Stop PHP nobody Spammers
http://www.webhostgear.com/232.html
Update: May 25, 2005:
- Added Logrotation details
- Added Sample Log Output

PHP and Apache has a history of not being able to track which users are sending out mail through the PHP mail function from the nobody user causing leaks in formmail scripts and malicious users to spam from your server without you knowing who or where.

Watching your exim_mainlog doesn’t exactly help, you see th email going out but you can’t track from which user or script is sending it. This is a quick and dirty way to get around the nobody spam problem on your Linux server.

If you check out your PHP.ini file you’ll notice that your mail program is set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built in mail(); function for PHP - so everything will go through /usr/sbin/sendmail =)

Requirements:
We assume you’re using Apache 1.3x, PHP 4.3x and Exim. This may work on other systems but we’re only tested it on a Cpanel/WHM Red Hat Enterprise system.

Time:
10 Minutes, Root access required.

Step 1)
Login to your server and su - to root.

Step 2)
Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden 

Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl

# use strict;
 use Env;
 my $date = `date`;
 chomp $date;
 open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
 my $uid = $>;
 my @info = getpwuid($uid);
 if($REMOTE_ADDR) {
         print INFO “$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
 }
 else {

        print INFO “$date - $PWD -  @infon”;

 }
 my $mailprog = ‘/usr/sbin/sendmail.hidden’;
 foreach  (@ARGV) {
         $arg=”$arg” . ” $_”;
 }

 open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
 while (<STDIN> ) {
         print MAIL;
 }
 close (INFO);
 close (MAIL); 

Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail

Step 6)
Create a new log file to keep a history of all mail going out of the server using web scripts
touch /var/log/spam_logchmod 0777 /var/log/spam_log

Step 7)
Start Exim up again.
/etc/init.d/exim start 

Step
Monitor your spam_log file for spam, try using any formmail or script that uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log 

Sample Log Output

Mon Apr 11 07:12:21 EDT 2005 - /home/username/public_html/directory/subdirectory -  nobody x 99 99   Nobody / /sbin/nologin

Log Rotation Details
Your spam_log file isn’t set to be rotated so it might get to be very large quickly. Keep an eye on it and consider adding it to your logrotation.

pico /etc/logrotate.conf

FIND:
# no packages own wtmp — we’ll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

ADD BELOW:

# SPAM LOG rotation
/var/log/spam_log {
    monthly
    create 0777 root root
    rotate 1
}

Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn’t get overwritten.

location:

/etc/init.d/mysql start|stop

exim

Turn off exim while we do this so it doesn’t freak out.
/etc/init.d/exim stop

?

How about httpd?

/usr/local/bin/p7zip

Statistics Software Configuration

rar better than zip

/usr/local/bin/unrar 

unrar x   *.rar  ./data  (uncompress *.rar  into folder  /data)

/usr/local/bin/zip -9 b1.zip ./data2/*    (use zip to compress /data/* into b1.zip)

install from ports  /usr/ports/archivers

http://jeremy.zawodny.com/blog/archives/000796.html

http://www-db.stanford.edu/~backrub/google.html

Where does this limit come from?

In a MyISAM table with dynamic (variable length) rows, the index file for the table (tablename.MYI) stores row locations using 32-bit pointers into the data file (tablename.MYD). That means it can address only 4GB of space.

This problem is both a historical artifact and an optimization. Back when MySQL was created, it wasn’t common to store that much data in a single table. Heck, for a long time 4GB was an entire hard disk and most operating system had trouble with files larger than 2GB. Obviously those days are gone. Modern operating systems have no trouble with large files and hard disks larger than 100GB are quite common.

From an optimization point of view, however, the 32-bit pointer still makes sense. Why? Because most people are running MySQL on 32-bit hardware (Intel/Linux). That will change as use of AMD’s Opteron becomes more widespread, but 32-bit will be the majority for the next few years. Using 32-bit pointers is the most efficient way to do this on 32-bit hardware. And even today, most MySQL installations don’t have tables anywhere near 4GB in size. Sure, there are a lot of larger deployments emerging. They’re all relatively new.

An Example

Here’s a table that you might use to store weather data:

mysql> describe weather;
+-----------+--------------+------+-----+------------+-------+
| Field     | Type         | Null | Key | Default    | Extra |
+-----------+--------------+------+-----+------------+-------+
| city      | varchar(100) |      | MUL |            |       |
| high_temp | tinyint(4)   |      |     | 0          |       |
| low_temp  | tinyint(4)   |      |     | 0          |       |
| the_date  | date         |      |     | 0000-00-00 |       |
+-----------+--------------+------+-----+------------+-------+
4 rows in set (0.01 sec)

To find its size limit, we’ll use SHOW TABLE STATUS

mysql> show table status like 'weather' \G
*************************** 1. row ***************************
           Name: weather
           Type: MyISAM
     Row_format: Dynamic
           Rows: 0
 Avg_row_length: 0
    Data_length: 0
Max_data_length: 4294967295
   Index_length: 1024
      Data_free: 0
 Auto_increment: NULL
    Create_time: 2003-03-03 00:43:43
    Update_time: 2003-03-03 00:43:43
     Check_time: 2003-06-14 15:11:21
 Create_options:
        Comment:
1 row in set (0.00 sec)

There it is. Notice that Max_data_length is 4GB. Let’s fix that.

mysql> alter table weather max_rows = 200000000000 avg_row_length = 50;
Query OK, 0 rows affected (0.03 sec)
Records: 0  Duplicates: 0  Warnings: 0

mysql> show table status like 'weather' \G
*************************** 1. row ***************************
           Name: weather
           Type: MyISAM
     Row_format: Dynamic
           Rows: 0
 Avg_row_length: 0
    Data_length: 0
Max_data_length: 1099511627775
   Index_length: 1024
      Data_free: 0
 Auto_increment: NULL
    Create_time: 2003-06-17 13:12:49
    Update_time: 2003-06-17 13:12:49
     Check_time: NULL
 Create_options: max_rows=4294967295 avg_row_length=50
        Comment:
1 row in set (0.00 sec)

Excellent. Now MySQL will let us store a lot more data in that table.

http://ontosys.com/php/cache.html

PHP Cache Control

This note describes a scheme for allowing PHP pages to be cached by a browser.

Example files

cache_check.inc — Logic to support caching of dynamic pages

<?php
$if_modified_since = preg_replace('/;.*$/', '', $HTTP_IF_MODIFIED_SINCE);

$mtime = filemtime($SCRIPT_FILENAME);
$gmdate_mod = gmdate('D, d M Y H:i:s', $mtime) . ' GMT';

if ($if_modified_since == $gmdate_mod) {
    header("HTTP/1.0 304 Not Modified");
    exit;
}
header("Last-Modified: $gmdate_mod");
?>

The value of the HTTP If-Modified-Since header (if any) is available in $HTTP_IF_MODIFIED_SINCE. We check the date value in that header against the modification date of the executed PHP script file itself. If they are the same, we send a 304 response and quit.

Otherwise, we send a Last-Modified header with the file’s modification date.

cachable.php3 — An example cacheable dynamically-generated file

<?php // -*- sgml-parent-document: ("dummy.html" "html" "body" ()) -*-
include 'cache_check.inc';

if (isset($touch))  touch($SCRIPT_FILENAME);
$gmdate_now = gmdate('D, d M Y H:i:s') . ' GMT';
$now = time();

print "
<table>
<tr><td>if_modified_since</td><td>$if_modified_since</td></tr>
<tr><td>gmdate_mod</td><td>$gmdate_mod</td></tr>
<tr><td>gmdate_now</td><td>$gmdate_now</td></tr>
</table>
<p>
<a href=\"$SCRIPT_NAME\">Link to self</a>.<br>
<a href=\"$SCRIPT_NAME?touch=y&time=$now\">Update source file</a>.<br>
<a href=\"$SCRIPT_NAME?time=$now\">Link to self with varying URL</a>.
";
?>

This dynamic page simply generates some output for testing purposes. Note that the gmdate_now value will not appear to change if the browser uses the file from its cache or if the server sends back a 304.

RewriteCond %{REQUEST_FILENAME} /(.*)-f([0-9]*).html

<?php
$patterns = array (‘/(19|20)(\d{2})-(\d{1,2})-(\d{1,2})/’,
                   ‘/^\s*{(\w+)}\s*=/’);
$replace = array (‘\3/\4/\1\2′, ‘$\1 =’);
echo preg_replace($patterns, $replace, ‘{startDate} = 1999-5-27′);
?>

Google checkout & paypal. What’s the difference ?