Debugging PHP

Debugging PHP without an IDE (Integrated Development Environment) can be difficult at first. But it's actually pretty easy using the Apache error log. Of course, a full blown IDE will probably offer many more debugging functionalities but for a quick debug the logs can be a great help. This short tutorial assumes you already have a VPS running with Apache and PHP. If you need help to setup a LAMP server, see the previous articles about creating a fully functional VPS webserver:
http://vpstips.blogspot.nl/2010/09/setting-up-lamp-vps-part-1.html
http://vpstips.blogspot.nl/2010/10/setting-up-lamp-vps-part-2.html

To start debugging create a simple PHP script with an error:

echo "<? echo phpinf(); ?>" > /var/www/vps.error.php

This simple script mistakes phpinfo for phpinf (without the letter "o" at the end). This results in a fatal PHP error. The phpinfo functions dipslays some general information about your server and PHP environment. Details: http://php.net/manual/en/function.phpinfo.php

To debug this script look at the Apache error log.

tail -f /var/log/apache2/error.log

Depending on your distribution the log location may vary and you might need root permissions to open the file. The error log will show you an error similar to this one:

PHP Fatal error: Unknown function: phpinf() in...

The error log is a quick way to debug PHP errors. Default PHP installations will supress error messages so if you get a blank page or a half loaded page in your browser it might be worth checking your Apache error logs!

VPS upgrades

Most VPS providers offer various packages allowing you to upgrade your server as you see fit. Because a VPS can be relocated to a new server and the provider often takes care of backups or snapshots, a VPS is easy to maintain when sustainig sudden growth. However, there comes a time when outgrowing a VPS can become reality. As a general rule of thumb 50-100 USD/EUR a month can hire a budget dedicated server providing at least 4GB ram with 250GB disk. When your VPS provider starts asking double this amount (remember they take probably care of backups) it's time to ask for a custom quote, relocate the VPS or go for a dedicated server.

SSD VPS

I've got some questions about VPS performance and mainly about disk performance. It's not uncommon for some budget VPS providers to offer an environment stored on a RAID array. RAID is great for data redundancy and increased disk speed but on a busy server your VPS performance can degrade to suboptimal levels. Detecting an oversold or overused VPS with disk problems is generally easy:

• Saving a simple text file takes over 2 seconds
• Starting disk intensive applications is extremely slow, at least two times slower than on a dedicated machine

Many VPS providers now offer SSD variants to overcome these problems. I'm currently testing a VPS from DirectVPS (https://www.directvps.nl/vps_ssd.plp) where disk activity was often the bottleneck on their regular line. So far, the results have been good but concrete benchmarks are missing. However, problems with extremely long disk writes are gone!

SSH without passwords

If you need quick access from your home to the VPS there is an easy solution that won't require a password to login. First, create a private and public ssh key pair on your desktop:

ssh-keygen -t rsa

Copy the public key to the vps (replace vps by the hostname or IP address):

ssh-copy-id -i .ssh/id_rsa.pub vps

Login to the VPS from the desktop:

ssh vps

And you should be able to login without a password. Enjoy!

Setting up a LAMP VPS - Part 2

In Part 1 the foundation of the LAMP server was created. Now part 2 of this tutorial will help you setup the M and P and at the end you will have a fully function LAMP server.

M - Mysql
MySQL is the database backend that provides an easy to use database compatible with PHP. There are several databases you can use, such as Postgresql or Firebird. If you plan on using MySQL, install it as follows:

apt-get install mysql-server-5.0

On a Debian system you may be asked to provide a password for access to the SQL server.

P - PHP
PHP is a scripting language that is used to create dynamic webpages. Install PHP:

apt-get install php5

Although it says: "Reloading web server config" I had to restart apache for the changes to take effect:

/etc/init.d/apache2 restart

Now create a PHP test page to see if everything is working fine.

echo "<? echo phpinfo(); ?>" > /var/www/test.php

Navigate to your host/test.php and you should see some tables with PHP information! Congratulations the LAMP server is now fully functional!

Easy access to your VPS

An easy but useful tip is to add the hostname of your VPS to your system hosts files. Often, a VPS is referred by its IP address or by its hostname given by the vps company, e.g. vps211.vpscompany.com.

An easy way to access your VPS is to give the VPS a friendly name in your hosts file. Edit the hosts file which is located at:

Windows: C:\Windows\System32\drivers\etc\hosts
Linux  : /etc/hosts

The structure of the file is mostly the same on both operatings systems. Add a line to host file, replace 123.123.123.123 with the IP address of your VPS and replace vps1 with the name you want to access the VPS.

123.123.123.123 vps1

Fire up your browser, remote desktop or SSH and simply connect to vps1. The system will connect to the IP address specified in the hosts file!

Prevent SSH bots

Before completing the LAMP tutorial I will show some important considerations if you start working on a new VPS.

If you have been running a Linux server for a while you have probably noticed SSH bots trying to access your server. These bots try to break your server passwords and compromise your system. If you have strong passwords this is not a real big threat but it's annoying to see /var/log/auth.log grow with lines like this:

Sep 21 17:24:19 localhost sshd[2638]: Failed password for invalid user root from 113.6.252.48 port 42782 ssh2
Sep 21 17:24:24 localhost sshd[2640]: User root from 113.6.252.48 not allowed because not listed in AllowUsers
Sep 21 17:24:24 localhost sshd[2640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.6.252.48  user=root


The problems is most of these boxes are already hacked boxes. So it's not easy to find the originating IP. Luckily these attacks are easy to stop, there are two easy solutions:

Option 1: change the SSH port
This option simply changes the port you connect to. It's a simple solution but it works really well. Attacks went down from a lot to zero on one of my VPSes. To change the port edit /etc/ssh/sshd_config and change Port 22 to Port 1234 for example. Restart the ssh server and you are done. Remember to test the connection to your VPS on the new port first before exiting your current SSH session.

vim /etc/ssh/sshd_config

/etc/init.d/ssh restart

Option 2: block attackers
The other option to stop these attackers is to block SSH attacks after a few failed attempts. There is a tool especially designed to stop all kinds of unwanted service access. It is called denyhosts. Installation is very simple on an Ubuntu or Debian system:

apt-get install denyhosts

And you're done! Well almost, you probably want to add your home/work IP to /etc/hosts.allow. This prevents denyhosts from blocking your home IP. This can happen when you had too many failed login attempts, even in the past (denyhosts thoroughly checks your login history).

You can tweak some values if you like in /etc/denyhosts.conf . I always change the setting DENY_THRESHOLD_VALID to 5. This determines the amount of failed attempts you can make on an existing and allowed user, before you are blocked. You don't have to change this value but it is a bit risky because the threshold for invalid accounts is 10. Using this knowledge an attacker can determine what system accounts exist. If you have edited the config file restart denyhosts for the changes to take effect.

/etc/init.d/denyhosts restart