ID: 14707 Updated by: daniel Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Scripting Engine problem Operating System: Any OS, any PHP version PHP Version: 4.1.0 New Comment:
I forgot to /bogus Previous Comments: ------------------------------------------------------------------------ [2001-12-26 19:04:23] [EMAIL PROTECTED] well, DoS is nothing new. thanks for re-descovering it. this is not a PHP bug (same problem applies to virtually any language: C, Python, Perl ..). it's a general security issue. you might solve it by limiting the amount of connections for an IP. Kind Regards, Daniel Lorch ------------------------------------------------------------------------ [2001-12-26 19:00:58] [EMAIL PROTECTED] I discovered the bug when I tried to make a script that creates new PHP processes that runs at the same time. Save the following script in http://127.0.0.1/a.php, launch a.php and close the browser window: <?$a=fsockopen("127.0.0.1", 80,$b,$c,99);fputs($a,"GET /a.php / HTTP/1.1\r\nConnection: Keep-Alive\r\n\r\n");while(1);?> Even if you have set execution script time for only several seconds, my script will run forever and creates a huge number of instances of itself that will create more instances. Practicaly the code above is a 120 bytes php virus that can turn down a web server in minutes. The idea is that my script open a socket connection on port 80 on the web server and sends command "get file a.php" and then waits until its execution time gets end. Meanwhile, the web server tries to return a.php so it executes it first so 2 instances of a.php will exists. The new instance will open a new socket connection and so on. My script can be modified to this (a.php): <?while(1){$a=fsockopen("127.0.0.1", 80,$b,$c,99);fputs($a,"GET /a.php / HTTP/1.1\r\nConnection: Keep-Alive\r\n\r\n");}?> and then every new instance of the script will launch as many instances it can until it get ended by the maximum execution time end. To fix the bug, when a PHP script ends, naturaly or forced, like you unset all variables of the script, in the same way, you have to close all opened sockets of the script and NOT let them pending. This will only reduce the effects of the script practicaly, if I make a script that registers 100 accounts or more at www.MyCgiServer.com or at www.f2s.com and run an instance of a.php in every account, that will mean the turning down of those web servers. Conclusion: it is possible to build a php worm virus. Also it is possible to make a script that runs forever, no matter what maximum execution time is set. When running on my local Apache server, it consumes 100% of my sistem's resources and my HDD is makeing a terrible noise all time. Author and copiright of the bug: Sorin Facaoaru - [EMAIL PROTECTED], www.sorin.tv Regards. ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=14707&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
