Today I found out there are over 100K PHP session files locate in Windows Temp directory and it’s impossible to open the Temp directory with Windows Explorer, hence not able to remove any file.
The solution is to use a dinosaur tool called DOS Command!
del /F /Q sess*
Da Da…after a few minutes, you can open the temp directory again with Windows Explorer, this really comes handy when you need it.
Of course, I’ve also changed the session.savepath and since PHP uses garbage collection every 24 minutes, so this left over session problem is fixed as well.
Recently, I need to configure PHP to run on Windows Server 2008 R2. Even I’ve done this countless previously, but things still didn’t work in the first go, my test.php below displayed the raw code when running from browser.
<? phpinfo; ?>
It turns out to be a simple parameter (ie, short_open_tag) wasn’t turned on in php.ini.
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It’s been
; recommended for several years that you not use the short tag “short cut” and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it’s currently still
; supported for backwards compatibility, but we recommend you don’t use them.
; http://php.net/short-open-tag
Out of blue, after years of searching for the best way to prevent spammer from inside. I think I probably found the solution by extending Delay between Recipients to 5 seconds on Outgoing SMTP, which keeps the email password cracker away.
It’s really more a mind tactic than the actual technical solution, as the spammer will give up right away if they find your SMTP server is so slow sending out emails per second. I strongly suspect they have a set of standards, say if a SMTP server can’t deliver more than 10 email per second, then they won’t use it…after all, why bother to use a slow SMTP while they are plenty powerful ones out there.
In contrast, by using Grey Listing on incoming SMTP also greatly reduced the spam or email DDOS by a large percentage.
Just my 2 cents.
Update: Jan 16, 2018
Today client’s email server had a DDOS attack, one of the users got tens of thousands of email and this made the spooler almost crashed, hence CPU stays at 100%. Solution is to decrease the SMTP Delay from 5 seconds to 1 second, so the email server can quickly bounce back the email (of course, remove that user temporarily).
Lesson learned, Delay SMTP delivery may cause dearly at a specific occasion, so use it wisely according to the actual filed scenario.
Received a letter from Devin Wenig, President, eBay asking everyone to change their password.
If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.