Jump to content
The Uniform Server Community

ShadowIllusion

Member
  • Posts

    12
  • Joined

  • Last visited

Previous Fields

  • Main OS
    Windows Vista

ShadowIllusion's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Can you include PHP 5.4.6/PHP 5.2.13 instead of PHP 5.4.6/PHP 5.3.16 in the 9 beta. That's because 5.2.13 didn't have this bugs, and very suitable for production server.
  2. Because most people use linux on production server, and windows for testing?
  3. After browsing through php sites, seems there's already a bug report: https://bugs.php.net/bug.php?id=62444 It seems happened since introduction of php 5.3.0. If you see in the changelogs: http://www.php.net/ChangeLog-5.php Temporary solution: Revert back to UniServer 5.6a-Nano http://forum.uniformserver.com/index.php?showtopic=1878 because it uses PHP 5.2.13. But the old apache version somehow turns me off because eaccelerator often crashes the apache. New apache seems more stable and consumes less memory.
  4. I wonder why if I refresh the default uniserver index.php, it leaks handle, while if change it with static index.html, it doesn't leak... So I try open default uniserver index.php, commenting some function, then test refresh again... Turns out that is_readable() function in line 7 of index.php was the culprit... Try this simple script, save as index.php <?php if (is_readable("index.php")) ?> ^ it will leak handles each time this is executed. but if you change value index.php to something else (so file doesnt exist and is_readable() return false), it will not leak handles... this is php bugs...
  5. OS I have tried: Windows 7 SP1 and Windows Server 2008 R2 (both is 64-bit OS)... Uniserver version I have tried: 8.5.8-Coral and 8.5.5-Coral How to reproduce this problem: 1. Download Uniserver 8.5.5-Coral and extract it. Run apache and mysql as usual. 2. Download Process Explorer http://download.sysinternals.com/files/ProcessExplorer.zip and extract it. 3. Run Process Explorer as Administrator, then View > Select Columns. In "Process Performance" tab, tick "Handle Count" > OK. After this, click View > Lower Pane View > tick "Handle"... 4. Click on httpd1.exe child processes which have around 300 handle count at startup... The lower pane will show the handle list... 5. Open your favorite browser, and go to http://127.0.0.1 Everytime you press refresh (F5) on your browser (re-request the webserver), you will notice that httpd1.exe have 1 more handle count in Process Explorer window... In the lower pane view, you will notice that 1 new security token handle is created with the name format like this: YOURCOMPUTERNAME\YOURUSERNAME:RANDOMTOKEN This is where the problem happened. Everytime httpd1.exe server new web request, the handle is created, but NEVER closed, and will hogging system resources over time. It's okay on test server, but once you put it in production server with real websites running, the opened Handle Count of httpd1.exe will increase to a very high number... In my server, it goes from 300 (at startup) to 1 million opened handle only in 2 days! Other process only consumes around 10 ~ 2000 handles. httpd1.exe memory consumption still remains around 20mb, but because handle consumes kernel space, your ram usage will increase around +512mb mysteriously for every 1 million handle... In only two weeks, my server experience some slowdowns / freeze because too much handle for Windows to hold... I need to restart Uniserver Apache service every few days so the handle count reset back to around 300 after restart (and it will goes up quickly again everytime the world accessing my websites)... If you want to mimic the behaviour of production server, after accessing http://127.0.0.1 try to hold down F5 buttons for 1 minutes... See how is the handle count now... It only happened since I upgrade to 8.5.5-Coral (I'm sorry I forget the version before this which doesn't have this leak issues)... Maybe it's the problem on Apache or PHP compilation...
  6. I saw my apache access.log and got something like this: Not only from this, but there's many other IP with the same request pattern. How to stop it, and is this safe for Uniserver?
  7. If I stopped the MySQL Service, then copy the entire /data folder in /usr/local/mysql, is it the right thing to do? This action is assuming that I have the same exact version of mysql in your uniserver
  8. Running on Win7 and it's my bad... I think older Start.exe always makes a pop-up warning asking Administrator privileges... Since version 7.x.x (forget the exact version), it stopped asking and I thought that's simply because it doesn't require administrator access anymore... The strange thing is, Run_pre_check.exe always asks for administrator privileges, and I always placed UniServer folder in Data Partition (Like D:\, not C:\ or C:\Program Files), so I think Win7 doesn't forbid it though... Now I have another error... After certificate generation (no warning this time), I stopped Apache, and Apache simply won't start anymore... It just blinking and gone away... I checked error.log and can't find anything new lines written in it... So I went to httpd.conf and I comment this line: LoadModule ssl_module modules/mod_ssl.so >>> #LoadModule ssl_module modules/mod_ssl.so and now Apache can start... But it obviously means that port 443 ssl is disabled... If I uncomment that line, it simply refused to start again...
  9. Warning: openssl_pkey_new(): unable to write random state in C:\UniServer \unicon\key_cert_gen\ssl_gen.php on line 114 It appears in certificate generation wizard (the ones with blue background console... Is this normal?
  10. Yes but I decided to tighten the security a little further so I change the 'root' username, too... Now in my UniServer conf, user 'root' does not exist... So attacker can't even guess the password... He must guess the username also... Besides administration user, I also have created restricted user. Thanks for your advices
  11. Hi, for security reasons, I change username 'root' and pass 'root' to something else like 'abcdef' and '123456'... After changing the username, the MySQL server would not shutdown if you use Start.exe > Stop Uniserver Maybe it is located in UniServer\unicon\main\includes\functions.php LINE 342 $cmd3 = US_MYSQL_BIN."/mysqladmin.exe --port=$mysql_port --user=root --password=$mysql_password shutdown\""; Look at the bolded parts. I changed it to 'abcdef' and now MySQL server can be turned off properly... My main point: Besides get_mysql_password(), please would you mind to also implement something like get_mysql_username() ?
×
×
  • Create New...