User killed the server with php-cli. Shell fork bomb protection not working?

Clouseau

Active Member
Jan 17, 2015
34
1
58
cPanel Access Level
Root Administrator
Hello, today one of my users run this:
Code:
/opt/cpanel/ea-php73/root/usr/bin/php-cgi -f test.php
and it was run over 2500 times at the same time and then the server run out of memory and started to kill mysql, bind etc. Shell fork bomb protection is enabled. Can I limit this somehow?

Code:
grep test.php ps.output |wc -l

2544
 

Clouseau

Active Member
Jan 17, 2015
34
1
58
cPanel Access Level
Root Administrator
This is what I get when I login as user account. User has jailshell enabled btw, not normal shell. Is that the cause why protection is not working?

Code:
su - user -s /bin/bash

ulimit -a
core file size          (blocks, -c) 200000
data seg size           (kbytes, -d) 200000
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 95607
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) 200000
open files                      (-n) 100
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 35
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
This is the default in server:
Code:
cat /etc/security/limits.d/20-nproc.conf
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.

*          soft    nproc     4096
root       soft    nproc     unlimited
As the user killed server with 2500 processes, I should lower the 4096 value or add new value:
Code:
useraccount soft nproc 256
 

Clouseau

Active Member
Jan 17, 2015
34
1
58
cPanel Access Level
Root Administrator
If I create script test.php with following content:
Code:
<?php echo exec('php -m'); ?>
and call it over URL http://www.domain.com/test.php it will start spawning bunch of processes and eating all the ram on the server. How is this possible? Is this a bug in suPHP module?

user 107442 21.0 0.0 389044 18264 ? S 17:53 0:00 /opt/cpanel/ea-php73/root/usr/bin/php-cgi -m
user 107459 7.0 0.0 389044 18264 ? S 17:53 0:00 /opt/cpanel/ea-php73/root/usr/bin/php-cgi -m
user 107465 3.0 0.0 389044 18268 ? S 17:53 0:00 /opt/cpanel/ea-php73/root/usr/bin/php-cgi -m
user 107476 2.0 0.0 389044 18260 ? S 17:53 0:00 /opt/cpanel/ea-php73/root/usr/bin/php-cgi -m
user 107478 3.0 0.0 389044 18264 ? S 17:53 0:00 /opt/cpanel/ea-php73/root/usr/bin/php-cgi -m
....
 

cPanelAaronH

Well-Known Member
Staff member
Dec 31, 2014
70
19
133
Houston Texas
cPanel Access Level
Root Administrator