I know there is a way to find php script that send spam from your server, but I have a different issue. I’m having issue with repeating php code that is sending tones of queries to database and I cannot pin point which code does that.
I’m not php developer.
I would like to somehow get script and code line that is doing this and maybe that way I will be able to reverse check the "repeating" job that is triggering this issue.
With mytop I can see that there are tones of queries, nothing else 🙁
The script is part of wordpress plugin which ain’t compromised, maybe buggy.
Sadly the script is running with 100% of resources and blocking access to page.
2
Answers
I started with mytop, but end up with something build-in:
Thanks to that I could see how many and what queries are hitting mysql server;
Then I enabled status page for php-fpm:
Thanks to that I could see what was triggering the hit (in my case it was of course wp-cron.php ) so that was a clue but not the answer.
I wanted to log every php call into file, but realised that would be insane, so next sane thing was use php debugger - XDebug.
I didn't know then that I could use in without IDE and just write that part of code thanks to and and I end up setting IDE (Visual Studio Code) with addon
Remote - SSH
andPHP Debug
. The second one is installed on server side and thanks to that I didn't have to install any XAMP/LAMP server on my machine.After connecting remotely with VSC I just opened plugin code file, put breakpoint and started to track what code was doing thanks to moving around it with F10 and F11.
That way I end up with loosing many many hours but I was able to find the buggy coded that was spamming my database.
Here is a possible approach. First of all be aware that this will affect the server performance while you carry out the test, so try do this when you don’t expect high volume of traffic.
Instruct MySQL to log all queries.
It should return something like:
Now activate the general log
Find the log in your server (the location might differ from the one in the example) and examine the queries to see what the queries are about so you can identify the plugin that is causing the problem.
Try this out first and if you can’t sort it out we can run other test.
When you finish don’t forget to turn off the general log: