waiting for a test with a php cacher. And voila, after the move, i can see my load lowers to only 2-7 now which was around 50-75 few minutes ago. Though, i have made some changes to take it effect, as i got 6 GB RAM on that server, so i made shm size to 256 MB. Caches work from hard drive, though it needs some extra RAM allocation to work with the transition, thats why most of the cases, people love to keep the shm size lower. Finally i found it is caching around 4000 scripts in the server and made the sites more faster keeping the load lower.

Note: When you have around 40-50 load active, then its better to kill all the http connections and then wait for having the load lower than 5. After that start the apache, it will start caching your php scripts. After a few minutes, you should see your load is not fluqtuating as it was doing before One more important thing is when, cacher has done with its memory size and if you shm size is quite big, then better not to restart the apache so frequently. Cause with a apache restart it will clear its cache database and start caching back again. In my case, as i was using the compression level 9, it was creating extra pressure on the server while dumping the caches

Today i was working on protecting the server from ddos. While experienting on the network, i found that the banned IP log is being too big and needs to be reduced. It looks like the easiest way according to me is to use the tail command to void or emptying the file.

I was trying to void the ignore.ip.list file, which leads to the following command:

tail -1 ignore.ip.list > ignore.ip.list

If you want to keep last 5 lines and delete all others, then you can try this:

tail -5 ignore.ip.list > ignore.ip.list

Isn’t this handy? Its really great when you need to void files like error_log, access log and some more logs in the linux server. It is better than deleting basically, if that file is going to create again.