Welcome to Geeklog, Anonymous Friday, April 19 2024 @ 05:40 am EDT

Geeklog Forums

Geeklog issues with cmd.exe and PHP 5


Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
My box:

Windows 2003 Server
PHP 5
IIS 6
Geeklog 1.4.1 + several plugins

Ever since I have upgraded from PHP 4.XX to PHP 5.XX I've had a problem where about once a week (sometimes every other week) my server will get bogged down and I have to reboot it. Looking at the task manager I notice there are about 50 cmd.exe instances running. The only plugin I have installed now that I belive executes shell commands is GUS but it is working fine and I am not sure why after a while I start to get multiple instances of cmd.exe

Has anyone else heard of a problem like this and know how to fix it? I've googled about it and have found little.

Plus does anyone know how to find out what called the cmd.exe and command was sent to it? The only thing Task Manager tells me is that the username NETWORK SERVICE called it.

Thanks
One of the Geeklog Core Developers.
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Next time it happens, before you reboot, try stopping the IIS service. This will tell you if the CMD instances are being launched by IIS. Once you are sure it is the webserver doing it, you will have to find out if there are timeout values that need to be set differently than they currently are.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
They are being launched by IIS. If I stop and restart the web service the cmds go away. I currently have PHP 5.2.0 installed. I'm going to try installing 5.2.2 to see if this stops the problem.
One of the Geeklog Core Developers.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
There are two jobs in Geeklog that we hand over to external programs: Database backups (via mysqldump) and scaling of images (if you're using ImageMagick or NetPBM - not for gdlib).

Would those fit the pattern?

Those shouldn't leave any shell / cmd.exe instance hanging around, though, so that must be a problem elsewhere.

bye, Dirk
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
No I use phpmyadmin for my backups and I use gdlib2 for graphics.

I just upgraded to PHP 5.2.2, I hope that solves my problem.
One of the Geeklog Core Developers.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Just a quick update, Upgrading PHP didn't solve my problem. Not to sure what to do from here. I've been thinking of replacing the server in a month or so, maybe a fresh install of everything on a new box will fix it?
One of the Geeklog Core Developers.
 Quote

ironmax

Anonymous
Quote by: Laugh

My box: Windows 2003 Server PHP 5 IIS 6 Geeklog 1.4.1 + several plugins Plus does anyone know how to find out what called the cmd.exe and command was sent to it? The only thing Task Manager tells me is that the username NETWORK SERVICE called it. Thanks

You can try using a program called Process Explorer, and may also be downloaded from my site . Here is a direct link to the download. Process Explorer
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Thanks, I just had the problem again and tried the process explorer

The w3wp.exe is calling all the cmd.exe. I have 40 instances siting there at the moment taking up memory but not processing time. (as figured out before by stoping and starting the web service which removed all cmd.exe)

Checking out the properties of cmd.exe in the process explorer didn't show anything of value.

When I checked out w3wp.exe properties I noticed the threads had a whole pile with a starting address of w3tp.dll+0x1d80

Some Stacks for these threads look like normal stuff and would come and go but a fair number had the last stack listed like this

php5ts.dll!php_stream_fopen_from_pipe+0xfa

So it appears to me (with my limited knowlege in these type of things) the php function stream_fopen is causing me some issues somewhere. I'm not sure where it is calling from since the cmd.exe just had blank values but at least it is a start.

Anyone got any other ideas?
One of the Geeklog Core Developers.
 Quote

ironmax

Anonymous

You can try using URLSCan and IIS Lockdown Wizard from Microsoft.

That is the main page for their tool for that. You may have to look for the one that works with 2003 if thats the server line you are using. I run that on all my servers and haven't had an issue yet with unauthorized programs trying to access the system to run. You may also want to do a scan of your system for rootkits if you cannot find the culprit. Michael Found this on the Microsoft site that you might want to see pertaining to your situation.
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
My php issue sounds close to this:

http://bugs.php.net/bug.php?id=36012&edit=1

I'm pretty sure it's not something like a rootkit or a virus.


One of the Geeklog Core Developers.
 Quote

All times are EDT. The time is now 05:40 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content