SitePoint Sponsor

User Tag List

Results 1 to 21 of 21

Thread: Mysql overload

  1. #1
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Mysql overload

    I have heard about a security issue regarding to database is mysql overload.
    Does it mean it INSERTS same data quickly and flooding database?
    How can I prevent mysql overloading by coding in a script?

  2. #2
    SitePoint Evangelist
    Join Date
    Aug 2007
    Posts
    566
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  3. #3
    reads the ********* Crier silver trophybronze trophy longneck's Avatar
    Join Date
    Feb 2004
    Location
    Tampa, FL (US)
    Posts
    9,854
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by coolR View Post
    I have heard about a security issue regarding to database is mysql overload.
    where did you hear this? i've never heard of this before.
    Check out our new Industry News forum!
    Keep up-to-date with the latest SP news in the Community Crier

    I edit the SitePoint Podcast

  4. #4
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question

    Quote Originally Posted by longneck View Post
    where did you hear this? i've never heard of this before.
    Here
    http://www.google.com/search?client=...utf-8&oe=utf-8

    Some webamasters are claiming that they can overload database which will close the server. Is it false?


    p.s i am really surprised to see the power of SEO of SP.

  5. #5
    reads the ********* Crier silver trophybronze trophy longneck's Avatar
    Join Date
    Feb 2004
    Location
    Tampa, FL (US)
    Posts
    9,854
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    i think you're blowing things out of proportion here.

    if you take ANY service and throw enough users at it, you will eventually overload the server to the point where it can no longer meaningfully process requests. even large companies google, yahoo, microsoft, amazon, akamai, etc., can not be immune to this problem.

    however, i would not consider this a "security" problem.
    Check out our new Industry News forum!
    Keep up-to-date with the latest SP news in the Community Crier

    I edit the SitePoint Podcast

  6. #6
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Look at this
    Profile viewed: 272214 times
    Unread PMs: 21258, 0From You
    PMs IN: 21269 - OUT: 9
    the profile viewed is being done by UPDATing a mysql row
    and the pm is being sent by INSERTing
    all these UPDATE and INSERTing are being done withing 3060 minutes.
    A user is doing ddos attack by overloading mysql and creating high BW. How can I stop this?

  7. #7
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    put a limit on how many PM's a person can receive? put a limit on how many PM's a person can send? log your traffic and flag and ban anyone abusing the service...such as one person viewing your profile 250k times. this isn't really a mysql issue as it is a spam prevention issue, which would be fixed on your scripting language on your server.

  8. #8
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by XtrEM3 View Post
    put a limit on how many PM's a person can receive? put a limit on how many PM's a person can send? log your traffic and flag and ban anyone abusing the service...such as one person viewing your profile 250k times. this isn't really a mysql issue as it is a spam prevention issue, which would be fixed on your scripting language on your server.
    I have already a PM antiflood function which checks the time diffrence between two pms sent by same user if the time different is less then the antiflood time it does not allow to insert new pm in the database. But believe it or not it can not prevent in this type of mysql overload.

    There are also system of post in froums post in chats where this attacker can apply same overloading which are protected by anti flood functions.

    So any new ideas?

    How can this type of overloading be done? If it will be disscussed in details here I think it will be easy for me to protect it.

  9. #9
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well from the information provided, it seems pretty clear that your anti-flood functions aren't tight enough. anti-flood scripts are put in place to prevent this your server from overloading. your server is overloading so the anti-flood scripts aren't working. either that, or there is another issue causing this to happen.

  10. #10
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK if that then here is the code

    ////////////////////////////////////////////PM antiflood time

    function getpmaf()
    {
    $getdata = mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='pmaf'"));
    return $getdata[0];//////////////// value=30
    }





    if($action=="sendpm")
    {
    echo "<card id=\"main\" title=\"Inbox\">";
    echo "<p align=\"center\">";
    $whonick = getnick_uid($who);
    $byuid = getuid_sid($sid);
    $tm = time();
    $lastpm = mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM ibwf_private WHERE byuid='".$byuid."'"));
    $pmfl = $lastpm[0]+getpmaf();////////pm antiflood function
    if($byuid==1)$pmfl=0;
    if($pmfl<$tm)
    {
    if(!isblocked($pmtext,$byuid))
    {
    if((!isignored($byuid, $who))&&(!istrashed($byuid)))
    {
    $res = mysql_query("INSERT INTO ibwf_private SET text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
    }else{
    $res = true;
    }
    if($res)
    {

    echo "<img src=\"images/ok.gif\" alt=\"O\"/>";
    echo "PM was sent successfully to $whonick<br/><br/>";
    echo parsepm($pmtext, $sid);

    }else{
    echo "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo "Can't Send PM to $whonick<br/><br/>";
    }
    }else{
    $bantime = time() + (7*24*60*60);
    echo "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo "Can't Send PM to $whonick<br/><br/>";
    echo "You just sent a link to one of the crapiest sites on earth<br/> The members of these sites spam here a lot, so go to that site and stay there if you don't like it here<br/> as a result of your stupid actionbr/>1. you have lost your sheild<br/>2. you have lost all your plusses<br/>3. You are BANNED!";
    mysql_query("INSERT INTO ibwf_penalties SET uid='".$byuid."', penalty='1', exid='1', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming for a crap site'");
    mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".$byuid."'");
    mysql_query("INSERT INTO ibwf_private SET text='".$pmtext."', byuid='".$byuid."', touid='2', timesent='".$tm."'");
    }
    }else{
    $rema = $pmfl - $tm;
    echo "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo "Flood control: $rema Seconds<br/><br/>";
    }
    echo "<br/><br/><a href=\"inbox.php?action=main&amp;sid=$sid\">Back to inbox</a><br/>";
    echo "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
    echo "Home</a>";
    echo "</p>";
    echo "</card>";
    }
    I dont think the anti-flood function is inactive here. But its definately overloading the mysql server by INSERTing and UPDATing database. What can be the other issues?

  11. #11
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    reposting so it's color-coded:

    PHP Code:
    ////////////////////////////////////////////PM antiflood time

    function getpmaf()
    {
    $getdata mysql_fetch_array(mysql_query("SELECT value FROM ibwf_settings WHERE name='pmaf'"));
    return 
    $getdata[0];//////////////// value=30
    }





    if(
    $action=="sendpm")
    {
    echo 
    "<card id=\"main\" title=\"Inbox\">";
    echo 
    "<p align=\"center\">";
    $whonick getnick_uid($who);
    $byuid getuid_sid($sid);
    $tm time();
    $lastpm mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM ibwf_private WHERE byuid='".$byuid."'"));
    $pmfl $lastpm[0]+getpmaf();////////pm antiflood function
    if($byuid==1)$pmfl=0;
    if(
    $pmfl<$tm)
    {
    if(!
    isblocked($pmtext,$byuid))
    {
    if((!
    isignored($byuid$who))&&(!istrashed($byuid)))
    {
    $res mysql_query("INSERT INTO ibwf_private SET text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
    }else{
    $res true;
    }
    if(
    $res)
    {

    echo 
    "<img src=\"images/ok.gif\" alt=\"O\"/>";
    echo 
    "PM was sent successfully to $whonick<br/><br/>";
    echo 
    parsepm($pmtext$sid);

    }else{
    echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo 
    "Can't Send PM to $whonick<br/><br/>";
    }
    }else{
    $bantime time() + (7*24*60*60);
    echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo 
    "Can't Send PM to $whonick<br/><br/>";
    echo 
    "You just sent a link to one of the crapiest sites on earth<br/> The members of these sites spam here a lot, so go to that site and stay there if you don't like it here<br/> as a result of your stupid actionbr/>1. you have lost your sheild<br/>2. you have lost all your plusses<br/>3. You are BANNED!";
    mysql_query("INSERT INTO ibwf_penalties SET uid='".$byuid."', penalty='1', exid='1', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming for a crap site'");
    mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".$byuid."'");
    mysql_query("INSERT INTO ibwf_private SET text='".$pmtext."', byuid='".$byuid."', touid='2', timesent='".$tm."'");
    }
    }else{
    $rema $pmfl $tm;
    echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
    echo 
    "Flood control: $rema Seconds<br/><br/>";
    }
    echo 
    "<br/><br/><a href=\"inbox.php?action=main&amp;sid=$sid\">Back to inbox</a><br/>";
    echo 
    "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
    echo 
    "Home</a>";
    echo 
    "</p>";
    echo 
    "</card>";


  12. #12
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok so a user can send a PM every 30 seconds. how on earth did you get 250k PMs? if one user sent that, it took them at least 3.14 months. and even if they did go through all that trouble, 3 or 4 requests every 30 seconds won't bring any server down.

    so your problem may be someone is bulk attacking you with page views. the best solution i see to this is caching.

    do you have traffic logs on your server? take a look at these and see if there are times when you have a huge spike in the number of visitors you have. this would be a good indication that someone is trying to attack your server.

  13. #13
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes I use cpanel11 x3
    Pages-URL (Top 25) - Full list - Entry - Exit
    52 different pages-url Viewed Average size Entry Exit
    /inbxproc.php 5289626 723 Bytes 167 323
    /index.php 537568 3.09 KB 1289 3300
    /inbox.php 61708 1.93 KB 2 67 525
    index( where the profile viewer code is located)
    inbox( where the user gets pm sending input box)
    inbxproc(where the pm antiflood controls and all pm precessing occur)

    look at some records from the database too. It shows definately the pm antiflood function is not working.

    table of ibwf_private
    timesent


    1227539283
    1227539311
    1227539314
    1227539342
    1227539345
    1227539345
    1227539424
    1227539425
    1227539455
    1227539456
    1227539486
    1227539487
    1227539518
    1227539518
    1227539518
    1227539518
    1227539549
    1227539549
    1227539549
    1227539551
    1227539551
    1227539551
    1227539580
    1227539580
    1227539580
    1227539582
    1227539611
    1227539611
    1227539611
    1227539611
    So how can I protect?

  14. #14
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    do some debugging. echo out your variable values as you go through your code and make sure the variables coming out are what you expect.

    also, are you escaping these variables you're using in your SQL queries? i don't see where you've defined variables such as $pmtext and $byuid, but if you're not escaping these variables you may be suffering from SQL Injection.

  15. #15
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I do use
    $pmtext = mysql_real_escape_string($_POST["pmtext"]);
    $byuid = getuid_sid($sid);
    byuid is being generated from session id



  16. #16
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    that should be fine, but you may find a bunch of extra slashes in your data escaping quotes...if you do you might wanna do stripslashes() on the data before you do mysql_real_escape_string:

    PHP Code:
    $pmtext mysql_real_escape_string(stripslashes($_POST['pmtext']); 
    the next place i would look is to see if there are any other ways a user can access the PM table. they might have found a loophole in one of your scripts that gives them access to send messages without this flood filter.

  17. #17
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have secured the script from the XSS and sql injection attack but I dont know how to proetect it from mysql overloading where there is an active antiflood function. Thats why I had to create this topic

  18. #18
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think
    mysql_real_escape_string() removes all slashes.

    anyway codes are
    inbox.php
    PHP Code:
    if($action=="sendpm")
    {
      
    addonline(getuid_sid($sid),"Sending PM","");
      echo 
    "<card id=\"main\" title=\"Inbox\">";
      echo 
    "<p align=\"center\">";
      
    $whonick getnick_uid($who);
      echo 
    "Send PM to $whonick<br/><br/>";
      echo 
    "<input name=\"pmtext\" maxlength=\"500\"/><br/>";
      echo 
    "<anchor>SEND<go href=\"inbxproc.php?action=sendpm&amp;who=$who&amp;sid=$sid\" method=\"post\">";
      echo 
    "<postfield name=\"pmtext\" value=\"$(pmtext)\"/>";
      echo 
    "</go></anchor><br/><br/>";
      echo 
    "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
    echo 
    "Home</a>";
      echo 
    "</p>";
        echo 
    "</card>";

    }
    else if(
    $action=="sendto")
    {
      
    addonline(getuid_sid($sid),"Sending PM","");
      echo 
    "<card id=\"main\" title=\"Inbox\">";
      echo 
    "<p align=\"center\">";
      
    $whonick getnick_uid($who);
      echo 
    "Send PM to:<br/><br/>";
      echo 
    "User: <input name=\"who\" format=\"*x\" maxlength=\"15\"/><br/>";
      echo 
    "Text: <input name=\"pmtext\" maxlength=\"500\"/><br/>";
      echo 
    "<anchor>SEND<go href=\"inbxproc.php?action=sendto&amp;sid=$sid\" method=\"post\">";
      echo 
    "<postfield name=\"pmtext\" value=\"$(pmtext)\"/>";
      echo 
    "<postfield name=\"pmtou\" value=\"$(who)\"/>";
      echo 
    "</go></anchor><br/><br/>";
      echo 
    "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
    echo 
    "Home</a>";
      echo 
    "</p>";
        echo 
    "</card>";


    inbxproc.php
    PHP Code:
    else if($action=="sendto")
    {
      echo 
    "<card id=\"main\" title=\"Inbox\">";
      echo 
    "<p align=\"center\">";
      
    $pmtou mysql_real_escape_string($_POST["pmtou"]);
      
    $who getuid_nick($pmtou);
        if(
    $who==0)
        {
          echo 
    "<img src=\"images/notok.gif\" alt=\"x\"/>User Does Not exist<br/>";
        }else{
    $whonick getnick_uid($who);
      
    $byuid getuid_sid($sid);
      
    $tm time();
      
    $lastpm mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM nd4601_private WHERE byuid='".$byuid."'"));
      
    $pmfl $lastpm[0]+getpmaf();
      if(
    $pmfl<$tm)
      {
        if(!
    isblocked($pmtext,$byuid))
        {
        if((!
    isignored($byuid$who))&&(!istrashed($byuid)))
        {
      
    $res mysql_query("INSERT INTO nd4601_private SET text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
      }else{
        
    $res true;
      }
      if(
    $res)
      {
        echo 
    "<img src=\"images/ok.gif\" alt=\"O\"/>";
        echo 
    "PM was sent successfully to $whonick<br/><br/>";
        echo 
    parsepm($pmtext$sid);

      }else{
        echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
        echo 
    "Can't Send PM to $whonick<br/><br/>";
      }
      }else{
      
    $bantime time() + (2);
        echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
        echo 
    "Can't Send PM to $whonick<br/><br/>";
          echo 
    "Plz Don't Not Spam here.Write Your Text Properly And Send it to Your Friend!<br/>Other Wise U will be <b>Banned</b>!!<br/>";

            
    $user getnick_sid($sid);
        
    mysql_query("INSERT INTO nd4601_mlog SET action='autoban', details='<b>".getnick_uid(1)."</b> auto banned $user for spamming inbox', actdt='".time()."'"); 
       
    mysql_query("INSERT INTO nd4601_penalties SET uid='".$byuid."', penalty='1', exid='2', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming for a crap site'");
       
         
    mysql_query("INSERT INTO nd4601_private SET text='".$pmtext."', byuid='".$byuid."', touid='1', timesent='".$tm."', reported='1'");
      }
      }else{
        
    $rema $pmfl $tm;
        echo 
    "<img src=\"images/notok.gif\" alt=\"X\"/>";
        echo 
    "Flood control: $rema Seconds<br/><br/>";
      }

        }
     
      echo 
    "<br/><br/><a href=\"inbox.php?action=main&amp;sid=$sid\">Back to inbox</a><br/>";
      echo 
    "<a href=\"index.php?action=main&amp;sid=$sid\"><img src=\"images/home.gif\" alt=\"*\"/>";
    echo 
    "Home</a>";
      echo 
    "</p>";
        echo 
    "</card>";






    html version
    inbox.php
    PHP Code:
    if($action=="sendpm")
    {
      
    addonline(getuid_sid($sid),"Sending Inbox","inbox.php?action=main");
          echo 
    "<head>";
          echo 
    "<title>Inbox</title>";
          echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
          echo 
    "</head>";
          echo 
    "<body>";
      echo 
    "<p align=\"center\">";
      
    $whonick getnick_uid($who);
      echo 
    "Send Inbox to $whonick<br/><br/>";
      echo 
    "<form action=\"inbxproc.php?action=sendpm&amp;who=$who&amp;sid=$sid\" method=\"post\">";
      echo 
    "<input name=\"pmtext\" maxlength=\"500\"/><br/>";
      echo 
    "<input type=\"Submit\" name=\"send\" value=\"Send\"></form>";
      echo 
    "<br/><br/>";
      echo 
    "<br/><b>6 </b><a accesskey=\"6\" href=\"inbox.php?action=main&amp;sid=$sid\">Inbox</a><br/>";
      echo 
    "<b>7 </b><a accesskey=\"7\" href=\"lists.php?action=buds&amp;sid=$sid\">BuddyList</a><br/>";
      echo 
    "<b>8 </b><a accesskey=\"8\" href=\"index.php?action=chat&amp;sid=$sid\">Chat</a><br/>";
      echo 
    forumlink($sid,9);
      echo 
    "<b>0 </b><a accesskey=\"0\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
      echo 
    "</p>";
        echo 
    "</body>";

    }
    else if(
    $action=="sendto")
    {
      
    addonline(getuid_sid($sid),"Sending Inbox","inbox.php?action=$action");
      echo 
    "<head>";
      echo 
    "<title>Send Inbox</title>";
      echo 
    "<link rel=\"stylesheet\" type=\"text/css\" href=\"../themes/$theme[0]\">";
      echo 
    "</head>";
      echo 
    "<body>";
      echo 
    "<p align=\"center\">";
      
    $whonick getnick_uid($who);
      echo 
    "Send Inbox to:<br/><br/>";
      echo 
    "<form action=\"inbxproc.php?action=sendto&amp;sid=$sid\" method=\"post\">";
      echo 
    "User: <input name=\"who\" format=\"*x\" maxlength=\"15\"/><br/>";
      echo 
    "Text: <input name=\"pmtext\" maxlength=\"500\"/><br/>";
      echo 
    "<input type=\"Submit\" name=\"send\" value=\"Send\"></form>";
      echo 
    "<br/><br/>";
      echo 
    "<br/><b>6 </b><a accesskey=\"6\" href=\"inbox.php?action=main&amp;sid=$sid\">Inbox</a><br/>";
      echo 
    "<b>7 </b><a accesskey=\"7\" href=\"lists.php?action=buds&amp;sid=$sid\">BuddyList</a><br/>";
      echo 
    "<b>8 </b><a accesskey=\"8\" href=\"index.php?action=chat&amp;sid=$sid\">Chat</a><br/>";
      echo 
    forumlink($sid,9);
      echo 
    "<b>0 </b><a accesskey=\"0\" href=\"index.php?action=main&amp;sid=$sid\"><img src=\"../images/home.gif\" alt=\"\"/>Home</a>";
      echo 
    "</p>";
        echo 
    "</body>";



  19. #19
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Plano
    Posts
    643
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    mysql_real_escape_string adds slashes.

    I have secured the script from the XSS and sql injection attack but I dont how to proetect it from mysql overloading where there is an active antiflood function. Thats why I had to create this topic
    i understand that, but mysql overloading is not, in itself, a security issue. no one is going to find a mysql overload exploit in your site. your database is being bogged down by more requests than it can handle. these requests originate from your PHP code. so something in your PHP code is allowing someone to brute force attack your server. so the problem we're looking for is a excerpt of code that will allow someone to bypass the anti-flood filter.

    is there a specific use that is sending all the PM's? you showed the timestamps of a bunch of PM's sent in succession, but is it the same user id that's sending them all? if it is, check this user's IP, pull up your server logs and see when and what files they tried to load.

    the answer is right in front of you, you just have to find it.

    edit: i'm going home for the day so hopefully someone can pick up helping where i left off. good luck to you.

  20. #20
    SitePoint Zealot
    Join Date
    Jun 2008
    Posts
    192
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks XtrEM3 nice trying ,


    but mysql overloading is not, in itself, a security issue. no one is going to find a mysql overload exploit in your site. your database is being bogged down by more requests than it can handle
    but problem still exists as we failed to find out HOW IT OVERCOMES THE ANTI_FLOOD FUNCTION
    mysql overloading is problem here because creates 10000+ records within 1-3 hours.
    Code:
                                  id        byuid   touid  timesent 
     	 	 	108015	3482	3173	1227373132
     	 	 	108013	3482	3173	1227373120
     	 	 	108012	3483	3173	1227373119
     	 	 	108011	3482	3173	1227373109
     	 	 	108010	3483	3173	1227373108
     	 	 	108008	3482	3173	1227373098
     	 	 	108007	3483	3173	1227373097
     	 	 	104175	3483	3173	1227360600
     	 	 	110582	3483	3173	1227382279
     	 	 	110583	3482	3173	1227382282
     	 	 	110585	3483	3173	1227382290
     	 	 	110586	3482	3173	1227382293
     	 	 	110580	3482	3173	1227382271
     	 	 	102146	3483	3173	1227354378
     	 	 	102147	3482	3173	1227354378
     	 	 	102142	3483	3173	1227354329
     	 	 	102143	3482	3173	1227354333
     	 	 	102133	3482	3173	1227354297
     	 	 	102134	3483	3173	1227354299
     	 	 	102136	3482	3173	1227354308
     	 	 	102137	3483	3173	1227354310
     	 	 	102138	3483	3173	1227354310
     	 	 	102139	3482	3173	1227354322
     	 	 	102124	3483	3173	1227354276
     	 	 	102127	3482	3173	1227354286
     	 	 	102128	3483	3173	1227354288
     	 	 	102129	3483	3173	1227354288
     	 	 	102130	3483	3173	1227354288
     	 	 	102131	3483	3173	1227354288
     	 	 	108005	3483	3173	1227373039

  21. #21
    SitePoint Guru
    Join Date
    Jun 2006
    Posts
    638
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by coolR View Post
    Look at this

    the profile viewed is being done by UPDATing a mysql row
    Profile viewed: 272,214 times in 3,060min -> 183,600 sec = 1 update every 0.674 sec

    If that is overloading your MYSQL, then these are a few things you can do:

    #1 Check your tables, they are probably wrong. (updating a big table's index?)
    #2 Check your server config, (in a db with 1mill records, my updates take 0.0025 sec or less, on a really slow machine)
    #3 Check your selects (your probably selecting and updating the same server in the same time, so they are waiting on each other), might want to set a master/slave setup or something.
    #4 cache your selects that don't change much (use memcached or something)
    #5 cache your updates in some que, if something updates to much, to fast, cache that counter and update it every 30 sec or something (set X = X + counter, instead of set X = X + 1)

    But, of you just add some caching, you should be ok untill you get 50 times the traffic you get no.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •