> I have found something interesting that can kill the server. 
> I'm not sure if this is because of Apache or PHP. If you use 
> PHP to send a header() inside of a while loop, the httpd 
> process will begin to use massive CPU and Memory until it is 
> killed, or the server is killed. Here is what I used:
> <?
>   while(0<1) {
>     header("A");
>   }
> ?>

Umm, but, this is an infinite loop. It won't stop executing.

Actually, it *should* stop executing once PHP hits its maximum
execution time limit (usually 30 seconds).

If you code something like this into pages, you've got bigger
problems than a DoS attack.

It's also not strictly a DoS since you'd be doing it to yourself
if you ran this code. Of course, if you're silly enough to let
visitors to your website upload and execute arbitrary code then
there are, again, bigger problems (such as possibly comprimising
root access, fetching /etc/passwd and guessing passwords, or 
getting access to other sensitive information on your file 

Unless there's something specifically bad about the Header()
command (you didn't make it clear if this is what you were
talking about), inifinite loops are, in general, bad.


Jason Murray
Web Developer, Melbourne IT
"Work now, freak later!"

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to