The site is very slow...

[Piru]

Well it is quite evident the problem is not in amiga.org but somewhere else.

[Piru]

I've identified what may be the cause of most of the 500 errors. It's an old bug, originally reported by Piru:

http://www.amiga.org/forums/project.php?issueid=62

This is the fault of a 3rd party module that the site is which uses a vBulletin "hook" (injects some code) that thanks to a lack of sanity checking fails fatally on evaluation, causing the 500 error.

Ouch. This is ringing the "gaping security hole" alarm... I hope that user input isn't part of the injected code in any way... indeed eval() must die.

Disabling the module is not an option for now, I've added a quick work-around (injects the required sanity checks into the hook - lol, injecting the injected code...)

Duct tape to the rescue :-)

PS. I did get the 500 error once maybe an hour ago. Also the site seems to run a bit slow but only intermittently.

[Piru]

Eeewww, so you are actually running a string replace on the actual vbulletin code that is suspect, why not just fix it at the source then patching it at run time?

Did you read the post?

[Piru]

@Karlos

There's ton of AJAX request being sent by a.org when you're not logged in: two per second, and they're all 404. Can't be good.

Code: [Select]

http://www.amiga.org/ajax.php?do=createad&adcode=header&setting=header&securitytoken=guest
http://www.amiga.org/ajax.php?do=createad&adcode=footer&setting=footer&securitytoken=guest

POSTDATA:
undefined&securitytoken=guest&s=


[Piru]

Forbidden

You don't have permission to access /forums/newreply.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://www.amiga.org Port 80

Mon Jun 27 15:15:10 EEST 2011

---

Warning: chdir() [function.chdir]: Permission denied (errno 13) in /home/amiga84/public_html/index.php on line 35

Warning: require_once(./includes/vba_cmps_include_template.php) [function.require-once]: failed to open stream: No such file or directory in /home/amiga84/public_html/index.php on line 43

Fatal error: require_once() [function.require]: Failed opening required './includes/vba_cmps_include_template.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/amiga84/public_html/index.php on line 43

Mon Jun 27 15:17:14 EEST 2011

[Piru]

How many of you are following links in from the "top stats" thing at the bottom of the home page?

I'm not.

[Piru]

Silly question time.

Yes that is silly.

Is it actually legal to change the coding as Karlos has done? :confused:

No, but now I'm intrigued: What makes you think it would not be?