Category: Sysadmin

System administration is a special are of IT. It also has a special place in my heart. It is an interesting mixture of all the other disciplines, both common across the whole industry, and at the same time unique for each person, company, and geographical location. When I have something to say or share about system administration, I use this category.

Jumping off the Cloudflare bandwagon

Since I’ve recommended CloudFlare on this blog quite a few times, I thought it would be fair to let you guys know that I’ve removed my site from CloudFlare yesterday.  The domain management is back to GoDaddy.

Why?  Well, now that CloudFlare is getting bigger by the day, it seems to be getting more and more attacks and partial downtimes globally.  There are also a few temporary quirks happening every now and then, where connections would get reset and such.  Not that these are too annoying to have, but not knowing whether an issue with the site is a CloudFlare one or not – that’s annoying to me.  I can live with my site not working right, as long as I know what exactly the problem is.  Because if I know where the problem is, I usually know how to fix it and how much time it will take.  When its a CloudFlare issue, I am out of the loop and I am out of control.  And that I can’t have.  Even if that happens rarely.

Regarding my recommendation to use CloudFlare, I still stand behind it.  I think that if you haven’t tried the service, you definitely should.  And, you especially should if your site has global audience and you don’t have technical team in place.

I’ve been using a combination of ps and grep for y…

I’ve been using a combination of ps and grep for years now.  Apparently, there is an easier way – pgrep and pkill utilities, which are a part of procps package on Fedora and CentOS distributions.

Happy SysAdmin Day!

Today is the last Friday of July, which means that it is System Administrator Appreciation Day.  To all my friends and colleagues who spend days and nights and servers rooms or on shifts, who works remotely even when on holidays abroad, who’s mobile phones constantly buzz with SMS notifications of devices and services going up and down, who remember more numbers – IP addresses, network masks, port numbers, RFC numbers, etc – than any mathematician, who can troubleshoot a problem even with amount of alcohol in their blood lethal to mere mortals, to all of you guys – Happy SysAdmin Day!  Have a good one!

Nikto – Open Source web server security scanner

Nikto – Open Source web server security scanner

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.

PHP exposure via easter egg

Here is an interesting easter egg in PHP.  Check if your php.ini file has expose_php setting turned on like so:

; Decides whether PHP may expose the fact that it is installed
; on the server (e.g. by adding its signature to the Web
; server header). It is no security threat in any way, but it
; makes it possible to determine whether you use PHP on your
; server or not.
; http://www.php.net/manual/en/ini.core.php#ini.expose-php
expose_php = On

If it’s on, then you can see PHP Credits page, which includes PHP authors and contributors, as well as authors and contributors to the PHP modules that you have installed. To see the page add the secret parameter to any of the PHP pages on your server, like so: http://localhost/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000. You’ll see a long page that starts like so:

Kudos to Chris for pointing it out to me.  I’ve since disabled the setting on my server.