Updated on 27th August with different methods for getting WordPress packagesThis is a guide on how to incorporate a modern Composer workflow into your WordPress builds. This aimed at people who run WordPress websites as a service – typically bespoke theme developers who want to get a bit more Read more…

Apache mod_qos: How To Defend Against slowloris DDoS

mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests. Here’s what the official documentation says:

But why do you need quality of service for a web application? Well, web servers require threads and processes to serve HTTP requests. Each TCP connection to the web server occupies one of these threads respectively processes. Sometimes a server gets too busy to serve every request due to the lack of free processes or threads. Another parameter requiring control by mod_qos is the available bandwidth: all clients communicate to the server over a network link with limited bandwidth. Overfilling the link results in network congestion and poor performance.

Example situations where web applications require QoS:

  • More resources are consumed if request processing by an application takes a long time, e.g. when request processing includes time consuming database queries.
  • Oversubscription of link capabilities due to many concurrent clients uploading or downloading data.
  • Penetration of the web server by attackers (DDoS).

mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.

Here’s a guide on installing mod_qos on Cent OS 5: Continue reading

Evasive Action in the Event of HTTP DoS attack Using mod_evasive on Apache

One of the guides to follow, to enable and protect against HTTP DoS attacks in Apache, using mod_evasive:

mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and more.

Read more…

Secure Apache Server from DDoS, Slowloris and DNS Injection attacks

Apache is the most widely used web server on the planet, and it’s also one of the most widely attacked. To that end, it’s always smart to lock down your Apache server as best as possible. This goes well beyond just locking down your network — you need to give that Apache server as much attention as it might get from outside sources.

Read more…

Why You Should Hire a Polyglot Programmer

It’s common for people to be sceptical of software developers with varied coding experience. We’re used to seeing, “5 years C# experience” on the CV in front of us, so when we see a CV that says: “2 years of Ruby, 1 year of Python and 2 years of Java”, we might be concerned that the person doesn’t have the depth of experience we need. Although this reaction is natural, it’s misguided.

”If it doesn’t matter whether the programmer you’re considering has deep knowledge of the language your application uses, what does?“

The person with the second CV could be a better developer on a C# project than your language expert, despite having little or no C# experience. Let’s not confuse them with a developer who happens to know a few languages. I’m talking about a particular kind of developer with varied experience and a good grasp of engineering fundamentals. The polyglot programmer.

Read more…

Core Data Overview

A good intro to Core Data in iOS:

Core Data is probably one of the most misunderstood Frameworks on OS X and iOS. To help with that, we’ll quickly go through Core Data to give you an overview of what it is all about, as understanding Core Data concepts is essential to using Core Data the right way. Just about all frustrations with Core Data originate in misunderstanding what it does and how it works. Let’s dive in…

Read more…

Resolution of Ansible Issues on OS X Mavericks

Getting started with Ansible on OS X Mavericks. While following the installation instructions, it broke down on the final step, twice.

It first broke down with the following message (upon entering an empty password):

Then tried entering the password for my logged-in user, which resulted in the following error:

Solution 1: This was resolved with the solution found here.

After this, things were still breaking down, so I turned the -vvvv flag on. Here’s the output with -vvvv flag:

Solution 2: Go to System Preferences > Sharing, and enable Remote Login option:

OS X - Sharing - Remote Login

You will finally get the following output:

That’s all folks.

Laravel Blank (White) Screen of Death on Mac OS X

Kept getting a blank screen / white screen of death upon copy-pasting a new Laravel project from a Windows machine to Mac OS X (Mavericks – PHP 5.4). Nothing helped. No errors were shown or logged. Whoops was not showing either. It was probably a permissions issue, but no debugging help.

Got to the bottom of the issue only after installing a fresh copy of Laravel 4.1:

This emitted the following error upon browsing project in the browser:

That was it: permissions issue!

So here is the solution: set permissions of all files and folders in app/storage. So, go to your project root from Terminal, and enter the following:

That’s it!