Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 02:37 am EST

Geeklog Forums

Segmentation fault in Geeklog 1.4.1/1.5.2


Status: offline

joelbarrios

Forum User
Junior
Registered: 05/03/04
Posts: 23
Location:Mexico
Hello.

I have been using Geeklog since 1.3.x and this is the first time I have a critical issue.

The last two weeks I have been dealing with several segmentation faults in Apache, only with Geeklog (originally with 1.4.1, upgraded yesterday to 1.5.2). Sample:
Text Formatted Code
[Sat Feb 21 20:15:21 2009] [notice] child pid 5008 exit signal Segmentation fault (11)
[Sat Feb 21 20:17:48 2009] [notice] child pid 4225 exit signal Segmentation fault (11)
[Sat Feb 21 20:34:02 2009] [notice] child pid 4795 exit signal Segmentation fault (11)
[Sat Feb 21 20:57:50 2009] [notice] child pid 2993 exit signal Segmentation fault (11)
[Sat Feb 21 21:01:26 2009] [notice] child pid 27385 exit signal Segmentation fault (11)


Debug mode of apache did not show anything else relevant.

This started a week ago, leaving the website unavailable from a few minutes to 3 hours. Since then I have been doing very frequent database backups.

System is CentOS 4.5, using the following versions of PHP, MySQL and Apache.

php-pgsql-4.3.9-3.22.12
php-domxml-4.3.9-3.22.12
php-ncurses-4.3.9-3.22.12
php-mmcache-4.3.9_2.4.6-4.9.el4.lpt
php-xmlrpc-4.3.9-3.22.12
php-odbc-4.3.9-3.22.12
php-imap-4.3.9-3.22.12
php-pear-4.3.9-3.22.12
php-ldap-4.3.9-3.22.12
php-mysql-4.3.9-3.22.12
php-mbstring-4.3.9-3.22.12
php-gd-4.3.9-3.22.12
php-4.3.9-3.22.12
mysql-4.1.20-2.RHEL4.1
httpd-2.0.52-41.ent.2.centos4

Installed plugins for Geeklog 1.5.2:
Text Formatted Code

calendar        1.0.3  
captcha         3.1.0  
dokuwiki        1.4.1 (I'll update this next week)
filemgmt        1.5.3
forum           2.7.2
links           2.0.1
mediagallery    1.6.1
polls           2.0.2
spamx           1.1.2 (DISABLED, I don't need it)
staticpages     1.5.1


Last Segmentation fault ocurred on Sat Feb 21 21:01:26 2009, and fortunately only lasted 3 minutes.

I have another virtual server for testing, and several other PHP/MySQL aplications in other directories, and all of them worked perfectly at the same time the main website made Segfaulted its child process. Only the main website with Geeklog 1.5.2 segfaulted. So, I *might* discard troubles with hardware or something related to PHP/MySQL/Apache vesions.

Initially, the website was runing Geeklog 1.4.1, and I upgraded to 1.5.2 thinking it could be a security issue related to 1.4.1.

No relevant data in Geeklog access.log and error.log logfiles for Sat Feb 21 21:01:26 2009 . Most recent record in access.log was a download half an hour earlier:
Text Formatted Code
sáb 21 feb 2009 20:37:19 CST (anon@201.240.227.212) - Visit.php => Download File:Implementacion_Servidores_Linux-OCTUBRE-2008.pdf.tar.bz2, User ID is:1, Remote address is: 201.240.227.212


Apache access_log logfile shows the following records within Sat Feb 21 21:01:00 and 21:01:59. http://www.alcancelibre.org/reporte_access_log.txt

No relevant records in mysqld.log at the time of the issue. This is the most recent output:
Text Formatted Code
090219 15:32:46  mysqld started
090219 15:32:47  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
090219 15:32:49  InnoDB: Starting log scan based on checkpoint at
InnoDB: log sequence number 1 2582055040.
InnoDB: Doing recovery: scanned up to log sequence number 1 2582055040
090219 15:32:50  InnoDB: Flushing modified pages from the buffer pool...
090219 15:32:50  InnoDB: Started; log sequence number 1 2582055040
/usr/libexec/mysqld: ready for connections.
Version: '4.1.20'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  Source distribution

Records do not seem to be related to may Geeklog Database. I had no issue at 15:32:49-15:32:50 in the Geeklog website. But I can't dicard it.

For testing, I made a back up of the database of the website at the moment of the issue, and used it with a fresh Geeklog 1.5.2 in another virtualhost. This virtual host worked Ok before using the database from affected main website. Testing website segfaulted using this database backup, and restablished using a previous backup.

PHP configuration for the mail virtualhost is default from php.ini from CentOS 4.5, whith the following settings for Geeklog directory:
Text Formatted Code
php_flag register_globals Off
php_flag log_errors On
php_flag file_uploads On
php_value display_errors Off
php_value upload_max_filesize 6M
php_value memory_limit 48M


Display_errors On and combinations of error_reporting did not give anything useful.

Top files by hits this month, acording to webalizer, are the following:
Text Formatted Code
#       Hits    KBytes  URL
1       173511  4.72%   2765184         4.36%   /backend/
2       31197   0.85%   1405002         2.22%   /staticpages/
3       30346   0.83%   57659   0.09%   /al/el/5/repodata/repomd.xml
4       24809   0.68%   2345090         3.70%   /
5       17549   0.48%   16283   0.03%   /al/server/5/repodata/repomd.xml
6       14512   0.40%   440354  0.69%   /forum/memberlist.php
7       13541   0.37%   875719  1.38%   /forum/viewtopic.php
8       10432   0.28%   316388  0.50%   /backend/atom.xml
9       10361   0.28%   334313  0.53%   /article.php/20080421172511654
10      8496    0.23%   227582  0.36%   /users.php
11      6063    0.17%   5621    0.01%   /al/server/4/repodata/repomd.xml
12      5984    0.16%   209377  0.33%   /article.php
13      5772    0.16%   230944  0.36%   /search.php
14      5093    0.14%   161698  0.26%   /forum/createtopic.php
15      4889    0.13%   302363  0.48%   /forum/


Top files by kilobytes this month, acording to webalizer, are the following:
Text Formatted Code
1       173511  4.72%   2765184         4.36%   /backend/
2       982     0.03%   2631414         4.15%   /filemgmt_data/files/Implementacion_Servidores_Linux-OCTUBRE-2008.pdf.tar.bz2
3       24809   0.68%   2345090         3.70%   /
4       31197   0.85%   1405002         2.22%   /staticpages/
5       13541   0.37%   875719  1.38%   /forum/viewtopic.php
6       14512   0.40%   440354  0.69%   /forum/memberlist.php
7       10361   0.28%   334313  0.53%   /article.php/20080421172511654
8       10432   0.28%   316388  0.50%   /backend/atom.xml
9       4889    0.13%   302363  0.48%   /forum/
10      211     0.01%   299734  0.47%   /al/el/5/repodata/primary.sqlite.bz2
11      211     0.01%   288034  0.45%   /filemgmt_data/files/linwin.pdf
12      914     0.02%   271524  0.43%   /al/el/5/RPMS.al/
13      5772    0.16%   230944  0.36%   /search.php
14      8496    0.23%   227582  0.36%   /users.php
15      5984    0.16%   209377  0.33%   /article.php


Website gets an averange of 300,000 visits per month. Don't know any other Geeklog website with this rate of traffic to ask/compare with an admin for similar issues.

I suspect SQL injection attack, probably related to session table or something else with data that expires within the database. Website works again after a few minutes, or a couple of hours, without anything done at all. The other possibility I suspect is an issue related with a particular Geeklog table.

Any help/suggestion is welcome to make a deeper diagnose.


--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
 Quote

Status: offline

joelbarrios

Forum User
Junior
Registered: 05/03/04
Posts: 23
Location:Mexico
Seems problem has been solved after removing php-mmcache. No new segmentation faults after removing this particular package. Funny thing is it has been instlaed for more than 2 years without any issues, until a couple of weeks ago.
--
https://www.AlcanceLibre.org/
https://blog.AlcanceLibre.org/
La libertad del conocimiento al alcance de quien la busca.
 Quote

All times are EST. The time is now 02:37 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content