Apache killed by 1-line PHP script!
The first file was .htacess containing only this line:
AddType application/x-httpd-php .html
The second file was index.html containing only this line:
<?php require("http://www.mydomain.com/index.html"); ?>
The third file was index2.html and contained the website. The index.html was supposed to require the contents of the index2.html page, but I forgot to put the extra number in it.
Now when I tried to call the website from a browser, it hung and Apache failed on my server bringing down every website on the server. Furthermore, Apache would not restart and I had to reboot.
It took me several hours to figure out what the problem was because I thought it had to do with the website configuation--never dreaming that the short line of PHP was bringing down the server.
Now I reliaze that most people will never make the mistake of requiring in PHP the same filename of the file that is be excuted. However, if this indeed works on the other servers in the very same way, it's an easy way for malicious users to take down a server with just one line of script.
If anyone has additional servers they would be willing to test this on, could you also test this and find out if it is really a major problem that should be submitted to the Apache/PHP developers.
