No OS is 100% secure if there’s enough desire to get in. There’s a web server exploit targeting Apache, Nginx, and Lighttpd running on Linux–a first of its kind, in at least one regard. Ars Technica has the details, including where to get a script to check to see if your server is infected.
According to this page, if you execute this command:
strings /usr/bin/apache2 | egrep opentty
you’re clean if nothing comes up, and your infected if you see one or more matches. If your system stores its httpd elsewhere, change the first parameter to match.
Tom Gatermann told me about a nice tool for Debian (and presumably Ubuntu) called checkrestart. Sometimes, even though you did an apt-get update and apt-get upgrade to bring your system up to date, you can still be running the out-of-date version of something. That’s the problem checkrestart helps you solve.
I ran my site through Google Page Speed on Tuesday, and scored a surprising 88 out of 100–higher than I expected. Getting above 90 is going to take some optimizations on files that WordPress updates may change, so I’m hesitant to do that, but one thing it told me to do was to cache more aggressively. That’s pretty easy, as it turns out, and I could definitely feel a difference afterward.
Here’s the trick. Read more
If your web server is slow and you want to fix it, it’s nice to be able to quantify what you got. Enter Apachebench, which is part of Apache and probably already on your server. Read more
A long project can be paralyzing at times, making it hard to figure out where to start. A trick that I learned in model railroading is to just work on whatever small percentage of the project that bothers you the most. Then, when that’s done, cycle back, create another subproject that fixes whatever bugs you the most now, and keep making incremental improvements like that until you get where you want.
I’ve used the same trick on home improvement projects, and I applied it to this web site over the course of the last few weeks, doing a series of incremental improvements. It led places I didn’t expect it.
Earlier this week, The Register touted the benefits of having a home lab.
That lab doesn’t necessarily have to be elaborate. But there is definitely something to be said for having some equipment that you can learn and experiment on, and that can break without the world ending. Read more
This week, I doubled back down in earnest to get my webserver running on the hardware I bought a year ago.
After getting Apache, PHP and MySQL installed on the box and playing together nice, I installed WordPress and got it running. Then I tried backing up and restoring files from my existing server, and the server didn’t like that one bit.
Unlike many bloggers, I blogged for a decade before moving to WordPress. That meant I had a pile of old posts with no tags on them. One of the nice things about WordPress is that you can use the tags in conjunction with a plugin like Similar Posts to display links to related content at the end of each post. And trust me, when you blog for a decade, a lot of your stuff is related.
It’s also sad how much of that old content becomes obsolete, but the 2% that stands the test of time and continues to get readers year over year is satisfying, too.
Here’s how to tag your old content–wherever it came from–quickly and easily.
A couple of years ago, I stood up a WordPress server. I made no effort to tune it, let alone turbocharge it, which is a decision I later came to regret. If your site gets more than a few hundred hits per day, you need to tune it. If you want to get more than a few hundred hits per day, you need to tune it because Apache and MySQL’s default settings are by no means one-size-fits-all. And you can never have too much speed. There are two reasons for that: Google favors fast sites over slow sites, and Amazon found that a one-second delay in page load drops traffic by 7 percent.
There’s a lot of advice out there on tuning WordPress, some of which seems to be good, and some of it not so good.
Here are four things that I know work. I run Apache and MySQL under Linux; these tools may run under Windows or OS X too.
My problems seem to have become more rare since I started blocking spambots and tuned PHP and Apache but last night my server ran out of memory again and started timing out.
It turns out I still had a critical problem, but one that’s easy to fix with a relatively simple Perl script.