504 Gateway timeout

  • The exploit that can crash user's browser, prevent people from viewing the site, including the staff

    smilies can break photo limit count


    (the one you want to pretend does not exist, yet you keep covering up).


    Appears to be able to cause a Gateway error once you have enough of them on the site. The more I post them, the more the errors.


    Please fix this. :)

    Files

    Edited once, last by Abuse_and_Troll_Test ().

  • Tested just right now this link: https://beta.woltlab.com/user/301-abuse-and-troll-test/#wall

    As far as I can see there are 21 846 smilies.

    At Chrome - no problems, whole website loaded with all 21 846 smilies, no 504 error.


    Beside trolling purpose I see nothing harmful there, thus maybe to avoid trolling this could be changed to limit smilies as well. If I should see 504 error - I didn't get it, page loaded without error for me.


    PS: A lot of work to add so much smilies :D

  • Funny, Chrome crashes right away for me. Firefox freezes up and hangs for what seems like, forever, though sometimes it too does crash. Only Opera seems to work on those pages, though it is a bit slower and it did freeze in 1 of the threads I made.


    Before the 504 errors, I could post thousands of smilies into a single post. They removed the post that had nearly 1,000,000. And no, it is not any work at all, a simple script can post it all in seconds. ;)



    The main concern is that to many images can crash your typical web browser and as you suggest, there should be a photo limit (which should include smilies). Anything that a rogue user can inject into your site that can intentionally crash someone's browser or prevent folks from reaching and successfully loading your page (especially if it is the 1st page), should be kept in check.


    As it stands now, anyone could essentially make your site seem unsafe as they discover vising it means it can crash your browser. That is not the behavior you would want anyone to be able to execute on your site. Almost always when the browser does crash, you do not even see as to why, so the average person will quickly associate their browser crashing for unknown reasons on your site.


    As you said and I agree... There should be a limit.

    Edited once, last by Abuse_and_Troll_Test ().

  • Disclaimer: (thoughts)  


    Depending on which browser you are using and a number of available system resources, this thread may temporarily freeze or crash your browser.

    smile (image test)



    While it is true that the code of any given site is a contributing factor in rendering any given page, I do not believe in this instance that the code alone is the problem, rather the method of how some web browsers render mass photos. I would be lying if I said the code was not a factor because no matter how well optimized a site is, the code is always a factor to a degree. Just that in this instance I suspect the primary cause is the rendering method used in most browsers and the available resources allowed.


    In short, this is not something WoltLab can completely address at this time. Rather, you should look toward the development of Firefox, Chrome, Opera, etc. After all, the software can successfully display 2,000,000 (2 million) characters without issue here on the beta forums and 10,000,000 (10 million) on my private test. 2 million character thread (100,000 per post x 20 post on page 1)


    It is, however, an opportunity to remind the importance of limiting the smile and image count within a post, as well as, from a developer standing point.

  • Tried your profile on mobile chrome - it took a minute but no crash. Desktop Chrome showed it instantly.


    I never had a crash with any of your abuse tests.

    Meine Beiträge stellen - sofern nicht ausdrücklich anders gekennzeichnet - ausschließlich meine subjektive und aus Erfahrung und / oder Reflexion gewonnene Meinung dar und sind nicht als Fakten zu verstehen. Meinungen sind persönliche Ansichten und benötigen keine Belege. In Deutschland gilt nach Artikel 5 des Grundgesetzes Meinungsfreiheit. Meine Beiträge stellen keine Rechtsberatung dar, hierzu bin ich nicht befugt.

  • The staff can CAN reproduce it, that is why they keep deleting my profile wall. :rolleyes: This exploit can crash people's browsers on their own computer, prevent you from reaching the site, and that includes guest, members, and staff.


    Yet they seem unwilling to fix it since it would require a bit more work and I suspect push back their schedule.

    Edited once, last by Abuse_and_Troll_Test ().

  • Is this smile (image test) the thread, which should case the crash?

    It is one example, but it is not as sever as the examples they seem to not allow me to demonstrate here.

  • https://github.com/WoltLab/WCF…ca469b26d6c5aa05e26e96f4f

    seems to be fixxed ;)

    But i couldn't reproduce this problem to, so the lable seams to be correct, but limiting the abuse ability is a good thing too ;)

    Wonderful. 8)


    It is sad, that I had to go so such lengths to have them fix this. I do not like having to be 'the bad guy', just have something addressed, which they, themselves can reproduce.

  • You can go try test it here on my site: http://chris223.serpens.ubersp…eta/index.php?user/2-foo/ (user "foo", pw "bar").

    Sadly it is not yet fixed

    http://chris223.serpens.ubersp…eta/index.php?user/2-foo/


    But thank you for supplying the most current development branch (assuming you have).

  • took my firefox a 5 seconds freeze but then the page was smoothly accasseble ;)


    I think this was a test for my browser, the fix wouldn't allow more then 50 images and as you can see there are clearly mor then that^^

    Well either you have more resources than everyone I have shown it too OR you're just lucky. The staff here could reproduce it, which is why they kept deleting my example.


    But even if it only affects 1/2 of everyone, that is still a problem. Anything that could remotely crash your guest, members, and staff's web browser is not something that should be allowed. Anything that can prevent people from loading your site or even reaching it is not a good thing.

    Edited once, last by Abuse_and_Troll_Test ().

  • I agree that it should be fixxed (and it was even if it is maybe not active here at the moment, didn't tested it ;) ) but i personally couldn't reproduce it.

    And i have extra used my old notebook with just 3 GB of ram and a 2x1.3 GHz processor, so nothing really big.

    My desktop browser showed the thread in about 1 second^^

  • I agree that it should be fixxed (and it was even if it is maybe not active here at the moment, didn't tested it ;) ) but i personally couldn't reproduce it.

    And i have extra used my old notebook with just 3 GB of ram and a 2x1.3 GHz processor, so nothing really big.

    My desktop browser showed the thread in about 1 second^^

    Well, then I honestly do not know how you were able to do it. But I know other folks could and that was good enough.

    • Official Post

    Can't reproduce this error. I suspect it happened around the time I've ran a server update that involved restarting the whole webserver stack, which would cause the connection to be terminated while the request was processing.

    Alexander Ebert
    Senior Developer WoltLab® GmbH

  • Can't reproduce this error. I suspect it happened around the time I've ran a server update that involved restarting the whole webserver stack, which would cause the connection to be terminated while the request was processing.

    In truth, the 504 error is not exactly what I'm talking about this morning.

    smilies can break photo limit count


    But from the direct message you and I shared, we both know what I'm talking about (the smilie bug that could render the site unusable and could crash people's browser)

  • took my firefox a 5 seconds freeze but then the page was smoothly accasseble

    That link just crashed my FireFox


    It froze at first showing nothing for about 10 or more seconds and then browser just closed with message in taskbar saying FireFox crashed and option to restart it.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!