Load testing with Siege

ABOUT SIEGE
Siege is an http load testing and benchmarking utility. It was designed to let web developers measure their code under duress, to see how it will stand up to load on the internet. Siege supports basic authentication, cookies, HTTP and HTTPS protocols. It lets its user hit a web server with a configurable number of simulated web browsers. Those browsers place the server “under siege.”

PLATFORM SUPPORT
Siege was written on GNU/Linux and has been successfully ported to AIX, BSD, HP-UX and Solaris. It should compile on most System V UNIX variants and on most newer BSD systems. Because Siege relies on POSIX.1b features not supported by Microsoft, it will not run on Windows. Of course you can use Siege to test a Windows HTTP server.

A sample command to envoke siege:

siege -c 32 -i -t 60m -d 5 -f url_list.txt

url list was a list of links, composed from the following command:

for i in `seq 1 80000`; do echo "http://domain.com/$i >> url_list.txt;done

This simulates 32 clients connecting simultaneously, requesting a random url,
with a new one requested every 5 seconds by each client. To get load really
high (past the 3-4 mark) I usually had to invoke two of these simultaneously,
from separate servers.

Siege is available from the following link:

Siege
ftp://ftp.joedog.org/pub/siege/siege-latest.tar.gz

DSO vs. CGI vs. suPHP vs. FastCGI

 
From http://boomshadow.net

Updated:

This is one of the most common topics that I see customers will ask about. As highly important as PHP handlers are, they often the least understood. They seem complicated, but its not too hard to understand. You don’t have to know that exact science of how it all works, but one should learn the basics if you want to take your website seriously. Picking the right PHP handler for your website will give you the optimal speeds you want and maybe allow you to save some money by using a cheaper hosting package. So I invite you to take a few minutes and learn something new.

What are PHP handlers

In order to run a PHP site, the server must interpret the PHP code and generate a page when visitors access the website. It interprets the code based on which PHP library you are using, such as PHP 4 or PHP 5. A PHP handler is what actually loads the libraries so that they can be used for interpretation. PHP handlers determine how PHP is loaded on the server.

There are multiple different handlers that can be used for loading PHP: CGI, DSO, suPHP, & FastCGI. Each handler delivers the libraries through different files and implementations. Each file and implementation affects Apache’s performance, because it determines how Apache serves PHP.

It is critical for your server’s performance that you select the handler that fits your situation. Selecting the right handler is just as important as the PHP version itself. One handler is not necessarily always better than another; it depends on your unique setup. What caching do you need, what modules do you need, etc…

Note: You may assign different PHP handlers to different versions of PHP. For example, version 5 may be handled by CGI while PHP 4 is handled by DSO.

How to change the handler

Changing the handler on cPanel is very easy to do and takes only seconds. Log into WHM and navigate to: Main >> Service Configuration >> Configure PHP and SuExec

You simply select your PHP handler choice from the drop-down menu. Then hit “Save New Configuration”.

Note: If you do not see your desired choice in the drop-down menu, it may need to be compiled on the server first. Run an “Easy Apache” to compile it.

phphandlers2

Continue reading “DSO vs. CGI vs. suPHP vs. FastCGI”

Turn off csf notifications for specific processes

From configserver.com

Process Tracking

This option enables tracking of user and nobody processes and examines them for suspicious executables or open network ports. Its purpose is to identify potential exploit processes that are running on the server, even if they are obfuscated to appear as system services. If a suspicious process is found an alert email is sent with relevant information. It is then the responsibility of the recipient to investigate the process further as the script takes no further action. Processes (PIDs) are only reported once unless lfd is restarted.

There is an ignore file /etc/csf/csf.pignore which can be used to whitelist either usernames or full paths to binaries. Care should be taken with ignoring users or files so that you don’t force false-negatives.

You must use the following format:

  • exe:/full/path/to/file
  • user:username
  • cmd:command line
  • Continue reading “Turn off csf notifications for specific processes”

    Cpanel force password change

    For changing all users cpanel logins the next time they login go to
    Main >> Account Functions >> Force Password Change in WHM and then Select All,
    then Submit

    From techtrunch.com

    There is a cPanel script [chpass] to reset each user’s password. Its syntax is as follows


    /scripts/chpass username password

    After running the script always run the following script


    /scripts/ftpupdate

    Using the above cPanel script I have created my own script to change all users password in one shot.


    #/bin/bash

    cat /etc/trueuserdomains | sort -t" " -k2 > LIST.txt
    exec 7<> LIST.txt
    for i in `cat /etc/trueuserdomains | awk '{ print $2 }' | sort`; do
    read < &7 DAT=$(date +%S%H%M%S) NAM=`echo $i | awk '{ print substr($1,3) }'` /scripts/chpass $i "#"$NAM$DAT echo $REPLY "#"$NAM$DAT >> pass
    sleep 1
    done
    /scripts/ftpupdate

    What actually this script is doing?

    01. Makes a sorted list of ‘/etc/trueuserdomains’ [sort with usernames] in a file ‘LIST.txt’
    02. A File Descriptor opened for ‘LIST.txt’
    03. Opened a for loop to itarate each users in ‘/etc/trueuserdomains’
    04. Read the first line in the FD and remove the same on each iterartion
    05. Store a date format in a variable for generating password
    06. Store a part of user name, say from third character of the name to last character, in varaible for complicating the generated password
    07. Executing the cPanel password changing script with appropriate parameters
    08. Outing the information [Domain Name, User Name and New Password] to a file named “pass” on each iteration
    09. Making a delay of 1 second on each iteration
    10. Ending the for loop
    11. Running cPanel password synchronization script.

    ===============================

    More information regarding changing passwords in bulk:

    http://bash.cyberciti.biz/security/linux-batch-mode-password-update/

    ===============================

    http://bash.cyberciti.biz/security/change-password-shell-script/

    ===============================

    another method:


    #! /bin/bash
    for i in `awk -F: '{print $2}' /etc/trueuserdomains`
    do
    tmp=`mkpasswd -l 10`
    /scripts/chpass $i $tmp
    echo "$i $tmp" >> newpasswds
    done

    Save this in a .sh or some file and give exec perm chmod +x filename and then run it. You will get all new users and passwords from newpasswds file in running location.

    SQL Buddy

    SQL Buddy is an open source, lightweight and intuitive database management tool. Ridiculously easy to install, simply unzip the folder into a web accessible folder on your server and its ready to use. Seriously, the next step is logging in.

    Complete control of users
    Logins are handled directly by MySQL. Create as many or as few users as you want.

    Speaks your language
    The current release is bundled with 47 translations!

    Lightweight interface, nice and quick for smaller jobs…

    Ghostscript install centos linux

    From alexxoid.com

    To update ghostscript package to version 8.70 under Linux Red Hat / CentOS, you need connect an additional repository Black Op. See instructions here.

    Download blackops GPG Key.

    wget http://blackopsoft.com/el5/RPM-GPG-KEY-blackop
    rpm --import RPM-GPG-KEY-blackop
    rpm -i http://blackopsoft.com/el5/RPMS/noarch/blackop-el5-repo-1.0-2.noarch.rpm

    or
    Download the Repository RPM

    wget http://blackopsoft.com/el5/RPMS/noarch/blackop-el5-repo-1.0-2.noarch.rpm
    rpm -i blackop-el5-repo-1.0-2.noarch.rpm
    rpm -i http://blackopsoft.com/el5/RPMS/noarch/blackop-el5-repo-1.0-2.noarch.rpm

    rpmforge recommends using yum-priorities and setting their repo lower- in our case, you may need to set the priority higher.

    Then run:

    # yum install ghostscript

    Blackopsoft.com

    Mysql Commands

    From pantz.org

    This is a list of handy MySQL commands that I use time and time again. At the bottom are statements, clauses, and functions you can use in MySQL. Below that are PHP and Perl API functions you can use to interface with MySQL. To use those you will need to build PHP with MySQL functionality. To use MySQL with Perl you will need to use the Perl modules DBI and DBD::mysql.

    Below when you see # it means from the unix shell. When you see mysql> it means from a MySQL prompt after logging into MySQL.

    full list of commands here

    Re-install phpmyadmin

    quick way:

    /usr/local/cpanel/bin/updatephpmyadmin --force

    fun way: (Version information: 3.3.8*)

    cd /usr/local/cpanel/base/3rdparty
    wget http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.3.8/phpMyAdmin-3.3.8-all-languages.tar.bz2
    tar -jxvf phpMyAdmin-3.3.8-all-languages.tar.bz2
    mv phpMyAdmin/ phpMyAdmin-bak
    mv phpMyAdmin-* phpMyAdmin/
    cd phpMyAdmin-bak
    cp config.inc.php ../phpMyAdmin/
    cd ..
    chown -R cpanel:cpanel phpMyAdmin

    Google Apps – enable domain keys

    Google has been an early and consistent supporter of email authentication technologies, which help ensure senders are who they say they are, and in turn help to curb spam. Since we launched Gmail in 2004, we have supported email-signing standards such as DomainKeys and DomainKeys Identified Mail (DKIM) to help validate outbound mail with digital signatures. On the inbound side, to help our users identify email from verified senders, in 2008 we worked with eBay and PayPal to authenticate their mail with DKIM and block all unsigned messages purportedly from those companies destined for Gmail users.

    But the spam and phishing epidemics aren’t letting up – every day Gmail filters out billions of unwanted messages from our users’ inboxes – so we’ve been focused on creating helpful tools and working with the email industry to bring solutions that will help our customers. Email authentication is an important mechanism to verify senders’ identities, giving users a tool to recognize potential spam messages. In addition, many mail systems can display whether a received message is DKIM-verified, which helps spam filters verify and assess the overall reputation of the sender’s domain: messages from untrusted senders are treated more skeptically than those from good senders.

    Today, we mark another notch in the spam-fighting belt: we’re making it possible for all Google Apps customers to sign their outgoing messages with DKIM, so their sent mail is less likely to get caught up in recipients’ spam filters. Google Apps is the first major email platform – including on-premises providers – to offer simple DKIM signing at no extra cost. Once again, the power of the cloud has made it possible for us to bring this feature to millions of customers quickly and affordably.

    altimginfo

    “We help the most-phished brands on the Internet manage their mail authentication programs, and the Google Apps solution is the simplest that we’ve encountered. Configuring DKIM for in-house systems requires plug-ins or additional gateway servers, making a company’s mail environment more complex and difficult to manage. As a Google Apps customer, this feature took us only a few clicks in the control panel and an update of our DNS,” said Kelly Wanser, CEO of eCert, an industry leader in providing critical protection against email fraud.

    Starting today, all Google Apps administrators can enable DKIM signing in the “Advanced Tools” tab of the control panel. As more email providers around the world support DKIM signing, spam fighters will have an even more reliable signal to separate unwanted mail from good mail. We’re pleased to let millions more organizations use DKIM with this improvement.

    Reduce inode usage

    From sabarish4u.wordpress.com

    Inodes basically store information about files and folders, such as (user and group) ownership, access mode (read, write, execute permissions) and file type. On many types of file systems the number of inodes available is fixed at file system creation, limiting the maximum number of files the file system can hold. The inode number indexes a table of inodes in a known location on the device; from the inode number, the kernel can access the contents of the inode, including the location of the file allowing access to the file. A file’s inode number can be found using the ls -i command. The ls -l command displays some of the inode contents for each file. Stat will show a more complete listing of file attributes, including the inode number, number of blocks it occupies and block size.

    [root@host2.myserver.com] ~ >> stat .bashrc
    File: `.bashrc'
    Size: 325 Blocks: 8 IO Block: 4096 regular file
    Device: ca03h/51715d Inode: 293879 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2011-01-06 09:39:35.000000000 -0500
    Modify: 2010-07-28 13:51:44.000000000 -0400
    Change: 2010-08-27 16:16:18.000000000 -0400

    File names and directory implications:
    * Inodes do not contain file names, only file metadata.
    * Unix directories are lists of “link” structures, each of which contains one filename and one inode number.
    * The kernel must search a directory looking for a particular filename and then convert the filename to the correct corresponding inode number.
    * The kernel’s in-memory representation of this data is called struct inode in Linux.

    We can find the inode usage (Number of files) owned by each user/directory, especially useful in VPS. Each VPS will have inode limits (the maximum number of files that can be created in that VPS)

    For example If the inode usage is 100 % then we needs to find out which user/directory has owned the maximum number of files.

    [root@server]# df -i
    Filesystem Inodes IUsed IFree IUse% Mounted on
    /dev/vzfs 800000 800000 0 100% /
    simfs 800000 800000 0 100% /tmp
    simfs 800000 800000 0 100% /var/tmp

    Run the following commands

    [root@server ~]# repquota -a | sort -nk6 | head

    Block limits File limits
    *** Report for user quotas on device /dev/vzfs
    ———————————————————————-
    Block grace time: 00:00; Inode grace time: 00:00
    User used soft hard grace used soft hard grace
    test1 +- 25816 25600 25600 none 663 0 0
    test2 – 4 0 0 1 0 0
    mail – 4 0 0 1 0 0

    Continue reading “Reduce inode usage”