Category Archives: Web

Web : zend_mm_heap corrupted

Posted by kgagnon@itechlounge.net on January 24, 2012 None comments

You may notice this error in the Apache logs : zend_mm_heap corrupted

Try to enable or increase this parameter either in your Apache config, htaccess or php.ini file :

output_buffering = 4096

Web : Prevent image hot linking to your site

Posted by kgagnon@itechlounge.net on January 10, 2012 None comments

This article is about stopping theses sites who hot link your images, steal them and your bandwidth! I assume you are running Apache as Web server and have some basic knowledge of httpd.conf, htaccess and rewrite rules.

You have two choice, either put the rules directly inside your httpd.conf vhost or inside an Apache configuration file (well known as .htaccess). If you use the httpd.conf way, you can ignore the first step.

First, make sure your vhost is allowing htaccess usage (in httpd.conf) :

AccessFileName .htaccess

<Directory “/path/to/vhost”>
AllowOverride All
Options SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

Now, add theses rewrite rules into your config file (httpd.conf or htaccess) :

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.tld [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://public.domain.tld/images/hotlinking_denied.jpg [NC,R,L]

 

Ok, let’s explain this a little bit… the following line contain the URL who is authorized to call images (your own site must be listed! – replace “domain.tld” with your own domain). You may add as many allowed URL you want, simply duplicate the line and domain.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.tld [NC]

The last line contain the image to return to theses stealers… their site will show this image instead of the one they tried to link (again, replace with your own URL/path) :

RewriteRule \.(jpg|jpeg|png|gif)$ http://public.domain.tld/images/hotlinking_denied.jpg [NC,R,L]

*Make sure the image you want to display is not contained into the same URL you are trying to protect. Infinite loop is expected!

Linux : How to generate SSL certificate key pair

Posted by kgagnon@itechlounge.net on December 3, 2011 None comments

Here are the few steps to generate the private key, certificate signed request, self-signed certificate and how to get rid of the passphrase request when starting you’re application .

Okay, let’s start. Go to the directory you want to store you’re certificate stuff. This example will assume you’re common name (aka : host name) will be “secure.certificate.tld”.

First, create a private key :

openssl genrsa -des3 2048 > secure.certificate.tld.key

Second, create a certificate signed request (known as CSR) :

openssl req -new -key secure.certificate.tld.key > secure.certificate.tld.csr

Almost done. You may now provide the CSR to your Certificate Authority (CA) issuer to obtain you’re certificate. You may also generate a self-signed certificate if you do not need to purchase one. It is absolutely secure to use a self-signed certificate, but a warning will be displayed to you’re visitors that the certificate is not valid. That’s why it’s not appropriate for online sales.

openssl req -x509 -key secure.certificate.tld.key -in secure.certificate.tld.csr > secure.certificate.tld.crt

Now, you may notice that every time you start you’re application (that use you’re certificate) ask for passphrase before starting. You can get rid of the passphrase with the following steps.

Backup the key file before :

cp -p secure.certificate.tld.key secure.certificate.tld.key.bak

Then, remove the passphrase :

openssl rsa -in secure.certificate.tld.key.bak -out secure.certificate.tld.key

For more security, make sure the key file is only readable by root :

chmod 400 secure.certificate.tld.key

OpenX : Statistics no longer working after upgrade from v2.8.5 to v2.8.7

Posted by kgagnon@itechlounge.net on October 24, 2011 None comments

After upgrading OpenX AdServer from version 2.8.5 to 2.8.7, you may experience a problem with statistics - OpenX engine is no longer recording stats from campaign delivery.

This is a good idea to have a look at the log file, located at <openx>/var/debug.log. You probably will see this warning :

OX-maintenance-4ea48eac6cd00 [info]  Running Maintenance Engine
OX-maintenance-4ea48eac6cd00 [info]  Running Maintenance Statistics Engine
OX-maintenance-4ea48eac6cd00 [error]  Failed to find package definition file /path/to/openx/www/delivery/../../plugins/etc/openXVideoAds.xml

Since there is a problem with plugins on the upgrade feature in the latest version (2.8.7 at this time), there is probably the full “/plugins/etcdirectory missing. For a successful upgrade from older version, you were required to copy the plugin directory to the new OpenX installation before upgrading.

Well, you cannot simply rollback and do the upgrade again if you do not have a backup of your database matching you’re old version… the database scheme has been modified to the latest version.

So, you’re alternative is to install a brand new OpenX 2.8.7 and copy the “/plugins/etc” directory of the fresh install to you’re defunct install.

Make sure you set the permission correctly on the ressently copied files and directory plugins. This should be writable by the Web server. If not, stats simply wont work (in this case you may see this in the debug.log) :

OX-4ea5d62cddde4 [info]  Unwritable file /path/to/openx/plugins/etc/openXDeliveryLog.xml
OX-4ea5d62cddde4 [info]  Unwritable folder /path/to/openx/plugins/etc

Simply change the ownership and permissions like this :

chown apache:apache -Rf /path/to/openx/plugins
chmod 777 -Rf /path/to/openx/plugins

RoundCube : Server Error UID COPY Error in IMAP command received by server

Posted by kgagnon@itechlounge.net on October 18, 2011 None comments

Since RoundCube version 0.6, you may expect the following error when trying to delete a message :

Server Error : UID COPY : Error in IMAP command received by server.

You probably using Courier-IMAP daemon.  As commented in “main.inc.php” configuration file for default storage folders, you need to modify the folder name according to the fully qualified name.  Just add ” INBOX. ” in front of each folder name and it should be working.

So, as exemple, the default value :

$rcmail_config['trash_mbox'] = ‘Trash’;

Should look like this :

$rcmail_config['trash_mbox'] = ‘INBOX.Drafts’;

PHP : Set upload file size

Posted by kgagnon@itechlounge.net on September 30, 2011 None comments

To increase (or decrease) the size of allowed uploaded file size with PHP, using php.ini or .htaccess file, just add or edit the following values :

php_value upload_max_filesize <VALUE>
php_value post_max_size <VALUE>

Just add the amount instead the <VALUE> tag.  Let’s assume you want to allow 300 megabyte file size to be uploaded to the server…

php_value upload_max_filesize 300M
php_value post_max_size 300M

If you modify directly to php.ini, you may need to reload Apache to make it work.  If you used htaccess file, you are not required to do anything (Apache read htaccess file each time your Web site is visited).

Vim : how do I search and replace text

Posted by kgagnon@itechlounge.net on September 16, 2011 None comments

Do the following to find and replace text string in a whole file using the Vi text editor :

1. Enter in command mode by typing ” :

2. Your command should look like this :

%s/search_for_text/replace_with_this_text/g

MySQL : mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication

Posted by kgagnon@itechlounge.net on August 4, 2011 None comments

When trying to connect to a MySQL 4.x and later server, the following error occur :

DB connection error: mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD(‘your_existing_password’). This will store a new, and more secure, hash value in mysql.user.

This is because the MySQL Server is accepting the old style authentication for MySQL 3.x. You need to disable this by comment or remove the following parameter in “my.cnf” :

old_passwords=1

WordPress : Automatic update failed, stuck in maintenance mode

Posted by kgagnon@itechlounge.net on May 30, 2011 None comments

In some rare occasion, automatic upgrade of WordPress core may fail. I’ve seen this case on low remaining Web server memory and apache reload during updating process.

When updating, WordPress create a file on the web root folder to temporary put the site unavailable during the update process. You need to delete the file “.maintenance” and the blog should back online.

The default message look like this : Briefly unavailable for scheduled maintenance. Check back in a minute.

Apache : Unable to configure RSA server private key

Posted by kgagnon@itechlounge.net on May 5, 2011 None comments

Apache startup failed – look at /var/log/httpd/ssl_error_log and show the following error :

Unable to configure RSA server private key
SSL Library Error: x509 certificate routines:X509_check_private_key:key values mismatch

The private key and the certificate do not match. You can compare the certificate and the key with the following commands :

View the certificate modulus using the following command :

openssl x509 -noout -text -in certfile -modulus

View the key using the following command :

openssl rsa -noout -text -in keyfile -modulus