• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 113
  • Last Modified:

the best way to add max execution timeout in a PHP script

I have a file that keeps getting abused xmlrpc.php which creates a memory hang, because there is no logical time out in the script, this is what my server says is the issue,
The PHP max_execution_time never actually gets called because time spent waiting doesn't count against execution time
 So I am looking at a solution of what would be the best method of hard coding a max execution time in the script, with the idea of limiting abuse.
0
freejointventure
Asked:
freejointventure
  • 4
  • 3
1 Solution
 
Ray PaseurCommented:
It may not be about the execution time.  What IP addresses are involved?
http://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html
0
 
freejointventureAuthor Commented:
Hello and thank you for your reply, the problem is related to process.

Resource:     Process Time
Exceeded:     12645 > 1800 (seconds)
Executable:   /usr/bin/php

So the abusers, target that file, because it can generate an event that consumes memory, so to fix that problem you would need to use CLI to kill the process, I am hoping to avoid the necessity to kill processes, I can ban IPs all day, its the execution issue that I am most concerned about.
0
 
Ray PaseurCommented:
Run this script, shown here in its entirety, and look in the output for max_execution_time (shown in seconds).  
<?php phpinfo();

Open in new window


You can adjust that value via .htaccess or php.ini.  This is the statement I use in my php.ini to limit executing scripts to 30 seconds.
max_execution_time = 30

Open in new window

0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
freejointventureAuthor Commented:
Ok thanks I think I need to rephrase the question, )
0
 
Ray PaseurCommented:
There's also this, settable in the PHP script itself.  It will override the global settings:
http://php.net/manual/en/function.set-time-limit.php
0
 
freejointventureAuthor Commented:
that works best, thank you.
0
 
Jason C. LevineNo oneCommented:
On the other hand, you can also just disable it completely:

https://wordpress.org/plugins/disable-xml-rpc/

Most Wordpress installs don't use it.
0
 
freejointventureAuthor Commented:
thank you this works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now