Stop PHP-CGI Process Flooding

If you are like me, security is a very important item on your list. Having a web server is like owning a house, you have to keep it clean and safe; so you must keep an eye on it.

Once you notice your site is slowing down or becoming unresponsive, you better check what is going on with your server’s processes. Sometimes PHP-CGI processes remain open, this may be due to bugs in applications or hacking attempts; when this happens processes become orphan and keep draining server’s resources until it becomes unresponsive.

PHP-CGI Processes

There are ways to mitigate the impact stress tests or attacks have on web servers[1], however, there are times when we do not have permissions to tweak configuration files. If this is your case, then you may find this trick useful to stop PHP-CGI process flooding.

PHP-CGI Watcher

#!/bin/bash # # @author Jose SAYAGO # @uri http://josesayago.com/blog/ # # Process to monitor how many PHP-CGI processes are running, and kill them # if they exceed the limit # # Set the maximum number of CGI Processes allowed MAX_CGI=25; # Date we will use in our logs DATE=$(date); # Count CGI Processes COUNT_CGI=$(ps -ef | grep /usr/bin/php-cgi | grep -v grep | wc -l); # Exceeded our limit? if [[ $COUNT_CGI -gt $MAX_CGI ]] ; then # Log this echo $DATE 'Killing PHP-CGI, ' $COUNT_CGI ' processes found. ' $MAX_CGI ' allowed.' >> /var/log/phpcgi-watcher.log ; # Kill PHP-CGI pkill -KILL php-cgi ; else # Limit not reached echo $DATE 'System OK, there are currently ' $COUNT_CGI ' cgi processes running. ' $MAX_CGI ' allowed.' >> /var/log/phpcgi-watcher.log ; fi

Create a Cronjob to run this script every minute:

# Create a Cronjob ~ $ crontab -e # Cron Editor # Run every minute * * * * * /path/to/phpcgi-watcher.sh # Clean up logfile every hour (optional) */60 * * * * echo '' > /var/log/phpcgi-watcher.log :wq # Check the cronjob was successfuly created ~ $ crontab -l # Output * * * * * /path/to/phpcgi-watcher.sh */60 * * * * echo '' > /var/log/phpcgi-watcher.log

This little script has helped restore an unresponsive server flooded with PHP-CGI orphan processes without the need for a restart.

[1] PHPStress: DOS for Apache / NGINX w/ PHP-FPM or PHP-CGI

LinkedIn & The 6.2 Million Password Hashes Stolen

Maybe you have already read about the russian guy who hacked LinkedIn and stole almost 6.2 million (6.143.150) password hashes, if you are a LinkedIn user and haven't changed your password yet what are you waiting for? In a post written by Vicente Silveira Director at LinkedIn in their official blog, they confirm the ...

WordPress Developers watch out for Phishing

This is a serious issue because it can affect a lot of users indirectly, imagine for a moment that someone got access to your repository, make some changes and all the users who have downloaded your plugin receive an update notification, after the update they can't access anymore to their blogs and all their user ...

Installing Ruby on Rails on Linux

If you are trying to install Ruby on Rails it's because you already heard about it, otherwise I invite you to read the article Ruby on Rails on Wikipedia. In short, Ruby on Rails often shortened to RoR is an open source MVC (Model, View, Controller) framework for the Ruby programming language.

The post Stop PHP-CGI Process Flooding appeared first on 8ª Elite.

Related Articles

Latest Images

Trending Articles

Latest Images