Posts for June, 2005

Known Vulnerabilities in Ruby-1.8.2_3

June 25, 2005 Posted in Security

Portaudit reported a known vulnerability in ruby-1.8.2_3 package(lang/ruby18), but the ports hasn’t released a fixed version yet. Read More

Execute Commands in PHP

June 24, 2005 Posted in PHP

Sometimes I login to the server only for running a simple command, such as uptime. It can be more convenient to do this with a simple PHP page, for example, the following code will display the the output of uptime command:

<?php passthru("uptime"); ?>

For more details about how to execute Unix/Linux command in PHP, please refer to PHP online manual.

sysctl.conf Sample

June 22, 2005 Posted in Security

Here is a sysctl.conf sample which changed many kernel variables, such as kern.ipc.somaxconn, net.inet.tcp.blackhole and net.inet.udp.blackhol, it also used net.inet.tcp.drop_synfin, net.inet.ip.rtexpire and net.inet.ip.rtminexpire. Read More

Reduce Server Visibility

June 21, 2005 Posted in Security

Learnt a tip from the book “Mastering FreeBSD and OpenBSD Security”. Servers connected to the Internet receive lots of network probes (automate scans). When the probes are to connect to a TCP and UDP port where no process is listening, the default kernel will compose a TCP reset packet, or an ICMP port unreachable message, and send it as a response. Read More

FreeBSD Reviews

June 20, 2005 Posted in FreeBSD General

Today, I read two articles along with their comments about FreeBSD: Review: FreeBSD 5.4 and Linus compares Linux and BSDs, I think they can be summarized in one sentence: FreeBSD is not for general purpose and doesn’t work well as a workstation. Read More


June 19, 2005 Posted in Security

Currently every website matches one shell account on my servers, I always feel it’s insecure to have more than a dozen accounts, but never taken a minute to think about how to change it. Read More

Portaudit Follow-up

June 18, 2005 Posted in Security

Portaudit does not only make security checking much easier, but also make it automate. The security daily run fetches the latest portaudit database (#portaudit -F) and checks all installed packages (%portaudit -a). Now, I can know the latest package information about known vulnerabilities by reading emails. Read More

Performance Tuning

June 18, 2005 Posted in Apache

I have been considering to upgrade my 10 MB uplink, but after read the system tuning in the handbook, I realized something else was more important than the bandwidth limit, especially kern.ipc.somaxconn: Read More

10MB or 100MB Uplink?

June 15, 2005 Posted in FreeBSD General

Very occasionally my websites are inaccessible for several seconds, then back to normal, soon inaccessible again. The uptime is very good and unlikely to be a performance problem, the only reason I can think of is network congestion. Currently I’m using 10 MB uplink, and I have been wondering if 100 MB uplink is only for heavy servers, or most servers can benefit from it as well. Read More


June 12, 2005 Posted in Security

After the email server problem, I started to pay close attention to the ports update, the lesson told me it’s ultra important to keep all packages up to date. Actually all information about how to handle ports is in the handbook, read it carefully if you haven’t, only several small pages. Read More

FreeBSD Resource

June 11, 2005 Posted in FreeBSD General

FreeBSD Resource Collections

FreeBSD Handbook
FreeBSD Hypertext Man Pages
FreeBSD Security Alert

FreeBSD Diary
BSD Forums

FreeBSD articles on

I’ll keep adding new websites, please let me know if you know any other websites which should be listed here.

Move Apache Log Files

June 10, 2005 Posted in Apache

When I checked emails with Outlook Express today, all POP3 accounts on my two servers gave me an error message “Invalid username or password”, which really freaked me out. Later I found it’s because /var file system used up again. Read More

Great FreeBSD Security Page

June 3, 2005 Posted in Security

Just found a great security alert website for FreeBSD on the ports help page, this will make things much easier. Bookmark it.

More About Apache Log File Rotation

June 1, 2005 Posted in Apache

As I wrote earlier, I remove old Apache log files by deleting all of them and doing a graceful restart, this is also what Apache documentations suggested, everything works well except that Apache doesn’t release the disk space used by the deleted log files. Read More