Solved

the best way to add max execution timeout in a PHP script

Posted on 2015-01-18
8
76 Views
Last Modified: 2015-01-23
I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution time
 So I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
0
Comment
Question by:freejointventure
  • 4
  • 3
8 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40556281
It may not be about the execution time.  What IP addresses are involved?
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
0
 

Author Comment

by:freejointventure
ID: 40556309
Hello and thank you for your reply, the problem is related to process.

Resource:     Process Time
Exceeded:     12645 > 1800 (seconds)
Executable:   /usr/bin/php

So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40556336
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).  
<?php phpinfo();

Open in new window


You can adjust that value via .htaccess or php.ini.  This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30

Open in new window

0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:freejointventure
ID: 40556382
Ok thanks I think I need to rephrase the question, )
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40556385
There's also this, settable in the PHP script itself.  It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
0
 

Accepted Solution

by:
freejointventure earned 0 total points
ID: 40556395
that works best, thank you.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40556891
On the other hand, you can also just disable it completely:

https://wordpress.org/plugins/disable-xml-rpc/

Most Wordpress installs don't use it.
0
 

Author Closing Comment

by:freejointventure
ID: 40566020
thank you this works.
0

Featured Post

ScreenConnect 6.0 Free Trial

Check out the updates in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI that improves session organization and overall user experience. See the enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question