Strictly Software

Saturday, 11 September 2010

Strictly System Checker - Wordpress Plugin

Updated Wordpress Plugin - Strictly System Check

Ensure your Wordpress site is up 24/7 and be kept informed when it isn't without even having to touch your server or install monitoring software with this Wordpress plugin I created.

I have just released version 1.0.2 which has some major new features including:

The option to check for fragmented indexes and to carry out an automated re-index using the OPTIMIZE command.

And most importantly I have migrated some of the key features that MySQL performance monitoring scripts such as MySQLReport use to the plugin so that you can now be kept informed of:

MySQL Database Uptime
No of connections made since last restart, connections per hour.
The no of aborted connections.
No of queries made since last restart, queries per hour.
The percentage of queries that are flagged as slow.
The number of joins being carried out without indexes.
The number of reads and writes.

You can find out more about this very useful plugin at my main site: www.strictly-software.com/plugins/strictly-system-check

It's a plugin I created out of necessity and one that has been 100% useful in keeping my site running and on those occasions it's not I get to know about it before anyone complains.

Wednesday, 8 September 2010

An issue with mysql_unbuffered_query, CONCAT and Wordpress

MySQL Problems related to mysql_unbuffered_query

I have been doing a lot of work with Wordpress lately, mainly developing a number of plugins I have ended up creating to overcome issues with performance or lack of features in existing plugins. One of the plugins I have been working on lately is an XML feed plugin in which I have tried to make use of the database a lot more than other plugins seem to want to.

However for some time I have been experiencing an issue with one of the MySQL interface functions mysql_unbuffered_query. This function is designed to speed up the retrieval of results as records are returned to the client as soon as they are ready rather than waiting for the whole recordset to be completed.

Whilst this seems straight forward I have come across an issue which seems to be directly linked to using this method which affects queries that engage in certain replacement behaviour. In my case I am using a SELECT statement to CONCAT all the necessary column per row into one XML string. Rather than return each individual column by itself and then use PHP to string build and call other database related functions I am trying to save time and database calls by doing as much as possible in one statement. A cut down example of this SQL can be seen below in which I join a number of columns together as well as inserting the relevant value (in this case the tag slug) into the URL.

SELECT CONCAT(' ',REPLACE('http://www.mysite.com/tag/%tag%/','%tag%',t.slug),' ',REPLACE(NOW(),' ','T'),'Z always 1.0 ') as XML

FROM wp_terms AS t

JOIN wp_term_taxonomy AS tt

ON t.term_id = tt.term_id

WHERE tt.taxonomy IN ('post_tag')

ORDER BY Name;

Nothing too complex about that at all. The URL string containing the placeholder is a permalink structure that is obtained before hand and one that can contain multiple placeholders and sections. For the sake of clarity I have kept it simple so it only makes one replacement.

When I run this query in Navicat, from the website with the Wordpress SQL functions or the standard mysql_query functions it runs correctly returning all the rows with the appropriate tag values inserted into the correct %tag% place-holders within the XML e.g

<url><loc>http://www.mysite.com/tag/Sales/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>
<url><loc>http://www.hottospot.com/tag/Spain/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>
<url><loc>http://www.hottospot.com/tag/2020/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>

However when I use mysql_unbuffered_query to run this I get the problem that all rows contain the same data e.g

<url><loc>http://www.mysite.com/tag/Sales/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>
<url><loc>http://www.hottospot.com/tag/Sales/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>
<url><loc>http://www.hottospot.com/tag/Sales/</loc><lastmod>2010-09-08T00:37:25Z</lastmod><changefreq>always</changefreq> <priority>1.0</priority></url>

Even if I break the query down to something simple like this REPLACE without the CONCAT it still "misbehaves".


SELECT t.slug,REPLACE('http://www.hottospot.com/tag/%tag%/','%tag%',t.slug)
FROM wp_terms AS t
JOIN wp_term_taxonomy AS tt ON
 t.term_id = tt.term_id
WHERE tt.taxonomy IN ('post_tag')
ORDER BY Name;

and the results will show the same value in the 2nd column for all rows e.g

Col 1	Col 2
Sales	http://www.mysite.com/tag/Sales
Spain	http://www.mysite.com/tag/Sales
2012	http://www.mysite.com/tag/Sales

It definitely seems to be connected to the execution of mysql_unbuffered_query as I can have Navicat open on my office PC connected to my remote server and all these queries run correctly but as soon as on my laptop at home I run the mysql_unbuffered_query query through the website to build the XML everything goes tits up. If I hit the refresh button on the query open in Navicat on my office PC which had been returning the correct results they then come back like I have described with all the values for rows 2 onwards displaying the value from the first row.

This is strange behaviour as I am providing a link identifier parameter when opening the connection and executing the SQL for the mysql_unbuffered_query and I presumed rightly or wrongly that this should have prevented issues like this.

I am yet to find a definitive answer to this problem so if anybody knows please contact me with details. From what it looks like the MySQL query engine has not finished processing the rows correctly when it starts to return them to the client. If the Replacement of values and placeholders used in the REPLACE function wasn't being carried out until the whole recordset was completed rather than after individual rows then this "might" explain it. As I am not an expert on the inner workings of MySQL I cannot say at this point in time however a quick solution to speed up some SQL has become more problematic than I would have though it could.

Any information regarding this issue would be great.

Thursday, 26 August 2010

Problems connecting to Remote Desktop over a VPN

Troubleshooting issues with Remote Desktop connections

By Strictly-Software

I have just experienced and finally resolved a problem that started suddenly last week that prevented me from connecting to my work PC from my laptop at home using Terminal Services / Remote Desktop.

The problem started suddenly and it has made little sense for the last week. The symptoms were:

A virgin media broadband Internet connection.
A windows XP laptop connected to my broadband over a wireless connection.
My laptop could access the VPN without any problem and it could also access the PC in question over a windows share e.g \\mycomputer\c$
Trying to connect using a Remote Desktop connection returned a "this computer cannot connect to the remote computer" error message.

As far as I was aware nothing had changed on my computer and I first though that maybe a virus was blocking the port or a windows update had caused a problem. However when I brought the laptop into my office and tried connecting to my PC over the office wireless connection there was no problem.

I then tried this great little tool RD Enable XP that allows you to set up remote desktop access remotely as long as you have access to the computer and the necessary admin privileges. It requires that you have PSExec installed which comes with the PSTools admin suite and allows you to carry out tasks on computers remotely such as monitoring and managing processes.

The program checks that you can access the remote PC, that the Terminal Services options are enabled correctly in the registry and that you're not being blocked by a firewall.

I had already checked that the fDenyTSConnections registry option was set correctly so when the application hung whilst trying to set firewall exceptions I thought that there was a problem with my router and firewall.

I then tried changing the port number that Terminal Service connections are carried out with from 3389 to 3390. This is another registry setting that needs to be changed on the remote computer and then after a reboot you just append the port number after the computer name or IP address when connecting e.g strmycomputer:3390.

This didn't work so I was pretty annoyed as Virgin media hadn't been much help so I was about to give up until I came across a message thread related to the same problem.

One of the suggestions was to change the Advanced Network Error Search option which is something Virgin offers it's users and is described as follows:

Our advanced network error search helps you find the website you're looking for quickly.

We all make mistakes when we type in website addresses. Perhaps we miss a few letters, or the website doesn't exist any longer. If an address you enter doesn't locate a site, this handy feature will convert the incorrect address into a web search, so instead of an error message you will get a list of our closest matches, plus some additional related links.

This option is linked to your broadband connection which explains why the problem was related to the local connection and not the PC or remote network.

Low and behold when I disabled this option I could once again access my work PC over Remote Desktop again!

I have no idea why this option was suddenly enabled as I have never come across or even heard of it before tonight so I can only imagine Virgin decided to update their settings without asking their customers first.

It also seems to be pre-selected on newly bought laptops as I found out again tonight! Lucky I wrote this blog article otherwise I would have had to hunt down the original again!

I have no idea why this Virgin config option affects remote desktop connections but it obviously can cause a total block on this type of functionality.

If you too have similar problems related to Remote Desktop connections and are also a Virgin Media customer then save yourself a whole lot of time and go to this page first and check your settings: https://my.virginmedia.com/advancederrorsearch/settings

Friday, 6 August 2010

Techies Law - Definition

The definition of Techies Law

In a similar vein to "Murphys Law" which states if something can go wrong it will I have over the last two days experienced multiple occurrences of what I call "Techies Law" which all developers should be well aware of even if they haven't heard the term described as such.

The law is pretty simple and states that

If you have spent considerable time trying to resolve a bug in your code, technical problem or other such computer related issue and you finally resort to asking for help from a colleague or support team member. You can be rest assured that when you go to show said person the problem in action it has miraculously resolved itself. You are then derided for either being a numpty and/or wasting their precious time for no reason.

Obviously Techies Law often leaves developers looking foolish in front of their colleagues but I have decided to utilise this unfathomable law of nature to my own benefit.

Every time I now have a problem with my network connection or a bug in my code I need fixing instead of spending a long time trying to fix it myself I will now only spend a quarter of the usual amount of time I do before asking for help and in doing so I usually find the issue magically resolving itself.

The knack to this tactic is to make sure the person you ask for help is not someone who is able to rip the piss out of you and is someone who won't mind being pestered for such a reason otherwise you could find yourself being the subject of many jokes.

Tuesday, 20 July 2010

Strictly System Check Wordpress Plugin

A Site and Server Monitoring Plugin for Wordpress

I have just created a new Wordpress plugin, Strictly System Check, which allows me to easily monitor my Wordpress sites for signs of performance problems such as an overloaded server, too many database connections, corrupt tables or website issues.

I created this plugin primarily for my own use as I noticed that I quite regularly would experience my site going down with the "Error establishing a database connection" error after bulk imports of content after using WP-O-Matic. Whether it was this plugin or another one that caused the problem I don't know but the actual underlying issue is not a misconfigured database but corrupt database tables primarily the wp_options or wp_posts tables.

Therefore the main idea behind the plugin was for it to check my site at scheduled intervals and if it came across this database error message to then scan my MySQL database tables for corrupt tables and if any were found to automatically run a REPAIR statement.

I then extended this functionality to incorporate some more tests including a scan of the HTML source for a known string to ensure that my site is running correctly as well as checks against the webserver to guage the current load average and current database connection count.

The plugin allows webmasters to set their own preferred thresholds so that if the load average was say 2.0 or above then a report would be emailed out to a specified email address informing them of the situation.

Whilst this plugin is not meant to be a replacement for all the great professional site monitoring tools that are available it's a nice add-on that allows website administrators who may not have access to such tools to regularly check the status of their site and to be notified if the site goes down or becomes overloaded.

Please let me know what you think of the plugin and if you like it or it saves your site from going down then please make a donation.

Strictly System Monitoring Plugin for Wordpress

Friday, 18 June 2010

The Wordpress Survival Guide

Surviving Wordpress - An Introduction

As well as my technical blog here on blogger I have a number of Wordpress sites which I host myself on a virtual server.

I have now been using Wordpress and PHP for about 4 years and in that time I have learnt a hell of a lot regarding the pros and cons and do's and don'ts that are involved in running your own Wordpress blog.

As a developer who has spent most of his working career working with Microsoft products moving from a Windows environment to Linux has been a great learning curve and as well as all the tips I have gathered regarding Wordpress I thought I would write a series for other developers in a similar situation or for Webmasters who may have the sites but not the technical know how.

Covering the bases

In the following articles I will look in detail at how to get the most out of your system in terms of performance. If you are like me you are not made of money and able to afford lots of dedicated servers to host your sites on therefore you need to make the most of what you have. Performance tuning your Wordpress site is the most important thing you can do and luckily due to the nature of WordPresses plugins a lot of performance tuning can be done with a couple of clicks.

I will also be looking at performance tuning MySQL which is the database that Wordpress runs on. Moving from MS SQL with all its features and DMV's to MySQL was quite a culture shock for me so there are a few tips I have learnt which might be useful.

First things first - Tools of the trade

First off you will need to know how to get things done. My Wordpress sites are running on a Linux box and one of the first things I did was install VirutalMin which is a graphical UI you access in your browser which lets you manage your server. You could do everything from the command line but coming from a windows environment I found it very useful to be able to see a familiar environment.

After installing VirtualMin you should also install WebMin which is another graphical interface that gives you ultimate flexibility over your server without you ever needing to go near a command line prompt.

As well as setting up FTP to access your files through SFTP (secure FTP) I also installed PUTTY which enables me to connect to my server and get used to the command line way of doing things. I would definitely recommend doing this even if you were like me a Windows person as you should never be afraid to try something new and it's always good to have as many technical skills under your belt as possible. I always try to use the command line first but I know I can fall back on VMin if I need to.

Useful Commands

A good list of Linux applications and commands can be found here: Linux Commands but here are some of the key commands I find myself using over and again.

Command	Details
date	Show the current date and time on the server
cd	change drive e.g cd /var (go to the var directory)
cd ../	go back up one directory
cd ../../	go back up two directories
ls	list out the contents of a directory
whoami	see who you are logged in as
su - [username]	Assume the permissions of the specified user
sudo [command]	Run a command as root but stay as the user you are logged in as
top	Show the current running processes and server load
top -d .2	Show the current running processes with .2 second refresh
tail -f access_log	View the most current entries in the sites access log
grep "61.252.14.247" access_log \| tail	View the most current entries in the sites access log for a certain IP address
netstat -ta	Show all current connections to the server
grep "27/Feb/2012:" access_log \| sed 's/ - -.*//' \| sort \| uniq -c \| sort -nr \| less	View the IP's that appear in your access log the most for a certain date ordered by the most frequent first.
/etc/init.d/apache2 restart	Restart Apache
apache2ctl configtest	Test the Apache configuration for configuration errors
/etc/init.d/mysql restart	Restart MySQL
wget [URL]	Remotely access, load and save a file to the current directory
chmod 777 [filepath]	Grant full read/write/delete permission to everyone to a file or folder
chmod +x [filepath]	Grant execute permission to a script
reboot	Reboot the server

Handling Emergencies

You need to be prepared to handle emergencies and that involves a quick diagnosis and quick action. What sorts of emergencies can you expect to run into? Well the most common form will be very poor server performance that results in your site being unavailable to visitors. This can happen for a number of reasons including:

1. High visitor traffic due to a popular article appearing on a major site or another form of traffic driver.

2. High bot traffic from undesirable crawlers such as content scrapers, spammers, hackbots or even a denial of service attack. I recently experienced a DOS attack which came from an out of control bot that was making 10+ requests to my homepage a second.

3. A poorly written plugin that is eating up resources.

4. A corrupt database table causing database errors or poorly performing SQL causing long wait times.

5. Moderately high visitor traffic mixed with an unoptimised system set-up that exacerbates the problem.

Identifying the cause of your problem

If you are having a major slow down, site freeze or just don't know what is going on then the first thing is to open up a command prompt and run top to see the current processes.

The first thing to look at is the load average as this tells you the amount of resources and pressure your server is currently under. A value of 1.00 means your server is maxed out

and anything over that means you are in trouble. I have had a value of 124 before which wasn't good at all. My site was inaccessible and only a cold reboot could get me back to a controlable state.

If your load average is high then take a look at the types of processes that are consuming the most resources. You should be looking at the CPU% and Memory used by each process (the RES) column which shows the amount of physical memory in KB consumed by the process.

Each request to your site will use its own process so if your report is full of Apache rows then you are having a traffic spike. Each page request on your site should be a very quick affair so the processes will come and go very speedily and having a short delay interval is important to being able to spot problems.

Another process to look for is the MySQL process which again should come and go unless it's currently running a long performance intensive query in which case the database could be your problem. Another tool I like to use is mytop which gives you a top like display but of your MySQL processes only. You could open up your MySQL console and run SHOW PROCESSLIST constantly but using MyTop is alot easier and it will help identify problematic queries as well as queries that are being run by your site a lot.

If you don't have monitoring tools available to keep you up to date with your sites status then you may find that your system experiences severe problems periodically without your knowledge. Being informed by a customer that your site is down is never the best way of finding out therefore you might be interested in a plugin I developed called Strictly System Check.

This Wordpress plugin is a reporting tool that you run at scheduled intervals from a CRON job. The plugin will check that your site is available and reporting a 200 status code as well as scanning for known text. It will also connect to your database, check the database and server load and report on a number of important status variables such as the number of connections, aborted connections, slow queries and much more.

The great thing about this plugin is that if it finds any issues with the database it will CHECK and then REPAIR any corrupt tables as well as running the OPTIMIZE command to keep the tables defragged and fast. If any problems are found an email can be send to let you know. I wrote this plugin because there wasn't anything like it available and I have found it 100% useful in not only keeping me informed of site issues but also in maintaining my system automatically.

Scanning Access logs for heavy hitters

Something else you should take a look straight away is your access and error logs.

If you open up your access log and watch it for a while you should soon see if you are experiencing either high traffic in general or from a particular IP/Useragent such as a malicious bot. Using a command like tail or less to view the logfile with the -f flag ensures that as new data is added to the file it will be outputted to the screen which is what you want when examining current site usage.

mydomain:~# cd /home/mywebsite/logs

mydomain:~# tail -f access_log

Banning Bad Users

If the problem is down to one particular IP or Useragent who is hammering your site then one solution is to ban the robot by returning it a 403 Forbidden status code which you can do with your .htacess file by adding in the following lines:

order allow,deny

deny from 79.125.58.227

deny from 67.207.201.

deny from 89.146.55.222

allow from all

This will return 403 forbidden codes to all requests from the two IP addresses and the one IP subnet: 67.207.201.

If you don't want to ban by IP but by user-agent then you can use the Mod Rewrite rules to identify bad agents in the following manner:

RewriteCond %{HTTP_USER_AGENT} (?:ColdFusion|curl|HTTPClient|Java|libwww|LWP|Nutch|PECL|POE|Python|Snoopy|urllib|WinHttp) [NC,OR] # HTTP libraries
RewriteCond %{HTTP_USER_AGENT} (?:ati2qs|cz32ts|indy|linkcheck|Morfeus|NV32ts|Pangolin|Paros|ripper|scanner) [NC,OR] # hackbots or sql injection detector tools being misused!
RewriteCond %{HTTP_USER_AGENT} (?:AcoiRobot|alligator|auto|bandit|capture|collector|copier|disco|devil|downloader|fetch\s|flickbot|hapax|hook|igetter|jetcar|kmbot|leach|mole|miner|mirror|mxbot|race|reaper|sauger|sucker|snake|stripper|vampire|weasel|whacker|xenu|zeus|zip) [NC] # offline downloaders and image grabbers
RewriteRule .* - [F,L]

Here I am banning a multitude of known bad user-agents as well as a number of the popular HTTP libraries that script kiddies and hackers use off the shelf without knowing how to configure to hide the default values.

You should read up on banning bad robots using the htaccess file and Mod Rewrite as a considerable proportion of your traffic will be from non human bots and not the good kind e.g Googlebot or Yahoo. By banning bad bots, content scrapers, spammers, hackers and bandwidth leeches you will not only reduce the load on your server but save yourself money on bandwidth charges.

The other log file you should check ASAP in a potential emergency situation is the Apache error log as this will tell you if the problem is related to a PHP bug, a Wordpress plugin or MySQL error.

Unless you have disabled all your warnings and info messages the error log is likely to be full of non fatal errors however anything else should be checked out. If your error log is full of database errors such as "table X is corrupt" or "database has gone away" then you know where to look for a solution.

Tables get corrupted for many reasons but a common reason I have found is when I have had to carry out a cold reboot to regain control of my server. Sometimes after a reboot everything will be working okay but on accessing your website all the content will have disappeared. Do not worry yet as this could be due to the corrupt tables and carrying out a REPAIR command should remedy this.

Another potential flash point are new or recently upgraded plugins. Plugins can be written by anybody and there is no guarantee whatsoever that the code contained within the plugin is of any quality whatsoever even if the features it offers seem to be great. I have personally found some of the most popular plugins to be performance hogs due to either poor code or complex queries with missing indexes but more of that in a later article.

Unless you are prepared to tweak other peoples code you don't have many options apart from optimising the queries the plugin runs by adding missing indexes or disabling the plugin and finding an alternative. One good tip I have found is to create an empty plugin folder in the same directory as the current plugin folder and then in emergency situations you can rename your existing plugin folder to something like plugins_old and then your site will be running without plugins. Once you have remedied any problems you can add your plugins back one by one to ensure they don't cause any problems.

Regular Maintenance

You should reguarly check your access and error logs even when the site is running smoothly to ensure that problems don't build up without you realising. You should also check your slow query log for poor queries especially after installing new plugins as it's very easy to gain extra performance from adding missing indexes especially when your site has tens of thousands of articles.

You should also carry out regular backups of your database and Wordpress site and ensure that you run the OPTIMIZE command to defrag fragmented table indexes especially if you have deleted data such as posts, tags or comments. A fragmented table is slower to scan and it's very easy to optimize at the click of a button. Take a look at the Strictly System Check Wordpress Plugin which can be setup to report on and analyse your system at scheduled intervals as one of the features is the ability to run the OPTIMIZE command.

So this is the end of the first part of the Wordpress Survival Guide series and next time I will be looking at performance tuning and site optimisation techniques.

Read Part 2 - Performance
Read Part 3 - Security

Wednesday, 9 June 2010

SQL Injection attack from Googlebot

SQL Injection Hack By Googlebot Proxy

Earlier today on entering work I was faced with worried colleagues and angry customers who were complaining about Googlebot being banned from their site. I was tasked to finding out why.

First off all my large systems run with a custom built logger database that I created to help track visitors, page requests, traffic trends etc.

It also has a number of security features that constantly analyse recent traffic looking for signs of malicious intent such as spammers, scrapers and hackers.

If my system identifies a hacker it logs the details and bans the user. If a user comes to my site and its already in my banned table then it's met with a 403 error.

Today I found out that Googlebot had been hacking my site using known SQL Injection techniques.

The IP address was a legitimate Google IP coming from the 66.249 subnet and there were 20 or so records from one site in which SQL injection attack vectors had been passed in the querystring.

Why this has happened I do not know as an examination of the page in question found no trace of the logged links however I can think of a theoretical example which may explain it.

1. A malicious user has either created a page containing links to my site that contain SQL Injection attack vectors or has added content through a blog, message board or other form of user generated CMS that has not sanitised the input correctly.

2. This content has then been indexed by Google or even just appeared in a sitemap somewhere.

3. Googlebot has visited this content and crawled it following the links containing the attack vectors which have then been logged by site.

This "attack by SERP proxy" has left no trace of the actual attacker and the trail only leads back to Google who I cannot believe tried to hack me on purpose.

Therefore this is a very clever little trick as websites are rarely inclined to block the worlds foremost search engine from their site.

Therefore I was faced with the difficult choice of either adding this IP to my exception list of users never to block under any circumstance or blocking it from my site.

Obviously my sites database is secure and it's security policy is such that even if a hackbot found an exploitable hole updates couldn't be carried out by the websites login however this does not mean that in future an XSS attack vector could be created and then exploited.

Do I risk the wrath of customers and let my security system carry on doing it's job and block anyone trying to do my site harm even if its a Google by Proxy attack or do I risk a potential future attack by ignoring attacks coming from supposedly safe IP addresses?

Answer

The answer to the problem came from the now standard way of testing to see if a BOT really is a BOT. You can read about this on my page 4 Simple Rules Robots Won't Follow. It basically means doing a 2 step verification process to ensure the IP address that the BOT is crawling from belongs to the actual crawler and not someone else.

This method is also great if you have a table of IP/UserAgents that you whitelist but the BOT suddenly starts crawling from a new IP range. Without updating your table you need to make sure the BOT is really who they say they are.

Obviously it would be nice if Googlebot analysed all links before crawling them to ensure they are not hacking by proxy but then I cannot wait for them to do that.

I would be interested to know what other people think about this.