IonCube produces leading tools for PHP source code protection to secure your PHP software from prying eyes and to combat software piracy. Featuring an advanced compiled-code encoding engine that translates source to highly efficient bytecodes, ionCube encoding tools deliver the ideal combination of maximum source code protection without sacrificing performance, reliability or language compatibility.
In order to view encoded ionCube files on your server you need the ionCube loader. This is a free plugin for Apache web server that only takes a few minutes to install and is well worth it.
http://www.ioncube.com/
Requirements:
- Root Shell access to your server
- phpinfo page: create a new document and call it phpinfo.php. Inside place phpinfo();
Place this document in your www directory so you can view it and see all your PHP settings.
Installing ionCube Loader:
1. Download the program and store it on your server using wget or FTP.
http://www.ioncube.com/loader_download.php
2. Unpack the program
tar -zxvf ioncube_loaders.tar.gz
3. cd ioncube
4. copy ioncube-install-assistant.php to a web directory such as your hosting directory and open it in your browser window.
cp ioncube-install-assistant.php /home/userdirectoryhere/www
Then open it http://www.yourdomain.com/ioncube-install-assistant.php
The output should be something similar to:
Analysis of your system configuration shows:
PHP Version 4.3.3
Operating System Linux
Threaded PHP No
php.ini file /usr/local/lib/php.ini
Required Loader ioncube_loader_lin_4.3.so
5. Now lets move the iconcube directory to a permanent location:
cd ..
mv ioncube /usr/local
6. Now that you know the location of php.ini you need to edit it.
pico /usr/local/lib/php.ini
Now find where other zend extentions are in the file.
ctrl + w: zend_extension
Paste in your new line for ioncube loader
zend_extension = /usr/local/ioncube/ioncube_loader_lin_4.3.so
7. Save the changes
ctrl + X then Y and enter
8. Restart the web server to take effect.
/etc/init.d/httpd restart
Success! You should now see a section in your PHP Info page that says:
Additional Modules
Module Name ionCube Loader
Download three files and save them in /usr/local/src directory. The files are as follows:
httpd-2.0.47.tar.gz http://httpd.apache.org/download.cgi
php-4.3.3.tar.gz http://www.php.net/downloads.php
mysql-4.0.16.tar.gz http://www.mysql.com/get/Downloads/MySQ … ck#mirrors
The next step involves Apache installation according to the instructions listed below:
1. create a group named websrv
[root@server.net]#groupadd websrv
2. add a user with minimum privileges
[root@server.net]#adduser websrv -g websrv -s /sbin/nologin -d /usr/local/apache
3. unpack a source archive
[root@server.net]#tar -zxvf httpd-2.0.47.tar.gz
4. enter the unpacked directory
[root@server.net]#cd httpd-2.0.47
5. configure the Apache server with DSO support
[root@server.net]#./configure –prefix=/usr/local/apache –enable-mods-shared=all –enable-so
6. compile the sources
[root@server.net]#make
7. install the compiled binaries and other files
[root@server.net]#make install
8. add the line “/usr/local/apache/modules” into /etc/ld.so.conf
[root@server.net]#echo “/usr/local/apache/modules” >> /etc/ld.so.conf
9. create cache & links for shared libs
[root@server.net]#ldconfig
The following operations requires your intent attention:
10. open /usr/local/apache/conf/httpd.conf using your favorite editor, find AddType directive and add after it the following lines:
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
Note: after the .php extension you can add as much other extensions as you wish in accordance with the syntax: AddType MIME-type extension [extension] [extension]…
11. find DirectoryIndex Directive and set the list of files to look for. The server will return the first available one. In the further example, index.php will be shown if it exists, otherwise the server will look for index.html:
DirectoryIndex index.php index.html
12. find User Directive and Group Directive. Change whatever you have there to:
User websrv
Group websrv
13. double check your changes, save the file and move forward.
14. change Apache ownership to websrv.websrv
[root@server.net]#chown -R websrv.websrv /usr/local/apache
MySQL installation:
1. create a group named mysql
[root@server.net]#groupadd mysql
2. add a user with minimum privileges
[root@server.net]#adduser mysql -g mysql -s /sbin/nologin -d /usr/local/mysql
3 unpack a source archive
[root@server.net]#tar -zxvf mysql-4.0.16.tar.gz
4. enter the unpacked directory
[root@server.net]#cd mysql-4.0.16
5. configure the MySQL server with all charsets
[root@server.net]#./configure –prefix=/usr/local/mysql –with-charset=latin1 –with-extra-charsets=all
6. compile the sources
[root@server.net]#make
7. install the compiled binaries and other files
[root@server.net]#make install
8. add the line “/usr/local/mysql/lib/mysql” into /etc/ld.so.conf
[root@server.net]#echo “/usr/local/mysql/lib/mysql” >> /etc/ld.so.conf
9. create cache & links for shared libs
[root@server.net]#ldconfig
10. create and install default MySQL databases
[root@server.net]#/usr/local/mysql/bin/mysql_install_db
11. make a symbolic link for mysql binary
[root@server.net]#ln -s /usr/local/mysql/bin/mysql /usr/bin/mysql
12. make a symbolic link for mysqladmin binary
[root@server.net]#ln -s /usr/local/mysql/bin/mysqladmin /usr/bin/mysqladmin
13. change MySQL ownership to mysql.mysql
[root@server.net]#chown -R mysql.mysql /usr/local/mysql
PHP installation:
1. unpack a source archive
[root@server.net]#tar -zxvf php-4.3.3.tar.gz
2. enter the unpacked directory
[root@server.net]#cd php-4.3.3
3. configure PHP as Apache module with MySQL support
[root@server.net]#./configure –with-apxs2=/usr/local/apache/bin/apxs –with-mysql=/usr/local/mysql
4. compile the sources
[root@server.net]#make
5. install the compiled Apache module
[root@server.net]#make install
6. copy php.ini-dist to /usr/local/lib/php.ini
[root@server.net]#cp ./php.ini-dist /usr/local/lib/php.ini
7. Give Apache ownership to websrv.websrv
[root@server.net]#chown -R websrv.websrv /usr/local/apache
** On some systems, there is no ld.so.conf file, or it is not in use. You can use LD_LIBRARY_PATH environment variable to specify additional directories where shared libs can be found.
If you use tcsh compatible shell you should add the line below to the .tcshrc file in your home dir:
setenv LD_LIBRARY_PATH $LD_LIBRARY_PATH:/usr/local/mysql/lib/mysql:/usr/local/apache/modules
For bash compatible shell you should add the following lines to the .bash_profile file in your home dir:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/mysql/lib/mysql:/usr/local/apache/modules
export LD_LIBRARY_PATH
Then, check what you have in the library loading path:
echo $LD_LIBRARY_PATH
There is only one open question left: how to startup MySQL and Apache servers?
It’s very simple:
[root@server.net]#/usr/local/apache/bin/apachectl start
[root@server.net]#/usr/local/mysql/share/mysql/mysql.server start
(For bringing these servers down, you can use the commands mentioned above replacing start with stop)
To test your installation, create in /usr/local/apache/htdocs directory the php file:
index.php
< ?
phpinfo();
? >
Load it in your browser: http://localhost/index.php
Thanks
Admin
All web servers been connected to the Internet subjected to DoS (Denial of Service) or DDoS (Distrubuted Denial of Service) attacks in some kind or another, where hackers or attackers launch large amount connections consistently and persistently to the server, and in advanced stage, distributed from multiple IP addresses or sources, in the hope to bring down the server or use up all network bandwidth and system resources to deny web pages serving or website not responding to legitimate visitors.
You can detect the ddos using the following command
netstat -anp|grep tcp|awk ‘{print $5}’| cut -d : -f1|sort|uniq -c|sort -n
It will shows the number of connections from all IPs to the server.
There are plenty of ways to prevent, stop, fight and kill off DDoS attack, such as using firewall. A low cost, and probably free method is by using software based firewall or filtering service. (D)DoS-Deflate is a free open source Unix/Linux script by MediaLayer that automatically mitigate (D)DoS attacks. It claims to be the best, free, open source solution to protect servers against some of the most excruciating DDoS attacks.
(D)DoS-Deflate script basically monitors and tracks the IP addresses are sending and establishing large amount of TCP network connections such as mass emailing, DoS pings, HTTP requests) by using netstat command, which is the symptom of a denial of service attack. When it detects number of connections from a single node that exceeds certain preset limit, the script will automatically uses APF or IPTABLES to ban and block the IPs. Depending on the configuration, the banned IP addresses would be unbanned using APF or IPTABLES (only works on APF v 0.96 or better).
Installation and setup of (D)DOS-Deflate on the server is extremely easy. Simply login as root by open SSH secure shell access to the server, and run the the following commands one by one:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
To uninstall the (D)DOS-Deflate, run the following commands one by one instead:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
The configuration file for (D)DOS-Deflate is ddos.conf, and by default it will have the following values:
Code:
FREQ=1
NO_OF_CONNECTIONS=50
APF_BAN=1
KILL=1
EMAIL_TO=”root”
BAN_PERIOD=600
Users can change any of these settings to suit the different need or usage pattern of different servers. It’s also possible to whitelist and permanently unblock (never ban) IP addresses by listing them in /usr/local/ddos/ignore.ip.list file. If you plan to execute and run the script interactively, users can set KILL=0 so that any bad IPs detected are not banned.
SNMP Installation on Linux Box
————————————
SNMP stands for Simple Network Management Protocol. Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment (eg. routers), computer equipment and even devices like UPSs. Net-SNMP is a suite of applications used to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6. Let us learn some simple steps on how to install SNMP on Linux servers. The steps are as follows.
1. Make sure that you have the following packages on your server.
a) net-snmp
b) net-snmp-utils
c) net-snmp-libs
you can Install these via yum very easily
yum install net-snmp*
2. cd /etc/snmp/
3. mv snmpd.conf snmpd.conf.old
4. vi snmpd.conf (new file)
5. put “rocommunity ” on the first line and save the file (“rocommunity” create read-only communities that can be used to access the agent).
6. chkconfig snmpd on
7. service snmpd start
You can check it using snmpwalk -v 1 -c localhost system
— You are done !! —
MRTG (Multi Router Traffic Grapher) Installation Guide
Prerequisites:
GCC, Perl, gd(basic graph drawing library), libpng(ls required by gd in order to produce PNG graphics files), zlib (Is needed by libpng to compress the graphics files you create.)
MRTG Compilation
Download the Source file to /usr/local/src. I’m using mrtg-2.16.2
cd /usr/local/src
gunzip -c mrtg-2.16.2.tar.gz | tar xvf -
cd mrtg-2.16.2
If all the libraries have been preinstalled on your system you can configure mrtg by doing a simple:
./configure –prefix=/usr/local/mrtg-2
Otherwise you may have to give some hints on where to find the various libraries required to compile mrtg:
./configure –prefix=/usr/local/mrtg-2 \
–with-gd=/usr/local/src/gd \
–with-z=/usr/local/src/zlib \
–with-png=/usr/local/src/libpng
If you have RRDtool available you might want to tell mrtg about it so that you can opt to use rrdtool with mrtg. Check mrtg-rrd.
Configure will make sure your environment is fit for building mrtg. If it finds a problem, it will tell you so and it will also tell you what to do about it. If everything is OK, you will end up with a custom Makefile for your system. Now type:
make
This builds the rateup binary and edits all the perl pathnames in the scripts. You can now install mrtg by typing
make install (requires gnu install)
All the software required by MRTG is now installed under the /usr/local/mrtg-2 subdirectory.
CONFIGURATION
The next step is to configure mrtg for monitoring a network device. This is done by creating an mrtg.cfg file which defines what you want to monitor. Luckily, you don’t have to dive straight in and start writing your own configuration file all by yourself. Together with mrtg you also got a copy of cfgmaker. This is a script you can point at a router of your choice; it will create a mrtg configuration file for you. You can find the script in the bin subdirectory.
cfgmaker –global ‘WorkDir: /home/httpd/mrtg’ \
–global ‘Options[_]: bits,growright’ \
–output /home/mrtg/cfg/mrtg.cfg \
community@router.abc.xyz
This example above will create an mrtg config file in /home/mrtg/cfg assuming this is a directory visible on your webserver. You can read all about cfgmaker in cfgmaker. One area you might want to look at is the possibility of using –ifref=ip to prevent interface renumbering troubles from catching you.
If you want to start rolling your own mrtg configuration files, make sure you read mrtg-reference to learn all about the possible configuration options.
RUNNING MRTG
Once you have created a configuration file, try the following:
/usr/local/mrtg-2/bin/mrtg /home/mrtg/cfg/mrtg.cfg
This will query your router and also create your first mrtg trafic graphs and webpages. When you run mrtg for the first time there will be a lot of complaints about missing log files. Don’t worry, this is normal for the first 2 times you start mrtg. If it keeps complaining after this time you might want to look into the problem.
Starting mrtg by hand is not ideal in the long run. So when you are satisfied with the results you can automate the process of running mrtg in regular intervals (this means every 5 minutes by default).
You can either add mrtg to your crontab with a line like this:
0,5,10,15,20,25,30,35,40,45,50,55 * * * * \
/mrtg
/mrtg.cfg \
–logging /var/log/mrtg.log
or if you live in Linux Land the line may look like this if you are using crontab -e
*/5 * * * * /mrtg
/mrtg.cfg \
–logging /var/log/mrtg.log
or like this if you use /etc/crontab
*/5 * * * * mrtg-user /mrtg
/mrtg.cfg \
–logging /var/log/mrtg.log
You can also run mrtg as a daemon process by adding the line
RunAsDaemon: Yes
to your mrtg configuration file and then creating a startup script in your system startup sequence. Unfortunately, adding startup scripts differs widely amongst different unix systems. The modern ones normally have a directory called /etc/init.d or /etc/rc.d/init.d where you put scripts which starts the process you want to run when the system boots. Further you must create a symbolic link in /etc/rc3.d or /etc/rc.d/rc?.d called S65mrtg (this is just a sample name … it is just important that it starts with S followed by a two digit number). If you are not sure about this, make sure you consult the documentation of your system to make sure you get this right.
A minimal script to put into init.d might look like this:
#! /bin/sh
cd /usr/local/mrtg-2.16.2/bin && ./mrtg –user=mrtg-user \
/home/httpd/mrtg/mrtg.cfg –logging /var/log/mrtg.log
Note that this will only work with RunAsDaemon: Yes in your mrtg.cfg file.
