• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 106
  • Last Modified:

the best way to add max execution timeout in a PHP script

I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution time
 So I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
0
freejointventure
Asked:
freejointventure
  • 4
  • 3
1 Solution
 
Ray PaseurCommented:
It may not be about the execution time.  What IP addresses are involved?
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
0
 
freejointventureAuthor Commented:
Hello and thank you for your reply, the problem is related to process.

Resource:     Process Time
Exceeded:     12645 > 1800 (seconds)
Executable:   /usr/bin/php

So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
0
 
Ray PaseurCommented:
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).  
<?php phpinfo();

Open in new window


You can adjust that value via .htaccess or php.ini.  This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
freejointventureAuthor Commented:
Ok thanks I think I need to rephrase the question, )
0
 
Ray PaseurCommented:
There's also this, settable in the PHP script itself.  It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
0
 
freejointventureAuthor Commented:
that works best, thank you.
0
 
Jason C. LevineNo oneCommented:
On the other hand, you can also just disable it completely:

https://wordpress.org/plugins/disable-xml-rpc/

Most Wordpress installs don't use it.
0
 
freejointventureAuthor Commented:
thank you this works.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now