Solved

the best way to add max execution timeout in a PHP script

Posted on 2015-01-18
8
87 Views
Last Modified: 2015-01-23
I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution time
 So I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
0
Comment
Question by:freejointventure
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40556281
It may not be about the execution time.  What IP addresses are involved?
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
0
 

Author Comment

by:freejointventure
ID: 40556309
Hello and thank you for your reply, the problem is related to process.

Resource:     Process Time
Exceeded:     12645 > 1800 (seconds)
Executable:   /usr/bin/php

So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40556336
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).  
<?php phpinfo();

Open in new window


You can adjust that value via .htaccess or php.ini.  This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30

Open in new window

0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 

Author Comment

by:freejointventure
ID: 40556382
Ok thanks I think I need to rephrase the question, )
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 40556385
There's also this, settable in the PHP script itself.  It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
0
 

Accepted Solution

by:
freejointventure earned 0 total points
ID: 40556395
that works best, thank you.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 40556891
On the other hand, you can also just disable it completely:

https://wordpress.org/plugins/disable-xml-rpc/

Most Wordpress installs don't use it.
0
 

Author Closing Comment

by:freejointventure
ID: 40566020
thank you this works.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
This article discusses how to create an extensible mechanism for linked drop downs.
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question