have to reload cache on mysql restart
#1
hello all

this is a very serious security issue for me

(linux, mariadb, mybb 1.8.22)

I have a forum for general art discussion, however, all the part for the moderation and the administration is hidden from users

the forum is lock.... completely as we had a previous forum that was plagued by spams

anyway, the forum is hosted on a Vhost in OVH, and sometime, the mysql server runs out of memory and then shutdowns then restart

I do not have the resources to add memory but this is not the issue

each time the database server is restarted, the hidden part of the forum become visible to all users

the 2 ways I have found to fix this is to turn the server to maintenance, reload all the cache, or reload the permissions

unfortunately, I would know this only if I know that the server is going down, therefore, if this happen during the night, the server might stay hours with the private side open to users

any idea why the cache would need to be reloaded if mysql server is restarted ?
is there a way to change the forum to maintenance by modifying a config file if mysql server is down ?
some way to reload the cache from linux console ?

Regards
Reply
#2
What cache handler are you using for your forum? It's defined in the configuration file: https://docs.mybb.com/1.8/administration...tion-file/ as $config['cache_store'].
Could be wrong but worth a try.
Reply
#3
Noyle,

thanks for the quick reaction,

this is the current setting :

$config['cache_store'] = 'memcache'; 
Reply
#4
It might be a cache handler issue we know. Currently there's a fix on MyBB's GitHub repo but it doesn't work well (has performance deficiency problem). I hope we can fix it in 1.8.25 or maybe .26.

However, I'm not sure if it's the same problem as yours. Is the memcache server installed in the same server where your MariaDB is installed? Could you please check what the memcache server's status is when the private parts of your forum start to show for unauthorized users?

By the way, is your board a large one and what about daily UVs and PVs? If your forum isn't quite active, I suggest you to temporarily use the database as the cache handler, which means to change that line in the configuration file to:
$config['cache_store'] = 'db';
Could be wrong but worth a try.
Reply
#5
Noyle,

memcached is local to the database (only one server for it all, LAMP)

current memcache is as follow :
status memcached.service
● memcached.service - memcached daemon
   Loaded: loaded (/lib/systemd/system/memcached.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-10-06 22:45:19 CEST; 2 weeks 3 days ago
     Docs: man:memcached(1)
 Main PID: 338 (memcached)
    Tasks: 7 (limit: 4915)
   CGroup: /system.slice/memcached.service
           └─338 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1

I had a crash this morning, memcache has been up for 2 weeks
I will try to cache the status of memcache next time I have this issue but it happen only once every 2 weeks about

using the db as cache might just be worse as the issue is usually trigger by the db crashing then restarting
my board is too large for my server, that is probably the root of the issue however, the fact that the cache mess up the permission is probably a security issue for other than me

would Redis bring a better result ? some alternative ?


other solution for me (more like a temporary protection) would be to create a scrypt that would put the forum in maintenance mode as soon as mysql stop responding (I have monit to monitor the server)
is there a file that I could modify to close the forum ? some options in setting.php or config.php ?
I can easily modify a file while the DB is down but I cannot change the option in the CP of the forum if I cannot open the forum

Regards

actually I could set monit to rename the config.php if mysql stop responding

can I issue a command from the terminal to reload the cache in mybb ? I could also set monit to do so if mysq......
Reply
#6
Reload/Recache possibly everything recognized by MyBB:
<?php

define("IN_MYBB", 1);

// Change the path if this file locates in a folder different from MyBB root.
require_once './global.php';

$query = $db->simple_select("datacache");
while($cacheitem = $db->fetch_array($query))
{
	if(method_exists($cache, "update_{$cacheitem['title']}"))
	{
		$func = "update_{$cacheitem['title']}";
		$cache->$func();
	}
	elseif(method_exists($cache, "reload_{$cacheitem['title']}"))
	{
		$func = "reload_{$cacheitem['title']}";
		$cache->$func();
	}
	elseif(function_exists("update_{$cacheitem['title']}"))
	{
		$func = "update_{$cacheitem['title']}";
		$func();
	}
	elseif(function_exists("reload_{$cacheitem['title']}"))
	{
		$func = "reload_{$cacheitem['title']}";
		$func();
	}
}

// Rebuilds forum settings
//rebuild_settings();

Save the snippet as a PHP file and better protect it with some permissions or move it to other folders (remember to change the path to global.php file) so that it won't be accessed via Internet.
And then you may use command like /path/to/php /path/to/script/name to manually run it in the terminal.

I'm not sure if changing to use Redis will resolve it but I'm afraid it won't, sorry.
Could be wrong but worth a try.
Reply
#7
thanks,

this look like the part admin_tools_cache_rebuild_all of cache.php

I was looking for a way to run only this part from outside mybb

perfect, thanks

I am looking forward to version .26 that might have the fix you mentioned
due to complex templates, I am now staying on .22

regards
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)