Fix Server Problem And Securit 28.09.08
We are looking for honest and experienced PHP developer/s who knows how to setup server settings and security against hotlink, etc
Please note that we have tried to use .htaccess with mode_rewrite rule, but hotlink protection did not work.
We are currently using:
Single Xeon Quad Core 2.13 “Centos 5.2″ 4GB Ram and raid0 15k hard drives web, mySQL, and content are in one server.
We are running media stream site, and for the past month we notice a problem with high loads on mySQL that eats all 4GB of ram in minutes.
Plus someone is stealing our bandwidth even though we have setup .htaccess with mod_rewrite rules that was supposed to block specific extension (flv) from being hot linked, but its not working.
We think that there could be many different reasons why we are having this problem.
1st: SQL Injection attack
2nd: Hot linked to the content/steeling bandwidth.
3rd: Memory leakage because of the media script/mySQL
We also came across a problem that when people connect to our site it opens bunch of the connections to mysql DB but never removes them or disconnect or close the connection to the SQL server. The connections build up and cousing an SQL failure.
In other words in config.php we open a connection (include config.php is being called or included in every .php file) see the code
$conn = &ADONewConnection($DBTYPE);
$conn->PConnect($DBHOST, $DBUSER, $DBPASSWORD, $DBNAME);
mysql_query(”SET NAMES ‘UTF8′”);
$sql = “SELECT * from config”;
$rsc = $conn->Execute($sql);
but I do not see anywhere where we would close the connection. Non of the .php files has a code stating: $conn->Close().
in adodb we have this, but I do not see it being utilized anywhere
function Close()
{
return $this->_close();
// “Simon Lee” <simon(at)mediaroad.com> reports that persistent connections need
// to be closed too!
//if ($this->_isPersistentConnection != true) return $this->_close();
//else return true;
}
or this one as well
function Disconnect()
{
return $this->Close();
}
We have also try to change from pconnect to connect in config.php but does not work.
Respectfully to all developers.
