|
|
Posted by Sander Holthaus - Orange XL on 02/07/05 23:41
> Sander Holthaus - Orange XL wrote:
> > I'm running Apache 2.0.52 and PHP 5.03 in a jailed (Virtual Private
> > Server)
> > FreeBSD 4.10 envirorement. PHP 5.03 is running as php_mod and was
> > installed quite recently. Since then (better, since someone started
> > using it) I've been getting these errors in the httpd-error log:
> >
> > Allowed memory size of 8388608 bytes exhausted (tried to allocate 79
> > bytes)
> >
> > And this one in the php-error log:
> >
> > [06-Feb-2005 17:25:50] PHP Fatal error: Allowed memory size of
> > 8388608 bytes exhausted (tried to allocate 6587593 bytes) in
> > xxx/xxx/xxx/xxx/xxx/xxx.php on line 53
>
> Fix or disable that script.
I wish I could, but I'm not a PHP-programmer (can read it and can do some
basic programming, but I lack in-depth knowledge of PHP).
> > I also see several thousands of notices in the PHP-error log within
> > the time-frame of a single second, plus diveded by zero, etc.
>
> Are they coming from the same script?...
Those notices, yes.
> Again, fix or disable that script.
>
> > Of course, I asked the programmer to fix all of these issues.Among
> > others, there was a script that outputted a html-form with
> 2 columns,
> > 100 rows each containing select-boxes with 100 full names
> (and those
> > 100 names were the same of every column/row in that form :-|).
>
> You're simply going to have to work with that programmer to
> get them to write better code, or not work with them
> (terminate their account).
As it is a personal friend, it is an difficult situation. Getting him to
write better code isn't easy, he's mainly interested in functionality and
getting program done ASAP.
> > But the problem is not so much that someone is using broken and the
> > most inefficient scripts, but more that they are crashing
> the entire box!
>
> That's definitely not good.
Nope, and I can't figure out why. I've set the memory limits in php.ini plus
some additional things in httpd.conf (RLimitMEM, etc), but for some reason,
memory keeps getting consumed. What I find really troublesome is that it
effects both php (running as mod_php) and cgi. After some time, cgi-scripts
start failing too with:
Out of memory during "large" request for 134221824 bytes, total sbrk() is
134369280 bytes., referer: ...
Which makes no sense to me at all.
> But there is only so much you, and PHP, can do to stop a bad
> programmer from chewing up resources.
>
> > When these scripts are run, the box becomes totally unresponsive,
> > afterwards all cgi and php request to Apache fail with a
> 500 error and
> > sometimes the whole box crashes completely, apparently from memory
> > exhaustion. :-(
> >
> > It this a bug somewhere in PHP, Apache or FreeBSD?
>
> No. It's a bug in the script/program that causes the crash.
>
> > How can I protect myself against this? I can't manually check every
> > script,
>
> You can identify the culprit script, and disable it, and
> notify the client that they are violating their terms of
> service to run it again on a production server until it is debugged.
>
> Get them to install PHP on their own machine and develop on that.
They did actually, though it was a Windows box, with prety much the standard
configuration.
> > and the memory and time limits in php.ini (20s for exe, 30s
> for input
> > and 8MB for mem) don't seem effective here. What are my options to
> > make Apache
> > 2
> > and PHP 5 full proof against such scripts?
>
> NOTHING is foolproof. Ever.
>
> You can change those numbers and be more harsh, but that will
> affect ALL users, not just the one who's bringing your box down.
>
> You would be far better off, for all your clients, to deal
> directly with the client who's causing the problems.
>
> Perhaps get them in touch with a good progammer, or up-sell
> them your services in fixing their scripts or...
:-( The downside would be, IMHO, that I would need to pro-actively check
everything that is going on concerning PHP, in order to prevent any major
problems. (one and a halve month ago, some clients on an other installation
who hadn't mainted phpBB also caused me the necessary problems). Also, when
clients are non-commercial, a good programmer is out of the question (which
applies to this case too). I wonder how mass hosting companies get arround
these issue's?
Thanks for the input!
Kind Regards,
Sander Holthaus
Navigation:
[Reply to this message]
|