Phine Solutions web work notes

Just some iptables cheatsheet :

show the current iptables:

iptables -L

check firewall service:

service iptables status

enable iptables service:

chkconfig –level 345 iptables on

save iptables

iptables-save

save iptables to /etc/sysconfig/iptables

service iptables save

Ban an IP:

iptables -A INPUT -s a.b.c.d -j DROP
# using a netmask:
iptables -A INPUT -s x.y.z.0/24 -j DROP

To delete a rule:

iptables -D INPUT -s a.b.c.d -j DROP

I am looking for some PHP nudity image filter library and I found this one on phpclasses.org: PHP Image Nudity Filter.

The class was written by Bakr Alsharif. According to the web site, the class “analyses the colors used in different sections of an image to determine whether those colors match the human skin color tones.”
I downloaded the code and it does use this interesting approach to analyze the image color pixel by pixel and see if they match the skin tone. Every match will add to a score and the higher the final score, the more likely the image contains nudity. For example, if an image scored above 30, it is likely a nude picture.

The class library is easy to understand and very simple to use. However I did discover one possbile bug. The upper bound for the “for” loop on the pixels may need to be changed to “<” instead of “<=”. Otherwise it will generate tons of “array out of bound” PHP warnings.

I test run the program using some pictures and it was quite interesting.

I used some baby photos, and it recognized them. I used some pictures with mountains and trees and it worked great.

But here is the issue. I used it to scan a bunch of real estate pictures and wow, one of them has a score of 100! I checked the photo and it is a kitchen photo with mostly beige cabinet and counter tops. The tone of the image is also light so that’s why the filter totally misjudged it. Beside that particular one, there are quite a few scored over 50 or 60. And they all have the similar characters.

I wonder if it would be help if we set a “ceiling score”. For example, if an image scores over 80 it is not likely a nude picture since you are not likely to have nudity filling up the whole screen. So I did another test and this time only single out the ones which scored between 30 and 80. Still, there are still too many “good” picutures being filtered out.

Although the test wasn’t quite successful I still think this PHP class is  a heading to the right direction. Maybe some more sophisticated algorithm can improve the accuracy. For example, in stead of checking for the color for each pixel, we can figure out an “average tone” of an image and then analyze each pixel color to make the decision. Standard deviation, maybe?

From a Linux console, we can choose to show the server load using the ‘top” or “uptime” command. To get a simple reflection of the same information, we can also use the “/proc/loadavg”.

The first three columns of “/proc/loadavg” measure CPU and IO utilization of the last one, five, and 10 minute periods. The fourth column shows the number of currently running processes and the total number of processes. The last column displays the last process ID used.

Using a simple PHP script and Ajax, we can display the load status using “/proc/loadavg” on a timer using web interface without having to login to a console.

Here is the html page that we can use to show the status in every 5 seconds. It calls a PHP script which returns the content of /proc/loadavg. And by using Ajax, the page doesn’t need to be refreshed.

<html>
<body>

<script type=”text/javascript”>
<!– //
// initialize the ajax stuff
var x;
try {
// Try to create object for Firefox, Safari, IE7, etc.
x = new XMLHttpRequest();
} catch (e) {
try {
// Try to create object for later versions of IE.
x = new ActiveXObject(’MSXML2.XMLHTTP’);
} catch (e) {
try {
// Try to create object for early versions of IE.
x = new ActiveXObject(’Microsoft.XMLHTTP’);
} catch (e) {
// Could not create an XMLHttpRequest object.
alert(’Not able to init ajax’);
}
}
}

setInterval(’showLoad()’, 5000);

function showLoad() {
el = document.getElementById(’LoadStatus’);
x.onreadystatechange = function() {
if (x.readyState == 4) {
if (x.status >= 200 && x.status <= 299) {
el.innerHTML = x.responseText;
}
}
}
x.open(”GET”, ‘/path/to/serverstatus.php?Load’, true);
x.send(null);
}
// –>
</script>
<div id=”LoadStatus” style=”width:400px; height:30px; background-color:#eee;”>
</div>

</body>
</html>

The simple PHP script that reads the loadavg file:

<?php
$info = date(”H:i:s”) . ‘ ‘;

if (isset($_GET['Load'])) {
$info .= file_get_contents(’/proc/loadavg’);
echo $info;
}
?>

This solution is especially useful when telnet/ssh to a server is hard to do. For example, in a restricted network, or there is no computer around. You might ask without a computer, how to access web in the first place, well smart phone is the answer :). As you can see it has more potential to do a lot more stuff if utilizing other Linux commands.

The other day when I use Xenu to check the broken links the /tmp directory was quickly filled up. When I tried to remove the temporary files using “rm *” command I was told “bach:/bin/rm Argument list too long”. Apparently there is a max number of files that rm can handle.

A little bit search on the web yielded this following solution:

use the find command and xargs, the file can be removed one by one. Like this in my case:

find . -name ’sess_*’ | xargs rm 

Since find command can also look for files with certain age, it is a great way to clean up files in this way.

APC stands for “Alternative PHP Cache”. It’s one of the 3 PHP accelerators out there (the other 2 are Zend and eAccelerator).

The installation package can be found here: http://pecl.php.net/package/APC

Follow the installtion guide in the package, the apc.so is installed under:

/usr/local/lib/php/extensions/no-debug-non-zts-20060613/

This path will probably varies in different systems.

Now modify the php.ini:

1. extension_dir needs to be modified to the path above.

2. add the extension=apc.so to activate it.

3. tweak a few settings:

apc.shm_size=30 <– 30m is the default value. If up it to something like 128m, I would think the Linux system shared memory setting will also need to be increased more than that. It is 32 by default, which can be found in this file: /proc/sys/kernel/shmmax

I leave the shm_size to 30 for now.

apc.ttl=7200
apc.user_ttl=7200

4. restart the httpd service. Copy apc.php to the webserver. Check phpinfo(). Watch the Apache error_log.

To increase the APC  shm_size, the kernel’s  max shared memory size will also need to be increased since it is set to a very low value by default.

Add kernel.shmmax=134217728 to /etc/sysctl.conf, and run sysctl -p to make the setting take effect. This will increase the max shared memory size to 128MB.