News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

core.xxxx files appearing in SMF folder

Started by Jeff the Canadian, September 14, 2014, 12:50:56 PM

Previous topic - Next topic

Jeff the Canadian

Since the update to 2.0.8, I've been dealing with core dump files appearing in the sub folder of the SMF forum. It's usually between 1 to 5 per day. I don't have shell access so I asked the server admin to perform a gdb httpd -c on one or more of the core files, and this is what he reported back:

[New Thread 6943]
[New Thread 6945]
[New Thread 6944]
[New Thread 6942]
Core was generated by `host -W 1 111.1.36.135'.
Program terminated with signal 11, Segmentation fault.
#0 0x0064b648 in ?? ()


Seems to be a whole lot of useful information NOT there.

I manage two forums on two separate sites with the same issue (and same shared host). Both are pretty much vanilla installs each with a slightly modified theme (but no PHP file modifications in the themes - I verified that), and the only mod I have installed is "Hide SMF Version" to help keep hackers who google search version numbers when a bug is discovered from flooding my site. The server is running PHP version 5.4, although I tried reverting the forum folder to 5.3 and that did not solve the issue. One forum is browseable by guests, the other is not. Both require an admin authorized registration in order to post, so they are not open to the public. Neither forum is very high traffic (on average there's only about 12 people active per day, the record high was a whopping 34 people). One forum has 600 members, the other only 70, but the core dumps are consistent on both.

I download one of the core files (26MB) if that might be of use, and I could get more if I just wait a day or two, but I've been deleting them every few days so the accounts don't run out of space.

I have checked the forum error logs, and cannot see errors that coincide with the core dump file creation dates. I have also checked the PHP error logs and there are none. The forum appears to be working fine, and nobody has reported any problems.

What do I do next to try and figure out what is causing these core files?

Arantor

I can tell you exactly what's going on.

Your host has configured things so that SMF's standard method to convert an IP address (1.2.3.4) into a hostname (something.com) is being blocked, and it's causing PHP to be nuked, in a crash form.

Tick the box for 'disable hostname lookups' in the admin panel (you can use the search to find it, just search in the admin panel for hostname)

Jeff the Canadian

Wow, that was a fast reply! Thanks!!
Okay, I have checked that option on both forums. I'll report back in a couple days what the result is, but it certainly makes sense that might be what is going on.
Fingers crossed! :D

Arantor

I'm sure it is, seeing how:
Core was generated by `host -W 1 111.1.36.135'.

And host is the command used in SMF.

Jeff the Canadian

Ah, now that makes sense! I was expecting to see a PHP script path in there and didn't understand why it said "host". But that's the command that was running! Duh. Oh well, I'm not a Linux server admin... although the guy who sent me that was, so you think he could have provided just a bit of insight. His suggestion was to reinstall SMF without any custom templates or mods, and set the PHP version to 5.3.

I had also read a suggestion to add this to the htaccess file for the forum folder:

<IfModule mod_security.c>
# Turn off mod_security filtering.  SMF is a big boy, it doesn't need its hands held.
SecFilterEngine Off

# The below probably isn't needed, but better safe than sorry.
SecFilterScanPOST Off
</IfModule>


Should I remove that, or is it better to leave in there?

Kindred

probably has no effect, present or not... most hosts won't allow you to tun off their "security" with htaccess.

(and if you're not on a linux server, running apache, I don't think htaccess has any effect at all anyway..
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

NanoSector

Quote from: Kindred on September 14, 2014, 01:36:12 PM
probably has no effect, present or not... most hosts won't allow you to tun off their "security" with htaccess.

(and if you're not on a linux server, running apache, I don't think htaccess has any effect at all anyway..
Looking at
gdb httpd -c
httpd is usually associated with apache (httpd = http daemon).

That htaccess can't hurt to leave though. Best case scenario it will turn off mod_security, worst case it will be silently ignored. (if your forum somehow starts spitting 403 errors, (re)move that file before anything else).
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Jeff the Canadian

3 days and no more core dump files. Problem solved!
Thanks!!

Advertisement: