> Sander Holthaus - Orange XL wrote: > > I'm running Apache 2.0.52 and PHP 5.03 in a jailed (Virtual Private > > Server) > > FreeBSD 4.10 envirorement. PHP 5.03 is running as php_mod and was > > installed quite recently. Since then (better, since someone started > > using it) I've been getting these errors in the httpd-error log: > > > > Allowed memory size of 8388608 bytes exhausted (tried to allocate 79 > > bytes) > > > > And this one in the php-error log: > > > > [06-Feb-2005 17:25:50] PHP Fatal error: Allowed memory size of > > 8388608 bytes exhausted (tried to allocate 6587593 bytes) in > > xxx/xxx/xxx/xxx/xxx/xxx.php on line 53 > > Fix or disable that script. I wish I could, but I'm not a PHP-programmer (can read it and can do some basic programming, but I lack in-depth knowledge of PHP). > > I also see several thousands of notices in the PHP-error log within > > the time-frame of a single second, plus diveded by zero, etc. > > Are they coming from the same script?... Those notices, yes. > Again, fix or disable that script. > > > Of course, I asked the programmer to fix all of these issues.Among > > others, there was a script that outputted a html-form with > 2 columns, > > 100 rows each containing select-boxes with 100 full names > (and those > > 100 names were the same of every column/row in that form :-|). > > You're simply going to have to work with that programmer to > get them to write better code, or not work with them > (terminate their account). As it is a personal friend, it is an difficult situation. Getting him to write better code isn't easy, he's mainly interested in functionality and getting program done ASAP. > > But the problem is not so much that someone is using broken and the > > most inefficient scripts, but more that they are crashing > the entire box! > > That's definitely not good. Nope, and I can't figure out why. I've set the memory limits in php.ini plus some additional things in httpd.conf (RLimitMEM, etc), but for some reason, memory keeps getting consumed. What I find really troublesome is that it effects both php (running as mod_php) and cgi. After some time, cgi-scripts start failing too with: Out of memory during "large" request for 134221824 bytes, total sbrk() is 134369280 bytes., referer: ... Which makes no sense to me at all. > But there is only so much you, and PHP, can do to stop a bad > programmer from chewing up resources. > > > When these scripts are run, the box becomes totally unresponsive, > > afterwards all cgi and php request to Apache fail with a > 500 error and > > sometimes the whole box crashes completely, apparently from memory > > exhaustion. :-( > > > > It this a bug somewhere in PHP, Apache or FreeBSD? > > No. It's a bug in the script/program that causes the crash. > > > How can I protect myself against this? I can't manually check every > > script, > > You can identify the culprit script, and disable it, and > notify the client that they are violating their terms of > service to run it again on a production server until it is debugged. > > Get them to install PHP on their own machine and develop on that. They did actually, though it was a Windows box, with prety much the standard configuration. > > and the memory and time limits in php.ini (20s for exe, 30s > for input > > and 8MB for mem) don't seem effective here. What are my options to > > make Apache > > 2 > > and PHP 5 full proof against such scripts? > > NOTHING is foolproof. Ever. > > You can change those numbers and be more harsh, but that will > affect ALL users, not just the one who's bringing your box down. > > You would be far better off, for all your clients, to deal > directly with the client who's causing the problems. > > Perhaps get them in touch with a good progammer, or up-sell > them your services in fixing their scripts or... :-( The downside would be, IMHO, that I would need to pro-actively check everything that is going on concerning PHP, in order to prevent any major problems. (one and a halve month ago, some clients on an other installation who hadn't mainted phpBB also caused me the necessary problems). Also, when clients are non-commercial, a good programmer is out of the question (which applies to this case too). I wonder how mass hosting companies get arround these issue's? Thanks for the input! Kind Regards, Sander Holthaus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
