How to Kill a server - SimplePie feed reader - bug fix in progress

Permalink
I managed to kill my server today by adding the RSS displayer.

It appears that if you add an RSS reader with a feed that is not a feed, the script seems to fall over itself.

I addedhttp://www.wordpressblogurl.com but did not add the ?feed=rss,

This sent over 11,000 in the space of 10 minutes.

I am not to sure if this a bug in concrete5 or a bug in simple pie.

Has anyone else come across this? I don't want to test it again we have over 40 sites on the server and it actually had to be restarted manually, which killed the PSU(not the fault of the error but added insult to injury when clients are wanting to know how long there site will be down for.)

TheRealSean
 
TheRealSean replied on at Permalink Reply
TheRealSean
I have just managed to do the same thing, by making a change to my blog, which broke the RSS feed and subsequently killed the server, until we restarted apache and could delete the block.

Im not sure if this is a C5 issue or a Simple Pie issue? anyone else able to replicate this.
andrew replied on at Permalink Reply
andrew
Is it killing the blog? Or the concrete site?
TheRealSean replied on at Permalink Reply
TheRealSean
At first I thought it was the site, then (pretty quickly after) I noticed it seems to tie up the actual server, it appears that the incorrect url causes thousands of requests to be sent which overloaded our server.

So much so, our hosts actually had to manually restart the server, a command line restart would not work.

I dont have access to the server logs from here but I can get them if they would be of any help?, but I do know it was the Simple Pie creator that was making those requests.

I have posted this in the bug section with steps I used to recreate it.
frz replied on at Permalink Reply
frz
the actual server being the concrete5 site, not the blog - eh? Weird.
Fernandos replied on at Permalink Reply
Fernandos
@frz I think he means the server that his concrete5 sites run on.
Hi, nice to see you by the way, always a pleasure :)

@TheRealSean
Your report is a valid bug and a known one and @andrew should take a look at this, if he has time. It's a duplicate of this issue:https://github.com/simplepie/simplepie/issues/142...

I know of some apache bugs that can cause that behavior and they don't necessarily have to do with concrete5 or a stupid infinite loop in unseen in a php script. I think it's probably best to use crontab to get a process list, identify the pid, then kill it in a subsequent command if the cpu-time used is above a limit for a specified time. You can avoid the possibility of such trouble in advance this way.

You can try to reproduce that on your localhost (when you've backed up your data of course).

In php you could stop the bogus php script using the Logging feature if that script created logs for an exception..(if that script has exceptions..)

if($Log->getTotal() > 100) {
die("Too many errors. Script halted");
}
Fernandos replied on at Permalink Reply
Fernandos
A fix: Concrete5 uses @version 1.2
edge is: @version 1.3-dev
@Seehttps://github.com/simplepie/simplepie/blob/master/SimplePie.php...

You could replace it with the latest version easily, but I cannot guarantee if the block still works, or nothttps://github.com/simplepie/simplepie...

Good catch @TheRealSean !
andrew replied on at Permalink Reply
andrew
Ah, I see. It looks like Fernandos is right: the issue is a parsing error in SimplePie that causes problems if a feed is too large to be parsed by the parser. We will keep an eye on SimplePie library and when 1.3 is stable we will update the included library.
TheRealSean replied on at Permalink Reply
TheRealSean
Yes sorry I mean the actual server that hosts the sites.

We have a dedicated server based in the North of England that hosts a fair few sites, this seemed to overload the actual hosting server, and in our first instance meant the server had to be manually restarted.
TheRealSean replied on at Permalink Reply
TheRealSean
I posted it within the bug section

http://www.concrete5.org/developers/bugs/5-4-2-2/rss-displayer/...

I put in place a curl to check the link when used and only proceed if the url is a status 200