Posted on: 05/31/07 07:07am
By: Laugh
My box:
Windows 2003 Server
PHP 5
IIS 6
Geeklog 1.4.1 + several plugins
Ever since I have upgraded from PHP 4.XX to PHP 5.XX I've had a problem where about once a week (sometimes every other week) my server will get bogged down and I have to reboot it. Looking at the task manager I notice there are about 50 cmd.exe instances running. The only plugin I have installed now that I belive executes shell commands is GUS but it is working fine and I am not sure why after a while I start to get multiple instances of cmd.exe
Has anyone else heard of a problem like this and know how to fix it? I've googled about it and have found little.
Plus does anyone know how to find out what called the cmd.exe and command was sent to it? The only thing Task Manager tells me is that the username NETWORK SERVICE called it.
Thanks
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 05/31/07 09:48am
By: jmucchiello
Next time it happens, before you reboot, try stopping the IIS service. This will tell you if the CMD instances are being launched by IIS. Once you are sure it is the webserver doing it, you will have to find out if there are timeout values that need to be set differently than they currently are.
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 05/31/07 11:12am
By: Laugh
They are being launched by IIS. If I stop and restart the web service the cmds go away. I currently have PHP 5.2.0 installed. I'm going to try installing 5.2.2 to see if this stops the problem.
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 05/31/07 02:19pm
By: Dirk
There are two jobs in Geeklog that we hand over to external programs: Database backups (via mysqldump) and scaling of images (if you're using ImageMagick or NetPBM - not for gdlib).
Would those fit the pattern?
Those shouldn't leave any shell / cmd.exe instance hanging around, though, so that must be a problem elsewhere.
bye, Dirk
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 05/31/07 05:05pm
By: Laugh
No I use phpmyadmin for my backups and I use gdlib2 for graphics.
I just upgraded to PHP 5.2.2, I hope that solves my problem.
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 06/10/07 08:14am
By: Laugh
Just a quick update, Upgrading PHP didn't solve my problem. Not to sure what to do from here. I've been thinking of replacing the server in a month or so, maybe a fresh install of everything on a new box will fix it?
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 06/10/07 02:11pm
By: Anonymous (ironmax)
Quote by: LaughMy box:
Windows 2003 Server
PHP 5
IIS 6
Geeklog 1.4.1 + several plugins
Plus does anyone know how to find out what called the cmd.exe and command was sent to it? The only thing Task Manager tells me is that the username NETWORK SERVICE called it.
Thanks
You can try using a program called Process Explorer, and may also be downloaded from my site . Here is a direct link to the download.
Process Explorer[*1]
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 06/11/07 01:59pm
By: Laugh
Thanks, I just had the problem again and tried the process explorer
The w3wp.exe is calling all the cmd.exe. I have 40 instances siting there at the moment taking up memory but not processing time. (as figured out before by stoping and starting the web service which removed all cmd.exe)
Checking out the properties of cmd.exe in the process explorer didn't show anything of value.
When I checked out w3wp.exe properties I noticed the threads had a whole pile with a starting address of w3tp.dll+0x1d80
Some Stacks for these threads look like normal stuff and would come and go but a fair number had the last stack listed like this
php5ts.dll!php_stream_fopen_from_pipe+0xfa
So it appears to me (with my limited knowlege in these type of things) the php function stream_fopen is causing me some issues somewhere. I'm not sure where it is calling from since the cmd.exe just had blank values but at least it is a start.
Anyone got any other ideas?
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 06/11/07 02:58pm
By: Anonymous (ironmax)
You can try using URLSCan
and IIS Lockdown Wizard from Microsoft.
That is the main page for their tool for that. You may have to look for the one that works with 2003 if thats the server line you are using. I run that on all my servers and haven't had an issue yet with unauthorized programs trying to access the system to run. You may also want to do a scan of your system for rootkits if you cannot find the culprit.
Michael
Found this on the
Microsoft site[*2] that you might want to see pertaining to your situation.
Re: Geeklog issues with cmd.exe and PHP 5
Posted on: 06/12/07 04:34pm
By: Laugh
My php issue sounds close to this:
http://bugs.php.net/bug.php?id=36012&edit=1
I'm pretty sure it's not something like a rootkit or a virus.