been wondering about the increased load on one of my servers (not EXTREMELY increased but remarkable, from the usual 0.2 - 0.6 to a pretty permanent 1.1), so I dug around in the logs a bit and stumbled over this one:
after searching the website files for the string it turned out to be caused by this plugin:
http://wordpress.org/plugins/triberr-wordpress-plugin/" onclick="window.open(this.href);return false;
will see what their support says....
Wordpress triberr.com plugin
Re: Wordpress triberr.com plugin
I read the posts in their support section, and it is a codeing error by the looks of it.
hope this point you towards a solution
regards @cwDYKARN
hope this point you towards a solution
Code: Select all
http://wordpress.org/support/topic/issues-with-resource-pathways
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Wordpress triberr.com plugin
thanks for looking it up buddy....
it didn't solve the issue with the log entries, but that's actually just a really minor annoyance because all it does is eating up some MB of disk space. I did solve the server load issue with some highly complicated and too hard to explain coding techniques though....ooook....I restarted mysql...
no idea what happened there, after the restart the load caused by mysql is back to normal (before it was almost permanent at 100%, which I thought is caused by the lots of failed requests by the script), no caches or buffers were full or fragmented....oh well, I'll file it under "don't ask why, just be glad".
it didn't solve the issue with the log entries, but that's actually just a really minor annoyance because all it does is eating up some MB of disk space. I did solve the server load issue with some highly complicated and too hard to explain coding techniques though....ooook....I restarted mysql...
no idea what happened there, after the restart the load caused by mysql is back to normal (before it was almost permanent at 100%, which I thought is caused by the lots of failed requests by the script), no caches or buffers were full or fragmented....oh well, I'll file it under "don't ask why, just be glad".
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Wordpress triberr.com plugin
oook.....a few minutes after my last post: same happened again.
but THIS time I found the reason, it's another Wordpress site where a database query is hanging....seems it's a weekly cronjob so I will check if the same happens in 7 days again, if yes I will have to take a closer look.
for now finding and killing the process did the job:
but THIS time I found the reason, it's another Wordpress site where a database query is hanging....seems it's a weekly cronjob so I will check if the same happens in 7 days again, if yes I will have to take a closer look.
for now finding and killing the process did the job:
Re: Wordpress triberr.com plugin
Hmm thats odd ^.^ well i do hope you sort it out.
Wordpress can be a real bitch to deal with sometimes, atlest when customers is loading all kinds of error prone pluggins. GL HF x)
Wordpress can be a real bitch to deal with sometimes, atlest when customers is loading all kinds of error prone pluggins. GL HF x)
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Wordpress triberr.com plugin
of course it happened again 1 hour after I killed the process...
so yeah, I had to check it out, and tadaaaaa:
https://wordpress.org/plugins/mini-mail ... rd-widget/" onclick="window.open(this.href);return false;
that's the plugin causing all that trouble. not that it's only insecure (there are exploits for it, my server security settings would block them though), it's also obviously generally coded in a sloppy way.
now get this: it runs a cronjob which checks for new messages (or something like that) every couple of seconds....and every time it does that it writes it to the database as some form of log (which is totally silly, because all it logs is "cronjob ran"). to make it even worse it seems not to be able to purge old entries, so the database table for those logs in phpmyadmin was already 4762 pages (with 30 entries per page)...
no wonder MySQL was like "what the hell is going on here?"...
to make it even additionally worse the database tables created by that plugin are NOT removed when you uninstall it....so I had to do that manually too. what a poopy plugin...
so yeah, I had to check it out, and tadaaaaa:
https://wordpress.org/plugins/mini-mail ... rd-widget/" onclick="window.open(this.href);return false;
that's the plugin causing all that trouble. not that it's only insecure (there are exploits for it, my server security settings would block them though), it's also obviously generally coded in a sloppy way.
now get this: it runs a cronjob which checks for new messages (or something like that) every couple of seconds....and every time it does that it writes it to the database as some form of log (which is totally silly, because all it logs is "cronjob ran"). to make it even worse it seems not to be able to purge old entries, so the database table for those logs in phpmyadmin was already 4762 pages (with 30 entries per page)...
no wonder MySQL was like "what the hell is going on here?"...
to make it even additionally worse the database tables created by that plugin are NOT removed when you uninstall it....so I had to do that manually too. what a poopy plugin...
Re: Wordpress triberr.com plugin
good job sorting it out
well uninstalling it, was possible the only viable option tbh, sence the code base havent been updated for well over a year ^.^. I did a brief review of the code and found a few fun things to play around with
HTTP response splitting
File manipulation
XSS
havent had any time to verify them yet though
well iam of to have some fun
well uninstalling it, was possible the only viable option tbh, sence the code base havent been updated for well over a year ^.^. I did a brief review of the code and found a few fun things to play around with
HTTP response splitting
Code: Select all
function wpmm_ajax_get_file($user_ID)
Code: Select all
function wpmm_upload()
Code: Select all
function wpmm_ajax_get_file($user_ID)
well iam of to have some fun