The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to crash Cpanel server in 10 seconds

Discussion in 'General Discussion' started by pixel, Sep 17, 2004.

Thread Status:
Not open for further replies.
  1. pixel

    pixel Member

    Joined:
    May 30, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Hello all,

    Yesterday we have a Cpanel server crashed and after a little bit work we fund the problem.

    A single user as created a bogus CGI script and the server as no limitation for CGI script (no ram limit and no cpu limit no time limit)
    The result is wery quick, the server crash in 10 secondes !!!! :mad:

    I don't know is my setup is wrong but all our Cpanel servers are vulnerable to this feature.

    Is there a way to limit CGI memory / time usage ?


    Below a sample cgi-script to test this feature:

    #!/usr/bin/perl

    $a = 'asdfkjalskdjfalskdjfasltdfk';
    while (1) {
    $a .= $a;
    }
     
  2. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
  3. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    this is the author link

    http://www.rfxnetworks.com/prm.php

    however prm runs a cronjob every 5 minutes , so if the script above crash the server in 10 seconds ... prm could not be useful ... I think/suppose :p

    Alternatives to prm ?
     
  4. pixel

    pixel Member

    Joined:
    May 30, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Solution ?

    We have add ulimit in the startup script of apache like this:

    #!/bin/sh
    #
    # Startup script for the Apache Web Server
    #
    # chkconfig: - 85 15
    # description: Apache is a World Wide Web server. It is used to serve
    # HTML files and CGI.
    # processname: httpd
    # pidfile: /usr/local/apache/logs/httpd.pid
    # config: /usr/local/apache/conf/httpd.conf

    ulimit -n 1024
    ulimit -n 4096
    ulimit -n 8192
    ulimit -n 16384

    ulimit -m 128000 -l 128000 -d 128000 -v 128000
    ...


    This solve the problem but I don't know if this solution is good
     
  5. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    can you expain how work exactly (manual is not so clear to me)


    ulimit -m 128000 -l 128000 -d 128000 -v 128000


    Thanks

    PHP:
        ulimit [-SHacdflmnpstuv [limit]]
                  
    Provides  control  over the resources available to the shell and
                  
    to processes started by iton systems that allow such  control.
                  
    The -and -S options specify that the hard or soft limit is set
                  
    for the given resource.  A hard limit cannot be  increased  once
                  it  is set
    a soft limit may be increased up to the value of the
                  hard limit
    .  If neither -H nor -S is specified,  both  the  soft
                  
    and  hard limits are set.  The value of limit can be a number in
                  the unit specified 
    for the resource or one of the special values
                  hard
    ,  soft,  or  unlimited,  which  stand  for the current hard
                  limit
    the current soft limit, and no limit,  respectively.   If
                  
    limit  is  omitted,  the  current value of the soft limit of the
                  resource is printed
    unless the -H option is given.   When  more
                  than  one  resource  is  specified
    ,  the limit name and unit are
                  printed before the value
    .  Other options are interpreted as fol-
                  
    lows:
                  -
    a     All current limits are reported
                  
    -c     The maximum size of core files created
                  
    -d     The maximum size of a process's data segment
                  -f     The maximum size of files created by the shell
                  -l     The maximum size that may be locked into memory
                  -m     The maximum resident set size
                  -n     The maximum number of open file descriptors (most systems
                         do not allow this value to be set)
                  -p     The pipe size in 512-byte blocks (this may not be set)
                  -s     The maximum stack size
                  -t     The maximum amount of cpu time in seconds
                  -u     The maximum number of processes  available  to  a  single
                         user
                  -v     The  maximum  amount  of  virtual memory available to the
                         shell

                  If limit is given, it is the new value of the specified resource
                  (the -a option is display only).  If no option is given, then -f
                  is assumed.  Values are in 1024-byte increments, except for  -t,
                  which  is  in seconds, -p, which is in units of 512-byte blocks,
                  and -n and -u, which are unscaled values.  The return status  is
                  0  unless an invalid option or argument is supplied, or an error
                  occurs while setting a new limit.
     
    #5 Radio_Head, Sep 17, 2004
    Last edited: Sep 17, 2004
  6. pixel

    pixel Member

    Joined:
    May 30, 2002
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    ulimit -m 128000 -l 128000 -d 128000 -v 128000

    The result of this limit is:

    when a single process of httpd use more than 128Mb of ram, it is killed automaticaly.
    Each individual process of apache can grow up to 128Mb of ram.

    I'm not an expert of the ulimit function but it work only if I put the "-v" (virtual memory)
     
  7. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38

    thank you , clear .
     
  8. konrath

    konrath Well-Known Member

    Joined:
    May 3, 2005
    Messages:
    367
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brasil


    pico /etc/rc.d/init.d/httpd

    Thank you !
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Do not dig up 2 year old threads for this, please.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page