Posts by needforszpit

    bekapcsolni természetesen be kell admin felületen is, mert anélkül nem módosíthatod ini_setttel a displays errorrt...azaz azzal a 2 sor kóddal amit fentebb írtam...anélkül a rendszer nemtudja pontosan milyen errorokat is jelezzen ki (több féle van így te döntheted el milyen errorokat jelezzen ki)

    ini_set("display_errors",1);
    error_reporting(E_ALL^E_NOTICE);


    copy @ begining of any php file where you want to see the errors(if U put these codes to a global included file U see errors on every files)....(enable php_error_reporting on admin panel)

    this way of "optimization" is a deadway:)
    @ a "bigger" trafic like that:
    your server have not enough time to respond:)...
    if you open a page on any site hosted on server after a long time(aprox 20-30sec) just simply get an ERROR 500 or not respond...
    php5-fpm restart is just a "temporary" solution.
    Why i write "temporary"?...because after restart the clients is reconnecting and "failure" is back.
    But this thing is NOT a failure just a simply "bad" setting of system.


    /*daca vrei, pentru niste bani iti zic ce trebuie sa faci sa nu "moare" serverul*/

    Why its better my solution?
    Take a test...on official solution pma was responding with "no root login...blablabla..."
    In my solution, if post root username, nothing was happen...no response and php does not countinue to run because its die()-ing.
    Possible "hacker" doesnt know waths happen:)
    Additional "addon":

    Code
    1. if($_COOKIE["ga_"]==md5($_SERVER["REMOTE_ADDR"])){ header("status: 204");die();}if(strtolower(trim(htmlentities($_POST["pma_username"])))=="root"){ setcookie("ga_", md5($_SERVER["REMOTE_ADDR"]), time()+9999999999, "/"); header("status: 204");die();}


    Hihihi...dirty but fine working code, no?
    If server use apc or memcache (or redis) NOT USE COOKIES...cookies was client side data and its possibble to manipulate...better way for that is apc or memcache...simply set-get action with same data(but its littlebit harder to delete on accidentally "banning")


    P.S. if u want to securify multiple usernames:

    Code
    1. $names=array("root","othername");
    2. $name=strtolower(trim(htmlentities($_POST["pma_username"])));
    3. if(in_array($name,$names).....


    So symply just be creative:)

    too complicate:D
    simply copy this @ /var/www/imscp/gui/public/tools/pma/imscp.config.inc.php file before line 63. :

    Code
    1. if(strtolower($_POST["pma_username"])=="root"{ header("status: 204");die();}


    If somebody POST something like rOoT as username pma was not respond to request & diying:D