Welcome!

Machine Learning Authors: Pat Romanski, Yeshim Deniz, Liz McMillan, Elizabeth White, Corey Roth

Related Topics: Java IoT, Microservices Expo, Machine Learning , PHP, Agile Computing, @DXWorldExpo

Java IoT: Article

Make PHP Requests “Sleep” to Stop Bad Behavior. Smart or Not?

The Bad Behavior Plugin does a good job of preventing these bots from posting spam messages

In a previous post we showed how we hooked up our blog's WordPress application with the new Compuware APMaaS offering. Since WordPress is a PHP application we use PurePath for PHP to monitor it. We highlighted that we got an alert about a response time violation on some of our blog posts - which is shown in the following screenshot.

Dynamic Baselining detects a significant violation of the baseline during a 4.5 hour period last night

In this follow-up article I want to show you how we get to the root cause of this problem which turns out to be a third-party WordPress PHP plugin that detects Bad Requests including requests from Bots that try to put spam messages in blog comments.

Step 1: See PHP Performance Hotspots
For the selected time-frame, we open the Response Time Hotspot dashboard. This shows which layer of the PHP Application has the highest performance contribution.

The high-level performance hotspot shows that most of the time is spent in core PHP functionality.

Step 2: Pinpoint the problematic method
A click on the PHP layer shows us that the Sleep function is the biggest contributor to this performance hotspot:

Turns out it is the Sleep function that gets called from one of the plugins we use to identify Bad Requests.

Step 3: Identify the actual request
Let's have a look at one of the transactions where we get to see where the sleep method is actually called:

We see where the plugin detects the bad behavior and also the log message it writes to MySQL.

We also get access to the web request details such as IP Address, User Agent or actual URL and Query String:

The details show origin information about this bad request, e.g: IP, User Agent, URL and Query String

Analysis: Lots of Bad Requests reduces WordPress performance
The Bad Behavior Plugin does a good job in preventing these bots from posting spam messages. What's interesting though is their approach of putting the request to sleep for two seconds. If we have a lot of parallel bad requests we have a lot of threads that are blocked in wait. This will impact "real" users who want to access the blog as the web server might not have any available active threads. A different approach would help. If you have a suggestion for a better way to handle bad requests to avoid the blocked threads issue, let us know in the comments.

If you want to know more about performance management for PHP check out the blog from Klaus on Exploring the PHP World with PurePath Technology. If you are an existing Compuware APM Customer check out our dynaLearn Webinar on First Steps with PurePath for PHP.

More Stories By Andreas Grabner

Andreas Grabner has been helping companies improve their application performance for 15+ years. He is a regular contributor within Web Performance and DevOps communities and a prolific speaker at user groups and conferences around the world. Reach him at @grabnerandi

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
The technologies behind big data and cloud computing are converging quickly, offering businesses new capabilities for fast, easy, wide-ranging access to data. However, to capitalize on the cost-efficiencies and time-to-value opportunities of analytics in the cloud, big data and cloud technologies must be integrated and managed properly. Pythian's Director of Big Data and Data Science, Danil Zburivsky will explore: The main technology components and best practices being deployed to take advantage of data and analytics in the cloud, Architecture, integration, governance and security scenarios and Key challenges and success factors of moving data and analytics to the cloud
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security polic...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.