freejointventure
asked on
the best way to add max execution timeout in a PHP script
I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution timeSo I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
ASKER
Hello and thank you for your reply, the problem is related to process.
Resource: Process Time
Exceeded: 12645 > 1800 (seconds)
Executable: /usr/bin/php
So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
Resource: Process Time
Exceeded: 12645 > 1800 (seconds)
Executable: /usr/bin/php
So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).
You can adjust that value via .htaccess or php.ini. This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
<?php phpinfo();
You can adjust that value via .htaccess or php.ini. This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30
ASKER
Ok thanks I think I need to rephrase the question, )
There's also this, settable in the PHP script itself. It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
http://php.net/manual/en/function.set-time-limit.php
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On the other hand, you can also just disable it completely:
https://wordpress.org/plugins/disable-xml-rpc/
Most Wordpress installs don't use it.
https://wordpress.org/plugins/disable-xml-rpc/
Most Wordpress installs don't use it.
ASKER
thank you this works.
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html