Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 02:37 am EST
Geeklog Forums
Segmentation fault in Geeklog 1.4.1/1.5.2
Status: offline
joelbarrios
Forum User
Junior
Registered: 05/03/04
Posts: 23
Location:Mexico
Hello.
I have been using Geeklog since 1.3.x and this is the first time I have a critical issue.
The last two weeks I have been dealing with several segmentation faults in Apache, only with Geeklog (originally with 1.4.1, upgraded yesterday to 1.5.2). Sample:
[Sat Feb 21 20:17:48 2009] [notice] child pid 4225 exit signal Segmentation fault (11)
[Sat Feb 21 20:34:02 2009] [notice] child pid 4795 exit signal Segmentation fault (11)
[Sat Feb 21 20:57:50 2009] [notice] child pid 2993 exit signal Segmentation fault (11)
[Sat Feb 21 21:01:26 2009] [notice] child pid 27385 exit signal Segmentation fault (11)
Debug mode of apache did not show anything else relevant.
This started a week ago, leaving the website unavailable from a few minutes to 3 hours. Since then I have been doing very frequent database backups.
System is CentOS 4.5, using the following versions of PHP, MySQL and Apache.
php-pgsql-4.3.9-3.22.12
php-domxml-4.3.9-3.22.12
php-ncurses-4.3.9-3.22.12
php-mmcache-4.3.9_2.4.6-4.9.el4.lpt
php-xmlrpc-4.3.9-3.22.12
php-odbc-4.3.9-3.22.12
php-imap-4.3.9-3.22.12
php-pear-4.3.9-3.22.12
php-ldap-4.3.9-3.22.12
php-mysql-4.3.9-3.22.12
php-mbstring-4.3.9-3.22.12
php-gd-4.3.9-3.22.12
php-4.3.9-3.22.12
mysql-4.1.20-2.RHEL4.1
httpd-2.0.52-41.ent.2.centos4
Installed plugins for Geeklog 1.5.2:
calendar 1.0.3
captcha 3.1.0
dokuwiki 1.4.1 (I'll update this next week)
filemgmt 1.5.3
forum 2.7.2
links 2.0.1
mediagallery 1.6.1
polls 2.0.2
spamx 1.1.2 (DISABLED, I don't need it)
staticpages 1.5.1
Last Segmentation fault ocurred on Sat Feb 21 21:01:26 2009, and fortunately only lasted 3 minutes.
I have another virtual server for testing, and several other PHP/MySQL aplications in other directories, and all of them worked perfectly at the same time the main website made Segfaulted its child process. Only the main website with Geeklog 1.5.2 segfaulted. So, I *might* discard troubles with hardware or something related to PHP/MySQL/Apache vesions.
Initially, the website was runing Geeklog 1.4.1, and I upgraded to 1.5.2 thinking it could be a security issue related to 1.4.1.
No relevant data in Geeklog access.log and error.log logfiles for Sat Feb 21 21:01:26 2009 . Most recent record in access.log was a download half an hour earlier:
Apache access_log logfile shows the following records within Sat Feb 21 21:01:00 and 21:01:59. http://www.alcancelibre.org/reporte_access_log.txt
No relevant records in mysqld.log at the time of the issue. This is the most recent output:
090219 15:32:47 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
090219 15:32:49 InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 1 2582055040.
InnoDB: Doing recovery: scanned up to log sequence number 1 2582055040
090219 15:32:50 InnoDB: Flushing modified pages from the buffer pool...
090219 15:32:50 InnoDB: Started; log sequence number 1 2582055040
/usr/libexec/mysqld: ready for connections.
Version: '4.1.20' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution
Records do not seem to be related to may Geeklog Database. I had no issue at 15:32:49-15:32:50 in the Geeklog website. But I can't dicard it.
For testing, I made a back up of the database of the website at the moment of the issue, and used it with a fresh Geeklog 1.5.2 in another virtualhost. This virtual host worked Ok before using the database from affected main website. Testing website segfaulted using this database backup, and restablished using a previous backup.
PHP configuration for the mail virtualhost is default from php.ini from CentOS 4.5, whith the following settings for Geeklog directory:
php_flag log_errors On
php_flag file_uploads On
php_value display_errors Off
php_value upload_max_filesize 6M
php_value memory_limit 48M
Display_errors On and combinations of error_reporting did not give anything useful.
Top files by hits this month, acording to webalizer, are the following:
1 173511 4.72% 2765184 4.36% /backend/
2 31197 0.85% 1405002 2.22% /staticpages/
3 30346 0.83% 57659 0.09% /al/el/5/repodata/repomd.xml
4 24809 0.68% 2345090 3.70% /
5 17549 0.48% 16283 0.03% /al/server/5/repodata/repomd.xml
6 14512 0.40% 440354 0.69% /forum/memberlist.php
7 13541 0.37% 875719 1.38% /forum/viewtopic.php
8 10432 0.28% 316388 0.50% /backend/atom.xml
9 10361 0.28% 334313 0.53% /article.php/20080421172511654
10 8496 0.23% 227582 0.36% /users.php
11 6063 0.17% 5621 0.01% /al/server/4/repodata/repomd.xml
12 5984 0.16% 209377 0.33% /article.php
13 5772 0.16% 230944 0.36% /search.php
14 5093 0.14% 161698 0.26% /forum/createtopic.php
15 4889 0.13% 302363 0.48% /forum/
Top files by kilobytes this month, acording to webalizer, are the following:
2 982 0.03% 2631414 4.15% /filemgmt_data/files/Implementacion_Servidores_Linux-OCTUBRE-2008.pdf.tar.bz2
3 24809 0.68% 2345090 3.70% /
4 31197 0.85% 1405002 2.22% /staticpages/
5 13541 0.37% 875719 1.38% /forum/viewtopic.php
6 14512 0.40% 440354 0.69% /forum/memberlist.php
7 10361 0.28% 334313 0.53% /article.php/20080421172511654
8 10432 0.28% 316388 0.50% /backend/atom.xml
9 4889 0.13% 302363 0.48% /forum/
10 211 0.01% 299734 0.47% /al/el/5/repodata/primary.sqlite.bz2
11 211 0.01% 288034 0.45% /filemgmt_data/files/linwin.pdf
12 914 0.02% 271524 0.43% /al/el/5/RPMS.al/
13 5772 0.16% 230944 0.36% /search.php
14 8496 0.23% 227582 0.36% /users.php
15 5984 0.16% 209377 0.33% /article.php
Website gets an averange of 300,000 visits per month. Don't know any other Geeklog website with this rate of traffic to ask/compare with an admin for similar issues.
I suspect SQL injection attack, probably related to session table or something else with data that expires within the database. Website works again after a few minutes, or a couple of hours, without anything done at all. The other possibility I suspect is an issue related with a particular Geeklog table.
Any help/suggestion is welcome to make a deeper diagnose.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
I have been using Geeklog since 1.3.x and this is the first time I have a critical issue.
The last two weeks I have been dealing with several segmentation faults in Apache, only with Geeklog (originally with 1.4.1, upgraded yesterday to 1.5.2). Sample:
Text Formatted Code
[Sat Feb 21 20:15:21 2009] [notice] child pid 5008 exit signal Segmentation fault (11)[Sat Feb 21 20:17:48 2009] [notice] child pid 4225 exit signal Segmentation fault (11)
[Sat Feb 21 20:34:02 2009] [notice] child pid 4795 exit signal Segmentation fault (11)
[Sat Feb 21 20:57:50 2009] [notice] child pid 2993 exit signal Segmentation fault (11)
[Sat Feb 21 21:01:26 2009] [notice] child pid 27385 exit signal Segmentation fault (11)
Debug mode of apache did not show anything else relevant.
This started a week ago, leaving the website unavailable from a few minutes to 3 hours. Since then I have been doing very frequent database backups.
System is CentOS 4.5, using the following versions of PHP, MySQL and Apache.
php-pgsql-4.3.9-3.22.12
php-domxml-4.3.9-3.22.12
php-ncurses-4.3.9-3.22.12
php-mmcache-4.3.9_2.4.6-4.9.el4.lpt
php-xmlrpc-4.3.9-3.22.12
php-odbc-4.3.9-3.22.12
php-imap-4.3.9-3.22.12
php-pear-4.3.9-3.22.12
php-ldap-4.3.9-3.22.12
php-mysql-4.3.9-3.22.12
php-mbstring-4.3.9-3.22.12
php-gd-4.3.9-3.22.12
php-4.3.9-3.22.12
mysql-4.1.20-2.RHEL4.1
httpd-2.0.52-41.ent.2.centos4
Installed plugins for Geeklog 1.5.2:
Text Formatted Code
calendar 1.0.3
captcha 3.1.0
dokuwiki 1.4.1 (I'll update this next week)
filemgmt 1.5.3
forum 2.7.2
links 2.0.1
mediagallery 1.6.1
polls 2.0.2
spamx 1.1.2 (DISABLED, I don't need it)
staticpages 1.5.1
Last Segmentation fault ocurred on Sat Feb 21 21:01:26 2009, and fortunately only lasted 3 minutes.
I have another virtual server for testing, and several other PHP/MySQL aplications in other directories, and all of them worked perfectly at the same time the main website made Segfaulted its child process. Only the main website with Geeklog 1.5.2 segfaulted. So, I *might* discard troubles with hardware or something related to PHP/MySQL/Apache vesions.
Initially, the website was runing Geeklog 1.4.1, and I upgraded to 1.5.2 thinking it could be a security issue related to 1.4.1.
No relevant data in Geeklog access.log and error.log logfiles for Sat Feb 21 21:01:26 2009 . Most recent record in access.log was a download half an hour earlier:
Text Formatted Code
sáb 21 feb 2009 20:37:19 CST (anon@201.240.227.212) - Visit.php => Download File:Implementacion_Servidores_Linux-OCTUBRE-2008.pdf.tar.bz2, User ID is:1, Remote address is: 201.240.227.212Apache access_log logfile shows the following records within Sat Feb 21 21:01:00 and 21:01:59. http://www.alcancelibre.org/reporte_access_log.txt
No relevant records in mysqld.log at the time of the issue. This is the most recent output:
Text Formatted Code
090219 15:32:46 mysqld started090219 15:32:47 InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
090219 15:32:49 InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 1 2582055040.
InnoDB: Doing recovery: scanned up to log sequence number 1 2582055040
090219 15:32:50 InnoDB: Flushing modified pages from the buffer pool...
090219 15:32:50 InnoDB: Started; log sequence number 1 2582055040
/usr/libexec/mysqld: ready for connections.
Version: '4.1.20' socket: '/var/lib/mysql/mysql.sock' port: 3306 Source distribution
Records do not seem to be related to may Geeklog Database. I had no issue at 15:32:49-15:32:50 in the Geeklog website. But I can't dicard it.
For testing, I made a back up of the database of the website at the moment of the issue, and used it with a fresh Geeklog 1.5.2 in another virtualhost. This virtual host worked Ok before using the database from affected main website. Testing website segfaulted using this database backup, and restablished using a previous backup.
PHP configuration for the mail virtualhost is default from php.ini from CentOS 4.5, whith the following settings for Geeklog directory:
Text Formatted Code
php_flag register_globals Offphp_flag log_errors On
php_flag file_uploads On
php_value display_errors Off
php_value upload_max_filesize 6M
php_value memory_limit 48M
Display_errors On and combinations of error_reporting did not give anything useful.
Top files by hits this month, acording to webalizer, are the following:
Text Formatted Code
# Hits KBytes URL1 173511 4.72% 2765184 4.36% /backend/
2 31197 0.85% 1405002 2.22% /staticpages/
3 30346 0.83% 57659 0.09% /al/el/5/repodata/repomd.xml
4 24809 0.68% 2345090 3.70% /
5 17549 0.48% 16283 0.03% /al/server/5/repodata/repomd.xml
6 14512 0.40% 440354 0.69% /forum/memberlist.php
7 13541 0.37% 875719 1.38% /forum/viewtopic.php
8 10432 0.28% 316388 0.50% /backend/atom.xml
9 10361 0.28% 334313 0.53% /article.php/20080421172511654
10 8496 0.23% 227582 0.36% /users.php
11 6063 0.17% 5621 0.01% /al/server/4/repodata/repomd.xml
12 5984 0.16% 209377 0.33% /article.php
13 5772 0.16% 230944 0.36% /search.php
14 5093 0.14% 161698 0.26% /forum/createtopic.php
15 4889 0.13% 302363 0.48% /forum/
Top files by kilobytes this month, acording to webalizer, are the following:
Text Formatted Code
1 173511 4.72% 2765184 4.36% /backend/2 982 0.03% 2631414 4.15% /filemgmt_data/files/Implementacion_Servidores_Linux-OCTUBRE-2008.pdf.tar.bz2
3 24809 0.68% 2345090 3.70% /
4 31197 0.85% 1405002 2.22% /staticpages/
5 13541 0.37% 875719 1.38% /forum/viewtopic.php
6 14512 0.40% 440354 0.69% /forum/memberlist.php
7 10361 0.28% 334313 0.53% /article.php/20080421172511654
8 10432 0.28% 316388 0.50% /backend/atom.xml
9 4889 0.13% 302363 0.48% /forum/
10 211 0.01% 299734 0.47% /al/el/5/repodata/primary.sqlite.bz2
11 211 0.01% 288034 0.45% /filemgmt_data/files/linwin.pdf
12 914 0.02% 271524 0.43% /al/el/5/RPMS.al/
13 5772 0.16% 230944 0.36% /search.php
14 8496 0.23% 227582 0.36% /users.php
15 5984 0.16% 209377 0.33% /article.php
Website gets an averange of 300,000 visits per month. Don't know any other Geeklog website with this rate of traffic to ask/compare with an admin for similar issues.
I suspect SQL injection attack, probably related to session table or something else with data that expires within the database. Website works again after a few minutes, or a couple of hours, without anything done at all. The other possibility I suspect is an issue related with a particular Geeklog table.
Any help/suggestion is welcome to make a deeper diagnose.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
10
8
Quote
Status: offline
joelbarrios
Forum User
Junior
Registered: 05/03/04
Posts: 23
Location:Mexico
Seems problem has been solved after removing php-mmcache. No new segmentation faults after removing this particular package. Funny thing is it has been instlaed for more than 2 years without any issues, until a couple of weeks ago.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
8
9
Quote
All times are EST. The time is now 02:37 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content