RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
:-( The downside would be, IMHO, that I would need to pro-actively check everything that is going on concerning PHP, in order to prevent any major problems. (one and a halve month ago, some clients on an other installation who hadn't mainted phpBB also caused me the necessary problems). Also, when clients are non-commercial, a good programmer is out of the question (which applies to this case too). I wonder how mass hosting companies get arround these issue's? To add to this -- I suspect some good hosts actively check the directories of their clients, and search for known security flawed software, such as specific versions of phpBB and formmail.pl and so on. I could write a PERL-script for that :-) For wide-used scripts (such as PHPBB) automation would be a doable and good sollution, but for custom scripts, it will be quite a challenge. When you find a client running known security flawed software, you deal with them, quickly and politely, but with clear cut no nonsense requirements: Upgrade it now or lose the account. That would be the right thing indeed. Though I do find that many times, people either have severe technical difficulty upgrading (usually installing was already quite a tough cookie for them, being used to the more point and click of Windows). Or perhaps just to the fear of it. It always comes down to a lack of knowledge and understanding from the user. Educating users in this regard is not easy. Non-profits can always find a free programmer or a donor to hire the programmer or... There are even organizations that exist solely to provide services like this to non-profits. One small one I know of run by guys in Chicago is here: http://npotechs.org/ I'm sure that there are others. Thanks! That looks like a very nice addition to my to-do and to-look-at bookmark list :-) Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
Sander Holthaus - Orange XL wrote: Sander Holthaus - Orange XL wrote: ... Fix or disable that script. I wish I could, but I'm not a PHP-programmer (can read it and can do some basic programming, but I lack in-depth knowledge of PHP). well disabling it is fairly easy ;-) rm -f ./xxx.php chown chmod would be less invasive :-) a script that functions is a one that doesn't crash the box. quick'n'dirty or inefficient scripts don't have to cause problems per se, his script is just plain borked. if you need to ensure the box is running then you _can't_ let him run it till its fixed, friend or not. besides if it is a friend then presumably you are offering space/resources for free - under such circumstances your interest in keeping the machine up precludes his interest in functionality and ASAP programming - and would be understanding of your interests (just as you seem to be of his ;-). no? Indeed. :-( The downside would be, IMHO, that I would need to pro-actively check everything that is going on concerning PHP, in order to prevent any major problems. (one and a halve month ago, some clients on an other installation who hadn't mainted phpBB also caused me the necessary problems). Also, when clients are non-commercial, a good programmer is out of the question (which applies to this case too). I wonder how mass hosting companies get arround these issue's? by not garanteeing full uptime ;-) and having lots of machine across which to spread the risk etc. That makes sense :-/ Must be quite frustrating from times to times being a sysadmin at such a company. Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
I'm running Apache 2.0.52 and PHP 5.03 in a jailed (Virtual Private Server) FreeBSD 4.10 envirorement. PHP 5.03 is running as php_mod and was installed quite recently. Since then (better, since someone started using it) I've been getting these errors in the httpd-error log: Allowed memory size of 8388608 bytes exhausted (tried to allocate 79 bytes) And this one in the php-error log: [06-Feb-2005 17:25:50] PHP Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 6587593 bytes) in xxx/xxx/xxx/xxx/xxx/xxx.php on line 53 I also see several thousands of notices in the PHP-error log within the time-frame of a single second, plus diveded by zero, etc. Of course, I asked the programmer to fix all of these issues.Among others, there was a script that outputted a html-form with 2 columns, 100 rows each containing select-boxes with 100 full names (and those 100 names were the same of every column/row in that form :-|). But the problem is not so much that someone is using broken and the most inefficient scripts, but more that they are crashing the entire box! When these scripts are run, the box becomes totally unresponsive, afterwards all cgi and php request to Apache fail with a 500 error and sometimes the whole box crashes completely, apparently from memory exhaustion. :-( It this a bug somewhere in PHP, Apache or FreeBSD? How can I protect myself against this? I can't manually check every script, and the memory and time limits in php.ini (20s for exe, 30s for input and 8MB for mem) don't seem effective here. What are my options to make Apache 2 and PHP 5 full proof against such scripts? Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Apache 2.0.52, PHP 5.03, FreeBSD 4.10 memory problems
Sander Holthaus - Orange XL wrote: I'm running Apache 2.0.52 and PHP 5.03 in a jailed (Virtual Private Server) FreeBSD 4.10 envirorement. PHP 5.03 is running as php_mod and was installed quite recently. Since then (better, since someone started using it) I've been getting these errors in the httpd-error log: Allowed memory size of 8388608 bytes exhausted (tried to allocate 79 bytes) And this one in the php-error log: [06-Feb-2005 17:25:50] PHP Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to allocate 6587593 bytes) in xxx/xxx/xxx/xxx/xxx/xxx.php on line 53 Fix or disable that script. I wish I could, but I'm not a PHP-programmer (can read it and can do some basic programming, but I lack in-depth knowledge of PHP). I also see several thousands of notices in the PHP-error log within the time-frame of a single second, plus diveded by zero, etc. Are they coming from the same script?... Those notices, yes. Again, fix or disable that script. Of course, I asked the programmer to fix all of these issues.Among others, there was a script that outputted a html-form with 2 columns, 100 rows each containing select-boxes with 100 full names (and those 100 names were the same of every column/row in that form :-|). You're simply going to have to work with that programmer to get them to write better code, or not work with them (terminate their account). As it is a personal friend, it is an difficult situation. Getting him to write better code isn't easy, he's mainly interested in functionality and getting program done ASAP. But the problem is not so much that someone is using broken and the most inefficient scripts, but more that they are crashing the entire box! That's definitely not good. Nope, and I can't figure out why. I've set the memory limits in php.ini plus some additional things in httpd.conf (RLimitMEM, etc), but for some reason, memory keeps getting consumed. What I find really troublesome is that it effects both php (running as mod_php) and cgi. After some time, cgi-scripts start failing too with: Out of memory during large request for 134221824 bytes, total sbrk() is 134369280 bytes., referer: ... Which makes no sense to me at all. But there is only so much you, and PHP, can do to stop a bad programmer from chewing up resources. When these scripts are run, the box becomes totally unresponsive, afterwards all cgi and php request to Apache fail with a 500 error and sometimes the whole box crashes completely, apparently from memory exhaustion. :-( It this a bug somewhere in PHP, Apache or FreeBSD? No. It's a bug in the script/program that causes the crash. How can I protect myself against this? I can't manually check every script, You can identify the culprit script, and disable it, and notify the client that they are violating their terms of service to run it again on a production server until it is debugged. Get them to install PHP on their own machine and develop on that. They did actually, though it was a Windows box, with prety much the standard configuration. and the memory and time limits in php.ini (20s for exe, 30s for input and 8MB for mem) don't seem effective here. What are my options to make Apache 2 and PHP 5 full proof against such scripts? NOTHING is foolproof. Ever. You can change those numbers and be more harsh, but that will affect ALL users, not just the one who's bringing your box down. You would be far better off, for all your clients, to deal directly with the client who's causing the problems. Perhaps get them in touch with a good progammer, or up-sell them your services in fixing their scripts or... :-( The downside would be, IMHO, that I would need to pro-actively check everything that is going on concerning PHP, in order to prevent any major problems. (one and a halve month ago, some clients on an other installation who hadn't mainted phpBB also caused me the necessary problems). Also, when clients are non-commercial, a good programmer is out of the question (which applies to this case too). I wonder how mass hosting companies get arround these issue's? Thanks for the input! Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
