Autarchy of the Private Cave

fail2ban has a php-url-fopen rule.

WordPress has a Global Translator plugin, which – among others – uses Google Translate service.

If someone uses Google Translate (e.g. using Global Translate’s mini-language-flags), and goes back to your blog – that someone might get banned by fail2ban (especially if you have set maxretry to 1), as the referrer will contain the php-URL-fopen attack signature. The bad thing is that you will not realize that until after you check one or several translations yourself, as a random site visitor experiencing the problem is highly unlikely to bother reporting this problem – especially when your blog’s Contact page is also inaccessible.

Clearly, Google Translate is not the only legitimate service which will trigger that rule.

Solution: The only solution I have found is to specify the whitelist regex for the php-URL-fopen rule.

Stimulated by a bug in a complex and unfamiliar web PHP application with heaps of custom tweaks by other programmers, I decided to try a more professional approach to PHP programming and debugging than the standard var_dump() and family.

As a result, I’m now using Eclipse PDT with Xdebug and Xdebug Helper (Firefox extension). Now I don’t understand how I used to debug my PHP programs before!

After proper configuration (I’m using local Apache, but it is also possible to debug remotely), my work flow is rather simple:

• use my web-app as usual, e.g. tweaking and testing here and there
• if something server-side goes wrong: click the XDebug helper icon in Firefox, and perform some server-request action (e.g. load a page)
• debugging is started in Eclipse PDT, where I can step through the code, set breakpoints, and examine all variables
• as soon as the problem is fixed – click the XDebug helper icon again to continue using the site normally (w/o invoking the debugger)

It takes some time to get used to, but then it’s a breeze.

Some advice:

• don’t use apt-get/aptitude to install Eclipse; it will be much easier both in the short and long run to use some all-in-one package from the Eclipse PDT site; all you need to do – download, extract, run!
• before actually starting to do anything, tweak the eclipse.ini file by increasing heap size from 40 MiB (default) to some larger value (I used 128MiB). If you don’t do this, then at some point your debugging will become painfully sloooow, and then you’ll start getting tons of “out of heap memory” errors, each one suggesting that you quit Eclipse immediately
• install XDebug with apt-get/aptitude – worked perfectly, and there’s /etc/php5/conf.d/xdebug.ini not to mess with php.ini
• do read XDebug guide for PDT 2.x (I’m assuming you got the 2.x version); it should be the only document you will really need to configure everything

I only wish Eclipse was faster – that is, written not in Java but e.g. C or C++.

Must have been some maintenance, as I didn’t notice any changes in PHP/MySQL versions since the 7th of March.

Update: it seems as though since that short MySQL outage everything is faster at GoDaddy shared hosting. Did they upgrade database server(s)? I have no idea, but I like the change.

Most frequent use: convert database from latin1_swedish to utf8_general_ci.
Original script found at: MySQL and UTF-8.

Update: the original script had an error, it would generate queries likes this one (note the bold part):

ALTER TABLE `links` CHANGE `link_rel` `link_rel` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT NULL;

This is clearly wrong syntax (and logic). I fixed this by making comparison to NULL strict (with three equal signs instead of two):

// Does the field default to null, a string, or nothing?
if ($row['Default'] === NULL)

Update 2: based on comment by banesto, I modified the script; now it does not require specifying the from_collation, it’s sufficient to specify to_collation (which will be used for all the fields and tables). The modified code is:

if ($row['Collation'] == ” || $row['Collation'] == $convert_to)
continue;

Here’s the script itself: (to copy-paste: first click the “Plain text” header)
Read the rest of this entry »

As described in my previous post, there are some rather simple mechanisms to enable visitor’s browser to cache content, and avoid unnecessary load on your servers. In this post I’ll take a look at some parts of the practical implementation of the caching mechanism on the server, using PHP.
Read the rest of this entry »

If you happen to write PHP script, which uses either HTTP_Client or its dependancy HTTP_Request from PEAR, and the script is supposed to work through the HTTP proxy - here are the sample settings you need:

If your proxy does not need authorization - just drop the proxy_user and proxy_pass parameters.