I've never been the best with post titles.

The following script is disabling my server and I can't figure out how or why.


<?php $h=$_POST['fname'];
?>
<form action="/test.php" method="post">
First name: <input type="text" name="fname" value="test">
<input type="submit" value="Submit">
</form>

test.php is the location for the above script.

The above script works great for pretty much anything, but if I input the following text into the input field, the server just shuts down/breaks for nearly a full minute.


<?php
##system();
?>

The above should be junk code, but my server does not like it at all.

Any ideas?

Is there more php code in test.php you can share?
Have you confirmed that that code alone is the problem?
What version of PHP is the server running?

I made a quick test script -

<?php
$h = $_POST["fname"];
echo $h;
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<form action="james.php" method="post">
<input type="text" name="fname" placeholder="Test">
<input type="submit" value="Test!">
</form>
</body>
</html>
And it runs fine, even with the input you listed (although there really should be a check to see if $_POST['fname'] is set).

I am using PHP Version 7.2.24 using GoDaddy.com shared Linux servers.

The code posted is the entirety of the script. I even simplified it further to just the following but the problem persists:


<form action="/test.php" method="post">
First name: <input type="text" name="fname" value="test">
<input type="submit" value="Submit">
</form>

I have an idea, but it will take a bit to test it out, because it is a bit involved. All of this is very puzzling. As always, if and when I figure it out I'll post my discovery here.

I am using PHP Version 7.2.24 using GoDaddy.com shared Linux servers.

The code posted is the entirety of the script. I even simplified it further to just the following but the problem persists:


<form action="/test.php" method="post">
First name: <input type="text" name="fname" value="test">
<input type="submit" value="Submit">
</form>

I have an idea, but it will take a bit to test it out, because it is a bit involved. All of this is very puzzling. As always, if and when I figure it out I'll post my discovery here.

If that's the whole code then its probably a configuration error.
Does all php code in the input hang it or just the exact example you posted?

Let me know how you go, am curious about this one.

Actually that took a lot less time to test out than I thought. The issue occurs throughout my site whenever I submit that text.

I found that when I add a space or anything before the sample text then it submits just fine.


g<?php
##system();
?>

I keep thinking that maybe this is just an issue involving sanitizing the $_POST or possibly a php.ini issue, but it just does not make sense. I could possibly write up a work around, but I think I will need to call up GoDaddy.com tomorrow.

P.S. Remember, running the above script causes the entire site to hang as well as any websites that are also on that server.

kk, I was able to test out a few more things.

I talked with GoDaddy.com and they were unable to duplicate the issue.
I talked with people who use my ISP and those that do not and neither were able to duplicate the issue.
When I use a different browser or am on a different computer I can duplicate the issue.
When I ping the website that this affects, the website pings just fine, which is odd.

Next up is to test the router and the modem, but I will have to wait until no one else is on the computer so that I can test some things out.

I'll have to end it here. I tested out a few things and I am no longer as sure that it actually is my modem that is the issue.

When I use a vpn it seems to lock the website (but in a different way), but it is not locked via non-vpn and vice versa. This leads me to believe that my ISP believes I am doing something potentially illegal and is disabling internet access for the ip address that I am trying to access as a precautionary measure. By blocking that ip address it also disables any website I want to access that comes from that ip address.

Unfortunately, my ISP is ranked worst in the nation last time or two I checked. EDIT: yup still last. reference (https://www.newsweek.com/revealed-best-and-worst-internet-providers-us-947380)

I'm just in a bad location here and have no other options.

The good news is that I now have a very good understanding of the nature of this problem and know how to avoid it, work around it, and/or bypass it altogether.

Does it happen on all websites or just yours?

The block happens on all websites from a particular ip address, but the block only happens on any computer that uses our modem.

To the best of my knowledge, my only recourse is to get another ISP which won't happen anytime soon.