Find the answer to your Linux question:
Results 1 to 3 of 3
I have a very unique problem with a fork bomb... I'm a game admin for a browser based real time strategy game written in PHP. A user managed to connect ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2008
    Posts
    2

    Stopping a fork bomb


    I have a very unique problem with a fork bomb...

    I'm a game admin for a browser based real time strategy game written in PHP. A user managed to connect to our server and run a fork bomb. We've determined how he got in and his exact actions and have blocked such attacks in the future, but the fork bomb is still running on the server and we havent been able to contact anyone with physical access to the server in 2 years.

    The command that was executed was done so using the exec command in PHP like so:
    PHP Code:
    exec("php -q forkbomb.php"
    forkbomb.php reads:
    PHP Code:
    <?php
    print "attempting to run";
    for(
    $runs=0;$runs<500;$runs++)
    {
    echo 
    $runs;
    if (
    $handle opendir('/var/www/-------/public/')) 
    {  
        while (
    false !== ($file readdir($handle))) { 
            
    $filearray[$t] = $file;
            
    $t++;
        } 
        
    closedir($handle); 
    }
    sort($filearray);

    for(
    $x=0;$x<count($filearray);$x++)
    {
    $extensionarray explode('.',$filearray[$x]);
    $ext $extensionarray[count($extensionarray)-1];

    if (
    $ext == "php")
        include 
    $filearray[$x];

    }

    }
    ?>
    According to a script contained in a forum on the server the CPU usage is over 8500%, it usually read 150% or less. The game seems to be running only slightly slower, but I am worried about long term damage to the machine.

    I do not have the root account on the server, the best I can do is use PHP to run exec() in an attempt to stop the fork bomb. On a side note, Linux is very foreign to me, it would be nice to make the answers as simple as possible. As for the version of linux I have no idea beyond the fact that it has folders in it's root called "vmlinuz", "vmlinuz-2.6.15-1-amd64-generic" and "selinux".

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    Is it being run as your user? As in a user you have access to? In that case you can simply run
    Code:
    killall -9 php
    That will only kill php processes that you have permission to kill but if your webserver is running as your user you may need to restart it afterwards.

  3. #3
    Just Joined!
    Join Date
    Jul 2008
    Posts
    2
    Thank you very much. Not only did the CPU usage drop from 8500&#37; it's now averaging about 50-60% instead of the usual 180% the server is usually clocked at and game performance has improved.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •