php individual tmp sessions not deleted

Discussion in 'Installation/Configuration' started by asticot, Dec 11, 2009.

  1. Hbod

    Hbod Member

    Ok, since Talemans script made the server finally useable again, I can also update. Thanks for the reply and help everybody.
     
  2. zyzzza

    zyzzza New Member

    Hi,
    Will it fix the flooded tmp folders ? I'm supporting like 12 vps'es with 450 clients and 600-700 sites alltogether. Will it be cleaned after update as well ?
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes
     
  4. zyzzza

    zyzzza New Member

    Great, thanks for info !

    Just two more questions :
    1. When this gonna be implemented in normal STABLE release ?
    2. If i update to GIT-STABLE can i get back to STABLE later on ?

    thanks
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    See my comments above, it is implemented in stable-3.1 branch, which is the stable rolling release of ISPConfig.

    Yes, you can always update to the next stable release when it gets tagged.
     
  6. budgierless

    budgierless Member HowtoForge Supporter

    I have the lastest version of ISP 3.2 installed but I still have this huge tmp sessions file issue, please advise.
     
  7. budgierless

    budgierless Member HowtoForge Supporter

    Just to be safe, can you explan the steps you used to install this script?
     
  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This loops through all tmp folders for the websites that belong to that client (client1) (e.g. web1/tmp, web4/tmp), finds files older than 7 days, and deletes them.
     
  9. budgierless

    budgierless Member HowtoForge Supporter

    thanks, and how do i do the cron for this?
     
  10. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    When using ISPConfig 3.2.4, the cleanup is done automatically. Are both ISPConfig cronjobs enabled?
     
  11. budgierless

    budgierless Member HowtoForge Supporter

    i installed 3.2.4 last week, s but have not touched any configs, only checked that my custom dns templete was still intact.
    how to I check that the two crons are enabled?
     
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Look at your crontab:
    Code:
    crontab -e
     
  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I did not install the script to cron. I ran it once, or maybe another time later, until I could upgrade to 3.2 version of ISPConfig.
    The lingering session files issue is definitely fixed in ISPConfig 3.2, so if you updated yesterday and the files did not get cleared overnight something is wrong. I believe there is even a backport to ISPConfig 3.1, if upgrading really is impossible.
     
  14. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    If you updated yesterday, check back tomorrow. The script is run once every 24h.
     
  15. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    The cleanup ISPConfig runs at midnight and removes files named 'sess_*' from website 'tmp' directories - what are sample filenames/paths you're seeing?
     
  16. budgierless

    budgierless Member HowtoForge Supporter

    Yes cron is working, and checked the logs in panel, so thats is not where issue is.

    It was too large so i could not get a reading because of timeout, but I had to cd to tmp folder then used
    Code:
     find . -name '*' | xargs rm
    in-order to clear files, maybe it was a ddos attack or something, i will monitor the sess_ files which is currently 5000+ and see if it clears at midnight.
     
  17. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    If you just removed all of those and already have 5000 more, something unusual (for any non-huge site) is going on. Might check your logs for php requests, and and see what processes are running.
     
  18. budgierless

    budgierless Member HowtoForge Supporter

    No it is a mid size media site so i do get alot of visits, but the sessions that i removed most have been afew days worth of build up, but lets wait and see what happend at midnight, thanks for help so far.
     
    Last edited: May 24, 2021
  19. One thing that currently annoys me is that the more sophisticated script kiddies have figured out how to inject 'fake' sessions on many of those */tmp/ directories — I'm almost certain that they're exploiting some kind of WordPress vulnerability that remains unpatched. These scripts are actually reasonably dangerous (i.e. some have originated, more than a decade ago, on military cyber warfare units — these days, they are all over GitHub and other free repositories, since they're considered obsolete...), but, of course, placing them inside tmp make them perfectly harmless unless one has made a very serious configuration mistake on the web server configuration, since, by default, nothing can be run/viewed/loaded from tmp.

    It's still annoying because it seems to be reasonably simple to create those fake session files, and so a regular cleanup is required — note that some of these do not start with sess* so they aren't caught by the ISPConfig cron jobs. Instead, they start with things like php* or pose themselves as image thumbnails, whatever.
     
  20. budgierless

    budgierless Member HowtoForge Supporter

    auto clean up is Not working!! is this any advice, Cron is running but seems to not to its job for removing sess_ files, are there some config or dependencies i need to check?
     

Share This Page