Today I found the following in /var/log/user.log:
xxx xx xx:xx:xx xxxxxx suhosin[21100]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 'xxx.xxx.xxx.xxx', file '/var/www/vhosts/xxxxxx/httpdocs/wp-admin/admin.php', line 109)
Line 109 in admin.php contains the following:
@ini_set( 'memory_limit', apply_filters( 'admin_memory_limit', WP_MAX_MEMORY_LIMIT ) );
I am the "attacker" (it's my IP address shown in the alert). The error seems to occur regularly when I'm open the Dashboard.
My memory limit in PHP is set to 128MB:
# grep memory_limit /etc/php5/apache2/php.ini
memory_limit = 128M
The memory limit set by Wordpress (WP_MAX_MEMORY_LIMIT) is define in wp-includes/default-constants.php:
# grep -R WP_MAX_MEMORY_LIMIT *
...
wp-includes/default-constants.php: define( 'WP_MAX_MEMORY_LIMIT', '256M' );
...
And it is too high since the limit set in PHP is only half this.
Since default-constants.php, only sets WP_MAX_MEMORY_LIMIT is not set in wp-config.php:
You can just add the following to your wp-config.php:
define('WP_MAX_MEMORY_LIMIT', '128M');
And now I do not see this error message in user.log when opening the Dashboard.
Note: Of course you could also increase the PHP limit to 256M instead of 128M. But I didn't want to do it since we have many things running with PHP and I wanted to use the fix with the least impact on our server.
xxx xx xx:xx:xx xxxxxx suhosin[21100]: ALERT - script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker 'xxx.xxx.xxx.xxx', file '/var/www/vhosts/xxxxxx/httpdocs/wp-admin/admin.php', line 109)
Line 109 in admin.php contains the following:
@ini_set( 'memory_limit', apply_filters( 'admin_memory_limit', WP_MAX_MEMORY_LIMIT ) );
I am the "attacker" (it's my IP address shown in the alert). The error seems to occur regularly when I'm open the Dashboard.
My memory limit in PHP is set to 128MB:
# grep memory_limit /etc/php5/apache2/php.ini
memory_limit = 128M
The memory limit set by Wordpress (WP_MAX_MEMORY_LIMIT) is define in wp-includes/default-constants.php:
# grep -R WP_MAX_MEMORY_LIMIT *
...
wp-includes/default-constants.php: define( 'WP_MAX_MEMORY_LIMIT', '256M' );
...
And it is too high since the limit set in PHP is only half this.
Since default-constants.php, only sets WP_MAX_MEMORY_LIMIT is not set in wp-config.php:
if ( ! defined( 'WP_MAX_MEMORY_LIMIT' ) ) {
define( 'WP_MAX_MEMORY_LIMIT', '128M' );
}
define('WP_MAX_MEMORY_LIMIT', '128M');
And now I do not see this error message in user.log when opening the Dashboard.
If you cannot see your Dashboard anymore, it probably means the value you've set for WP_MAX_MEMORY_LIMIT is too low (this happened when I first set it to 32M).
Note: Of course you could also increase the PHP limit to 256M instead of 128M. But I didn't want to do it since we have many things running with PHP and I wanted to use the fix with the least impact on our server.
No comments:
Post a Comment