Bad php include() results in 1000s of mysql connections/queries
|Reported by:||yinw||Owned by:|
A few hours ago, my dedicated server shut down and, after investigation, tracked the problem to a misplaced include file in Header.php
In Header.php, I added a line to do a php include of an .html file (which simply contains a snippet of ad code).
I then moved the directory the file was in to another level, and when I tried to view my site, Header.php went berserk trying to find the misplaced .html file to include.
Each time it retried [100(0)s of times, faster than the queries could be processed], it sent a mysql query until there were 100s of opened mysql sockets, and overloaded the server.
I rebooted the server, went back in [could only do that thru FTP] then fixed the new location of the .html file -- and presto, no more server problem.
I guess I could have coded this better with a check for the file existence before inclusion, but a missing file should not cause the server to crash. Maybe restrict retries to only a couple before gracefully failing?
Great product, love it, you're all doing a great job. Thanks!
Change History (3)
10 years ago
- Cc lloydomattic@… added
- Component changed from Security to General
- Priority changed from highest to normal
- Summary changed from Misplaced Include File Shuts Down Server With mysql Attacks to Bad php include() results in 1000s of mysql connections/queries