-3

I know there is a way to find php script that send spam from your server, but I have a different issue. I'm having issue with repeating php code that is sending tones of queries to database and I cannot pin point which code does that. I'm not php developer. I would like to somehow get script and code line that is doing this and maybe that way I will be able to reverse check the "repeating" job that is triggering this issue. With mytop I can see that there are tones of queries, nothing else :(

The script is part of wordpress plugin which ain't compromised, maybe buggy.

Sadly the script is running with 100% of resources and blocking access to page.

Va_ni_tas
  • 36
  • 5
  • _"The script is part of wordpress plugin"_ - Just disable the plugin and report it to the developers. We don't know how they are making their queries so it's hard to say how to find the specific lines. – M. Eriksson Feb 15 '22 at 23:04
  • @M.Eriksson not every thing about wordpress is that simple. The plugin is one of the kind, there is no single other plugin that does that that plugin does. Developer is not the best also. Yet, Im forced to use that plugin. Edit: of if you like, the plugin is long dead and bugged and im trying to fix/workaround bugs from it. – Va_ni_tas Feb 16 '22 at 12:00
  • I was able to use php-fpm status page to semi-pinpoint script. I also find out cron manager plugin, and click by one one all cron task that are related to that plugin in question. that way I narrow the issue to single cron task that is trigger every 30minutes and it looks like its not finishing its task in those 30miunt, and start another process.... – Va_ni_tas Feb 16 '22 at 12:33

2 Answers2

1

Here is a possible approach. First of all be aware that this will affect the server performance while you carry out the test, so try do this when you don't expect high volume of traffic.

Instruct MySQL to log all queries.

mysql> SHOW VARIABLES LIKE "general_log%";

It should return something like:

+------------------+----------------------------+
| Variable_name    | Value                      |
+------------------+----------------------------+
| general_log      | OFF                        |
| general_log_file | /var/run/mysqld/mysqld.log |
+------------------+----------------------------+

Now activate the general log

mysql> SET GLOBAL general_log = 'ON';

Find the log in your server (the location might differ from the one in the example) and examine the queries to see what the queries are about so you can identify the plugin that is causing the problem.

Try this out first and if you can't sort it out we can run other test.

When you finish don't forget to turn off the general log:

mysql> SET GLOBAL general_log = 'OFF';
kissumisha
  • 484
  • 4
  • 12
  • I'm using mytop - very handy perl script - and I see find what queries are hitting database, I also know which plugin does it - Im trying to figure out what trigger that behavior. – Va_ni_tas Feb 16 '22 at 11:59
  • 1
    You're going to have to dig into the code then. What kind of queries do you see? what is the script trying to do with the database? – kissumisha Feb 16 '22 at 20:14
  • those are simple select * from table where index = "numbers"; but those query 100k items, so its take time. I pin point that wp-cron trigger it thanks to php-fpm.status_page and mytop. then I narrowed which wp-cron task is triggering it. Now probably the hardest part, debug code that is unfamiliar to me. – Va_ni_tas Feb 16 '22 at 20:51
  • If they're only SELECT I don't see the importance. I mean, don't get me wrong I'm sure they're doing something, but maybe you can either reduce the amount of times that cron is run or even getting rid of it all together. If they're just SELECT statement it should run quite fast, even if it's thousands. Have you tried checking the slow query log? I suspect you may have a another query that is locking the tables. – kissumisha Feb 18 '22 at 02:29
  • slow query looks empty... which is also strange. yes they are quite fast, yet, if you ran 4 of those in pararell, for 100,000 items. it gets a bit slow on server. Looks like there is issue with script and there is no lock/mutex system so it runs again and again even if previously tasks didn't finished. But then again, its a bit important skill to narrow this, I was in upper side because I knew what plugin did trigger this. – Va_ni_tas Feb 18 '22 at 15:45
0

I started with mytop, but end up with something build-in:

mysqladmin -i 1 processlist

Thanks to that I could see how many and what queries are hitting mysql server;

Then I enabled status page for php-fpm:

pm.status_path = /status

Thanks to that I could see what was triggering the hit (in my case it was of course wp-cron.php ) so that was a clue but not the answer.

I wanted to log every php call into file, but realised that would be insane, so next sane thing was use php debugger - XDebug.

I didn't know then that I could use in without IDE and just write that part of code thanks to and and I end up setting IDE (Visual Studio Code) with addon Remote - SSH and PHP Debug. The second one is installed on server side and thanks to that I didn't have to install any XAMP/LAMP server on my machine.

After connecting remotely with VSC I just opened plugin code file, put breakpoint and started to track what code was doing thanks to moving around it with F10 and F11.

That way I end up with loosing many many hours but I was able to find the buggy coded that was spamming my database.

Va_ni_tas
  • 36
  • 5