Posts Tagged ‘ Apache ’

Script to find out PHP memory usage

Open a php file in the server and copy paste the following php code to into it. Access the php file via browser. You can see the memory usage in the web page.

// This is only an example, the numbers below will
// differ depending on your system
for ($i=1; $i<100; $i++) {
        //echo "used memory is " . memory_get_usage() . "<br />";
        $a = loadmem($i); 
        //echo "used memory after allocating ".$i."m is " . memory_get_usage() . "<br />"; // 57960
        //echo "used memory after unsetting allocated memory is " . memory_get_usage() . "<br />"; // 36744
        echo "You have allocated ". $i . "M (". memory_get_usage() . ") memory in this php script" . "<br />";

function loadmem($howmuchmeg) {
        $a = str_repeat("0", $howmuchmeg * 1024 * 1024); // alocating 10 chars times million chars
        return $a;

Awstat Logging a single IP on Nginx Server

When you see awstat logging a Single IP for any domains in a Nginx Server, note that Nginx is configured in port 82 and apache with port 80. Nginx will be running as reverse proxy for Apache, we don’t want our log file to record the proxy IP. We want the real IP as usual. Otherwise the log files will show only the Proxy IP. So we need to install mod_rpaf which is “Reverse Proxy Add Forward” module for Apache. Our older team used a module like “realip2_module” for doing this.

Install steps:

cd /usr/local/src
tar -xzf mod_rpaf-0.6.tar.gz
cd mod_rpaf-*
apxs -i -c -n mod_rpaf-2.0.c

Once installed, we need to load the module into Apache configuration. Since cPanel already has Include Editor for Apache, we will use that functions.

Login to WHM > Service Configuration > Apache Configuration > Include Editor > Pre Main Include > All Versions and paste following text:

LoadModule rpaf_module modules/
RPAFenable On
RPAFproxy_ips # replace the value with your server IP which are logged same on domlogs of domains 
RPAFsethostname On
RPAFheader X-Real-IP

Click Update > Restart Apache and Nginx.
Check and verify the IP from the logs.

Note: In this module we have one limitation is that, we need to add the IPs manually in RPAFproxy_ips.

Forbidden Errors (SELinux)

You may experience a “forbidden error” when attempting to access a users public web site (http://localhost/~alice), this is generally because the permissions are either set incorrectly, or SELinux is set to “Enforcing” mode which blocks the standard suexec call needed by the Apache server. Common error is the “/home/username” permissions.

To temporarily disable SELinux so you can test the access permissions, type “setenforce 0” at the command prompt. Typing “setenforce 1” sets SELinux back to Enforcing mode.

Use the following commands to permanently adjust the SELinux file security context so Apache can access user’s public web sites.

### SELinux ONLY – Enable User Website
[bash]# setsebool -P httpd_enable_homedirs true
[bash]# chcon -v -R -h -u user_u -t httpd_user_content_t /home/*/public_html
### SELinux ONLY – Disable User Website
[bash]# setsebool -P httpd_enable_homedirs false
[bash]# chcon -v -R -h -u user_u -t user_home_t /home/*/public_html

Enable apache server status

Check if mod_status is enabled in the apache. You can check this by the following command.

/usr/local/apache/bin/httpd -l

If it is listed, add the following to a VH entry of a domain and take in the browser as It will display the connections to the domain and the scripts that are currently served. Note that this shows the status for all connections to all domains on the server. From shell type top -c and press shift+m to get processes sorted by memory usage.

Location /server-status

SetHandler server-status

Order deny,allow

Deny from all

Allow from your_ISP_IP

How to find PHP Shell on your server

In most of the hacking or defacing the most common tool used is PHP Shell. If you scan your server regularly for php shell and delete them you can avoid many hacking and defacing attempt on your server.

#Scanning all users directory for various php shell
# Below command is one line so see that its one line in your script or else it will generate error

echo “No PHP Shell was Found” > /root/scan.txt
/bin/egrep “cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|/etc/passwd|revengans|myshellexec” /home/*/public_html -R | cut -d: -f1 | uniq > /root/scan.txt

/bin/cat /root/scan.txt | mail -s “PHP Shell Scan”

#Replace your email address above

#Cron Settings
# 0 6 * * * PATH TO SCRIPT

The above script is a very simple shell script which will scan all public_html directories of all cpanel accounts for various php shell. Then the script will mail you the locations of PHP Shell. You can set cron for this script to run once a day. If you check the code I have added a cron for it which you can use which will execute the script on 6th hour daily