As defined here, http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidmaxrequestlen, the default value for MaxRequestLen is 131072, which is quite low for most implementation. I would prefer to use a higher value for this.

For cpanel users, the configurations lies in this file.
/usr/local/apache/conf/php.conf

You need to add an additional line for this, which set the limit to 2MB.
MaxRequestLen 2097152

Restart your apache, and you’re done.

Mysql implemented slow log, which will log queries taking too much time to be completed. Mysql do have features where you can set global configuration on the fly, and will be in effect until the next mysql restart. If you want to make it permanent, it need to be placed in my.cnf configuration file.

To make enable slow log:

SET GLOBAL slow_query_log := 1;
SET GLOBAL long_query_time=10;
SET GLOBAL LOG_QUERIES_NOT_USING_INDEXES = ON;
SET GLOBAL slow_query_log_file = ‘path’;

slow_query_log (1 = enable, 0 = disable)
long_query_time (the treshhold to consider it is slow, in seconds)
LOG_QUERIES_NOT_USING_INDEXES (if turned ON, it will consider queries not using indexes as slow)
slow_query_log_file (the path to the log file)

If you want to make the settings permanent in my.cnf file:
log_slow_queries=”path”
long_query_time=10
log-queries-not-using-indexes =1

For more information, please refer to official documentation on slow query log from mysql.com.

Besides mysql, your web server is a crucial part in processing your web-application as well, and for that, you might want to consider using this apache module, modlogslow, to log scripts which takes a long time to be completed.

It is an apache module, you need to compile it using apxs. Add some configurations to load the module file, and configure how will it behave, and you’re ready to go. The documentation provided in the archive, and also in the Google Code page, enough to get it running.

the code below will be enough to enable the module. Find httpd.conf, and put these few lines to enable it
LoadModule log_slow_module modules/mod_log_slow.so
LogSlowEnabled On
LogSlowLongRequestTime 8000
LogSlowFileName /usr/local/apache/logs/slow_log

Hope this would help you in monitoring your server, get to know who is sick and need attention.

One major part of optimization is to use caching. One good example of caching is in reverse-proxy, which will sit infront of your server, and watching all requests passing through. Static contents will be cached in the first request, and the following request will be served from the cache. Previously, squid have been a good option for this. Afterwards, nginx comes into place, where it has proven itself to be a better candidate with small memory footprint, and capability to better handle static contents and a lot of request. Remi from WebFaction have done a benchmark where Nginx is serving static content at 10k requests per second. Cool!

Last few month I have read about varnish, and never had much more reading into it, until last few weeks where someone have come out with a case study on how varnish helps them in static content caching. I have done some tests on varnish, and it is not that easy to deploy one in your environment to best utilize it capability. It need to be tuned in accordance to your application, because you need to tell what to cache and what not to. On top of that, varnish is sensitive to cookies, you need to manage all the cookies as well. In an environment where you have unpredicted application deployment, such as hosting company, it would not be as affective as a dedicated configuration for a single application. Thats the compromise that you have to make. However, this is a good option to have, at least to reduce the requests that you’re getting on the server.

Content Delivery Network, or CDN do implement caching as well for all static contents that it is serving. The whole CDN idea is about caching as well, retrieving the same contents from the nearest node, and to reduce the loads from the main server. there are a few options of CDN nowadays. Cloudflare provide and easy interface to start using CDN. You just need to change your NS record of your domain, and you can start using much more features offered by Cloudflare such as DDOS protection and application firewall. Another option is MaxCDN, and Aflexi. Aflexi offers CDN software, for anyone to start offering CDN service to their clients. You can apply one from Exabytes, which do offer CDN harnessed by Aflexi.

Talking about application side caching, if you’re using wordpress, wordpress have some plugins which will do caching, such as wp-cache, wp-supercache. I personally prefer wp-cache, which works for me last time I tried it. One thing to note that, wp-cache will cache the whole page generated by wordpress, and will keep it for a pre-determined duration, in configuration section. Besides that, Jeff Star have written an article on how to make WordPress faster, basically by turning on some internal variables, which will skipped database queries for certain information by harcoding them in wp-config.php file.

For example, defining blog and site URL:
define('WP_HOME', 'http://digwp.com'); // blog url
define('WP_SITEURL', 'http://digwp.com'); // site url

Hardcode stylesheet and template path
define('TEMPLATEPATH', '/absolute/path/to/wp-content/themes/H5');
define('STYLESHEETPATH', '/absolute/path/to/wp-content/themes/H5');

And defining encryption key for internal data in wordpress. You can generate it from WordPress.org secret-key service.

If you are a programmer, consider using memcache. Memcached is a lightweight in-memory object caching server, which can store object data from your application, to be retrieved again faster. It was developed by LiveJournal to harness their web operation until now. Detail of LiveJournal setup was entailed in this article, Distributed Caching with Memcached, by Brad Fitzpatrick. The article describe technically how memcached works, and how it is scalable, to be implemented site-wide. You will get the idea, on why the same web server can host memcached as well, possible more than 1 instance of memcached, and how your application will make use of the whole memcached cluster. In LiveJournal case, they have 28 instance of memcached running, holding 30GB of popular data.

One more thing, install this PHP script, to monitor your memcached cluster. Written by Harun Yayli, the script will be password protected, and enabled you to view information from each memcached instances configured. Hit rate, miss rate, uptime, version and data size.

ssh alias allow you to connect your remote machine just by words.

# ssh mymachineor
# scp file.txt mymachine:~/

Isn’t that awesome? You can configure all your host in a config file, located at
~/.ssh/config
And below are the sample configuration

Host mymachine
HostName [ip address or hostname]
User [username]
Port [port number]

You can just add alias for another host using the same syntax like above, in the same configuration file. If you’re connecting to default port, which is 22, you can just ignore the “Port” configuration line.

If you placed the tricks of ssh’ing into your remote server without password, you can go into with less typing, but be carefull with your private key, as it is the key into your server.

Please refer here, as this is my source
http://www.innovatingtomorrow.net/2008/01/21/type-less-ssh-aliases

Jailbreaking becomes much easier now. You just need to browse through the site, some clicks, and your iPhone were jailbroken. What jailbreakme.com did is kind of a drive-by exploitation, a technique malware writers used to infect with malware/virus, by exploiting vulnerability in the browser by viewing a PDF file. In this case, jailbreakme.com used the exploit code to exploit a vulnerability in PDF reader in iDevices, to jailbreak the device. @comex found the vulnerability, and use it in jailbreakme.com. And actually, at the time when this article was written, the PDF files can be found here. http://www.jailbreakme.com/saffron/_/

For whatever purpose you want to jailbreak your iPhone, I don’t care. But the issue arises as it is really EXPLOITING a vulnerability in your iPhone device. Practically, not just iPhone, but iPad and iPod. It means, your iDevice might still have this vulnerability which is exploitable. What does it mean by exploitable? It means someone can execute a malicious code, some people might understand as “hacking into” your iDevices, to do anything that they want, without your authorization.

Apple have announced that the patch will be available in the next update, which leave your iPhone hackable or exploitable in the mean time. Jailbroken iDevices by jailbreakme.com can download additional patch to patch the vulnerability, called PDF patch 2. But for virgin IDevice, you remains vulnerable until the next update.

The PDF file used by jailbreakme.com is available for public access, at http://www.jailbreakme.com/saffron/_/. There are rumors that someone have started writing malicious code to exploit this vulnerability, and it is on its way now.

I found a few articles which gives an insight on security in mobile devices, and currently pointing to the few who conquer the mobile device market share currently. Security Showdown: Android Vs. iOS and by ThreatPost, New iPhone Jailbreak Make Short Work of World’s ‘most secure’ OS

Additional note:
IOS Hardening Configuration Guide, by Australia Government, Department of Defense

For simple analysis, you can try identify where it comes from. From the mail header, it will tell you which email server does it come from. In some cases, some email server will have the IP address of the user who sent the email as well. Go havva look, the picture below show you how to get the mail header in Gmail. For other main clients, you can refer to this site.
http://www.mycert.org.my/en/resources/email/email_header/main/detail/509/index.html

One scenario that we might think about, my computer have been infected with virus, but I still can send my email as usual. So, whats the deal? Well, there’s a lot more about the virus that you dont know. We’ll just discussed about 2 issues here, banking trojan like zeus, and also botnet.

Zeus trojan

Zeus trojan is a banking centric trojan, where it steals banking information by keylogging. There quite a number of infection nowadays, and thousands of variants. Zeus package were sold for anyone to run the botnet. The package comes with the virus builder, that were custom made for your configurations. So, your banking information might not be received by one person. Anyone could steal your banking information. The data will be submitted to Command and Control (CnC) server, specified by the creator.

Picture from http://www.secureworks.com/research/threats/zeus/?threat=zeus, showing what kind information being stealed

Picture from http://www.secureworks.com/research/threats/zeus/?threat=zeus, showing sample collection of data on CnC server

To see how serious it is, please visit this page. Zeus Tracker. Zeus tracker is a project where all detected hosted zeus malware, and the CnC in all countries were placed in a repository. You can limit your search by country, and ASN. If you want to understand further what zeus trojan did on infected computer, SecureWorks have come out with a comprehensive report on zeus trojan. All information about the market place, sample data stolen, screenshot of CnC interface, and additional zeus trojan module, which enhance its capability of stealing data.

For ISP and network administrator who manage a big network and bunch of IP addresses, you can search for CnC and hosted zeus binaries in your network by country, or ASN. Besides that, you can retrieve those information through RSS feed. With a simple RSS reader, you can get latest information about zeus threats in your network. And besides zeus trojan, there are more feed provider that could give you such information, such as similar project, Spyeye tracker, which monitor Cnc and hosted spyeye malware. Have a look on conficker and others as well from shadowserver.

Botnet

Botnet in this case means a network of drones, remote controlled computer harnessed by malware and command and control. Usually infected computers will connect to CnC server specified, either hardcoded, algorithmically generated or over fast-flux. Once your computer have been infected, you might be within the bot network (botnet), which able to receive commands from the bot herder (botnet owner). One of the most popular botnet is Conficker, with its unique way of choosing CnC, which were algorithmically generated everyday.

Picture from Wikipedia:Botnet

The image below illustrate the bot herder, sending spam email from the botnet for money. We should not limit it to spamming only. There’s a whole new business model with botnet, such as botnet for rent, DDOS, phishing, and bunch of other internet threats. Here’s a bunch of uses of botnet by Honeynet Project. So, your infected computer might be doing some of the function listed there. Which one, check it yourself. How big it can be, check this out. Kneber or BTN1, infected about 75,000 system within a year and a half. Thats quite a big number.

Talking about Conficker, Felix Leder and Tillmann Werner have come out with comprehensive analysis of Conficker, and how to detect and mitigate them. They even wrote a tool that could generate the possible generated domains for CnC for a particular day called Downatool2. The approach described will give an insight on how to mitigate them, in a large organizational network that possibly infected with Conficker.

For starters, just check your computer for malware infection. ConfickerWorkingGroup have came out with Conficker eye chart to detect whether you have been infected with conficker, and even its possible variant. And yes, Conficker comes in a few variants. Besides that, just scan your computer with MalwareBytes, for any sign of infection. If you think you’re abit more adventurous than that, run HijackThis, and submit the output to Hijackthis log analyzer such as one from exelib.com or hijackthis.de. If its not enough, maybe you can start by reading this article by Symantec, Malware Analysis for Administrators.

It is a good way to verify our account, and claiming your account if you happen to lost your account due password lost. It might be a concern about your personal data, personal information being held by google. But by using their service, we’re compromising our privacy to google already.

However, how did they verify that I entered my correct mobile number? No verification made for the phone number. Anyhow, its a good step to limit the incident related to account lost by google. Other services like facebook also did have some mechanism to mitigate the issues, like notifying you if someone else accessing your account from another location, which seems to be unlikely.

I’m glad to see such more internet services taking this issue seriously, and doing something about it. As they grow larger, they still seems to care for those small portion of their users, whose having this kind of problem.

There are few aspect of tuning need to be done, relative to your resource, in terms of available memory, harddisk I/O, and some other considerations. Surely, you want the best performance, with high level of security. At some point, there are some aspect that you should be compromised to get the best in other aspect.

Apache

There a few configuration that would need a change, for example, HostnameLookups. By default it was turned On. While turned on, it will add a latency to the request to resolve the IP before the request were completed. You can disable it by replacing it with

HostnameLookups off

DirectoryIndex negotiation is an option for you to determine what file to be the default file to be loaded in any document root. Avoid using wildcards, and enter the options specifically in httpd.conf file, ordered by the priority
For example:

DirectoryIndex index.php index.htm index.html index.shtml index.phtml Default.htm Default.html

Apache 2.0 equipped with Multi-Processor Module (MPM) which will handle apache connections, handling requests, and forking child process for the requests. There are a few options to chose from, and the most common are worker and prefork. Each of them have their own advantages and disadvantages. Make sure you read through the documentation to understand each options, and how they would help you apache process/request handling.

In my case, I’m using prefork.
StartServers 15
<IfModule prefork.c>
MinSpareServers 10
MaxSpareServers 25
</IfModule>
MaxClients 255
MaxRequestsPerChild 10000

If you are using cPanel, you can edit this in WHM Control Panel -> Service Configuration -> Apache Configuration -> Global Configuration.


A few more to add
ExtendedStatus Off
ServerSignature Off
ServerTokens ProductOnly

http://httpd.apache.org/docs/2.0/mpm.html
http://httpd.apache.org/docs/2.0/misc/perf-tuning.html
http://www.webreference.com/programming/Apache-Performance-Tuning/
http://www.devside.net/articles/apache-performance-tuning

System

Not to forget, some tuning might be needed for memory limit, tcp tuning, and also filesystem. You might want to have a look at this site:
http://www.performancewiki.com/linux-tuning.html

There are a few disk benchmarking tool that you can use :
bonnie
hdparm
iostat
collectl
seeker : http://www.linuxinsight.com/how_fast_is_your_disk.html

This article do provide a good base for you to start with harddisk IO benchmarking, using a few tools from above. For other tools, sure you can find your way to some manuals.

PHP

On the PHP side, there are also few options for optimization, that could make your page load faster. One of the most effective technique is caching. eAccelerator did well for PHP caching, where it will cache PHP code execution in a compiled state. By this way, it will reduce the overhead of compiling PHP code per request significantly.

This tutorial below provide a simple yet useful instruction on how to install eaccelerator on your server. Do change the options accordingly. You can refer to the Setting options from the official site.
Beside that, try to have a look on Xcache, a PHP opcode cacher, that seems to be one of the popular PHP cacher.

There are a few options to compressed the content delivered to the user. One way is by using mod_deflate apache module. There are a few tutorial to implement mod_deflate, such as by HowtoForge, LinuxJournal, CyberCiti.biz and Devarticles.com.

There are also options for you to turn on compression in php.ini runtime config.
output_buffering = On
output_handler = ob_gzhandler

mysql

Now we’re going into mysql optimization. I need to grab my dinner, so, I’ll put this in short.

Do caching on mysql, enable this by editing your my.cnf file. There are many options of caching that you can do on mysql, and below are sample of my settings that works well for me.

[mysqld]
query_cache_type = 1
query_cache_limit = 8M
query_cache_size = 32M
thread_cache_size=20
thread_concurrency=4
key_buffer_size = 16M
query_cache_limit=16M
join_buffer_size=16M
tmp_table_size = 256M
max_heap_table_size = 256M
table_cache = 4096
open_files_limit = 1000
log-queries-not-using-indexes
#custom entry
#log = /var/log/mysql/mysql_query.log

I put additional line for query log, to monitor if there will be anytime i need a log of queries performed on the server.

The business of tuning is specific to hardware, and your application as well. You need to determine what best for your environment. Try some setting, know what are the configuration are for, and tune them one by one to achieve the best result.

There are a few tools that could help you to identify what might be needed to be tuned.

tuning-primer.sh

Mysqltuner.pl
Mysql tuner is easy to use, you can just run these 2 lines of command to see the result of the report.
# wget mysqltuner.pl -O mysqltuner.pl
# perl mysqltuner.pl

mtop
mtop is like top which you would use to monitor resource usage live. mtop look the same, utilizing ncurses libraries to generate the output.

You can monitor your cache and thread usage by issuing these in mysql console
show status like ‘qcache%’;
show status like ‘%thread%’

Do monitor your slow queries as well, pin down whose taking down your mysql server.
mysqladmin -u root -p status
mysqladmin -u root -p version

Last one, do defrag your fragmented mysql tables. Phil Dufault wrote a bash script that will do the work for your, for all your mysql databases that you have.
http://www.dufault.info/blog/a-script-to-optimize-fragmented-tables-in-mysql/

And once in a while you might want to repair all tables in all database. Here 2 scripts that will do that for you.
http://www.webdevlabs.net/2010/08/bash-script-to-repair-all-mysql-tables.html

Gua Damai located north side of Batu Caves, near Kampung Melayu Wira Damai. Coordinate: 3.2477904, 101.687463. Last few month, I have the chance to spend some evening there, at the place, and did some bouldering with the kids, and of course, cycling. Here are some pictures