Jump to content

'Unable to fork' (on unix)


l008com

Recommended Posts

I have a new problem. PHP can no longer fork out external programs 95% of the time.

 

This has been going on for the past week. You see, for the past week, I've been under a form of DoS attack on my server. Thousands of different users loading the same one page on one of my web sites, over and over. I'm averaging 200-300 page loads per second, with peaks upwards of 1200 per second. I was able to block these abusers, and now apache is sending them text only, super short 403 errors. Its working pretty good, percentage wise, my server's load is pretty low. The problem is, since this started apache can't run external programs. It least, usually it can't. Clearly these two events are related, but I don't see how. I checked and Mac OS X Server has a limit of 1000 process per user. Thats pretty high. Apache is configured to have only 450 simultaneous connection. Keepalive times out after only 2 seconds. Users 'www' should never even be able to get close to the user limit! Keep in mind that 99% of my traffic right now is abusers that are getting a short text  '403' error and nothing else. No php, no cli programs, no mysql. Sever load is 20-30% usually, when I'm not in a spike. And my load averages often hover right around 1.00 or even drop below that. I can ssh into the machine and run anything I want. I have no idea what is causing these unable to fork errors.

 

This is what I get when using exec( ) to try to display 'uptime'

 Warning: exec() [function.exec]: Unable to fork [uptime] in /Users/johnm/webfolder/webservices/uptime.php on line 1

 

This is what I get when I use backticks to run 'whois'

 Warning: shell_exec() [function.shell-exec]: Unable to execute 'whois phpfreaks.com'

 

Again I know this problem is related to all this extra load my server is under, but I don't know how, and I don't know how to fix it. My server isn't under THAT much load, there must be a misconfigured setting somewhere? Something like that?

 

 

Link to comment
Share on other sites

It could be some kind of a jail/hardened install or secure apache.

 

Apache via php etc. can be made to disallow exec() and shell_exec(). I dont let scripts run these commands. I suggest you secure the script you are allowing people to run exec() and shell_exec().

 

-steve

Link to comment
Share on other sites

It could be some kind of a jail/hardened install or secure apache.

 

Apache via php etc. can be made to disallow exec() and shell_exec(). I dont let scripts run these commands. I suggest you secure the script you are allowing people to run exec() and shell_exec().

 

-steve

 

Did you misread my question?

Link to comment
Share on other sites

Not really. I still question the need for you to use exec() and system(), especially if you are getting DOSd on them scripts.

Would: http://www.phpwhois.org/ and http://phpsysinfo.sourceforge.net/ not be more appropriate?

 

I would check php.ini for settings for system() and exec().

 

-steve

 

The scripts that I'm running system and exec on have nothing to do with the DoS. The DoS is on the home page. The exec and others are running on other pages that barely get any traffic it all. Last night I did some counting and was getting a steady 160±5 apache processes running and none of my scripts could run any external programs.

 

If you have any ideas why this is happening and how I can change my settings so php is allowed to run external programs under what really is still a relatively light load, that would be helpful. Not criticizing my code that you haven't even seen.

Link to comment
Share on other sites

Which version of PHP are you using? Apache+CLI or php-cgi? Also what version? PHP5?

 

Also - if you could output your httpd.conf or apache2.conf and php.ini here I might be able to see something amiss.

 

160 apache processes sounds quite significant to me. Is this via the "ps aux" command you are counting these?

Also - did you try calling the webpage with teh system() via localhost.

 

I.e. browsing to http://127.0.0.1/system.php on the server itself?

 

I suggest you enable server-status in httpd.conf.

 

-steve

Link to comment
Share on other sites

Which version of PHP are you using? Apache+CLI or php-cgi? Also what version? PHP5?

 

Also - if you could output your httpd.conf or apache2.conf and php.ini here I might be able to see something amiss.

 

160 apache processes sounds quite significant to me. Is this via the "ps aux" command you are counting these?

Also - did you try calling the webpage with teh system() via localhost.

 

I.e. browsing to http://127.0.0.1/system.php on the server itself?

 

I suggest you enable server-status in httpd.conf.

 

-steve

 

PHP 5.2.3

I have no php.ini file. I'm running PHP with apache. I've looked through my phpinfo() and I haven't seen anything telling at all. If there are any specific values in that or my httpd.conf, let me know which ones and I'll look them up. Server-status is enabled, and use i used ps -U www | wc -l to count the apache processes. 160 may be a lot, but according to the documentation on my OS (10.3.9 Server), the limit is 1000 processes per user and 2048 total processes. I'm nowhere near that. And apache isn't being pinched, it can spawn more of itself as needed. Only PHP is getting pinched. Looking at server-status, I see 100 requests being processes, 76 idle servers. If there is anything specific in there that would be helpful, let me know and I can give you that info too.

Link to comment
Share on other sites

l008com: if you can post the script, I can test it my side. Also, you have to have a php.ini...somewhere on your computer. Fire up a phpinfo() and it should tell you (as far as I can remember). Also - your problem is that its "intermittent" and wont work 95% of the time?

 

seaveal: I use Debian Etch (current stable release). PHP5 is the standard on Debian Etch. I suggest you "apt-get dist-upgrade" and then apt-get install php5.

 

seaveal: again, if you can post your script I can test on my debian box. I am suprised that it doesnt "fork" at all for you. Do you have "safe mode" enabled in php?

 

-steve

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.