Previously i wrote a how to guide on installing Apache HTTPD 1.3 on Windows machine. But it seems that some people prefer to use the new Apache 2.2 series instead of the old httpd 1.3 series which is not good when used on production system (read: if you allow anyone to access your webserver), beside the apache website itself tell you this :

the older 1.3 series was never designed to run on Windows, but that support was ‘hacked in’, introducing a large number of potential thread saftey issues and other confirmed problems.

And that’s why i choose to create the apache guide again but this time it is using the 2.2 series, and of course this guide tell you on how to setup your apache server with php 5 manually not using an all in one package. And here’s the guide :

Requirements :

1. Apache 2.2.x : At the time i wrote this guide, the latest stable version is 2.2.26 (btw get the non-ssl version unless you plan on using ssl)

2. PHP 5.2.x : 5.2.4 is the latest stable version when i wrote this (get the zip version, not the installer)

And here are the steps :

Note : in this example i’m using the default installation path for Apache 2.2

1. Install Apache 2.2 until below screen appears and use this information (or adjust it to your liking) and then continue the process until finished :)

2. To make sure Apache is working now you need to open your browser window and type http://localhost as the address, and if you get the same message like below image that mean apache is working

3. Thanks God the Apache seems to work … but now you’ll need to configure apache so it’ll recognize the php files and can parse the php files correctly. And the first thing you should do is extracting the PHP zip archive somewhere, and in this example i extracted the php 5.2.4 files into C:\PHP-5

4. After finished with the extraction process, now you just need to go to your Apache installation path, and then open httpd.conf which is located under the conf directory using your favorite text editor. Btw if you installed apache using the default path, here’s what the apache directory structure looks like

5. In order for apache to parse the php files correctly, first you need to Load the PHP5 module into the Apache, and to do this you just need to add below line to your Apache httpd.conf (after the last line of the loadmodule section) :

LoadModule php5_module "c:/php-5/php5apache2_2.dll"

Note : Adjust the php path accordingly if you extracted it into other directory

And here’s the image :

5.1 Now you need to search for (use your text editor built-in search function) :

<IfModule mime_module>

and then add these lines inside that directive (before the closing </IfModule> for mime_module )

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

6. After finished with the above process, now you’ll need to configure apache so it’ll check the existence of index.php by default too instead of just checking the index.html only for the default index filename, and here’s how to do it

The default configuration from Apache 2.2 :

<IfModule dir_module>
DirectoryIndex index.html
</IfModule>

The modified version :

<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>

Notice the difference ? i’m pretty sure you’ll notice it right away … but like everyone knew that a picture worth a thousand words (read: because my English language is bad), so here goes the picture

7. Now we are done with the httpd section, now we need to configure php. Here are how to do that :

7.1 Copy php.ini-recommended from your php5 directory into C:\Windows (or your windows path) and then rename it into php.ini

7.2 Open the php.ini file using notepad and change the extension_dir as shown on below image :

7.3 Now you need to copy some dlls from your php 5 directory into C:\Windows\System32 :

Im pretty sure that you can’t read the filename from the above image, but don’t worry because all you have to do is just :

Right click and choose Arrange Icons by name, and then copy each file shown on the above image into your windows system32 directory, and you’re done (hint: hold CTRL key to select multiple files)

Or … copy all dll files at the root of your php directory into your system32 directory except those that is using php5*.dll

8. Now we’ve configured php, apache … but what else do we need ? of course we need to make sure that php really working and apache can parse it without problem, so we need to create a php test page first, here’s how to do it :

8.1 Create a file named test.php inside C:\Program Files\Apache Software Foundation\Apache2.2\htdocs (because that’s where the default document root path of your apache)

8.2 Add below line to the test.php file like shown on below image, then save and close the notepad

9. Okay … finally we’ve reached the final stage !!! now you just need to open command prompt and type like below image :

If you can’t read what you should type from the above image, actually you just need to type :

net stop apache2.2 && net start apache2.2

to restart your apache 2.2 process

10. Now after finished restarting the apache process, we need to open the browser window and point to http://localhost/test.php

If you see something shown like on the above image, that means Apache and PHP is working on your system

Congrats … now you’ve got apache and php 5 working on your system the only thing left is … adding mysql support (if you plan on using a registration page for your Mangos Server or other private server), and to do this you just need to remove the ; from the extensions, for more information, you can download the sample php.ini and httpd.conf as a supplement for this short how to guide

Hint : Compare the sample php.ini file you’ve downloaded with the default php.ini file from the php.ini files included in PHP archive (in this case you can find it on your windows directory)

Hopefully i didn’t miss anything, but if you do notice that i miss something, please let me know so i can fix it or add it :)

Thanks to Al for the suggestion :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 225 comments

0x87485B96 | Tags : Apache, PHP, Tutorials, Windows

I just found out this nice plugin yesterday that is made by Neosmart. Basically what this plugin do is cloning the Wordpress Object Cache function with the only differences if the actual Wordpress object cache store it’s data as file on the harddisk, this plugin make it’s possible to store the object cache data in the memory

The plugin itself comes in two flavours, the first flavour is to those who’s using XCache as their opcode caching solution, while the second flavour is to those who’s using eAccelerator as their PHP Opcode caching solution

And if you read the above paragraph carefully, you’ll see that this plugin need XCache or eAccelerator in order for it to works, which mean that if your site hosted on shared hosting that doesn’t allow you to install PHP Opcode cache program, you can only use the normal wordpress object cache (i’m using this before when hosted at Hostgator shared hosting)

The installation process itself is really easy, you just need to upload the object-cache.php file in your wp-content directory, adjust your php configuration and then restart your webserver process and you’re done

But how do you know if this plugin really works ?

The simple way to do this is by installing the Wordpress Cache Inspect Plugin, and then go back to your homepage (in logged in status), and you’ll see some random numbers under the loaded data

So … if you’re looking to optimize your wordpress blog even more, you should try this plugin … or you can also read my previous guide on speeding up your wordpress blog via the normal way

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : PHP, Wordpress

After 1 week thinking about on should i install PHP-FastCGI with Suexec combined with XCache (PHP OP-Code Cache) because my current host aren’t going to support it (although they say, they can help me installing it) if i’m going this way, i’ve decided to use them all together eventhough i have to do it all by myself (as learning purpose of course) … and after 6 hours (or more) playing around with it … i managed to set them all nicely

Btw if you ask me, why i really want to use PHP-FastCGI with Suexec and XCache eventhough my host aren’t going to support it, the answers are :

1. Running PHP as Apache Module isn’t really good (although it’s the fastest and the easiest to configure with), because it’s running under Apache userid not your own userid. But if it’s for me, i do not like to chmod some of my files / directory into world writeable
2. PHPSuexec takes too many resources although it’s secure (from security point of view), but it has the other advantage, because if you run PHPSuexec, you don’t need to chmod some of your files / directory into 777 (beside chmod 777 is not going to work with PHPSuexec). Unfortunately the downside from this method is … i can’t use any PHP OPCode cache / any php accelerator out there

So based on that conclusion, i try reading various material about this stuff on the web, and found that the best solution is to use PHP-FastCGI with Suexec enabled to run under your own userid, and the good side from this method is you can use PHP Accelerator. Fortunately there’s someone who’s using an almost identical server setup like mine so i can simply follow his guide (although i need to do some little modification because i can’t seem to get the .fcgi script to run if i’m not putting it in some directory that is allowed to execute CGI) :D

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Apache, Linux, PHP, Web Servers

Another Wordpress Upgrade time to those who’s using Wordpress as their blogging platform or using Wordpress platform for something else

This new release mainly fix security related issue and several bugs. Of course when it comes to security release it’d be best for you to upgrade your Wordpress powered platform as soon as possible

And here’s some link, just in case you’re interested on looking what has been fixed with this new release :

• Bugs fixed for Wordpress 2.2 Series => Click Here
• Bugs fixed for Wordpress 2.0 Series => Click Here

So it's better to upgrade it asap ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, PHP, Wordpress

Yep … wordpress 2.2.1 finally available for download, and this time it fixes several important issue related to security and of course a lot of bug fixes (can be seen from here)

Well … if bug fixes is still not enough for you to perform the upgrade on your wordpress installation immediately, then you should try to read this (it’s really serious especially if you have user registration enabled) also this issue :

• Remote shell injection in PHPMailer
• Unescaped attribute in default theme

so the conclusion is … upgrade your wordpress blog immediately especially to those who’s using wordpress 2.2 series ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Open Source, PHP, Software, Wordpress

Time for another wordpress upgrade, because right now there’s another update to the Wordpress 2.1.x series and 2.0.x series. And this update file contains security update from several publicly known XSS vulnerabilities and one major XMLRPC issue. Here’s what Matt said about this releases :

These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems

And the conclusion is you’d better upgrade your wordpress installation as soon as possible to prevent issue on your wordpress installation

As an addition i’ve upgraded several blogs managed by myself to the latest wordpress version available for download without problem at all :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 2 comments

0x87485B96 | Tags : Internet, Network and Security, PHP, Software, Wordpress

It seems there’s another update for Wordpress 2.1.x users, unfortunately this time is a serious upgrade. Because the Wordpress 2.1.1 files has been tampered by unknown person. Here’s the story :

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. – Full Story

As always .. if there’s a wordpress update. I always check the Mark Jaquith site first to see if he is already released the small upgrade pack files for wordpress or not (this is really handy to those who’s using slow connection like myself for an example) .. but this time .. he’s not releasing the small upgrade pack :P (by the look of this post) ..

Anyway if you’re using Wordpress 2.1.1 whether you get it from the first release of 2.1.1 or not .. you should upgrade your wordpress installation into 2.1.2 because it’s already contain another fix for the recent XSS vulnerabilities on WP 2.1.1 (Ticket #3789) and some other fix as well (Ticket #3759)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | One comment

0x87485B96 | Tags : Internet, Network and Security, PHP, Website, Wordpress

I found this from SecFocus website regarding the XSS problem on Wordpress 2.1.1 (0day) yesterday .. and this new xss exploit works on version 2.1.1 .. (i’ve already tested it on my local server) – Link (SecFocus) / Link 2 (Secunia) and here’s what it said :

Samenspender has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "post" parameter in wp-admin/post.php (when "action" is set to "delete") is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the target user is logged in as administrator.

The vulnerability is confirmed in version 2.1.1. Other versions may also be affected.

And today, i read another possible script injection attack on wordpress <= 2.1.1 based blogging platform discovered by Stefan Friedli – Link

The only solution i’ve found so far to prevent / reduce the damage of this attack is by protecting your wordpress admin directory using .htaccess or you can also use mod_security if it’s installed on your webserver

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Apache, Network and Security, PHP, Website, Wordpress

Finally i can activate the Search Everything plugin once again (i temporarily disabled it after upgrading to Wordpress 2.1 because of producing duplicate results. Especially if the results can be found on multiple pages). And fortunately there’s someone already found a solution for this problem (many thanks to Tiago Pocinho by creating a fix for this problem)

To fix this problem, you can simply add below lines to the search everything plugin :

add_filter('posts_request', 'SE2_distinct');
function SE2_distinct($query){
  global $wp_query;
 
  if (!empty($wp_query->query_vars['s'])) {
    if (strstr($where, 'DISTINCT')) {}
    else {
      $query = str_replace('SELECT', 'SELECT DISTINCT', $query);
    }
  }
  return $query;
}

Yep .. that’s all .. but just in case you want to see a detailed description of this problem, you can see it at Search Everything page at Google Code

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Journal, PHP, Personal, Wordpress

Wow .. i just got back .. and i read a very interesting news about the recent wordpress html injection vulnerability issue that is exists on several .. um .. almost all versions of wordpress below 2.0.6 (well i dont know anything about the 1.x series of wordpress because i never use it before)

Fortunately there is already a fix for this problem and you can do it by applying the latest patch from Wordpress Trac into the templates.php file in your wp-admin directory

As as a note, if you want to see a proof of concept regarding this wordpress issue, you can go to David Kierznowski homepage and see it by yourself

And yet another note, Wordpress 2.0.6 RC2 has been released (from the WP-Testers Mailing Lists) and this new release candidate already include a fix for this problem

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Computer Security, Freeware, Network and Security, Open Source, PHP, Software, Wordpress

Previously i’ve already enabled the Search Meter plugin here on my wordpress blog, but because at that time i don't really need it mainly because almost no one use the search function on this site (just as i thought that no one really like to use search function first) .. :-P .. so i disabled it and also delete all of the table used by the search meter plugin, but well forget about that for now because i already enabled it once again ;-)

And .. if you didn't know what Search Meter can be used for, it's a good wordpress plugin that let you track what your site visitors are searching for on your site, and thanks to statistic data gathered from it, you can of course get a new idea on what you should write next (and that’s how i actually write a new post on this blog, everything is based from the search query terms used by visitors that came into this site)

So maybe for those that is using wordpress as their blogging platform maybe can find this plugin useful

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, PHP, Website, Website Monitoring, Wordpress

I’m sure most of you already know about adsense click fraud, and the worst case that came from the adsense click fraud is you’ll get your adsense account terminated without notice. Although i haven't get a single mail from the Google Adsense team regarding click fraud on my site like JohnTP, i guess it’d be best for me to be sure that there’s nothing wrong with my adsense account

By the way here’s the short description about adlogger :

AdLogger intends to prevent click-fraud on your websites by limiting the number of clicks your visitors may make. AdLogger tracks AdSense clicks in real time and compiles the data for you to review.

In addition, the script determines if ads should be shown for a visitor depending on their clicking history. If one of your visitors is clicking too many ads, the script will automatically disable ads for that visitor so they won't be allowed to click any more.

And if you ask me, why i didn't choose pay options to track the performance / to track anything else that’s related to my adsense account the answer is like the author of the adlogger script (Trevor Fitzgerald)

I wrote this script because I noticed there was a very large demand for it, and other websites were charging what I thought was too much (and by too much I mean anything over $0)

With the exception there’s other reason why i choose to run it on my host instead of using the pay / free options from other adtracking website and that’s because :

They (other site that’s offering ad tracking service) will most likely record the high paying keyword from your adsense account .. so they can use it on their other site

That’s all … for more information you should go to Adlogger Website

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Advertisement, Google, Google Adsense, Open Source, PHP, Software

Mark Jaquith has informed that Wordpress 2.0.6 Beta 1 has been released on the WP-Tester List .. and as you already knew that this release is still in beta stage so only use it on your testing site .. if you’re going to use it on production site, make sure you know what you’re doing ;)

This release intended for those who’s having problem with their wordpress 2.0.5 installation such as 500 server error, 302 found, etc (although there’s special fix for that problem available for download from here) .. especially for those who’s running their wordpress installation under FastCGI server or running PHP 5.2 (i don't experience this problem because my host is running PHPSuExec not FastCGI) ..

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, PHP, Web Hosting, Web Servers, Wordpress