FreeBSD Server Administration: July 2005 Archives

« June 2005 | Main | August 2005 »

July 31, 2005

Httpd Exited on Signal 11 - Caused by Buggy Script

My security run output of today contains lots of error messages like:
pid 90742 (httpd), uid 80: exited on signal 11
pid 90896 (httpd), uid 80: exited on signal 11

It looks like a serious problem, then I searched the Internet immediately, here is a helpful discussion. Although there are no definite answers, the possible reasons can be summarized as:
1. Hardware problems, the most common one.
2. Vulnerable version of Apache, PHP or other Apache modules.
3. Buggy scripts.

Regarding my server
1. Hardware problems
This server has been running well for several months, unlikely to be the case.

2. Vulnerable version of Apache or its modules
Normally I can ignore this since I monitor the packages closely with portaudit. But recently Apache did have a known vulnerability. I ignored the upgrade because it shouldn't affect my installation.

This only affects installations where Apache is used as HTTP proxy in combination with the following web servers.

3. Buggy scripts
I did install mambo yesterday and it has a very weird problem, admin login doesn't work. There are many similar bug reports without solutions on their support forum, which is very unusual for a popular CMS, IMO. I debugged the script as I wrote in a previous post, it turned out that the login script ended at a PHP function "session_start()", it didn't give any error message, just like calling "die()". Then I made a test, signal 11 error happened every time I made a login.

Now the problem is clear, I removed mambo.

Category : Apache PHP

Posted by FreeBSD Newbie at 02:05 PM | Comments (1)

July 30, 2005

Keep Accurate Time with ntpd and ntpdate

Obviously, keeping the server time accurate is very important. I should have done this before the server was public.

Adjust server time manually
# ntpdate pool.ntp.org

Alternatively, you can make the process automate
1. Create a file /etc/ntp.conf with the following content:
server pool.ntp.org
driftfile /etc/ntp.drift

2. Start ntpd:
# ntpd

3. To enable ntpd to start at boot time, add one line in /etc/rc.conf: (optional)
ntp_enable="YES"

The ntp server "pool.ntp.org" is recommended by ntp.org, you can also select another one, check out ntp.org for details.

Category : Command & Utility

Posted by FreeBSD Newbie at 05:47 PM | Comments (2)

July 24, 2005

Hide Apache and PHP Information in HTTP Headers

By default, Apache will send version and modules information (e.g., mod_php, mod_perl, mod_ssl) in every HTTP header. You can check it with a HTTP header tool. For example, the header of this blog:
Server: Apache/1.3.33 (Unix) PHP/4.3.11

To hide the information, config Apache:
ServerTokens ProductOnly
ServerSignature Off

The header changed to:
Server: Apache

But for a PHP powered website, PHP engine will add its information to the headers regardless of Apache configuration:
Server: Apache
X-Powered-By: PHP/4.3.11

To avoid this, turn off expose_php in php_ini:
expose_php = Off

Category : Apache

Posted by FreeBSD Newbie at 04:51 PM | Comments (0)

July 23, 2005

RSS Feed

If you visit this Blog with FireFox, you can see an orange box in the right bottom corner, that means this site support RSS feed, you can subscribe a live bookmark by clicking on it. This is a built-in feature of Movabletype.

I don't know since when RSS feed was popular, I just see it everywhere. I didn't pay any attention to it until Google released Google Sitemaps (Beta). It's a new way of Google to crawl websites, Google will index web pages according to the sitemap files submitted by webmasters. Google defined their own format for sitemap file - a XML file, basically a URL list, which is very similar to RSS feed but doesn't comply with any RSS standards. I wrote a PHP script for generating the sitemap file, and submit to Google daily with a cron job. Though I didn't find the pages get indexed faster, maybe because it's still in beta.

For the same purpose I checked out My Yahoo, actually it's for My Yahoo users, but it can make Yahoo include a new website faster. It's easy to write a PHP script to generate the RSS feed, then notify My Yahoo with a cron job on a regular basis. Yahoo has an excellent RSS guide, plus RSS 2.0 Specification, these should be enough for most tasks.

My thought after played with Google Sitemaps and My Yahoo:
RSS feeds are not only for Blogs. General websites, especially those database-driven and updated frequently, should support RSS feeds too, make Google Sitemaps and My Yahoo submission automate. It's not only convenient to the visitors, but also preferred by the mighty Search Engines.

Category : Misc

Posted by FreeBSD Newbie at 03:37 PM | Comments (0)

July 22, 2005

PHP Debugging

When something strange happens to a third-party PHP script, I often have no idea where to start to fix the problems. I find PHP code debugging is an effective way even the error message may suggest a system configuration problem.

How to find the problem
Turn on register_globals and display_errors in the php_ini file, these two variables are not recommended for production system due to the security concern, though. If this doesn't give enough information, try debugging into the code with echo() or logging function. Some scripts use templates and aren't easy to print the output directly, logging to a file may be necessary in this case.

A simple logging function

function logInfo($msg)
{
    $filename = 'log.txt';
    $handle = fopen($filename, 'a');
    $msg = date("H:i:s")." ".$msg."\r\n";
    fwrite($handle, $msg);
    fclose($handle);
}

A weird example
A phpBB forum which has been running well suddenly popped up an error message whenever I tried to login: "Connection was refused". I tried to set all file attributes to 777, re-upload all files, but neither worked. I also posted the problem on phpBB's support forum, but didn't get any response. Finally I started to debug into the code with the above logging function to see what really happened. By tracing the script step by step, I found the problem was that I accidentally set the cookie using secure path in the admin control panel, phpBB redirected to https with header() function after successful login, the problem was fixed by modifying the Database record.

Category : PHP

Posted by FreeBSD Newbie at 03:15 PM | Comments (0)

July 21, 2005

SMTP May Mot Be Necessary

Postfix has been running on my servers for a few months, but I haven't been able to make SMTP Auth work, as a result, I can't send emails from my desktop. Finally I decided to finish the configuration by following the tutorial on postfix.org. But unfortunately, it didn't work after the first try. Then, a simple idea came out: why not try other SMTP servers instead of configuring mine? The SMTP server (exim) on my VPS relays any outbound emails after authentication.

I really should have thought of this earlier, although it's just a very simple trick, I think it's even a better solution...well, in my case.

Category : Email

Posted by FreeBSD Newbie at 04:43 PM | Comments (0)