Server memory attack via: "all-in-one-seo-pack.php on line 115"

  • electroset

    (@electroset)


    10 years ago

    My hosts server crashed last night, and his server logs indicated that my site was responsible. My site was trying to utilise ALL Memory on my server which in turn caused the crash and for 100 sites to be down.

    Here is a direct line from the server logs:
    ALERT – script tried to increase memory_limit to 268435456 bytes which is above the allowed value (attacker ‘158.123.187.172’, file ‘/var/www/vhosts/xxx.com/httpdocs/WordPress/wp-content/plugins/ all-in-one-seo-pack/all-in-one-seo-pack.php on line 115)

    A forum answer suggest; “you can fix this by either commenting out / removing line 115 in that file, or by changing the define on line 61 in that same file to use a lower number for AIOSEOP_BASELINE_MEM_LIMIT

    Example – change line 61 in all_in_one_seo_pack.php to this to default to a 64MB memory limit initially:
    define( ‘AIOSEOP_BASELINE_MEM_LIMIT’, 67108864 ); // 64MB

    What is your feedback on this please?
    I have 30 sites running AIOSEOP – do I need to modify them all?
    My host wont put my site back online until this issue is addressed.
    Thanks for your assistance.

    https://www.ads-software.com/plugins/all-in-one-seo-pack/

Viewing 1 replies (of 1 total)

  • Hi electroset,

    First, the advice you saw in the other forum post is fine. Second, just note that this is not how the memory limit in PHP works; there is no ‘attack’ here. The PHP memory limit merely indicates the largest amount of memory a PHP script is allowed to use, not how much it does, will, or has to use. Also, this is a user setting which can be overridden by the PHP server configuration, your host is not required to respect this directive at all. Finally, note that you can set a value for this under All in One SEO -> Performance, though I don’t know how your host would expect you to change this value without putting your site back online.

Viewing 1 replies (of 1 total)
  • The topic ‘Server memory attack via: "all-in-one-seo-pack.php on line 115"’ is closed to new replies.