From February 2012

Unfortunately, I’ve had to learn a thing or two about server intrusion, .htaccess being hacked, backdoors and more in the last days. Well, one could say it is a good education… In any case, one of the major issues I was confronted with, is that on one PHP based server (with WordPress) the .htaccess file was manipulated. The hack wasn’t obvious, since it was targeted to any user coming to the site from a search engine and then being redirected to some (random) russian site.

Now, removing the .htaccess file, editing it or changing the file permission did not help, as the file itself was being reset to the hacked version every 30 minutes or so. It was obvious that someone was able to upload a backdoor to the server and calling the file remotely. The question was now, how to find the infected file or uploaded on in order to close the hole?

Luckily, the people at R-FX Network made the malware script available (under the GPL open source license), that lets you scan your server for any malware and infected files. It uses many different scans to find any malware. I especially like, that users can send their infected files to them and they then update the scanner engine. Very effective method to keep your server secure.

In my case, the malware script quickly found the file in question, which was then quarantined. Since then, the WordPress blog worked again. Needless to say, just running this script wont secure your server. You need to have a firewall in place, update your server regularly, read your logs and so on.

If you want to read more about the difference way of hack and how to protect the server I’ve found this blog post from Unmask Parasites very valuable. Also, they have a video of Matt Cutts talking about malware.

 

I just went trough some issues with a PHP5 installation on some of our WordPress servers. To spare you of the details, why I had to do that, I simply post the solutions here (strange enough searching for these issues online gives you “trillions” of results, but no solution…).

1. Removing PHP5 and re-installing

When you are in need to remove and re-install PHP5, you should use the “–purge” parameter like; “apt-get –purge remove php5″. Now, while this seams to work and when you re-install PHP5 it strangely gives you feedback of “Not replacing deleted config file /etc/php5/apache2/php.ini” during re-installation.

In short, the re-installation does NOT install a php.ini file. While this might not be a issue for some, it was in my case. Luckily, there are some default php.ini files that one can copy. Depending on your server they might be in different places (mine were at /usr/share/php5). So, all there was to do is to copy the file with: “cp /usr/share/php5/php.ini-production /etc/php5/apache2/php.ini”.

2. Your PHP installation appears to be missing the MySQL extension which is required by WordPress

While the above might not be major issue, the message I received from our WordPress installation of “Your PHP installation appears to be missing the MySQL extension which is required by WordPress” was worrying. Nothing that I tried, re-installing PHP5, enabling modules, checking Apache and MySQL solved it. Also, searching for this online, did not help at all, since almost every entry simply tells you to re-install php5.

Ok, so how did I get it solved? After hours of hours the solution is too simple. All I had to do, was to explicitly, enable the extension in the php.ini file with:

extension=mysql.so
extension=mysqli.so

Saved the file, restarted Apache and finally I got the MySQL parameters in the PHP Info page and all blogs worked again. One would think that the apt-get installation routine would do this automatically since I was using “apt-get install php5-mysql”, but alas as I found out the hard way, this is not so.

Hope this helps someone out there.

I actually never indulge in conversations why one programming language is better then another, because what is right to you, does not automatically mean, it is right for someone else. So, for me ColdFusion, or as we call the language itself – CFML, works very well.

Nevertheless, in this post I like to clear up some confusion that has been around. I can see where the confusion comes from as Coldfusion has gone from Allaire to Macromedia and is now “in the hands” of Adobe.

In any case, here are some reasons why CFML is still worth for you to learn.

  • CFML is open source and yes you can use it for free. I guess, many people are put off by the fact that Coldfusion has had a big price tag on it in the past. True, given the nature of PHP, Java, Phyton, Ruby, etc. being free, there was actually no reason to shell out your hard earned buck for some application server and on top of it even learn the language. Thanks to the short sighted business decisions of Macromedia and now Adobe or shall we say with the greedy money making mentality of its management, Coldfusion has been faced with a drainage of developers.
    Fortunately, this has all changed with the advent of OpenBD – the first real open source CFML server, followed shortly by Railo, another popular open source CFML server. In other words, to learn CFML and to deploy your applications, is now free and free to be.
  • Write less code. Compared to PHP, Java, C++, even Ruby and Python – CFML allows you to write the same program with much much fewer lines of code. Why would you want spend your precious time writing more code when you can do it for less? As a matter of fact, you can write your application in CFML so efficiently, that the same application written by you alone would probably need a team with Java, Ruby, etc. This is a proven fact.
  • Well designed. The CFML language is well designed and many required functions already exists for you to use. There is no need to write a wrapper for a email sending function. I mean, you don’t even need a framework, to achieve a simple tag like “<cfmail…>”. There is no obnoxious, framework to learn or write functions for this. Compare this to Java, PHP, Ruby, etc. you are very well off with CFML. (again all without a framework)
  • Build web applications fast. Due to the nature of writing less code with CFML and with the built in function, you will be writing your next web application in weeks, instead of months. On top of that, you will have a full scalable enterprise model on your hand to scale when your startup takes off. Heard about the stories of PHP web apps, that had to be converted to xyz language just to scope with the traffic. Again, if you would deploy your web application with CFML and OpenBD, you can deploy on any Java application server (Tomcat, JBoss, Websphere, etc.), connect to any database (MongoDB, H2, Oracle, MySQL, MS SQL, DB2, you name it…) and have your cluster, load balancing, caching setup done.

If you are in for writing less code and building your next web application the fast way, then I simply urge you to give CFML a try. I’m certain that you will get your project done in half the time then in another language. There is simply nothing to loose for you!