suhosin and vbulletin
Posted by jon-f, 07-14-2007, 04:40 AM I have the max vars and all that set right to conform to vbulletin, Only problem is now I keep getting this in /var/log/messages suhosin[8569]: ALERT - script tried to increase memory_limit to 4294967295 bytes which is above the allowed value (attacker '*******', file '/home/user/public_html/includes/class_xml.php', line 35) The line its pertaining to is @ini_set('memory_limit', -1); I'm pretty sure its not blocking anything, least nothing I see but it does this everytime someone accesses particular pages on a forum. My memory_limit for php is 60 mb, I checked out different ways of configuring it, but the only thing I think would stop the alerts is setting the suhosin memory limit to 4 gb, as it says the script is calling for that. But I suppose if there was a crappy or malicious php script they would easily be able to ini-set and suck all the memory. So basically what i want to do is just disable this alert as its filling the messages up. Has anyone dealt with this before?
Posted by AttackerNET, 07-14-2007, 11:31 PM Add this to php.ini, in the suhosin section: suhosin.request.max_vars = 2048 suhosin.post.max_vars = 2048 and it should resolve your problem
Posted by Steven, 07-15-2007, 03:12 AM Hrmm. No... There is a reason its called *.max_vars.. and its not memory related.
Posted by AttackerNET, 07-15-2007, 09:56 AM To the OP: Try what I suggested above, also add: suhosin.memory_limit = 20 and modify it as you see to fit your needs. Steven: thanks for the comment...I faced the same issue before with a customer and I resolved it as I said, if you have something useful that may help the OP let him know. Thanks
Posted by Mixhost, 07-15-2007, 01:25 PM i have the self problem, i have deactivated the fu** suhosin.... Now runs the VB fastly
Posted by jon-f, 07-15-2007, 04:52 PM dude, I appreciate the help but you didnt read my thread. I already have all max_vars set, Dont matter what the memory limit is suhosin thinks the script is trying to raise the limit to 4 gb, So unless you set the memory limit to 4 gb you will still get the warning. I think its a bug, Someone asked about this on their forum and got a vague answer about not blocking people for filter violations. So I think php 5.2.3 will be fine without it for now.
Posted by Steven, 07-16-2007, 12:36 AM If you resolved it like that you got lucky by just trying random variables (which is weak if you call yourself an admin), because those variables are unrelated. I already talked to the OP off the board thank you. Another thing 'suhosin.memory_limit' will be useless as all that is, is a 'hard limit' that suhosin will use. Setting this value too high will leave the server susceptible to memory leaks/attack. This is not the solution the OP is looking for. Last edited by Steven; 07-16-2007 at 12:41 AM.