The Christmas season is coming, the people around the world will start with the preparations, all the online stores will start offering discounts on their products online, registering the highest number of annual sales.

During this period, all owners of an online store, call for the audits required to prepare for Christmas period. This article will give some tips to be prepared to handle a larger number of orders, requests and demands within your own online business, it is obviously too late to hand updates to the code of your e-commerce, as well as to prohibit the possibility of changing critical components, which are not tested in this period.

Upgrading The Server And Your Web Hosting Plan

Depending on your e-commerce store which would be hosted on shared hosting or within a dedicated solution, it is useful to take some precautions:

Check your plan and upgrades: If we launch a promotion that can bring a greater number of visits, then it’s time to even think of expanding its shared hosting plan. In this case, we contact the provider to request a change to a higher priced plan, specifying the fact that it takes more resources for the website, and then the plan itself should be moved into a more powerful machine.

Troubleshooting the ISP: To find your main domain, website or e-commerce locked in the month of December is not a good news, we see that any faults with your ISP, from the perspective of technical and commercial, are resolved. Needless to require version upgrades or changes to the plan webhosting at this time, the only requirement may be a change and a server upgrade.

Upgrading your Dedicated Server:  If your e-commerce is hosted on a dedicated server, it would be useful to contact your service provider for the adjournment of the same. If they are not already the best performance, it is unthinkable to go to support an increase in visits. Increasing the RAM could be the necessary first step, followed by a reconfiguration and tuning your server, something we see in a few lines.

Cloud Computing Or Cloud Hosting: If we do not have the possibility to increase the resources of our area of shared hosting or on our dedicated server, then the best solution is to include the use of an instance of Cloud Computing effective only for the month of December, or at least only for the period in which we expect to be able to have a greater number of visits. In this case ESDS offers cloud computing solutions with pricing that it can be used for the required time.

You ignore the discourse of performance on the ISP side, it is important to understand if you (are) really ready to face an increase in visits with the configuration of server or instance of cloud computing. The first thing to do if we are not experts, is to contact your ISP or service ‘system to ask a tuning of the server.

What we need to verify exactly:

Apache : We are going to verify the configuration and memory consumption
Nginx : If we use this webserver, we just go to prepare a configuration tailored for our system, basic already get superior performance with Apache
MySQL : The use of tools to identify the problems of MySQL will save you a lot of time.

Finally, after working on our webserver, it is essential that an e-commerce website takes very little time for opening pages, first check which ones are current through one of the many online tools, we recommend PageSpeed Tool By Google.

Here we can get some information about our web site, an acceptable speed should never go more than 1.5 seconds to open, but we talk already about a very high result. To get further information, it is necessary to use Google Webmaster Tool, which gives an indication of how fast our site is, compared to all those tracked by Google.

Once you understand that the speed of the pages is not acceptable, there are several solutions that can be used. First we have to see if our e-commerce platform allows you to do caching, images in all statistical components. Solutions such as Magento or OsCommerce and have these options and you need to identify the best plugin and put it in production, but this is a change that could present problems so it should be applied at night, checking operation.

Optimizing your site must begin with the classic rules:

• Using verified HTML code, corrected at a syntactic level and setting
• Union and compression of JavaScript code for easier loading
• Loading the JS code at the bottom of each page
• CSS compression and compression of images with CSS Sprites

There are dozens of guides on the net. We will definitely prepare further test to check the speed of loading. We can think of to use the handy YSlow, which is a plugin for Firefox, or Chrome’s console directly. It will show the loading times of the individual components of the page.

Our Forum community is available for any further information. You can simply open a new topic!!

The best thing in life are definitely free when it comes to developer software. There’s plenty of free software that does the job as well as the commercial and proprietary offerings. The difference is the price – free software is free; and many of which are released under fair licensing terms that give you many rights as to how you can use the software. For example, the GNU General Public License (GPL) is one of the most less-restrictive licenses available for end users using software; because it permits users of software released under this license to use software for commercial and non-commercial purposes, to use it free of charge, to copy it, to distribute it to others, to use extracts of the software in their own software applications and much more. The question really is – if there is a free software application out there that can do the job as well as commercial software can do – why do you want to pay for the commercial and proprietary software application without first trying out the free software alternatives first? It saves money.

FTP clients.

FileZilla.

FileZilla is an open-source and cross-platform FTP client for Windows, Mac and Linux distributions (including Ubuntu). It’s a great FTP client that does the job very well. And as it is open source, it is completely free to download and use. FileZilla is released under the terms of the GNU General Public License.

A few things to point out about FileZilla is that there is no way in which to set FileZilla to automatically upload saved files. You have to switch to FileZilla to confirm you want changes to be saved on the remote server. It’s slightly annoying and slows you down a little, but it may come useful one day.

Nonetheless, FileZilla is a great FTP client to consider using. I don’t even think there’s any point to buying a commercial and proprietary FTP client when FileZilla has all the features you’d need in an FTP client and it being completely free.

WinSCP.

WinSCP is a free and open source FTP client for Windows (not available for OS X or Linux unfortunately). It supports FTP, SFTP and FTPS connections to remote servers. Looks like a good FTP editor for Windows, although we haven’t tried it ourselves yet.

IRC clients.

OK, this isn’t entirely related to web development but I’m sure many of you use IRC clients. Of course, you may well be using a free IRC client right now – and there’s plenty of free IRC clients to choose from; some of which released under an open-source license like the GPL. But for many people, the license doesn’t necessarily matter if the software is still free to use.

KVIRC.

KVIRC is a free and open-source IRC client released under the GPL.

Programming Editors.

jEdit.

jEdit is released under the terms of the GNU General Public License, and is written entirely in Java which means it is entirely cross-platform; it’s available on Windows, Mac, Linux and other less common platforms. It’s got a pretty nice feature set and auto-saves files as a separate temporary file in the same location as the file in question (and automatically deletes this temporary file after you’ve finished with the file). It’s completely free and I’d definitely recommend you give it a try. It supports syntax highlighting for the most common programming languages and less common ones too, – full list below:

(From jEdit’s website)

SciTE.

The SciTE text editor is likely one of the most popular programming text editors on Linux distributions. It’s also available on Windows and Mac OS X as well. However, it is only available in the Mac App Store for Mac OS X users for a very expensive price point $41.99 USD (approximately 2,358 INR)

MySQL Database Management Clients.

HeidiSQL.

HeidiSQL supports MySQL and MSSQL databases and is an open-source and free Windows application; however it works on Linux distributions such as Ubuntu and others using the Wine Windows application emulator, if you wish to use it on your Linux-based computer.

Toad for MySQL.

Toad is another MySQL database management client; it is free (specifically freeware) but it is not open-source, is a proprietary software application and is released under a more restrictive licensing agreement. Even so, it is free and many people do indeed use Toad for MySQL. As the name implies, it only supports MySQL databases. So if you need to use MSSQL databases, use HeidiSQL or Microsoft’s own proprietary and closed-source Microsoft SQL Server Management Studio.

Graphics Editors.

You may not think GIMP is any good, but it is by far the most versatile and feature-rich graphics editor alternative to Photoshop. As well as being free and open source, it is released under the GPL and is available for all the major platforms – Linux, Windows and Mac OS X. It hasn’t got the same layout and usability as Photoshop in regards to how you use it, but it has all of the features you’d expect to use in Photoshop.

If you’re looking for a graphics editor that gets the job does – including the basics – get GIMP. Does the job very well.

Managing your passwords.

Do you use the same password for multiple services, servers, hosting accounts or websites? Not a very good idea – especially when it is incredibly easy to generate and store random passwords using the KeePass Password Manager, which is both free, open source and cross-platform. It’s available on Windows, Linux, Mac OS X and many mobile platforms including BlackBerry, iPhone, iPad and Android.

We’d highly recommend you make use of KeePass to ensure all of your passwords are secure.

What are PHP Data Objects?

PHP recommends instead of using the standard mysql_connect() and mysql_query() functions that instead you use PHP Data Objects, or mysqli_() functions for database interactions. PHP Data Objects are a robust, easy-to-learn and easy-to-use object-oriented interface for interacting with databases. Object-oriented programming is a conceptual programming model for developing applications, and results in cleaner, more organised and structured code. I would assume you have some familiarity with object-oriented programming already, as it would help to understand how to use PHP Data Objects proficiently.

Connecting to a database using PHP Data Objects is incredibly simple.

$string = “mysql:dbname=db_name;host=localhost”;
$user = ‘db_user’;
$password = “your password here”;
try
{
$db = new PDO($string, $user, $password);
}
catch (PDOException $e) {
echo ”Connection failed: ” . $e->getMessage();
die();
}

The Try, Catch block is used to try a block of code and if any problems occur, the errors are returned in the catch block. In this instance, the PDO() object would return an PDOException() object if an error occurred with the connection to the database. The getMessage() method of the PDOException class would return the error in question. It’s a super efficient way of handling errors that may otherwise cause errors to be displayed on the page.

The $string variable contains the DSN (Data Source Name) which essentially is to tell PHP Data Objects what database system you want to connect to and the name of the database and where the database is located (in this instance, the database is located on the same server as the PHP application being executed on – hence localhost). For more information on DSN, see the PHP documentation.

Executing database queries.

To execute SQL queries, here’s an example:

$query = $db->query(“SELECT * FROM users”);
foreach($query as $row)
{
echo $row['column'];
}

This will obviously loop through each result row and return the column named column as specified in the array index name of $row. Essentially, $query is returning an associative array that you loop through using a foreach() loop.

Some more examples include:

$query = $db->exec(“UPDATE users SET username = ‘$username’ WHERE username = ‘$username_old’”); // returns number of affected rows

if($query)
{
echo “Row updated”;
}

Note: The exec() method does not work for SELECT queries. The exec() method executes an SQL query and returns the number of affected rows. A SELECT query does not affect any existing rows, which is why a SELECT statement doesn’t work. Do check how many rows are returned from a SELECT query, you can do this:

$query = $db->query(“SELECT * FROM users”);
echo $query->rowCount();

In this instance, the method rowCount() is used to count the amount of rows returned by the query. You may notice that the query() method will return an entire object (specifically a PDOStatement object) and in the PDOStatement class there is a method called rowCount() which returns an integer value representing the amount of rows returned by the query in question. However, you can also loop through the returned results of the query() method using a foreach loop, or perhaps the first row result using the fetch() method of the PDOStatement class, which returns the next row from the result set (so in this instance it will be the first row).

Unlike the PEAR library which you need to install separately on your ESDS Dedicated Server (the PEAR library has its own class for database interaction), the PDO extension is enabled by default as of PHP 5.1.0 and above.

As far as we are handling Apache, MySQL, and PHP, they fall into the category of “Application of repute” to support and upgrade security at their latest stable versions, but all of them and at some point in time their respective projects, may have experienced more vulnerable periods from high or low.

If you are using versions of some of these applications, which undoubtedly will comply from a particular version number, with the minimum requirements to run Joomla, But with known vulnerabilities, not correct and / or without official support , we are looking at some acceptable level of safety. Therefore, it is also recommended to move within an acceptable level of security, using or being updated to latest stable versions.

What security measures are currently implemented?

Do you use strong passwords?

• strong password means that more than eight digits, consisting of letters, numbers and signs allowed, without any sense.
• Change passwords periodically and do not use the same passwords for levels which are having different access, is highly recommended as well.

Do you have a complete backup of your site?

• Having a data backup of your database and files and folders on your dedicated hosting at least once in a week will help in case of intrusion at least not to lose all your work and others have contributed to your site.
• If you use hard drives replica, or work with replicas of the DB, you can minimize the loss of sensitive information.
• Provide support for traditional backup and replication support for help to overcome most problems, and the absence of any of them can lead to irreversible situations in regard to information retrieval.

Extra Protection From?

• On the extra protection, only commenting that deals with limiting the damage, but not acting directly on the root of the problem .. that in most cases, the root of the problem, software will be vulnerable or improper seating.
• Examples of extra protection, the rules are anti-or anti-exploit SQL injections, which, when detecting any “malicious pattern” within a URL access, block it.
• And so, normally, most of applications such as Apache can be good, have some type of utility, type mod_security, mod_rewrite which, if configured properly, frustrate many of the unwanted intrusion attempts with little yield false positive.
• Then, against security holes in code, the extra protection, which is more breading solution, you can save on many occasions.
• The availability of this type of protection for what are the applications that make up our environment, and it never hurts to review all the access log or error within our reach.

It is very common nurtured false belief that “to summon a website, simply install Joomla! and ready ” .

While Joomla has been engineered to provide facilities to a wide range of users, including those with little or no programming knowledge level websites, this does not mean at all that maintain safety on our sites is governed by the same advantage .

Then, if it may be true that “to summon a web” with Joomla! enough to know you’ve actually set it up and “put together a website,” but one thing is the ease of use, flexibility and extensibility that provides Joomla! and quite another to maintain the security of our sites within acceptable levels.

Suggestions

Review each question that are presented below:

• What version of Joomla are you using?
• What third-party extensions you have installed?
• What version of Apache / MySQL / PHP are you using?
• What type of server hosting you have hired?
• What security measures are currently implemented?
• What version of Joomla are you using?

An acceptable level of security is to use the latest stable versions of each of the applications that make up our website and the Joomla is no exception.

While Joomla CMS is a pretty sure of itself, which takes care to avoid unwanted intrusions through your code, or that when it detects a vulnerability to high or low, is quick to repair it as soon as possible.

What third-party extensions you have installed?

If Joomla is responsible for ensuring your code to avoid unwanted intrusions by the same both for what is the core of the application to the extensions that come natively with the installation of CMS. There are lots of extensions programmed by third parties (the CMS installed later) that are not under the control of quality or safety of the Joomla!, but of the respective authors of each of those extensions.

While the purpose of upgrading to the latest stable versions of the extensions we are working with, we face the same criteria applied in the previous paragraph and for the same reason, it should be emphasized that, contrary to what might happen with CMS currently extensions under a security aspect, may have been poorly programmed by their respective authors, or lack of support or updates in this regard.

It is difficult for the eye of someone who is not skilled programmers to distinguish between the variety of tastes and colors with which we get the extensions (seen from a look of “secure programming”).

When an extension programmed by third places on record, in a manner similar to that used by the authors of Joomla, They are implementing security policies designed to thwart intrusion attempts known by its code, or , updated as soon as possible if new security flaws detected, we would, again, in conditions or acceptable level of safety.

In the opposite case, we would be with that third-party extension in particular, unfavorable security conditions, and therefore in a very low level of security is acceptable.

While it provided “vulnerable extensions list” does not mean that “the other extensions that do not appear in that list are safe, viewed from the code and about the chances of malicious intrusions known through it.”

Take these lists as a means commonly used to stay informed and continue to report, among all, on extensions that allow malicious intrusions through your code and get more and more complete lists (perhaps an extension that appears on this list only vulnerable to an earlier point in their development and later to the version mentioned in that list, solved the security problem on their part).

The extensions use only reputable and stable, supporting and updating the security issue, you will greatly limit the extensibility of your project, but will keep within an acceptable level of safety.

In this brief article we will cover the installation and configuration of Apache on CentOS and some other functions required in today’s web servers. Although there are already plenty of material about it, a simple Google search returns a number of texts already, I decided to write about it because it is something simple that sometimes escapes from memory, having published the text is easier to see later and also did not find here any similar text in Vol.

To begin, let’s put some basic descriptions, because there’s always a first-timer. CentOS is a distribution Linux Enterprise class derived from source code freely distributed by Red Hat Enterprise Linux and maintained by the CentOS Project. The version numbering is based on the number of Red Hat Enterprise Linux. For example, CentOS is based on Red Hat Enterprise Linux. The basic difference between them is the provision of support paid on acquisition of a Red Hat Enterprise Linux.

Functionally, it can be considered as clone systems. CentOS provides greater access to industry-standard software, including full compatibility with the software packages prepared specifically for systems Red Hat Enterprise Linux. This gives you the same level of safety and support via updates that other Enterprise Linux solutions, but without cost. Supports both server environments for mission critical environments and workstations and also has a Live CD version.

CentOS has numerous advantages, including: an active and growing community, a rapid development and testing of packages, an extensive network for downloads, accessible developers, multiple channel support including support in India. and commercial support through partners. Centos Apache server (Apache HTTP Server, or simply, Apache) is the most successful free web server.

It was created in 1995 by Rob McCool, then an official of the NCSA (National Center for Supercomputing Applications). In a survey conducted in December 2007, it was found that using the Apache represents 47.20% of active servers in the world. It is the core technology of the Apache Software Foundation, responsible for more than a dozen projects involving technology webcast, data processing and execution of distributed applications.

The dedicated  server is compatible with the HTTP protocol. Its features are maintained through a structure of modules, including allowing the user to write their own modules – using the API software. It is available in versions for Windows OS and the various other POSIX (Unix , Linux, FreeBSD, etc.).

PHP (recursive acronym for “PHP: Hypertext Preprocessor”) is a computer programming language interpreted freely and widely used for generating dynamic content on the World Wide Web such as Wikipedia.

MySQL is a database management system (DBMS) using SQL (Structured Query Language) as an interface. It is currently one of the most popular databases, with more than 10 million installations worldwide.

In the latest Linux distributions so-called RedHat based distributions installation ligament Apache+PHP+MySQL presents no special problems. But, as always, sometimes there are little pitfalls that often confuse novice admins, owners of dedicated web servers, and programmers.

We describe this process as an example with Fedora Core 4.

We go to the server as root and type the following commands:
yum install httpd (this we have established in apache);
yum install PHP (this we have established in php);
yum install mysql-Server (this we have established in mysql);

and the final touch:

yum install php-mysql
without this bunch of php + mysql will not work.

The default is typically not installed in GD libraries (often used by various scripts) and mbstring (the library require phpmyadmin). For this, we collect the following commands:

yum install php-mbstring
yum install php-gd

Also, I am still faced with the fact that the characters of other languages appear as question marks. This is because the Apache force indicates all files to UTF-8. This can be fixed in the configuration file of httpd.conf .

Look there are lines:

# Specify a default charset for all content served; this enables
# Interpretation of all content as UTF-8 by default. To use the
# Default browser choice (ISO-1 eight thousand eight hundred and fifty-nine), or to allow the META tags
# In HTML content to override this choice, comment out this
# Directive:

# AddDefaultCharset UTF-8

And check that before AddDefaultCharset UTF-8 always stood the pound sign.

Here’s the secret installation. Now write ntsysv and put an asterisk in front of emerging service httpd and mysqld to ensure that these services are started automatically after reboot.