According to this new post on DevShed, there have been several targeted attacks against U.S. bank websites (DDoS), some of which involved the compromise of PHP-based applications.

Once the hackers got into the PHP-based websites, they inserted toolkits to turn them into launch pads for their distributed denial-of-service attacks. Hackers then launched the attacks on banks by connecting directly to the compromised PHP-based websites and sending them commands, or took advantage of intermediate servers, proxies or scripts to make the websites do their bidding. InformationWeek lists three attack tools used by the hackers: KamiKaze, AMOS, and the "itsokaynoproblembro" toolkit, also known as Brobot.

Several major banks have been targeted including Bank of America, JP Morgan/Chase, HSBC and Well Fargo. The main problem was out-of-date software running on the site containing known security issues the attackers could exploit to install their own software.

If a hacker can break into a PHP-based website to use it as a staging area for an attack on a different website, they can also use that website to store stolen information. InformationWeek cited the example of the Eurograbber attack campaign, revealed earlier this month. The gang involved in that campaign stole $47 million from more than 30,000 corporate and private banking customers - and used PHP-based websites into which they hacked to store stolen information.

PHPMaster.com has a new tutorial posted sharing a few helpful hints about speeding up CakePHP-driven sites to help squeeze the most performance out of your site.

By applying a few simple modifications, and even some more complex enhancements, CakePHP can be sped up quite a bit. By the time you work your way through even half of these changes, the performance of your your CakePHP site will be comparable to many other popular PHP frameworks, with the advantage that your development speed will never falter!

There's several tips in their list - some a bit more difficult to accomplish than others, but worth the results:

• Upgrade CakePHP Versions
• Disable Debug Mode
• Disable Recursive Find Statements
• Cache Query Results
• Install Memory Based Caching
• Removing Apache and Installing Nginx
• Configure Nginx to use Memcached
• Remove MySQL and Install Percona

For more information on the CakePHP framework, see the project's main site.

In this discussion on Reddit, there's talk about the user comments feature on the PHP.net site and the value they provide to the language and community.

The question, however, has always been "how useful is this feature really and does it bring more harm than good?". It's not that easy to answer since there are so many notes submitted by a wide range of users and some will likely go unnoticed while others seem to get undue attention due to their positioning near the top of the user-notes section of a particularly trafficked page.

The poster proposes a few things that could help make them a bit more effective (and useful overall) including voting on the note contents, flagging potential issues and sorting the notes based on popularity/age. He's put together a proof of concept as seen here with some of the new features.

In this new post to his blog, Cal Evans shows developers (and non-developers) how they can set up a free WordPress blog with the help of the phpcloud.com and phpfog.com hosted services.

Everyone however, experiments. Whether it's a new theme or a new plugin, you really, really need someplace to test things. one of the worst thing you can do is what I do with this blog, just install things and play with them in production. [...] There is a solution though, actually, I'll present you with two. One for PHP developers who know what they are doing and want control, and one for regular bloggers who just want someplace to test plugins and themes before pushing them live. In both cases though, the services are free.

He gives a brief introduction to setting up and configuring each of the services - one that lets you import your own version and the other that lets you select to automagically setup a WordPress instance.

Chris Roane has a new post to his blog outlining a few different options web developers today have for creating new websites or applications - static, custom, framework-based or CMS.

Over the years I've built many different types of websites. These range from being a few pages, to being very customized with advanced features. I've learned there is no clear definition in the best way to create a website. But I do think there are advantages and disadvantages to pursuing different methods. This article takes an analytical look at each option. Let's take a closer look at the different approaches in building a website.

He includes a brief summary talking about each method and mentions things like benefits and downfalls of the approach and what can be involved in their development.

On PHPBuilder.com today there's a new post from Vojislav Janjic with three methods (sans-framework) that you can use to create a multilingual website - some a bit easier to maintain than others.

Fast internet growth has brought many opportunities in the global market. Businesses can reach their customers across many countries, and information sharing is not limited to a local area or country anymore. This is why there is an increasing tendency for multilingual websites. By having a website in multiple languages, you can target local markets more easily. Also, it is more convenient to use a website in your native language.

His three methods are all relatively simple, but they all have their good and bad points - making separate HTML/views for each language, creating XML files with different versions of the content or storing the translations in a MySQL database. He gives quick code snippets showing how to implement each of them, some basing the language on a cookie value, others on a GET variable passed to the page.

From Tutorialzine.com today, they've posted the first part of a series looking at the construction of a full mobile website using PHP, MySQL and jQuery mobile.

In this two-part tutorial, we will be building a simple website with PHP and MySQL, using the Model-View-Controller (MVC) pattern. Finally, with the help of the jQuery Mobile framework, we will turn it into a touch-friendly mobile website, that works on any device and screen size. In this first part, we concentrate on the backend, discussing the database and MVC organization. Next time, we will be writing the views and integrating jQuery Mobile.

Their simple application lets you browse products in a storefront with products and their categories. They don't use any particular framework and instead opt for a "include all" approach in their example. This makes it simpler to bootstrap, but shouldn't be used in a production-ready version of the application. There's simple frameworks (like CodeIgniter out there that can help take it to the next level without much more complexity). You can see a demo of it in action or just download the source to get started hacking.

If you haven't seen it yet, there's a post over on StackOverflow that's been growing over the past few days about form-based authentication in websites. The author wants to make a definitive resource for people to use when making good, secure user authentication systems.

Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment.

They want to include topics like logins, storing passwords, "forgot password" security, OpenID, browser autocompletion, password strength, email validation and more. They already laid out eight different sections with summaries including:

• How To Remain Logged In - The Infamous "Remember Me" Checkbox
• Using Secret Questions
• Checking Password Strength
• Much More - Or: Preventing Rapid-Fire Login Attempts
• Two-Factor Authentication and Authentication Providers

There's some good feedback from other users with other suggestions and links to external resources that could shed some more light on the topic.

Sasa Stamenkovic has a quick post to his blog talking about a switch he made away from the Zend Framework over to Silex for a simple portfolio site.

Last week I needed a small website. I wanted it to be quick and dirty. Well, blazing fast and not so dirty. I heard best about Silex, so I gave it a shot. It was more then good experience. It worked like a charm, it was fun to use and site was completed in one day.

He includes two code snippets - one is the basic "hello world" example that most Silex tutorials reference and the other is more specific to his site. It defines the routes and the (Twig) templates they relate to. A few submodules helped him get this and other functionality working (like the Forms component and Swiftmailer for a contact form). You can find the full source for the site over on github.

In a new post Justin Carmony looks at what it means to me a "middle-scale website" and has some recommendations for anyone working with their applications and considering things like scalability, overcompensation and finding real results through profiling.

Hopefully at some point, your website is going to get a lot of traffic. Yay, you've reached your goal of getting good traffic, but it is soon followed by issues with performance and load. I like to call these the growing pains of a website. So as a web developer, I suddenly have the epiphany of "Hey, I need to scale my website!" What follows next is the biggest mistake a web developer can make: They start looking at articles on how Google scales, or maybe how Facebook manages all of their traffic. This is a mistake! To be brutally honest, you are not Google. You are not Facebook. You are not Twitter. You are a website that receives less than 0.000001% of the traffic that some of the major websites receive.

He includes a "reality check" of the setup behind a popular social site, StackExchange, with comments from their own post about their infrastructure. He talks about things included in a move to "middle-scale" like adding caching, performance tweaking, moving to a multiple server model and using replication.