Wrong RSS feed URL kills the server

  • Resolved mmihelic

    (@mmihelic)


    10 years, 1 month ago

    Hi!

    Today our WP server with a network setup of 2500+ sites was very unresponsive. We found out that a user used a wrog URL in an RSS widget. They used https://example.com/category/foo instead of https://example.com/category/foo/feed.
    This caused the server to call itself via a misconfigured feed. Apache workers were spun up, all cores were used, system load went over 500 and the number of sql connections went up.

    This has happened a few times now. Is there a way to protect against this?

    Kind regards,
    mmihelic

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Was this calling an RSS feed from another site on the network? If so, this is a terrible idea. It crashed because you created a recursive loop on your site.

    The fix is don’t call links like that between sites.

    Are you trying to show posts from one site on another?

    Thread Starter mmihelic

    (@mmihelic)

    Thank you for your answer Mika. Please see the following text for my answers.

    Was this calling an RSS feed from another site on the network?

    The user put an RSS widget into the footer to show latest posts. Please do not ask me why they did it. I do not know ??

    If so, this is a terrible idea.

    I agree.

    It crashed because you created a recursive loop on your site.

    Yes, the user’s action caused a recursive loop. I wrote something along those lines in my initial post.

    The fix is don’t call links like that between sites.

    Unfortunately this is not up to me. Our network has about 3000 users on it and well, as you can imagine, there is much potential for error in such a large number.

    Are you trying to show posts from one site on another?

    I suppose the user wanted to show the latest posts from their site. Why they did not use a widget that does that, they used the RSS widget instead. Why I do not know ??

    The question still remains, is there a way to protect against this?

    Kind regards,
    mmihelic

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Not really, no. Unless you wrote some code to just remove that RSS widget, or to have it check if it was running from the same domain and, if so, to error out.

    Thread Starter mmihelic

    (@mmihelic)

    Not really, no. Unless you wrote some code to just remove that RSS widget, or to have it check if it was running from the same domain and, if so, to error out.

    I was afraid you’d say that.
    Thank you for the confirmation.

    Kind regards,
    mmihelic

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wrong RSS feed URL kills the server’ is closed to new replies.