Free and Open Source blogger with an attitude
It is undeniable that uptime is important for business and personal websites. For example, a website with low uptime may mean that the host is having technical problem or the web server is overwhelmed by client requests (serving web pages may incur a lot of overhead)
Pingness.com service does not require sign-up, you need to submit your email address and website url, and pingness will send reports of your site downtime (if any) and when the website is back-online.
Due to the widespread of Litespeed 0-day attack which has affected local websites, it’s imperative for all sysadmin and website operator to patch/update and upgrade the security of the Litespeed web server.
This attack is dangerous particularly because the attacker can gain shell access with the same privileges of the web server or the user that runs the web server. Usually this allow the attacker to peek into database content and downloads it.
Patch now!, the security and privacy of your users are at the stake!
Although security by obscurity is not the best policy to protect your IS assets, but it is still useful to thwarts simple network scanner or newbie crackers.
Note: This tip is written for Ubuntu Linux, the steps is similar to other GNU/Linux distro, albeit with a slight variant.
Hiding Apache2 version
Edit /etc/apache2/apache2.conf
Add these lines at the end of the file:
ServerSignature Off
ServerTokens Prod
Restart Apache2
[bash]
sudo /etc/init.d/apache2 restart
[/bash]
Hiding PHP version
Edit /etc/php5/apache2/php.ini file
Find these lines, and switch it off:
expose_php = Off
display_errors = Off
Additionally you may disable certain ‘risky’ functions in php by editing the disable_functions line:
disable_functions = phpinfo, system,show_source,
Finally, you may restart Apache2 web server.
[bash]
sudo /etc/init.d/apache2 restart
[/bash]
1. SSH Access
Ftp access is not enough anymore as it is insecure (password is being transfered in plaintext). Besides, SSH access enables me to download updates and patch and updates directly inside the web server instead of having to upload it bit-by-bit from FTP server. Normally, some web hosting provider refuses to give SSH access out fear that their security would be compromised, well those providers aren’t for me.
2. PHP / MySQL release
Alot of webserver claimed to have the *latest* release of PHP and MySQL running on their webserver but is it true? Not all latest software are good/great, I will always ensure that the one offered by the web hosting is the most suitable for my application need.
3. Customizable DNS Record (NS)
A feature noticeably lacking in CPanel (I hate CPanel, with a passion). A customizable DNS record allows you to freely change your domain A, MX and CNAME record to point somewhere else. Sometime the domain registrar (ENOM comes in mind) lets you customize your own DNS Record without web hosting providers help. The ability to change DNS Record is important because it lets you host part of your web application somewhere else like by using Google Apps, etc.
4. Shared Hosting or Virtual Private Server (VPS)
Shared Hosting is probably the best choice if you are just starting to learn on how to host your own php/mysql application. Things to look in Shared Webhosting is whether you are within a ‘bad neighborhood’… meaning that whether my website has to share the same server/ip address with notorious spammers as this will affect website reputation. Plus, bad neighborhood is also the main cause for frequent downtime and website slow downs.
VPS is probably a better choice, but it requires some administrative skills from the site operator (read: you!) side. Things to look for in VPS hosting option is the total RAM and processor slice. If you are hosting a busy website with more than 5000++ unique visitors per day, then do not take a VPS with less than 512MB RAM, because you may find that it won’t cut it. Busy websites require higher RAM, it would also help if you use lighttpd or nginx webserver instead of the resource-hungry Apache. One more thing, when surveying for VPS provider, I will almost certainly look for the one that allows on-the-fly resource resizing or at least offer the option of letting users to re-size resources by themselves.
5. Mod Security Filters
This is in case of shared hosting — Mod security in Apache enhances the security of Apache-hosting websites. Although this feature is rarely advertised on the web hosting providers’ site, It is actually one of the most important feature to have, especially if you are going to host high-risk web application. I would prefer one that allow customization in ‘.htaccess’ file.
That’s it, the FIVE (5) things that I always look for when surverying for web hosting provider. Some of you might notice that I didn’t mention SLA (eg: 100% uptime guarantee or money back guarantee, etc). Well, to me SLA as promised by most Web Hosting provider aren’t even remotely realistic as it is not predictable, and most of the Web Hosting provider (including one that offers VPS) grossly oversell their service, so as a result, most of them fail to meet their own SLA. Don’t get me wrong, I rather host with a provider which have great track record with efficient service.
Android application uses *.apk file as its installation package. It is a variant of the Java JAR file format (which in turn a Zip 2.0 file). Usually the *.apk file is obtained from Android Marketplace, the official channel for getting Android application. However there are some vendors or carriers that allow *.apk file to be downloaded from 3rd-party websites.
Those who elect to upload the *.apk files on their own webserver can add the official Android APK MIME Type to their Apache Web server config file:
Option 1: edit mime.types (for those who have root access)
1. First edit the mime.types file – sudo nano /etc/apache2/mime.types
2. Then add this at the end of the file – application/vnd.android.package-archive
3. Reload the server configuration – “sudo service apache2 reload”
Option 2: edit .htaccess file (for shared server or user who do not have root access)
1. Edit .htaccess
2. Add this line – AddType application/vnd.android.package-archive
This will register the appropriate MIME type for the *.apk file so that both the server and mobile application can handle.
Load balancing is a method to distribute workload across multiple computer over a network. The purpose of load balance in web server is to avoid one web server from being overwhelmed by requests which eventually leads the machine to come down to a crawling halt.
Assuming that you have 3 web server to assign the load to each with this IP Address:
10.20.20.1
10.20.20.2
10.20.20.3
You can drive the traffic to each of this on every third packet with this iptables rules:
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 10.20.20.1:80
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 10.20.20.2:80
iptables -A PREROUTING -i eth0 -p tcp --dport 80 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 10.20.20.3:80
This will ensure that every 3rd packet of the request will be properly distributed among the three servers to balance the load. Note that this is only useful in simple website which serves static content or for a download servers that serve large files over the internet (CD or DVD iso downloading)