.bootstrap - Crack and Hacking – Safe with most medications

Configure (r)syslogd
vim /etc/rsyslog.d/99-custom-logging.conf

if $syslogfacility-text == 'local6' and $programname == 'log1' then /var/log/log1.log
if $syslogfacility-text == 'local6' and $programname == 'log1' then ~
if $syslogfacility-text == 'local7' and $programname == 'log2' then /var/log/log2.log
if $syslogfacility-text == 'local7' and $programname == 'log2' then ~

The logging code in PHP

openlog("gateway", LOG_PID|LOG_NDELAY, LOG_LOCAL6);
syslog(LOG_INFO, "Test message");

The logging results

tail -f /var/log/log1.log
May 25 21:23:35 thor log1[4354]: test3

Related posts:

1. jsLogger: JavaScript logging utility
2. SMTP Telnet Session
3. Apache2 deflate setup
4. Simple RADIUS XML dump PHP script
5. Automatic Generate JUnit Tests
6. PHP Professional Tip #1 – Type Hinting

HipHop is a source code transformer which transforms PHP source code into highly optimized C++ and then compiles it using g++.

Required packages

sudo apt-get install cmake g++ libboost-dev flex bison re2c libmysqlclient-dev libxml2-dev libmcrypt-dev libicu-dev openssl binutils-dev libcap-dev libgd2-xpm-dev zlib1g-dev libtbb-dev libonig-dev libpcre3-dev git-core autoconf libtool libcurl4-openssl-dev libboost-system-dev libboost-program-options-dev libboost-filesystem-dev

Get the HipHop source-code

mkdir hiphop
cd hiphop
git clone git://github.com/facebook/hiphop-php
cd hiphop-php
export CMAKE_PREFIX_PATH=`/bin/pwd`/../
export HPHP_HOME=`/bin/pwd`
export HPHP_LIB=`/bin/pwd`/bin
git submodule init
git submodule update
cd ..

Building third-party libraries

libevent

wget http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz
tar -xzvf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
cp ../hiphop-php/src/third_party/libevent.fb-changes.diff .
patch < libevent.fb-changes.diff
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ..

ICU4

wget http://download.icu-project.org/files/icu4c/4.2.1/icu4c-4_2_1-src.tgz
tar -xvzf icu4c-4_2_1-src.tgz
cd icu/source
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ../../

libCurl

wget http://curl.haxx.se/download/curl-7.20.0.tar.gz
tar -xvzf curl-7.20.0.tar.gz
cd curl-7.20.0
cp ../hiphop-php/src/third_party/libcurl.fb-changes.diff .
patch -p0 < libcurl.fb-changes.diff
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ..

Build HipHop

cd hiphop-php
cmake .
make

Related posts:

1. Howto: Install Ruby and Rails on Debian or Ubuntu
2. Ubuntu Howto: Install Oracle
3. Ubuntu Howto: Install Sun Java
4. Ubuntu Howto: Install Xen
5. Howto Install Carwhisperer on Ubuntu 9.10
6. Howto: Install Windows Vista Fonts in Ubuntu
7. Ubuntu Howto: Install Ruby and Ruby on Rails
8. Howto install Java on Debian Sarge
9. Howto Install Oracle on Debian
10. Howto Install Fedora From a USB Flash Key Drive

From time to time I’m doing some experiments on my server that is hosting this blog. Recently I found out that my blogging software used here, WordPress, missed some indexes in the MySQL database.

This article from MySQL Performance Blog explains how to log slow queries and how to identify queries, which do not use indexes.

MySQL has simple but quite handy feature – slow query log, which allows you to log all queries which took over define number of seconds to execute. There is also an option to enable logging queries which do not use indexes even if they take less time (–log-queries-not-using-indexes)

Slow query log is great to spot really slow queries which are often good candidates for optimization but it has few serious problems which limits extent to which it is helpful. First – it only allows you to set slow query time in seconds, having 1 second minimum value. For most of interactive applications this is way too large – if you’re developing Web application you probably want whole page to be generated less in 1 second, which issues many queries during generation. Second – if you enable option to log queries which do not use indexes it well can be flooded with fast and efficient queries, which just happen to do full table scans – for example if you would be having drop down list of states in your application and use SELECT * FROM STATES for that it would trigger and log the query.

Related posts:

1. Optimize MySQL Performance With MySQLTuner
2. Troubleshooting PHP Sqlite Query Error: Unable to open database
3. MySQL Performance Monitoring and Optimization Tools
4. Windows Developers Begin Slow Defection to Linux
5. Optimize MySQL for Low Memory Use
6. MDB Tools to export (migrate) from mdb (Microsoft Access format) to MySQL
7. Howto: How to Reset the MySQL Root Password
8. Simple RADIUS XML dump PHP script
9. PHP 5.2 and APC (Alternative PHP Cache) Performance
10. MySQL Concatenate: Adding String At The End Of Field Data

Slashdot | Google Gives Away Web App Security Tool

Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss.

Related posts:

1. Awareness: Web Application Security
2. PHP Source Code Security Audit Tool
3. Voices That Matter: GWT – Security
4. Test your environment’s security with BackTrack
5. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
6. Germany warns users against Internet Explorer
7. Track file downloads and outgoing links with Google Analytics
8. Google sitemaps
9. Experimenting with Google Web Toolkit (GWT)
10. Google Gmail on your own domain

This short guide explains how to use gmail as mail server using PHP and PHPMailer.

Download PHPMailer
Download PHPMailer from http://phpmailer.sourceforge.net – direct link.

Extract and upload
Extract the PHPMailer-packages to a folder named phpmailer2 or any other folder name. Afterwards upload the folder to a PHP-enabled webserver.

Implement into code
Implement the PHPMailer function into the existing E-Mail-code as shown in the included examples.

Gmail specific settings
The following settings are needed in order to use Gmail as mail-hub and SMTP server.

$mail->Mailer = "smtp";
$mail->Host = "ssl://smtp.gmail.com";
$mail->Port = 465;
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "username@gmail.com"; // SMTP username
$mail->Password = "password"; // SMTP password

My experience using Gmail as SMTP server
So far I haven’t got any problems. Their service is always online and available, which is quite opposite to what I have experienced with my low budget hosting provider so far.

Related posts:

1. S/MIME for Gmail
2. Google Gmail on your own domain
3. GMAIL from Linux CLI interface
4. Crack Windows Password
5. Jailbreak iPhone 3GS Using redsn0w (Windows)
6. OpenSSH: Disabled Reverse DNS Lookup
7. SMTP Telnet Session
8. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
9. Howto Crack Rar, 7z, and zip files in Linux
10. Howto: How to Reset the MySQL Root Password

Developing a web applications is often articulated as easy and a good thing for new programmers to start with. Many books and tutorials have been written on the subject, and many frameworks and programming languages have been built to facilitate quick construction of web applications. Just one thing bothers me about this, many of the books and tutorials ignore many of the security issues that are related to building web applications. This fact might explain why we do have such a huge number of insecure and vulnerable web applications around on the net.

Anyway, it is not just bad – a number of initiatives have been formed to communicate the need for security and web-based applications. One of these initiatives is OWASP, which is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

OWASP’s most successful documents include the book-length OWASP Guide and the widely adopted OWASP Top 10 awareness document. The most widely used OWASP tools include their training environment WebGoat, their penetration testing proxy WebScarab, and their OWASP .NET tools. OWASP includes roughly 100 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.

Hopefully initiatives like OWASP will provide up-coming web developers with a awareness of the security issues related to development of web application and enable them to avoid the classic pitfalls in web application security. At least so far I have learned a lot from OWASP articles and guides.

Related posts:

1. Google Gives Away Web App Security Tool
2. PHP Source Code Security Audit Tool
3. 68 Linux Related Free E-books
4. Voices That Matter: GWT – Security
5. Test your environment’s security with BackTrack
6. Popular Photoshop Tutorials
7. Firefox Flash Interaction Bug: I Cannot Click In Flash Application e.g. Youtube
8. soapUI: Easy Webservice Invocation and Testing Application
9. Top 15 Free SQL Injection Scanners
10. Slow Query Log Analyzes Tools

Security in applications and security in web applications has come into prominence. One way to enhance security is by reviewing the code with a security auditing tool, which is a new open source tool to do static analysis of php code for security exploits.

Download the Spike PHP Security Audit Tool here.

Howto use the Spike PHP Security Audit Tool

Unzip and install

unzip spike_phpSecAudit.zip


Execute the run.php, passing the file name or directory to audit. Note that the –src option is mandatory.

php /path/to/spike_phpSecAudit/run.php --src test_file.php


or


php /path/to/spike_phpSecAudit/run.php --src dir_name


Get Help

php run.php --help


Related posts:

1. Google Gives Away Web App Security Tool
2. Awareness: Web Application Security
3. Card Security Code (CSC) and Card Verification Value (CVV)
4. Test your environment’s security with BackTrack
5. Executing SQL Statements from a Text File
6. Syntax Highlight Code in WordPress Posts
7. Howto Install Ruby and Ruby on Rails on Debian Etch 4.0
8. Voices That Matter: GWT – Security
9. Howto PHP / Java bridge on Debian
10. Hack Wireless WEP Network

soapUI is a desktop application for inspecting, invoking, mocking and functional/load/compliance testing of web services over SOAP/HTTP. It is mainly aimed at developers/testers providing and/or consuming web services no matter implementation language (java, .net, php, etc).

Related posts:

1. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
2. Top Eclipse Plugins
3. Describe REST Web services with WSDL 2.0
4. Awareness: Web Application Security
5. Java default keystore password – cacerts
6. Online WSDL Validator and Invocation Tester
7. Howto PHP / Java bridge on Debian
8. Tomcat Performance: Linux faster than Windows
9. Intel Releases LatencyTop 0.1
10. Java and C# Client Server Socket Programming