Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Fortrabbit Blog:
Your responsibility: App security
Apr 09, 2018 @ 11:45:17

On the Fortrabbit blog there's a post from Oliver Stark about securing your PHP application based on an experience they had with a recent support ticket.

A few days ago, late in the evening, we received a support ticket with the [message asking if their site had been hacked]. The support team started the conversation with the client and checked the domain routing first. It quickly became clear that the redirects to the phishing domain happened on our platform, so they searched the access logs for suspicious requests.

As they searched the logs, other similar requests showed up pointing back to a root.php file that seemed to be taking commands from URL parameters. This kind of script is called a "webshell" and is usually uploaded via a vulnerability with a plugin, poorly guarded upload forms or bad input validation. After some additional tracking, the vulnerability was located in the site's "vendor" folder that was web accessible. The post finishes with some recommendations to keep this from happening to you and your application including keeping dependencies up to date and preventing direct "vendor" folder access.

tagged: application security fortrabbit webshell experience

Link: https://blog.fortrabbit.com/app-sec

Djordje Kovacevic:
PHP cloud hosting comparison (OpenShift vs Heroku vs Fortrabbit)
Jan 22, 2016 @ 11:54:01

In this post to his site Djordje Kovacevic shares the results of his evaluation of hosting providers in the platform-as-a-service arena for hosting PHP applications: OpenShift, Heroku and Fortrabbit.

I want PHP 5.6+, so I did some basic testing of those services to pick cheep and good solution to host my blog. OpenShift because I use it and it's free for 3 small gears, it was pretty good solution few years ago. Heroku because I used it for Ruby on Rails projects and they support multiple languages (even multiple build packs for one project)! I used FortRabbit too, so I decided to test theirs new apps.

For his testing he used a simple Laravel (v5.2) application with a handful of routes - something simple just to test out the setup and deployment processes. There is a "tl;dr" of the results but he also gets a bit more in-depth on what each service has to offer and some of the pros and cons of each. He also includes the results of some basic performance testing on the instances, linking to the raw output if you'd like to run your own metrics against it.

tagged: heroku openshift fortrabbit paas platformasaservice hosting provider comparison pro con benchmark

Link: http://djordjekovacevic.com/articles/php-cloud-hosting-comparison-(openshift-vs-heroku-vs-fortrabbit)

Fortrabbit.com:
Integrating Codeship with Fortrabbit
Aug 29, 2013 @ 10:30:37

On the Fortrabbit blog today they show how to integrate their service with the Codeship.io service, helping make continuous deployment simpler.

We have got a lot of requests concerning continuous integration lately. That’s why we’ve published a new general article in our docs on how to integrate CI in your fortrabbit workflow. Pieter from wercker also just published this great article on how to integrate fortrabbit with wercker. Here is another one from us on how you could something similar combining Codeship with fortrabbit.

They walk you through the full process with a freshly created Fortrabbit application so you can see how to get it set from the start. The article shows you how to set up Codeship with the repository provider and the callback for push notifications. You'll have to set up a ssh key for Codeship to be able to access the repository and a special script that happens on push to trigger the build. There's also a bit at the end about "going multistage" with a different deployment process for each branch.

tagged: codeship fortrabbit continuous deployment tutorial setup configuration

Link: http://blog.fortrabbit.com/integrating-codeship-with-fortrabbit/