Apache 随机进行 forkbombing

tag-icon tag-icon apache-2.2 mysql centos php httpd
Apache 随机进行 forkbombing

最近,似乎不知为何,我们 VPS 上的 Apache2 守护进程出现了随机问题,看起来像是 forkbombing。

事情发生之前先记录日志

[Tue Jun 25 23:07:18 2013] [error] [client 173.245.51.242] PHP Warning: Invalid argument supplied for foreach() in /var/www/libraries/joomla/access/access.php on line 409 
[Tue Jun 25 23:07:19 2013] [error] [client 108.162.224.23] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55

出现问题之前的日志显示的 PHP 错误比我预期的要多,维护网站的开发人员没有发现任何问题

[Tue Jun 25 23:18:01 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 
[Tue Jun 25 23:18:05 2013] [error] [client 173.245.51.242] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:18:19 2013] [error] [client 103.22.200.63] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:18:24 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 
[Tue Jun 25 23:18:33 2013] [error] [client 173.245.53.153] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 
[Tue Jun 25 23:18:35 2013] [error] [client 108.162.225.139] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:18:52 2013] [error] [client 108.162.231.144] PHP Notice: Trying to get property of non-object in /var/www/administrator/includes/application.php on line 276 
[Tue Jun 25 23:18:59 2013] [error] [client 108.162.231.144] PHP Notice: Undefined property: stdClass::$params in /var/www/administrator/includes/application.php on line 277 
[Tue Jun 25 23:19:05 2013] [error] [client 108.162.231.243] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:19:22 2013] [error] [client 108.162.219.100] PHP Notice: Trying to get property of non-object in /var/www/libraries/joomla/plugin/helper.php on line 123 
[Tue Jun 25 23:19:39 2013] [error] [client 103.22.200.163] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:19:38 2013] [error] [client 173.245.49.138] PHP Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/libraries/joomla/language/helper.php on line 55 
[Tue Jun 25 23:19:50 2013] [error] [client 103.22.200.24] PHP Notice: Trying to get property of non-object in /var/www/administrator/includes/application.php on line 276 
[Tue Jun 25 23:19:50 2013] [error] [client 103.22.200.24] PHP Notice: Undefined property: stdClass::$params in /var/www/administrator/includes/application.php on line 277

我在 htop 中看到过这种情况,虚拟内存耗尽后开始出现这种情况

[Tue Jun 25 23:54:45 2013] [warn] child process 30976 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 30978 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 30979 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 30829 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 30830 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 32009 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 31929 still did not exit, sending a SIGTERM 
[Tue Jun 25 23:54:45 2013] [warn] child process 31037 still did not exit, sending a SIGTERM

此时,一切都变得缓慢,系统基本上无法使用

[Tue Jun 25 23:54:50 2013] [error] could not make child process 30976 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 30830 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 31929 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 30834 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 31050 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 30438 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 31052 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 32080 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 30838 exit, attempting to continue anyway 
[Tue Jun 25 23:54:50 2013] [error] could not make child process 32179 exit, attempting to continue anyway

重新启动 httpd 可以解决问题,尽管有时系统太慢并且 VM 需要重新启动。

一些基础知识:

Linux version 2.6.32-358.11.1.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Wed Jun 12 03:34:52 UTC 2013

[user@server ~]$ httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   May 16 2012 22:32:26
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

[user@server ~]$ php -v
PHP 5.3.3 (cli) (built: Jul 12 2013 20:35:47)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies

[user@server ~]$ mysql -v
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 264224
Server version: 5.1.69 Source distribution

top - 00:52:46 up 19 days,  2:47,  1 user,  load average: 0.00, 0.00, 0.00
Tasks: 152 total,   1 running, 151 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3%us,  0.3%sy,  0.0%ni, 99.3%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   1016516k total,   883812k used,   132704k free,    61112k buffers
Swap:  2064376k total,   157088k used,  1907288k free,   227368k cached
  • 服务器将 max_childs 和其他 mpm_worker 值设置为默认值
  • 该网站位于 Cloudflare 后面,因此上述日志中有几个 IP 地址
  • VM CPU 为 1Ghz,1GB RAM,没有磁盘 IO 限制,并且我的虚拟磁盘均未满
  • 尝试切换到 mpm_prefork,但遇到了 MySQL 支持问题
  • PHP 模块没有什么特别之处
  • 站点运行 webmin 作为前端,它的角色是前端网络服务器、MTA(postfix)、MDB(dovecot)和文件服务器(proftpd)

我不确定我应该朝哪个方向继续,如果是 Joomla 中的某些东西导致了问题,我可以启用 PHP 调试,但我在这方面的经验有限,所以我更愿意首先知道该去哪里。

目前,这种情况在过去几个月中只发生过 3 次,虽然没有真正的规律,但似乎与负载无关,因为它发生在深夜。

任何建议将不胜感激。

答案1

您肯定有一个 PHP 循环卡住了。检查以下文件:

  • /var/www/libraries/joomla/access/access.php
  • /var/www/libraries/joomla/language/helper.php
  • /var/www/管理员/includes/application.php

相关内容