[wp-trac] [WordPress Trac] #3025: Misplaced Include File Shuts Down
Server With mysql Attacks
WordPress Trac
wp-trac at lists.automattic.com
Fri Aug 11 03:08:05 GMT 2006
#3025: Misplaced Include File Shuts Down Server With mysql Attacks
----------------------+-----------------------------------------------------
Reporter: yinw | Owner: anonymous
Type: defect | Status: new
Priority: highest | Milestone:
Component: Security | Version:
Severity: blocker | Keywords:
----------------------+-----------------------------------------------------
A few hours ago, my dedicated server shut down and, after investigation,
tracked the problem to a misplaced include file in Header.php
In Header.php, I added a line to do a php include of an .html file (which
simply contains a snippet of ad code).
I then moved the directory the file was in to another level, and when I
tried to view my site, Header.php went berserk trying to find the
misplaced .html file to include.
Each time it retried [100(0)s of times, faster than the queries could be
processed], it sent a mysql query until there were 100s of opened mysql
sockets, and overloaded the server.
I rebooted the server, went back in [could only do that thru FTP] then
fixed the new location of the .html file -- and presto, no more server
problem.
I guess I could have coded this better with a check for the file existence
before inclusion, but a missing file should not cause the server to crash.
Maybe restrict retries to only a couple before gracefully failing?
Great product, love it, you're all doing a great job. Thanks!
Kind regards,
Yin
editors at photoxels.com
http://www.photoxels.com
http://www.photoxels.com/photobook [the blog that brought the server down]
--
Ticket URL: <http://trac.wordpress.org/ticket/3025>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list