User killed the server with php-cli. Shell fork bomb protection not working?
Hello, today one of my users run this:
and it was run over 2500 times at the same time and then the server run out of memory and started to kill mysql, bind etc. Shell fork bomb protection is enabled. Can I limit this somehow?
/opt/cpanel/ea-php73/root/usr/bin/php-cgi -f test.phpand it was run over 2500 times at the same time and then the server run out of memory and started to kill mysql, bind etc. Shell fork bomb protection is enabled. Can I limit this somehow?
grep test.php ps.output |wc -l
2544-
This is what I get when I login as user account. User has jailshell enabled btw, not normal shell. Is that the cause why protection is not working? su - user -s /bin/bash ulimit -a core file size (blocks, -c) 200000 data seg size (kbytes, -d) 200000 scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 95607 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) 200000 open files (-n) 100 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 35 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
This is the default in server:cat /etc/security/limits.d/20-nproc.conf # Default limit for number of user's processes to prevent # accidental fork bombs. # See rhbz #432903 for reasoning. * soft nproc 4096 root soft nproc unlimited
As the user killed server with 2500 processes, I should lower the 4096 value or add new value:useraccount soft nproc 2560 -
Hey there, You are correct that fork bomb protection should prevent this, VirtFS Jailed Shell | cPanel & WHM Documentation If you're still facing issues with this, feel free to open a ticket with our support team and we can take a look. 0
Please sign in to leave a comment.
Comments
3 comments