my notes

PHP-FPM 5.6 init script will not start on wheezy

Note: Instructions below will enable the control of php5-fp, process via the /etc/init.d script. This is not mandatory. You can use the service command to control the php5-fpm process. Examples below:

service php5-fpm start
service php5-fpm stop
service php5-fpm restart

Disable control of php-fpm via upstart

Instructions below will disable control of php5-fpm via upstart.

Fix 503 no backend connection with Saint moe

If you are getting allot 503 FetchError c no backend connection error and you enabled Saint mode than you have to add following to your backend.

.saintmode_threshold = 0;

Option "saintmode_threshold" tells Varnish how ,any items can be vlacklisted by saint mode before it makes your backend sick. Is setting saintmode threshold to 0 still produces "no backend errors" try sett try setting it to a very high number.

To check if you have such error use following command


Find malware scripts on your server

grep -Rn 'GIF89aG' /var/www

grep -Rn 'shell *(' /var/www
grep -Rn 'tcp *(' /var/www
grep -Rn 'system *(' /var/www

grep -Rn 'eval(base64_decode(' /var/www
grep -Rn 'eval(gzinflate(base64_decode(' /var/www
grep -Rn 'eval(gzuncompress(base64_decode(str_rot13(' /var/www
grep -Rn 'eval(str_rot13(gzinflate(base64_decode(' /var/www

or searching for these function with one commans

grep -RPn '(system|shell|tcp) *\(' /var/www


investigate sockets

List source port 80

ss -t -a -n -s '( sport = :80 )'

Display All Established SMTP Connections

# ss -o state established '( dport = :smtp or sport = :smtp )'

Display All Established HTTP Connections

ss -o state established '( dport = :http or sport = :http )'

List All The Tcp Sockets and process info with source ip address

ss -p -o state all '( sport = :http or sport = :https )' src xx.xx.xx.xx