SEO Secrets of AskApache Part 2
This is part II of the Advanced SEO used on AskApache.com Series and describes how to control which urls are indexed by Search Engines and how to move them higher up in Search Results.
LFT traceroute tool
Log all .htaccess/.htpasswd logins
Learn how to log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php. This article is BOSS and will show you how to fully take control of this aspect of security using php and .htaccess, I don't believe you will find instructions to do this anywhere else on the net.
Pimp out your FeedBurner Count
I've had a lot of people ask about the FeedBurner FeedCount image on AskApache. Specifically how to set it up with custom messages and different colors each page view... It is pretty sweet..
Advanced .htaccess Tricks for Securing Sites
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
An AskApache Plugin Upgrade to Rule them All
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
Advanced WordPress wp-config.php Tweaks
The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.
Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..
PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG
Ok I just came back up to write the intro.. I'm trying to keep it short to avoid getting bogged down by the coolness of each step. Here is what goes on. When I logon to my XP machine at work, I bring my usb key and plug it in first. On logging a window pops up first and it's a password prompt to mount my encrypted drive leonardo. It also checks a keyfile that is located on my usb key, but all I do now is type in my password. That causes my encrypted folder to be accessible to me like a normal drive, and it autoruns a startup batch file.
The batch file causes Portable versions of Firefox (all my bookmarks, my settings) to load, and launches Portable Mozilla Thunderbird (IMAP makes this work well), which is my favorite program (great GPG features and open-source!). Also Some Adobe CS4 software is loaded from the hard drive, like DreamWeaver. In the background, a service we created executes a PortaPuttY plink command to create forwarded tunnels from various remote servers and accounts, all using key-based encryption. These tunnels are automatically reconnected if they are disconnected, meaning you can use a socks 5 if you want or even better!
Mod_Rewrite Basic Examples
mod_rewrite is very useful in many situations. Yet some behaviors were not so obvious when I started to mess with it. After many testings, I understand it much better, now. Having said that, I do not pretend to know it perfectly. I also make mistakes.
Apache Authentication in htaccess
How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work
Speed Tips: Remove Last-Modified Header
If you remove the Last-Modified and ETag header, you will totally eliminate If-Modified-Since and If-None-Match requests and their 304 Not Modified Responses.
Fix Linux Users Home Permissions with a Cron Job
As a security nut myself, and also a Linux admin, one of my biggest pet peeves is when I've taken the time and care to segment all the users on a server into separate home directories, and then some developer comes along, logs in as root, and changes the ownership of files. Other things can cause this, like Apache, PHP, Mutt, etc.. So I've always used a cron job that executes daily (and on demand) which automatically fixes all the permissions back to what they should be.
Speed Tips: Turn Off ETags
By removing the ETag header, you disable caches and browsers from being able to validate files, so they are forced to rely on your Cache-Control and Expires header.
OpenSearch description document
Bash Script to Create index.html of Dir Listing
If you use Apache to auto-generate directory index listings of files/dirs, and you have a large number of files and directories in the root directory and/or slow IO speed, then generating the index could take Apache over a minute!
Bash alternative to Reflector for Ranking Mirrors
A pure bash alternative to the python reflector, using curl, xargs, and sort for ranking Arch Linux mirrors.
Nice and simple. Short and sweet.
PHP and AJAX shell console
Ever wanted to execute commands on your server through php? Now you can. I'm calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Make phpBB SEO friendly with htaccess
After I optimized the caching for my non-dynamic pages using apache modules mod_headers and mod_expires, I began to learn about phpbb seo..
SEO in WordPress
Search Engine Optimization for WordPressControl htaccess Basic Authentication with PHP and mod_rewrite
Control htaccess Basic Authentication with PHP and mod_rewriteTroubleshooting Apache .htaccess Authentication
Apache Web Server users have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!
Advanced Google Analytics 404 Error Page
Advanced 404 Not Found Error page usage with Google Analytics. This makes it very easy to diagnose and keep track of 404 Error messages from within google analytics. Enjoy!
Finding Global Memory Hogs in WordPress
Freshen your Anti-virus, Anti-Rootkits, and Anti-Spyware
I've tried 100's of Anti-virus, Anti-Rootkit, and Anti-Spyware tools over the last 10 years, but it's always good to re-examine your system's security every couple of months.
Regular Expressions in Dreamweaver
Find and Replace tool in Adobe DreamWeaver is useful of course, but you aren't using a fraction of the power until you use REGEX.
Getting the Mimetype of an Image with PHP
This is awesome. I was so fed up with trying to find a fail-proof, cross-platform way to find the mime type of an image using PHP that I wrote a quick function that utilizes the same technology as the exif_imagetype, getimagesize, and finfo functions do. Ahh the joys of low-level.
Debugging Tools for Windows
I am almost ready to publish the final tutorial on using ssh tunnels from a truecrypt partition on a Windows machine. Of course I choose to go way overboard in my research and the tutorial is full of some pretty awesome windows tricks.. I will come back to this post soon and post all the other advanced tools I use for debugging windows, for now though you MUST know how to debug the kernel and use these basic debugging tools.
RewriteCond Cheatsheet
Request to https://www.askapache.com/cg/rewrite-test/?catch=caught&this=that
RewriteCond %{THE_REQUEST} = GET /cgi-bin/php/pro/rewrite-test/?catch=caught&this=that HTTP/1.1
RewriteCond %{REQUEST_URI} = /cg/rewrite-test/?catch=caught&this=that
RewriteCond %{QUERY_STRING} = catch=caught&this=that
RewriteCond %{HTTP_HOST} = www.askapache.com
RewriteCond %{HTTP_USER_AGENT} = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
RewriteCond %{REMOTE_ADDR} = 8.8.8.8
The Final Countdown – Mario Bros Style
Tupac here is using the new youtube-nocookie option, which is a slight improvement.. but flash from youtube is always gonna be slow as they are obsessed with user-metrics and pushing content at us..
Like those behind Vista, they seem to believe we all have state-of-the-art supercomputers and datacenters like they do.
I'm staying old school, resist the gui!
Like those behind Vista, they seem to believe we all have state-of-the-art supercomputers and datacenters like they do.
I'm staying old school, resist the gui!
Questions I Ask Web Hosting Companies, Before Buying
The following is a transcript of a chat I had with a company called tektonic, and at that time I was looking for a cheap linux host to use for some redundancy/failover operations. I generally contact a new hosting company like this every few months.. I like to have options available in case of some kind of failure or network attack, so it's always a good idea to have a few ace linux servers in your back pocket.
If you've read any other articles on AskApache, you can see a certain obsession towards optimization, speed, and security -- so that is the purpose of the following questions.
DreamHost’s Private Servers Finally Rooted
Custom bash_profile for Advanced Shell Users
Looking for some advanced uses for the shell? Here is some of my best. The shell is where 70% of my work takes place, and I have at least one terminal open almost 100% of the time, for viewing tailing color-coded logs, and of course for the SSH Tunnels that I use to route various networking through, like my email. So I decided that to standardize and create a bash_profile containing the most time-saving and helpful functions that I could use on all the various hosting environments would really be some sweet sugar, so here is my constant Work-in-progress.
It works for all shells I encounter, including BackTrack, Debian, Knoppix, Arch Linux, etc. Also works for many hosting environments I use including DreamHost, HostGator, WiredTree, and pretty much any linux VPS.
I also rely on this heavily from within shell scripts I write to access all the functions and stuff in this .bash_profile, and to do that I just do like:
#!/bin/bash source ~/.bash_profile &>/dev/nulll pm "PM is a function to output nice messages with color" yn "Are you enjoying the shell" && pm "Thats great!" || pm "Perhaps you're better suited for DOS" yn "Show Calendar" && aa_calendar yn "Show Fortune" && aa_fortune
Search And Replace shell script helpful for Upgrades
Search all files in a directory, replacing all occurances of string with a replacement string.
The Right to Read
The proponents of this scheme have given it names such as "trusted computing" and "palladium". We call it "treacherous computing", because the effect is to make your computer obey companies instead of you. This was implemented in 2007 as part of Windows Vista; we expect Apple to do something similar. In this scheme, it is the manufacturer that keeps the secret code, but the FBI would have little trouble getting it.
WordPress Plugin for Apache .htaccess Security
- gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
- Now also works for sites running on SSL (PHP version >4.3.0)
- Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
- Added a *real* check to see if mod_rewrite is installed
- Added Modules that remove directoryindexes
- Much more on the way..
SEO Secrets of AskApache.com
Learn how in a year, with no previous blogging experience this blog was able to rank so high in search engines and achieve 15,000 unique visitors every day. Uses combination of tricks and tips from throughout AskApache.com for Search Engine Optimization.
PHP Sessions/Cookies On The Fly
This article shows how to save and modify php session data, cookies, do anything really... without using ajax or iframes or forcing the user make a request.
Apache Environment Variables CGI Script
My improved version of the common printenv / test-cgi scripts for debugging Apache environment variables set in .htaccess files
Referer Spoofing Using JavaScript
Even though at the moment I'm more into AJAX and simple behavioural unobtrusive javascript more than java, I still remember how excited I was back in 1995 when Sun released both beta and alpha Java versions to the public.. In fact I still have my Java 1.0 Unleashed book, which I'm looking at right now.