Tech-Seeker

What is Memcached?

Memcached is a distributed memory caching system just like the name suggests. This general purpose caching system was originally developed by Danga Interactive for LiveJournal (a blog hosting site). It is now used by many in order to speed up their dynamic database driven websites by caching objects and data into memory. This reduces the amount of times the database needs to be queried and saves on resources.

When to use Memcached?

Memcached should ideally be used on resource intensive websites. A lot of people have asked the question about having Memcached installed on shared hosting. If your website is starting to consume resources that go beyond the scope of shared hosting then Memcached isn’t going to save your site. It’s likely it’s going to need to be upgraded from shared to VPS hosting. Standard file caching methods should be used on shared, and if it’s still not enough then you likely need to upgrade. Also, shared hosting accounts will typically not allow Memcached as it lacks authentication, meaning other users on the same shared hosting could potentially retrieve your Memcached data if they have the correct keys.

This is because Memcached lacks security features and authentication. Therefore it should only be utilized on servers with a properly configured firewall. VPS and Dedicated hosts allow you to configure your firewall which is another reason they are better suited, as opposed to shared.

If you do have a VPS and want to use Memcached, then you’re likely going to require a VPS with high enough memory limitation as Memcached can use a lot of memory on a large site, otherwise you might be best served by with an alternative caching method.

Installing Memcached on a VPS Server

File and program versions may have become outdated and/or there are just better ones you should use. Best to find the latest and not use the ones in this guide. The methods required and may differ depending on your server setup and the flavor/version of Linux being used. If in doubt it might be best to ask your server administrator for assistance or to install Memcached for you.

Installing Memcached

Install Libevent

wget http://www.monkey.org/~provos/libevent-1.4.8-stable.tar.gz
tar xfz libevent-1.4.8-stable.tar.gz
cd libevent-1.4.8-stable
./configure
make
sudo make install
sudo ln -s /usr/local/lib/libevent-1.4.so.2 /usr/lib

Install Memcached

wget http://danga.com/memcached/dist/memcached-1.2.6.tar.gz
tar xfz memcached-1.2.6.tar.gz
cd memcached-1.2.6
./configure
make
sudo make install
memcached -d -m 1024 -u root -l 127.0.0.1 -p 11211

Install Memcached PHP Extension

In your accounts home directory edit your ‘.profile’ file and add:

export PATH=$PATH:/usr/local/bin

Install PEAR by doing:

wget http://pear.php.net/go-pear -O go-pear.php

php go-pear.php

ls -l ~/.pearrc

edit your ‘.profile‘ and add (don’t forget to change yourname):

export PATH=/home/yourname/pear/bin:$PATH

Install Memcache

pecl install memcache

Add ‘extension=memcache.so’ to your php.ini file, you can find it using the command below:

php -i | grep ‘php.ini’

An Alternative Method to Installing Memcached

mkdir -p /root/source

cd /root/source

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm

yum -y install libevent*

yum -y install memcached*

gem source -a http://gems.github.com

wget http://blog.evanweaver.com/files/libmemcached-0.25.14.tar.gz

tar -xzvf libmemcached-0.25.14.tar.gz

cd libmemcached-0.25.14

./configure && make && make install

cd /root/source

wget http://blog.evanweaver.com/files/memcached-0.13.gem

gem install memcached-0.13.gem

gem install memcache-client—version=1.6.3

Rewriting and Redirecting

“The great thing about mod_rewrite is it gives you all the configurability and flexibility of Sendmail. The downside to mod_rewrite is that it gives you all the configurability and flexibility of Sendmail.”

- Brian Behlendorf, Apache Group

Having access to .htaccess opens up a lot of extra functionality that websites nowadays often need. One of the most powerful functions is the ability to rewrite web addresses also known as URLs. Such as the ability to transform nasty dynamic URLs such as ?links=pages&urls into friendler static URLs such as /urls/pages/page/. Things like this can all be done implementing mod_rewrite, but mod_rewrite’s can get pretty complex and the more complex ones may take some time to master.

Rewrite URLs

Firstly, before you begin using mod_rewrite you have to first do the following (just once):

Options +FollowSymlinks
RewriteEngine on

Then you can start with a simple rewrite such as:

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*)\.htm$ $1.php [NC]

The above code simply changes the appearance of a file from PHP to HTM format. E.g. file.php becomes file.htm.

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+)\.htm$ http://url.org/$1.php [R,NC]

The above uses mod_rewrite to perform an permanent external redirect to a new URL.

Remove The ‘www’ prefix

Remove the ‘www’ prefix from your site (even if the user tries to go to your site with it in there, it will redirect to the non-www URL).

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www\.mywebsite\.com [NC]
RewriteRule ^(.*)$ http://mywebsite.com/$1 [R=301,NC]

Stop! Hackers, Crackers, Script Kiddies and Slackers…

Cracker stole my site? Not if you block all their attempts, here’s a few blocks worth using:

RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BackWeb [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bandit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BecomeBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]

# just come visit me direct?
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
# stops cross site discovery attacks..
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
# stop pretending to be the GoogleBot..
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
# really, we don’t like these guys
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Sucker [NC]
RewriteRule . abuse.txt [L]

Advised to test them first though.

Multiple Domains

If your on a web-host account that doesn’t allow for multiple domains (one of the cheap accounts) and don’t want to upgrade, then here’s how to setup two folders and have two domains point to those folders. Essentially allowing for unlimited domains.

RewriteCond %{HTTP_HOST} firstdomain.com
RewriteCond %{REQUEST_URI} !^/first
RewriteRule ^(.*)$ first/$1 [L]

RewriteCond %{HTTP_HOST} seconddomain.com
RewriteCond %{REQUEST_URI} !^/second
RewriteRule ^(.*)$ second/$1 [L]

See .htaccess Voodoo and Trickery Part 1

Intro

Every now and again I find myself messing around with server directives (e.g. the .htaccess file) and more often than not end up more confused than when I started — Just kidding! But there’s no denying that there’s a certain element of voodoo and trickery when it comes to adding to or modifying you website’s .htaccess file.

What is a .htaccesss file?

At its simplest a .htaccess file is a plain old text file that contains server directives that govern certain website behaviour. These directives are like the directives you might find placed in the primary Apache config file httpd.conf or in php.ini. The difference being that a .htaccess file directly governs things depending upon where it is placed. E.g. if placed in a sub-directory it will only effect anything located in that directory or below. The .htaccess file differs from a standard text file in one more way in the sense that it starts with a ‘dot’ which Microsoft Windows is not highly fond of since it doesn’t let you name files beginning with a dot.

If like I was, and sometimes still am, plagued with 500 errors also known as internal server errors caused by errors in the .htaccess file; then you might find this guide to be a useful reference.

Useful .htaccess Snippets

Limiting Access

# cracker at 85.222.23.222 can’t come in! But allow everyone else.
order allow,deny
deny from 85.222.23.222
allow from all

Block Crackers

# block a subnet, e.g. 123.456.78.0 through 123.456.78.255
deny from 123.456.78.
# block a specific host name
deny from subdomain.domain.com
# block a given domain name:
deny from .otherdomain.com

Error Statements

# 400 Bad request:
ErrorDocument 400 “Bad request.”
# 401 Authorization Required:
ErrorDocument 401 “Authentication required.”
# 403 Forbidden:
ErrorDocument 403 “Forbidden access.”
# 404 Not Found:
ErrorDocument 404 “Page not found.”
# 500 Internal Server Error:
ErrorDocument 500 “Server error.”
# 503 Service unavailable:
ErrorDocument 503 “Service unavailable.”
#also with some HTML – 404 Not Found:
ErrorDocument 404 “<center>Page not found.</center>”

Error Documents

# show some custom error pages for common errors
ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php
ErrorDocument 404 /error/404.php
ErrorDocument 500 /error/500.php

Password Protect A Directory

# only people with the password can access that particular folder
AuthType Basic
AuthName “restricted area”
AuthUserFile /usr/local/var/www/html/.htpasses
require valid-user

Define You Indexes

# likely already done in httpd.conf, but you can choose your index page and type
DirectoryIndex index.html index.php index.htm

Save Bandwidth

# if your on a server and you have a limited bandwidth, then this can save you bandwith.
# just a few lines enables php’s built in compression that could save you cash!

<ifModule mod_php4.c>
php_value zlib.output_compression 16386
</ifModule>

Save Even More Bandwidth

# enable even more server side caching
ExpiresActive On
ExpiresByType text/html “access plus 30 seconds”
ExpiresByType text/css “access plus 2 weeks”
ExpiresByType text/javascript “access plus 2 weeks”
ExpiresByType image/png “access plus 1 month”

Server Side File Compression

# compress files of a certain type
# no need to compress .jpg and other already compressed files.
<IfModule mod_deflate.c>
<FilesMatch “\.(js|css|html|php)$”>
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>

Turn Useful PHP Flags On Or Off

php_value safe_mode 0
php_flag safe_mode 0
php_value safe_mode off
php_flag safe_mode off

php_value safe_mode_gid 0
php_flag safe_mode_gid 0
php_value safe_mode_gid off
php_flag safe_mode_gid off

php_value register_globals 0
php_flag register_globals 0
php_value register_globals off
php_flag register_globals off

Currently set to off and 0. Change the offs to ons and 0s to 1s to enable or remove the statements.

Backup Your WordPress Website In Full

If your have a large site with many posts and comments and you go to export your site from within the WordPress Dashboard you might find it starts to fail. Also, it only backups in a manor which can be imported again through the dashboard import tool, which again can be prone to failure.

In order to backup your site in full. I’m talking posts, comments, pages, users etc…which reside in the database, and the images, videos, .htaccess settings etc…which reside in the WordPress folder, you need to do better than an export. You need to do the following below:

Backup The Database

Very Simple Export/Import

If your website is small, then you can simply from the WordPress dashboard go to export and export all entries, then if you need to restore them you simply import them back in. If you have another blog then simply import them to the new blog.

Complete Backup Using cPanel

From cPanel (assuming you have cPanel) you need to click Backups, select the database that corresponds with your website your backing up (e.g. website_wp1) and click save and choose a target location to save to.

Complete Backup Using phpMyAdmin

From cPanel (again assuming you have cPanel) you need to click phpMyAdmin and a new window will open with the phpMyAdmin interface. You then select Databases and click your database you want to backup (e.g. website_wp1).

You then select Export tab. You then select all the tables by checking all of the radio buttons, or just select the Check All link. Then check the Save as File box. Best to check either zipped of gzipped compression type. Then click Go. You’ll then be prompted to save the file to your computer.

Backup The Files

Simple FTP

The simplest way to do this is to FTP or SFTP etc.. into your server, select your blog website and drag it to your computer.

Note: If your blog is in a separate folder to the URL it’s located at, then be sure to save the blog’s folder along with the .htaccess and index.php files.

More Advanced SFTP and SSH

If you have caching installed and your blog is getting rather large, then simply downloading it may take sometime and may even fail, time-out or get you temporally banned.

To work around this, it is advised to make a compressed backup of your blog using SSH and then download the file using SFTP.

I SSH into my server, go to the root directory and create a tar archive with gzip compression on my blog. Below is an example of how this can be done:

tar -zcvf blog.tar.gz mywebsite

That will create and archive of mywebsite called blog.tar.gz. The z means to use gzip compression, the c means to create an archive, the v means verbose (show the process), and the f means it takes an archive filename.

The tarbell command I use to backup is a little bit more complex. As I have a lot of caching and just want a single backup file using a single command; I modified the above command to exclude the directory with all the WordPress cache in it.

tar -pzcvf blog.tar.gz mywebsite ——exclude “mywebsite/wp-content/w3tc”

The above command has a p which means preserve permissions (not sure its needed if I’m honest), and also to exclude the w3tc caching directory and everything in it.

I then simply SFTP into my server and drag the blog.tar.gz file to my home computer.

Check if zlib is already loaded and active:

php -i

If not then go to the correct directory and open php.ini:

cd /usr/local/lib/

nano php.ini

In php.ini set zlib.output_compression to On and insert a zlib.output_compression_level and set it to -1. -1 is the default server setting. You can set it yourself, but advised not to go above 5 else your server might get shut down.

zlib.output_compression = On

zlib.output_compression_level = -1

Note: if your using WordPress and some kind of caching plugin such as W3 Total Cache, then enabling zlib compression will nullify elements of plugin’s cache.

Then in your .htaccess you can place this code to compress the PHP files before their sent and this save bandwidth.

<ifModule mod_php5.c>

php_value zlib.output_compression 16386

</ifModule>

Also, you can compress files of a certain type (no need to compress .jpg and other already compressed files) Note: This may not work on shared servers that don’t load deflate.

<IfModule mod_deflate.c>

<FilesMatch “\.(js|css|html|php)$”>

SetOutputFilter DEFLATE

</FilesMatch>

</IfModule>

If you’re on a free web host then Google Analytics code, if you use it, is most likely appended at the end of each page. The Analytics system on most of these servers are very slow. If this is the case, add the following to your .htaccess:

<ifModule mod_php5.c>

php_value auto_append_file none

php_value auto_prepend_file none

</ifModule>