Linux Server Administrator - PHP Programmer - DevOps - Webmaster

Securing My Linux Server - My Everyday Secret Diary Job as server administrator come easy with programmer mindset

  • Docker
  • Ansible
  • Machine Learning
  • Startup
Spend money for:
1) Education
2) Parent
3) Society

Don't start investing before:
1) Having life insurance / medical card
2) Enough saving for at least 6/12 month

3 wealth vehicles:
1) stock
2) business
3) property

1) automation
2) eliminate waste
3) monitoring
4) shared information

Penetration / Load Testing
1) burp suite
2) sqlmap
3) loic
4) vegeta
5) hping3
Opensource Service
  • Customize PHP Application
  • Security Consultant
  • Linux System Administrator / Server Support
  • SEO Consultant
  • Membership Card System For Travel Agent And Discount Card Company
Webmaster Joke
- Played video games. Net profit: $0
- Spent money on girlfriend. Net profit: Wife
- Got married. Net profit: Two children.
- Total net profit: A nice family, no web sites, no free time to develop web sites. Oh yeah, no money either.
What I learn being webmaster:
  • I should spend my money more on my server and website rather than a car
  • Maintaining car is easier than maintaining database because car got odometer but database not. It's important to monitor database filesystem fragmentation
  • Have a big, shiny and fast car not as proud as having a high traffic website
  • More traffic mean more money

Public Cloud Experience

AWS --> Azure --> DigitalOcean --> GCP --> Alibaba
Currently preferred GCP (simple especially Bigquery and GKE) and Alibaba (better performance for Asia traffic)

Security Scan

nmap -sV -T4 -F target_ip --script vuln

A good boss / manager

  • Develop every employee.
  • Deal with problems immediately
  • Rescue your worst employee
  • Serve others, not yourself
  • Don't micro manage
  • Always remember where you came from
  • Deliver what you promise
  • Never talk bad about employee

Modern DevOps

Modern DevOps have to master all below:
  • SDLC Automation
  • Configuration Management and Infrastructure as Code
  • Monitoring and Logging
  • Policies and Standards Automation (security check, regression testing)
  • Incident and Event Response
  • High Availability, Fault Tolerance, and Disaster Recovery (feature toggles, self recovering component)

NPM slow or ERR!

npm config set registry

Install Python3.6.5 On Centos 6

yum install gcc openssl-devel bzip2-devel
tar -zxvf Python-3.6.5.tgz
cd Python-3.6.5
./configure --enable-optimizations
make altinstall

My favourite tcp network tuning for performance

net.ipv4.ip_local_port_range = 1024 65535
net.core.somaxconn = 1048576
net.core.netdev_max_backlog = 1048576
net.ipv4.tcp_max_syn_backlog = 3240000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 1024
net.ipv4.neigh.default.gc_thresh3 = 2048
net.netfilter.nf_conntrack_max = 1048576

Running Kernel 4 On Centos 7 Google Compute Engine

1) rpm --import
2) rpm -Uvh
3) yum --enablerepo=elrepo-kernel install kernel-ml
4) awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
5) grub2-set-default 0
6) grub2-mkconfig -o /boot/grub2/grub.cfg
7) reboot

Tune Linux Network Card For Performance

  • ethtool -C ethX rx-usecs 30
  • ethtool -K ethX gro on gso on tso off


Show all git branch including unknown branch

git log --oneline --all --graph --decorate $(git reflog | awk '{print $1}')

Making the Right Architecture Decisions In Cloud

  • Time: How long it takes you to setup
  • Team: How productive your team will be with this decision
  • Cost: How much you'll pay to cloud provider for these services
  • Risk: How much down time / data loss / security risk you're exposed to
  • Scale: How many users you can serve / how fast your app is

How I build my own chat app or whatsapp/path clone

Chat app getting popular recently. It's getting explode even before facebook acquire whatsapp. Thanks to android and ios market share and innovation. It's remind me how popular and addicted IRC was last time. So, as weekend project I build my own chat app too. First, I think will use websocket and webrtc as communication transport but whatsapp already using jabber/xmpp protocol (thanks stackoverflow) and I should not reinvent the wheel because somebody who smarter and more experience than me already doing the research and technical overview (Thanks path for the blog). I end up using ejabberd as xmpp server, some custom php rpc libary Library for XMPP protocol connections and smack libary for android and both from github. So the stack:
1)Mariadb - but without tokudb engine since tokudb not supporting fulltext search yet
2)Ejabberd - xmpp server
3)Smack for android
4)fabiang/xmpp php library / otalk/ nodejs webclient

Happy SysAdmin Day 2012

Happy Sysadmin Day! Like usual, every year we as sysadmin has one day to celebrate off. This year, I bought new smartphone. Samsung S3. Yes, it quite expensive but I think it really worth. I also got new notebook with Ivy Bridge processor and kindle touch from Amazon. So sweet.

Is running a business right for me?

You are not suitable to run a business if:
* you like neat and tidy job descriptions
* you do your best work with instructions
* you don't like staying late at the office on Fridays
* you're counting on benefits and job security
* you like formality in the workplace
* you don't deal well with failure
* you're a perfectionist

Fixing yum dependencies library error

I have 1 centos box which give me dependencies error when trying to update with yum. Couldn't remember why this problem happen, so I need to reinstall it back without breaking any other software/application that running.

Transaction Check Error:
  file /usr/share/man/man1/curl.1.gz from install of curl-7.15.5-15.el5.x86_64 conflicts with file from package curl-7.15.5-9.el5_7.4.i386
  file /usr/share/man/man1/fastjar.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/gcj-dbtool.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/gij.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/grepjar.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/grmic.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/grmiregistry.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/share/man/man1/jv-convert.1.gz from install of libgcj-4.1.2-52.el5.x86_64 conflicts with file from package libgcj-4.1.2-51.el5.i386
  file /usr/include/libdevmapper-event.h from install of device-mapper-1.02.67-2.el5.x86_64 conflicts with file from package device-mapper-1.02.63-4.el5.i386
  file /usr/include/libdevmapper.h from install of device-mapper-1.02.67-2.el5.x86_64 conflicts with file from package device-mapper-1.02.63-4.el5.i386
  file /usr/share/man/man8/dmeventd.8.gz from install of device-mapper-1.02.67-2.el5.x86_64 conflicts with file from package device-mapper-1.02.63-4.el5.i386
  file /usr/share/man/man8/dmsetup.8.gz from install of device-mapper-1.02.67-2.el5.x86_64 conflicts with file from package device-mapper-1.02.63-4.el5.i386
To fixed it:

[[email protected] affandy]# rpm -e --justdb --nodeps device-mapper-1.02.63-4.el5.i386
[[email protected] affandy]# rpm -e --justdb --nodeps libgcj-4.1.2-51.el5.i386
[[email protected] affandy]# rpm -e --justdb --nodeps curl-7.15.5-9.el5_7.4.i386
[[email protected] affandy]# rpm -e --justdb --nodeps libgcj-4.1.2-51.el5.i386
Then, run the yum update again and everything should be good now.

3 Challenge to become successful webmaster

1) Need to know how to get traffic
2) Need to know how to write content for your audience
3) Need to know what technology to use

Myisam Performance Tuning

I won't touch any tuning about key_cache or thread_size because you can find it elsewhere on internet. This is just reminder for me because it is hardly to found on internet when tuning mysql for myisam engine. The secret recipe for myisam engine is 'myisam_use_mmap'. This parameter can increase your mysql memory usage a little bit but can see the performance increase slightly. You can continue to read it here

Optimization for high traffic website

Instead of being developer and system administrator, I'm also a performance engineer. Seeing alot of of bad code and design, so I'm started by own template question when optimizing web application for performnace.

1) Do we have compression turned on?
2) How many resource requests do we make
3) How many 3rd party assets do we have?
4) What will happen to our site if a 3rd party widget becomes inaccessible or very slow?
5) Have we sized our images to decrease their size?
6) Have we encoded our images to allow progressive rendering?
7) Does our host provide optimization services?
8) Are we using a backend template system? If so, are we targeting mobile devices?
9) Are we doing any asynchronous javascript requests?
10)Have we combined and minimized our javascript files?

Managing high traffic mail server

It is not easy to maintaining really busy mail server. We have notification system that will blast the email to our user everytime got changes. Most of popular mail server will blacklist when you has reach connection limit or if you not using proper mail header. This is not so easy to fixed. I will monitor mail log and analyze with this tool. Spam Score and Email reputation. The big problem that we had before is the typo in domain name / email address like "[email protected]". To fixed this problem, we verify if the domain is valid before sending the email.

Mysql not enough memory

How to know when you need to add more ram to your mysql database server? run this command

MariaDB [(none)]> SELECT table_schema "Data Base Name", sum( data_length + index_length ) / 1024 / 1024 "Data Base Size in MB"
    -> FROM information_schema.TABLES GROUP BY table_schema ;
| Data Base Name     | Data Base Size in MB |
| affandy            |       11116.18506908 |
| information_schema |           0.12500000 |
| mysql              |           0.61168861 |
From this data, mysql table already 11GB in size so the ram size in my database server should not less than 12GB if I don't want to see the performance issue.

How to prevent I/O

First off all, you need to check if the I/O is your network or hdd. Sar, netstat -i, ifconfig, iostat is the tool to check network I/O. Most of the server now are using 1GB NIC and sit in the good switch hardware. If the network I/O happen, upgrade your NIC, network cable, upgrade switch/router and upgrade RAM. TCP need RAM. Top, vmstats, strace and block_dump kernel parameter is the tool to check hdd I/O. If you seen I/O on hdd, the solution is RAID. Your hdd has a limit to read/write operation. The best if you can implement memory disk (SSD)

Email server solution

A few years ago, I really like qmail because of it's stability, fast and secured. It's still served hundred of my client email account. Nowdays, postfix has dominate mailserver solution I think. The best part about opensource is, there will more people sharing their artwork for free. So there is iredmail

Function in Php that suffer performance

Do you know that file_exists, is_file, require_once and include_once function is expensive. This function will running lstat on your OS filesystem that is not good for your hdd even php has implement file system cache now. As example, when we deleting file with php unlink function we need to call clearstatcache() function to rebuild the filesystem cache back.

My Vim setting for coding standard

" Tabs to spaces
set expandtab 
set smarttab

" 4 Spaces in each case
set tabstop=4
set shiftwidth=4
set softtabstop=4

" Maximum 100 characters in line
set textwidth=99

" Set filetype
set filetype=php
You can follow the guide from php pear coding standard here

MongoPress Caching System

Mongodb is FAST and same goes to MongoPress. Why do you think this such fast application need caching system?
1 reason that I can think is, to reduce overload and expensive php function such as call_user_func_array that has been call so many times repeated in wordpress plugin system.
This is big no no performance issue by hitting our slow hdd again and again. What MongoPress need is not caching for pages but caching for plugin :D

Monitoring MongoDB Performance

As we know, MongoDB need ram to operate properly. When should we add more ram?

[[email protected] ~]$ mongo
MongoDB shell version: 2.0.1
connecting to: test
> use mongopress;
switched to db mongopress
> db.stats();
        "db" : "mongopress",
        "collections" : 4,
        "objects" : 13,
        "avgObjSize" : 56.92307692307692,
        "dataSize" : 740,
        "storageSize" : 24320,
        "numExtents" : 4,
        "indexes" : 5,
        "indexSize" : 40960,
        "fileSize" : 201326592,
        "nsSizeMB" : 16,
        "ok" : 1
The total of dataSize + indexSize should not exceed total ram. If it is, add more ram then.

Why I'm falling in love with MongoDB

  • Very easy to install
  • PHP driver supported
  • Easy to setup master-slave, master-master replication or partition database (sharding)
  • Good geo location query support
  • Overcome network & hard disk bottleneck
  • Good documentation
  • They give me t-shirt :)

Changing mysql master configuration on slave

This is not funny. My master database has slow down since few a week and today it dies. Setup new mysql server on other hardware/machine, now it's time to configured so the old slave can recognize it's new master. This is how to do it.
On master / new master:

grant replication slave on *.* to [email protected]'slaveipaddress' identified by 'slavepasswd';

On slave:

stop slave;
change master to master_host='masteripaddress', master_user='slaveuser', master_password='slavepasswd';
start slave;

Now check the slave it's running or not by issuing 'show slave status' in slave mysql console.

Getting hdd free space from php

$free_space = disk_free_space('/');
$total_space = disk_total_space('/');
echo "$free_space total of $total_space";

/proc/self/environ - how to check local/remote file inclusion attack

grep -hr '\.\.\/\.\.\/' /var/log/apache/* | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks.log
grep -hr '\/etc\/passwd' /var/log/apache/* | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks2.log
grep -hr 'SERVEQDOCUMENT_ROOT' /var/log/apache/* | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks3.log
grep -hr 'DOCUMENT_ROOT' /var/log/apache/* | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks4.log
grep -hr '\.txt??' /var/log/apache/* | grep -v '\/robots.txt' | sed 's/ - \[.*"GET / "/' | awk '{print $1" - "$2" - "$3}' > /tmp/rfi-attacks5.log

How to prevent this attack? set allow_url_fopen and allow_url_include to "Off" in php.ini

Get mongoDB working on OpenVZ without run out of memory problem

MongoDB is really fast but will use RAM like crazy, and performance will degrade if the whole dataset cannot be fit into memory. MongoDB uses files and memory doesn't allow for a method of limiting how much memory it might try to use. If it see fit it will try take all the memory that is available, less a bit for the rest of the OS, and under OpenVZ that will be the maximum amount allocated not your guaranteed amount.

My solution with Openvz 1GB RAM
1) check virtual memory limit

ulimit -a | egrep virtual\|open
open files (-n) 1024
virtual memory (kbytes, -v) unlimited
2) set the virtual limit
ulimit -n 65536 (increase open files to support high concurrent connections)
ulimit -v 700000 (set virtual memory limit to 700kb for mongodb and leave the rest for OS, webserver, php)

Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable

I'm trying to build mongodb driver using pecl install mongo in CentOS. Weird is, it's fails. I have autoconf and automake install from yum. Debugging by echoing $PHP_AUTOCONF and $PHP_AUTOHEADER return blank.
So solution to this problem is run this command:
locate where the autoconf binary is install with : whereis autoconf and whereis autoheader then
export PHP_AUTOCONF=/usr/bin/autoconf
export PHP_AUTOHEADER=/usr/bin/autoheader
Problem solved and I can rebuild the mongodb driver again

Web App technology - What I'm learn

1) Make it simple
I'm loosing visitor/user after redesign the website with new cool web 2.0 design. People don't like cool stuff

2) Less is more
Less code, less functionality, less server load, less headache

3) Trendy not always reliable

4) Planning to scale at early stage
Planning to scale if your news/story has been publish in techcrunch website.

5) Use the right technology for the right job.
Simply choosing node.js as web application language is cool, but user/visitor don't care about it.
Example: Running node.js as webserver is not a good idea when nginx can perform better on doing it's job.

July 29, 2011 (Last Friday Of July) 12th Annual System Administrator Appreciation Day

like always, we as a system administrator will spend one day to celebrate off. I wish to get big screen LCD tv with home theater system this year. Happy system administrator appreciation day!

Repair MySQL Replication

I have one replication in MySQL. It's working perfectly for ages. One day, my data centre has problem with power outage. It's took 5 hours for them to recover. Luckily it's not effect my master database only slave. When the slave has been up, I check the replication status doing 'show slave status;' and the following is the error:

*************************** 1. row ***************************
                Master_User: slave
                Master_Port: 3306
              Connect_Retry: 60
            Master_Log_File: mysql-bin.000614
        Read_Master_Log_Pos: 31956388
             Relay_Log_File: mysql-relay-bin.001812
              Relay_Log_Pos: 131607
      Relay_Master_Log_File: mysql-bin.000614
           Slave_IO_Running: No
          Slave_SQL_Running: No
                 Last_Errno: 0
                 Last_Error: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.
               Skip_Counter: 1
        Exec_Master_Log_Pos: 15807732
            Relay_Log_Space: 16337474
            Until_Condition: None
              Until_Log_Pos: 0
         Master_SSL_Allowed: No
      Seconds_Behind_Master: NULL
I then check the master and run the command 'show master status;' and give the following:

| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
| mysql-bin.000615 |  1529154 | my_data      | mysql            |
Look like the binlog file is not the same. To fix this, I run the command on slave to using the latest binlog.

stop slave;
start slave;
Problem solved. Check the mysql log to see if any problem.

Prevent Null Byte Injection

In php script
$file = str_replace(chr(0), '', $string);

In .htaccess or apache config
<LocationMatch "/images|/upload">
    # Ignore .htaccess files
    AllowOverride None
    # Serve scripts as plaintext
    AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
    # Don't run arbitrary PHP code.
    php_admin_flag engine off

Format XFS partition

/sbin/mkfs -t xfs -L /webapp -f /dev/sdb1
edit /etc/fstab to look like this:
/dev/sdb1 on /home2 type xfs (rw,noatime,nodiratime,usrquota,logbufs=8,logbsize=256k)
This setting include the tune for xfs partition speed

Repair XFS partition

mount | fgrep sdb
umount /webapp/
xfs_check /dev/sdb1
xfs_repair -v /dev/sdb1

Install LAMP on Debian Squeeze

apt-get install apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
I has php script that use .html extension but after upgrading to PHP5.3 it's not working anymore. Solution: vi /etc/apache2/mods-enabled/mime.conf
# near line 219: add extension for PHP
AddHandler php5-script .php .html .htm 

Panda Update - google latest algorithm

Early this year, google has announce some tweaking in their search algorithm. Normally when they announce something, there must be some big changes like what they did on mayday 2010. This update just to fight spam website that rank higher in search result. Currently, it only hitting traffic in US but I seen some major activity in my analytics graph. Did you hit by panda update?

Monitoring linux tcp for computer network security

As a system admin, we know how important to monitor connection from a user into our server. There are so many tools and network software that can do this job such as netstat and tcpdump in linux operating system itself. I'm a hardcore linux admin and I not like any GUI of webpage monitoring tools like nagios or any else. I'm just need a simple stat and that how tcptrack come in action. To install tcptrack on debian lenny, type apt-get install tcptrack and you are done.

July 30, 2010 (Last Friday Of July) 11th Annual System Administrator Appreciation Day - Happy Appreciation Day to all system administrator in this world. Like usual every year, we as system administrator will have one day to celebrate with. Last year, I celebrate with buying new SDRAM PC133 256MB for my old computer. This year, I'm planning to buy Canon Powershot S90 if the budget is allowed me to do so.

Improve Linux I/O performance

I'm testing a few improvement with linux for my high traffic website. One of them by changing the linux scheduler. By default, latest kernel will use cfq as the scheduler. You can check by type
cat /sys/block/sda/queue/scheduler
I change from cfq to deadline using this command.
echo deadline > /sys/block/sda/queue/scheduler
and seen some improvement. This changes is not permanent.

How to fixed ASUS P527 GPS catcher not updated

"GPS catcher is unable to use connections! The GPS data is not updated and you need to manually update again"
This is the error from my Asus P527 when I try to update the gps catcher data. I connect the phone with usb data cable but still cannot update the gps data. I then connect the phone with wifi and it still the same. I thought maybe my firewall rules block it but I'm pretty sure my firewall rules it allow me to do it. I'm suspect my usb data cable is the main problem but it can charge my phone battery and I can browse internet. I then suspect the gps catcher itself is the main problem. I then install Ceredit in my laptop and run it. From the phone registry I found the url for gps data download from. Look like the url provide the gps cacther data is down.( I then found new gps data url available for download. With CERedit, I change the registry from to Save the registry and reboot the handphone. I then update the phone gps catcher data again and suprisingly it's working. Hope with this tips will hope all Asus P527 owner!

Varnish vs Nginx as reverse proxy - which one stable?

I have test both of them on one of my high traffic website to reduce load and save some bandwidth. While using varnish, the server look like fast enough for a few days until the swapping daemon has appear in the top command. Looks like varnish is the memory eaten. I replace varnish with nginx, and the server are much stable and very fast now. It should be fast because has 16GB RAM and 8 processor hehehehe.... Squid? no hope for high performance reverse proxy. It will only suitable for normal LAN proxy.

Google Mayday 2010 Effect And Drop Website Traffic

Google has update new algorithm in their search engine. This major changes has effect me as a webmaster so much. I know I'm not alone. They are any webmaster in this world feel the same. From what they said, Google will use new index data and start recrawl all website for content. From my analytics and stats from google webmaster tool, since the middle of April and May, the googlebot has busy crawl and index all my website. They also not update the website cache in their search result pages for a few weeks. And this June, the traffic as been drop even with my big website. The drop of the traffic means drop of the income also. Simple as that. Will wait until July to see what happen with my traffic. I'm still doing white hat seo and still hope it can survive with Google Mayday and the traffic will recover soon. Are you experience the same?

SSH slow to prompt for password in Debian Lenny

Lately I'm experience slow ssh connection from my computer into my linux server. This linux box were sit in my local area network. So the congestion of the internet is not the issue. I don't have this issue with my Centos box. My computer also clean from any adware and virus. I think it might due to some binary changes on SSH daemon. Is the sshd has been backdoor? Check the md5 sshd binary return no problem. Maybe it might due to some distro upgrade a few days ago. I search from internet and found some simple fixed. Edit the /etc/ssh/sshd_config and insert "UseDNS no" in the config file. Restart the sshd daemon and the password prompt was fast again.

Vi strange behaviour and keyboard character on Debian

My favourite distro is Redhat/Centos and quite happy with it. I never have a problem when using vi with them. A few of my server are Debian and when using vi with them, it give strange behaviour and character. To solve this problem, I'm just need to install vim-nox. Just type apt-get install vim-nox will solve the problem. If your favourite editor is joe or nano, no need to install this.

Running PHP4 and PHP5 on the same server

We have one client that still using php4 code in their web application. We need to rewrite the code from scratch but before that we need to make sure the site is still up and running.
1) Migrate site from shared hosting to our dedicated server
2) Our server not support php4

Lucky for us because one of our server are still using Debian Etch. Php4 is not available for Debian Lenny. I just use apt-get to install php4 running as cgi and maintained php5 running as module with apache.
apt-get install php4-cgi php4-mysql. After that enable mod actions otherwise it will not functioning. Add
AddHandler php-script .php
Action php-script /cgi-bin/php4

in directory section of httpd.conf or the domain that will use php4. Restart the apache and the problem solve.

Is your website important to your business?

Many of business owner in Malaysia not realize the important of their website for business. They will simply hired fresh graduated student to design and code their website without seo, scalability and security in mind. The reason for hired this fresh graduate is simple. Their salary is much cheaper than experience employee.

Other reasons maybe just want to give this fresh graduate student a chance. I have many graduate students that have degree class 1 work under me before this. They don't know what the hell they code the website and must use web IDE like Dreamweaver to code. I'm not condemning anyone but this is the scenario in Malaysia fresh employee. How they get their degree is the question mark.

Demand to get high salary but cannot proved to get it. I have seen standard six students can code even better from them in php. What a shame. I have managed one website for travel agent that average visitor is 1-2 unique visitors per day. After three month, the average unique visitor has increase to 1000++ per day. This new employee has change a lot in the website look and feel. That's good but you guess what? The business owner not focus into their website and now the average unique visitor is only 5-6 per day and this visitor is only come from search engine cache.

To business owner, treat your website same like you treat your business. Focus your energy same like what you did to your business development manager.

High load in linux server

There are alot of thing that need to inspect when the load are high in your linux server. From my experience if you have a busy and dynamic php website, the most problem come from mysql. Sometime, when the server receive spike traffic from search engine the server load also can be high. Mysql will use high RAM otherwise php will use cpu. You must tune the mysql setting and improve the sql query. The design of the database also will make impact to speed up thing. Simple solution if you have budget is, seperate the mysql from your webserver. Yes, there are alot of thing need to tune and improve like tune your apache and tune linux tcp buffer but that is another story.

Also check if your crontab or background process doing a hard job like find and delete huge file/folder. Take note, Botnet or spam bot also can make your server high. Top and vmstat command in linux is your friend, trust me.

M.E.B - Model Ekonomi Baru

Yesterday, our Prime Minister has announce new economy model plan on 30/03/2010. I know nothing about politics but from what he said, government try to increase citizen income. Reality in big city like Kuala Lumpur if your monthly income less than RM3000 per month, you are consider as poor citizen. Lately, government has give full attention in Information Technology field. As an IT people, this is a good news and I will see this as new opportunity. More jobs and business can be hunt. From system admin view, there will be more data centre and high speed internet connection. This is a good news for me as I work and business in IT. Thanks because give attention to us as young citizen. This news will make me more focus about my dream. Lancer X 2.0 Turbo. hehehe...

Firewall reviews

There are so many open source firewall as listed in For me i only use smoothwall and shorewall.

1.Smoothwall - easy to configure and has GUI interface. Have a lot of module that can be downloaded from their website. Suitable for beginner and newbie.

2.Shorewall - my favourite firewall, Simple and lightweight. This is what firewall should do.

How to install ffmpeg and create youtube clone website

As I mention before, I just complete my youtube clone project with ffmpeg and phpmotion. Before using phpmotion, I have to completely write the php engine from scratch. I'm using media player from JW FLV Media Player and integrate it with php. For me it's more just to try and error development. Thanks to JW because create this tool. After some googling, found a new software name phpmotion. Enough for the intro and let's go to the technical part. You need ffmpeg support on your server to convert any video to .flv. For the first time, i need to compile everything from source. But then has another way to install them. Just install rpmforge repo for your yum and type yum install ffmpeg ffmpeg-devel -y on your Centos server and everything is install automatically. I just include the tutorial here in case you need it.

Internet Explorer cannot login to php website

I have a website where users use php login script at and (last company I work)
After php engine coded, IE won't retain the cookie and session after user login (i.e. it send users to page not found or error)!
Weird is, it's working with mozilla firefox. So it seem not my php coding problem.

Workarounds / Solutions:

1. Have your IE users set Tools >> Internet Options >> Privacy >> Advanced >> Check .Override Automatic Cookie Handling. and .Always allow session cookies.

This is not so good because it is inconvenient most times to have all of your users make this change.

2. Use a P3P header. IE will allow the cookies as long as your site appears to have a privacy policy (using the W3C standard). Send this header just after session_start(); in PHP:

session_start(); // start the session
For more on P3P see:

Speed up your P1 Wimax - faster browsing with google public dns nameserver

Lately OpenDNS has been slow when i'm using it for my PI Wimax at home. I regularly use OpenDNS as my nameserver on all of my server. OpenDNS provide many tool such as content filtering. As i use this nameserver at home, there's no need any filtering system. It just slow down my browsing.

There's come another dns provider aka google public nameserver into business and rescue my day. I just run a test and benchmark to see which nameserver are suitable for me at home. I then ran this benchmark software namebench

Nameserver benchmark

Nameserver benchmark result

This software advise me to use google public nameserver as primary nameserver and after make the changes i am very happy. You should try it. This not mean that OpenDNS is crap because i use their service for a long time and happy with it. But, user experience are different from which country they are when using OpenDNS. Some will feel fast and some will feel the other way.

Dns server address for this test/benchmark
1. OpenDNS ( 2. Google dns ( 3. P1 dns (

Home business accept credit cards

This tips is for home and small business to accept credit card payment. By accepting credit card, you can expand your business.

3rd party merchant account

This is the easier way to accept payment online but you need credit card or debit card to cash it out

a) Worldpay
b) 2Checkout

a) Netbuilder - I use their service before and satisfied with their service. Google it to find more
b) Mobile88

How to make your PHP web pages load faster without mod_deflate

Sometime your hosting provider don't have this module install on their server. You can still make the php page load faster with compressing them.

Old method


New method
//include this on every page
function print_gzipped_page() {
    if( headers_sent() )
        $encoding = false;
    else if( strpos($HTTP_ACCEPT_ENCODING, 'x-gzip') !== false )
        $encoding = 'x-gzip';
    else if( strpos($HTTP_ACCEPT_ENCODING,'gzip') !== false )
        $encoding = 'gzip';
        $encoding = false;
    if( $encoding )
        $contents = ob_get_clean();
        $_temp1 = strlen($contents);
        if ($_temp1 < 2048)    // no need to waste resources in compressing very little data
            header('Content-Encoding: '.$encoding);
            $contents = gzcompress($contents, 9);
            $contents = substr($contents, 0, $_temp1);

//insert this at beginning of every page

//call the function at the end of the php page

Watch RTM TV1/TV2 online streaming faster and less buffer for P1 W1MAX user

Actually this tips is not for P1 user only, as long as you have internet connection. I don't have TV when i'm travelling. It's so boring. I then browse RTM website to watch their streaming content. A lot of improvement in graphic but a lack of buffer. How can I watch the movie when it play for 5 second and stop. And then play it again. I then view their source code to play the streaming content directly from my windows media player 11. I can now watch streaming content in full screen size!. You can grab it here. RTM TV1 and RTM TV2
RTM Streaming

But the problem not solve yet. There are still a buffer when downloading the streaming. To solve the problem with network congested and jittering, I then increase the buffer value from default 5 second to 50 second in WM player 11. You can safely start from 30. (maximum 60 second)
To increase the buffer value, click Tools -> Options -> Performance.
RTM Streaming Buffer

Fengshui 2010

It's all about blue colour. To be continue...

My windows vista desktop crash and how to fixed it - Data recovery

This morning, my windows vista has crash. It's take very long time to load the desktop. After everything was loading, it also take very long time to load the software even my putty will hang. My solution is, right click on C drive to display the properties popup. Click Tools -> Error-checking -> Check Now. In the Check Disk option, select automatically fix file system errors and scan for attempt recovery of bad sectors. Now windows will give instruction to restart and scan your disk after that. Sorry I forgot to take the screen shot. Another solutions is, type "sfc /scannow" in msdos prompt as administrator.

How you can solve debt problem in Malaysia with AKPK - Debt Consultant - Bad credit and purchase structured settlement

Bankruptcy and insolvency information
One of my friend has a debt problem with credit card and car loan. When economy going down on late 2008, he lost his job. He cannot pay for monthly car loan and his credit card debt going crazy. After asking a few of people, they advise him to go to AKPK. AKPK is an agency set up by Bank Negara Malaysia in april 2006 to provide financial counselling and debt management to individuals.

My Favourite Web 2.0 Colour Scheme

Blue. Yes, I like blue colour very much. This is my web 2.0 combination colour scheme that I like. Just want to share.

Budget 2010 Set To Boost Internet Broadband

How Malaysia internet bandwidth upgrade can help Small and Medium Business.

Our Prime Minister has announce this upgrade in 2010 budget.

- Tax relief for broadband subscription of up to RM500 from 2010 to 2012.
- Netbook with free broadband package for local universities student for 2 years period with payment as low as RM50 per month starting Jan 2010.
- RM5,000 computer loan for civil servant once in 3 years.

I hope the broadband provider (streamyx) are still allowed us to host our own webserver like now and before. But we are not allowed to do so with P1 Wimax due to the NAT with port 80 they use.

This will reduce cost for webhosting and business owner are not rely with hosting provider.


1.) SME company host/save their sensitive data with their own computer/server in their own premis.
2.) SME company website are not share with other website like what shared hosting provider do.
3.) SME company also does not worried about the space because they are the only one that can install application/software.
4.) SME company has full access to reboot/shutdown the server if maintenance needed.
5.) SME company can served fast website

One of the chief downside to host your own server and webhosting is lack of experience technical people. That's why i'm exist. :)

TMNET Streamyx Modem Sucks - Riger DB108WL

streamyx modem sucks My client has apply for new streamyx account and get this combo box. I was there when the reseller/technician install the modem. I knew already this cheap bloody modem will give problem in next few days. And yes it is. Play with their parental control setting and block 1 website like youtube but all pc on the network cannot connect to internet. Damn. And I let it on for a few days and it will disconnect a few time. The httpd server they use in the modem is not stable. When we try to connect to the router it give error message 400. Really hate this cheap modem/router from riger. I prefer billions modem/router last time. The wireless setting also not stable and cannot be set to use wpa2 said by the technician. Only wep setting are allowed. Crap. Thanks TM for this bloody product you sold and provide. What i've done on my internal linux box:-
- set dhcp server (as secondary if the modem hang)
- set internal dns nameserver
- set internal squid/dansguardian (because the modem parental control not working)
- set telnet script to reboot the modem via crontab automatically
- Consider to buying other modem/router
Problem solve by upgrading the Riger DB108WL firmware: here. Not fully tested but the modem much more stable than before. Still don't have time to play with the parental control because I already have squid/dansguardian combination + OpenDNS.

SEO Services - What do you get?

* competitor analysis
* keyword research
* content review
* code optimization
* architecture optimization
* link building etc etc etc

Small Business/Start up - What can I do for you?

For small business and new startup company, you will save money for your online requirements. You also will save money for online marketing with reasonable price. Forget about operating system licensing cost with opensource technology.

Speed up web browsing with transparent proxy

We always had a critical time on internet like example logon to online banking and online ticketing (MAS & Air Asia). Sometime the website is load too slow. I has a friend who manage travel agency company. So what i do for them is simple. Install squid cache transparent in their LAN network by setting squid box as a Gateway on the router.

This setting has an disadvantage. It is beneficial only for small LAN and WAN users. To support large user, we need to setup squid separate from the router. But who care as long as they are happy now.

Proxy servers offer caching as a means of increasing the speed with which Web pages are returned, as well as reducing overall bandwidth usage.Proxies can also log the traffic they process, providing another means of at least being aware of the sites being accessed, if not controlling them. This is particularly useful in a corporate environment, where there may be legal reasons for wanting this type of logging and we call it content filter solutions.

Celcom 3g broadband congest and intermittent

Lately celcom broadband network always intermittent. My 3g network coverage also has been replace by edge. No more 3g! Browser always send error message from proxy with:

Service is not available at the moment. Please try again later. Sorry for the inconvenience caused.

This intermittent always happen around 8-11pm but not in the daytime. Last week on 22 Mar 2009, their network was down for full day. Don't know what happen. No need to call their customer service because no reason to talk with somebody that don't know anything except script. I'm tired. After 2 days later, they send sms about their service problem and promise to cover and replace the cost that has been charged but until now still no news. Seem that the intermittent maybe from their proxy server and router or they are out of bandwidth.

Test from nslookup seem no problem because i can resolve Of course i have internet connection but still cannot browse internet. After too many of unkind word come from my mouth, i decide to test other solution. I have several server in datacenter so i install one of them with squid and set auth password. Then i test it at home with my celcom broadband connection but now with manual proxy setup.

Guest what?
I can surf again and now with more advantage and even faster than before. For sure i going out to the internet with the ip address of my datacentre and can download file from rapidshare happily.

I'm just curious why celcom broadband use dns server?

Did you call yourself IT expert?

There are many people among us call themself an IT expert. That's not a problem, but are they really expert? I'm not the expert because i will learn something new everyday.

I has been in AIMS datacentre last hold week to reformat all the database and web application server for one online payment gateway company. They call that they are expert but more than one of their server has been hacked. This is the problem when you create web application without security in mind.

They are using zywall router as firewall and seem that the policy are not configure correctly. People in IT will do the same mistake all over again when there are think they are so damn good or better than others.

Not all people concern about web application security. Their oracle database has been hacked by ssh bruteforce password. The intruder run many process to exploit other server with screen command. This IT expert even don't know what happen with their server, other than complaining their server going to slow until i show to them where and what program has been install and downloaded to their server. I has been working in many big and risk project before, but i not go to the datacentre everyday just to upload or correct error in one file. Sometimes i cannot remember which floor and location of the server rack located until i ask the customer service.

I suggest to change their router to using linux but they disagree and told me that they only rely on hardware base. Then suddenly i talking to myself, what the fuck! How many cheap hardware router out there are using linux as their os and install them in the hardware flash card? So then what is the different both of them? Please tell me that you will use juniper in the future!

Running PDFCreator on XP over a network

As a system administrator, rather than make sure your server is secure you also need to support end user for technical issues. Today, pdf document is a must. You need to convert report, word document event pay slip to digital format. Everybody need PDF!!!

As you already know, windows software license like ADOBE is expensive. That's why I use PDFCREATOR from opensource to create PDF file. Last time I use it in my visual basic software to generate report directly from mysql database to PDF format. It comes with API, so then I can call it from my vb application. Now days, they have upgrade the feature of the software. Believe it or not, everybody on your network can create pdf file that install on your network printer. Remember to select server and not standalone function when you install. Cheers!

My cheap firewall prototype product

One day, a sales person from one of the biggest IT Company has met me. They show the catalog and explained about their product. All are about security, firewall, policy, vpn, etc. It cost me thousand of ringgit. Why I need to pay while I can get it all for free from FOSS? I have been found so many firewalls from internet. So I decide to make my own prototype firewall for my streamyx at home.

I search from internet for embedded industrial hardware and found at Puchong has this hardware. It was small similar to our broadband modem and don't has any hard disk. It only uses memory compact flash card and has 2 network ports with sdram. It seems reasonable for me right now for this project.

Search on the internet about embedded linux install because I will not teach you here. Using centos 5 to install the OS at the compact flash card and shorewall as the firewall, webmin as the control panel, openvpn for vpn, and squid as caching proxy with dansguardian as content filter. After everything is installed in the compact flash card, and it's time to test. Connect it to network, turn in on, login to webmin from my windows xp, and configure ADSL and my windows xp was connected to internet. With this cheap hardware, I can get all the solutions in one for free except the hardware. I name it FNDNET as the brand name. May be I will commercial it soon, another firewall product in the market. Hehehe...

Securing Ragnarok online game server faster

Last few years ragnarok fever is something havoc for gamers fan in Malaysia. All my friends play it every night in cyber cafe at my hometown Ampang. But I'm not attracted to play it. After a month play with it, explore the cheat code and rules of the game then suddenly they all setup a clan. They has setup one dedicated ragnarok server, especially for this clan and their nearest friends. If I'm not mistaken they are using sakray version for the game server and fedora core 4 as the operating system.

Month after month the server are going so slow, sometimes cannot login with timeout message. Then they ask for my help. Actually one of them has linux knowledge, and he is the one who install the server. After login into their server, then I do ps -Aef to see the process background. You know what? No wonder the server always timeout and going to slow because a lot of suspicious process are running in the background. One of them is psyBNC, the famous IRC bouncer.

Look again in the netstat, there are too many socket has been open. Then I run iptables -n -L, it return blank. That's mean, there was no firewall has been configured. I ask them to reinstall the fresh operating system and the game server again because it's the safest thing to do right now. We don't even know if the server has been installing with rootkit or any backdoor program.

I use centos version 4 that time and configure the firewall, shutdown any unwanted services and patching the server with yum, change the previous root password to more complicated combinations. I seldom update and patching the game server software from bug and buffer overflow. Since that time, they are no complaining from them and they are playing the game happily. Two years after that, the server has been completely shutdown because they are not playing the games anymore. I also lost one of my servers because they give me the full root access as return back from work I have done for them.

Conclusion here is, to setup the server is very easy now days. But the commitment to secure it is the question mark without any security knowledge in mind. That was happen too many people out there. If you still need to setup games server, please get some security knowledge first or if you has some budget you can hired me as your security consultant and server admin. Hehehe...

Is your firewall rules and policy good enough?

Just let go trough the topic because security is very important. Normally firewall was setup and configures to protect internal LAN and DMZ zone from outside. All connection from outside are suspect and all internal LAN and DMZ are trusted. Your firewall rules may be configured like this:

1. Allow all internal hosts to reach the internet via any port/protocol.
2. Allow all internet hosts to reach the DMZ via port 80 (HTTP), 25 (SMTP), 110 (POP3), 53 (DNS).
3. Allow all DMZ web, dns and mail server to reach internal hosts on any port/protocol.
4. Allow all DMZ hosts to reach the internet via any port/protocol.

Is it correct? At this part, it's look reasonable enough. You may have DMZ dns server to resolve your company domain, so you need to give it access to outbound internet to do and receive the DNS queries. Your mail server also needs an outbound internet access to send your email to the entire world.
Think about this scenario and risk.

1. Your web server has been hack and compromise by software exploited via SQL injection or weak php system and then the hacker starts to attack other system on the internet using your web server.
2. Virus was infected the internal LAN system via RPC vulnerability and start to scanning other victim. This may lead to network congested. Trust me, I've face this problem before.
3. Virus was infected internal system and creates connect-back backdoor system. Once the attacker can sit inside your network, it's too late to stop them.

So you know what to do now.
Basically, it's not only your internal firewall rules and policy to worry about but what might happen if your preventative measure fails.

How strong and secure your password is?

When I do penetration testing in my client web system and database, I always found a password like "123456", "abc123", "qwerty", "iloveu", and their first name as password. And some password that they use sometimes is the same for their online banking like maybank2u, rhbbank, myspace etc. I do understand that as a normal human, it is hard to remember a good combination password for each separate online application.

We are hoping that one day, there is a solutions for this problem. As a developer and a programmer I need to think about the life cycle of my application and secure it. There's come to rescue. What is OpenID? From their website:
"OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience. You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all, the OpenID technology is not proprietary and is completely free."

Not all online application is using their technology yet but hopefully our online banking like maybank2u will use this technology. I'm still in progress to integrate one of my online php applications to use their technology. This is a new feature for my web application and to secure it a bit more and offer an easier password management for my user.

My new gadget - Asus P527

Asus P527 Thanks to Azahan because promote this thing to me. For me, this is not to show off but i just need the GPS. Using gps software from mapking 2007 as the GPS front end, it's quite satisfied for me. Tested already the GPS when "balik kampung" at HARI RAYA last time. Now, i can go anywhere in Semenanjung Malaysia because not tested already in Sabah and Sarawak. Hope can test it soon when i'm going for my holiday. Just updated the os from windows ce 6.0 to 6.1 last few days. Now the default colour is solid green not blue like in the picture. The new os look like more stable than last release.

How to connect to internet from your computer with ASUS P527 handphone as modem

This last few years i'm using Sony Ericsson k300i to connect to internet using windows xp and linux. My job sometimes need me to connected to internet wherever i go. The solutions is using my phone as modem. The connection speed sometime very fuckup but we must accept. It's just wireless not wired. In Malaysia we don't have so much choice yet. TMNET Streamyx seem like the best and much more better although there are expensive. Lucky for me because i'm not surfing with this slow gprs connection but only to ssh to all my server. The setup are very simple with windows xp. Assume your phone already has GPRS or 3G setting enable.

Setup with windows xp
1.Install driver for k300i data cable
2.Connect usb data cable to your phone and pc
3.Set dialer using New Connection Wizard
4.Put *99# or *99***1# as phone number to dial and click connect

Setup with centos 5
1.Connect usb data cable to your phone and pc
2.Centos already recognize the data cable as pl2303. Check it with dmesg so no need to install the driver
3.I'm using wvdial so what i do just setup the config file
4.Run wvdialconf /etc/wvdial.conf then the software will scan your modem. In my case the linux found it in /dev/ttyUSB0. The example of the configuration file as below:

[Dialer Defaults]
Modem = /dev/ttyUSB0
Baud = 460800
Init1 = AT+CGDCONT=1,"IP","celcom3g","",0,0
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ISDN = 0
Modem Type = Analog Modem
Phone = *99#
Username = ""
Password = ""
Stupid mode = 1

But my life now is much more easier with Asus P527. Not test with linux yet because i'm in bad mood this past few week. Will update soon. With this 3G connection speed, i can log into youtube. My area is celcom territory, and maybe my house is near to their exchange box.

1. Connect ASUS P527 usb cable to your computer
2. Click Asus luncher menu (of coz at your phone)
3. Click settings -> Connection Settings -> Internet Sharing
4. Select USB on PC Connection menu
5. Select your network connection. In my case i'm using Celcom 3G.
6. Click connect and connected. Happy browsing!

I think all this setup are compatible with all telco whether CELCOM, DIGI or MAXIS. Please consult with your ISP.( (DIGI and MAXIS need username and password to login)

Smoothwall cannot dial to streamyx internet

I have one firewall using smoothwall 3. Sometime it cannot dial to tmnet streamyx. Work around solution is just remove or rename /var/spool/pppd2.tdb then reconnect it back.

Centralized backup

I have one client request for backup solution. It depend on what you need to backup. Is it a database or just a file. Normally what i do is just using rsync to mirror the backup. Recommended technique is not to put the backup in the same premise. But today, they are so many backup solutions on the net. Backuppc and rdiff-backup is the interesting software from FOSS. Install backuppc with rpm or manual installation. To backup windoz pc just use smb and rsync to backup unix/linux/macos. Backup pc give error: Backup failed (No files dumped for share). Solutions: set $Conf{BackupZeroFilesIsFatal} = 0 in

Correct Swap Partition

I have one box with 4GB of RAM. The problem is, am i need a large swap partition? The answer is follow this formula that i'm taken from documentation. Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then an additional 1x physical RAM for any amount above 2 GB, but never less than 32 MB. So, if:

M = Amount of RAM in GB, and S = Amount of swap in GB, then

If M < 2
S = M *2
S = M + 2

How to sell yourself in IT industry

Being work in this industry, i just get a good experience. What i learn is, it just as simple as 1,2,3 to sell yourself or even your product in IT industry. What you need is just hear and listen carefully to the problem and come out with the solutions as soon as possible. That's it. I just know someone that have no any knowledge in IT or technology but still can make money with manipulate others people brain. hehehe, what a shame. But generally speaking in Malaysia, Technical-Know-Who is better than Technical-Know-How.

Linux Preventive Maintenance

Every month i will check all my baby for preventive maintenance. It include check the system log, attack and hacking activity, check all yum update and install software. Below is the procedure that i normally use.

telinit 1 # single user mode, closes all programs + network
mount -o remount,ro / # remount read only
fsck -f /dev/hd.. # run the checker
or: e2fsck -f /dev/hd..
mount -o remount,rw / # read-write again.
runlevel # see the current/previous runlevel
telinit 3 # use the previous runlevel in this command