Solved

the best way to add max execution timeout in a PHP script

Posted on 2015-01-18
8
72 Views
Last Modified: 2015-01-23
I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution time
 So I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
0
Comment
Question by:freejointventure
  • 4
  • 3
8 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40556281
It may not be about the execution time.  What IP addresses are involved?
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
0
 

Author Comment

by:freejointventure
ID: 40556309
Hello and thank you for your reply, the problem is related to process.

Resource:     Process Time
Exceeded:     12645 > 1800 (seconds)
Executable:   /usr/bin/php

So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40556336
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).  
<?php phpinfo();

Open in new window


You can adjust that value via .htaccess or php.ini.  This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30

Open in new window

0
 

Author Comment

by:freejointventure
ID: 40556382
Ok thanks I think I need to rephrase the question, )
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40556385
There's also this, settable in the PHP script itself.  It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
0
 

Accepted Solution

by:
freejointventure earned 0 total points
ID: 40556395
that works best, thank you.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40556891
On the other hand, you can also just disable it completely:

https://wordpress.org/plugins/disable-xml-rpc/

Most Wordpress installs don't use it.
0
 

Author Closing Comment

by:freejointventure
ID: 40566020
thank you this works.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to change the Default Wordpress Dashboard UI? 1 22
Hacked File Timestamps 4 49
mysqli 3 22
Why my select dropdown does not work? 8 26
In Part I (http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_8410-Getting-Started-In-WordPress-Part-I.html), I introduced you to the powerful WordPress backend, the WordPress administrative Dashboard.  In Part II, I will introduce yo…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now