Support » Plugin: Really Simple CAPTCHA » [Plugin: Really Simple CAPTCHA] wpfc7_captcha folder is flooded with .png

Viewing 7 replies - 1 through 7 (of 7 total)
  • How old are your files (time-span from oldest to newest)?
    If you have lots of traffic, you’ll have lots of files.

    Thanks for your reply,

    I know everytime someone visits the page a new image and text is generated and stored.

    But how do I remove them automatically after the user has submitted the form?

    I can`t check every client once in a month to check if free disk space is available.

    Do you have files older than 60 minutes?

    if so, change lines 70 and 73 to:`
    $this->file_mode = 0644;
    $this->answer_file_mode = 0640;`

    and delete all files manually and check again.
    There might be a permission problem.

    Thanks for your replies.

    I changed the permissions of the files/folders.

    Then I watched the files and after a couple of time they are deleted.

    Perfect! 🙂

    The underlying problems are:

    • The class defaults “$this->file_mode = 0444” and “$this->answer_file_mode = 0440” result in a chmod that explicitly restricts access to these files for nothing but “reading”.
    • The “remove()” and “cleanup()” methods attempt to unlink (delete) those files – even though had been restricted to “read” access by the class default. Depending on the implementation of the underlying operating system, deleting a file that is restricted to “read-only” will fail.
    • The “cleanup()” method uses @unlink – so it suppresses any PHP error logging that might have alerted to the problem, AND, it does not handle the “false” return code from the unlink – and thus ignores that condition that cleanup never succeeds.

    The result can be a “denial of service” problem when tens of thousands of files start accumulating within a few weeks – and the server starts consuming extensive amount of time every 60 seconds, attempting to iterate through (and always unsuccessfully) to delete those tens of thousands of individual files.

    Assuming that the default file_modes were chosen for a good reason, then (at minimum) a chmod to 0777 is needed prior to any unlink for it to succeed. Ideally, appropriate error-handling would also be addeded, rather that ignoring them.

    A functional patch has been contributed – hopefully it will be implemented soon as this has been a recurring report by several users.

    Thank you for your information Andy.

    Thats another reason why I love wordpress – the community.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: Really Simple CAPTCHA] wpfc7_captcha folder is flooded with .png’ is closed to new replies.