Squeaky clean virus free websites — on shared hosts

Hackers or script kiddies often end up defacing and hijacking your website. They can do this because you are not looking! Or not loking hard enough.

An antimalware/antivirus scan for linux would be a good thing as it would allow you to scan files on your server on a periodic basis(using cronjobs). Mostly backdoors are uploaded using upload forms that are made available for genuine users to upload stuff like pictures, attachments and other content. These forms, if badly written, or if there is no check for execution of code in the webroot can pretty much wipe out the server. So you need to be proactive and check your files as often as possible and clean them before things get out of hand.

Clamav is a good antivirus/malware scanner. Set it up to do your file watch job. Here’s the process to get it going on dreamhost.

  • svn co http://svn.clamav.net/svn/clamav-devel/trunk/
  • ./configure --prefix=$HOME --user=yourusername --group=yourgroupname
  • make & make install
  • edit /home/yourusername/etc/freshclam.conf and comment out the 4the line as instructed
  • edit /home/yourusername/etc/clamd.conf same edits as earlier for clamd
  • run freshclam and then clamdscan $HOME to find any backdoor or virus payload on your website.

Contact us if you need asistance with reclaiming your hacked website/server as well as other linux server admin requirements

opcode caching with eaccelerator — on shared hosts

Opcode caching helps!

From the eaccelerator home
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

This one’s for Dreamhost accounts. It will work for some other shared hosts as well. In case you need it setup on your server let us know through the Contact Form

  • Make sure you have your own custom php-fcgi (notice the ‘f’ it cost me two hours to figure that out) compiled and running the site where you want to enable eaccelerator. Detailed instructions rolling your own custom php are available elsewhere on this site.
  • get eaccelerator latest version and compile it
  • add the settings to the relevant php.ini
  • all set roll

For eaccelerator
The exports are for making sure you work with the right php. Again you will need autoconf, automake and php-devel(phpize) for the compile to work.

wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
export TMPDIR=$HOME/executable/tmp
export PATH=$HOME/executable/bin:$PATH
export LD_LIBRARY_PATH=$HOME/executable/lib:/usr/local/lib:$LD_LIBRARY_PATH
export CPATH=$HOME/executable/include:/usr/local/include:$CPATH
export LIBRARY_PATH=$HOME/executable/lib:/usr/local/lib:$LIBRARY_PATH
tar -jxf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3
phpize
./configure --prefix=$HOME/executable/
make
make install

For the php.ini
These lines are for loading and configuring ea in the custom php you use. So add them to the php.ini that pops up on your phpinfo page.

extension="eaccelerator.so"
eaccelerator.shm_size = "20"
eaccelerator.cache_dir = "/home/user/tmp/eaccelerator"
eaccelerator.enable = "1"
eaccelerator.optimizer = "1"
eaccelerator.debug = 1
eaccelerator.log_file = "/home/user/log/httpd/eaccelerator_log"
eaccelerator.name_space = ""
eaccelerator.check_mtime = "1"
eaccelerator.filter = ""
eaccelerator.shm_max = "0"
eaccelerator.shm_ttl = "0"
eaccelerator.shm_prune_period = "0"
eaccelerator.shm_only = "0"
eaccelerator.compress = "1"
eaccelerator.compress_level = "9"
eaccelerator.allowed_admin_path = ""

This is what your .htaccess should look like (assuming you got the precompiled php bit right)

well if you got your custom php working right then this is not going to change any

[koolaid]$ cat .htaccess
AddHandler phpFive .php
Action phpFive /cgi-bin/php.cgi

And here’s your php with eaccelerator in there

[koolaid]$ php -v
PHP 5.2.3 (cli) (built: May  8 2009 09:08:36)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
    with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
    with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
    with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies
[koolaid]$

Make sure that eaccelerator is also enabled in php by checking a phpinfo page like so:
phpinfo snip

Log should show hits also phpinfo page will show you the number of cached scripts.

Might want to benchmark it using something like phpspeed before and after the eaccelerator is plugged in….

Well this should ideally speed things up by around 60% so you’ll know when that happens 😀

Enjoy!