[Systems] {wiki, activities}.sugarlabs.org dead, no response to HTTP GET
Bernie Innocenti
bernie at codewiz.org
Thu Feb 25 04:17:17 EST 2016
On 02/25/2016 12:55 AM, Bernie Innocenti wrote:
> Who do the source IPs belong to?
lol, 2001:4830:134:7::11 is sunjammer's ipv6 address... better not plonk
it with iptables even if it sends nasty queries :-)
So, what's calling RunJobs at high rate???
> I suspect that shady SEO companies which previously added spam links to
> wikis are now trying to clear the reputation of their customers by
> DoSing the sites on which they cannot delete the links any more. The
> trend changed because Google now *demotes* sites for having link spam.
>
> If there are only few IPs, just plonk them with a temporary iptables
> rule. When playing with iptables, don't try random things, it's very
> easy to make the host unreachable.
>
> On February 24, 2016 11:52:14 PM PST, Sebastian Silva
> <sebastian at fuentelibre.org> wrote:
>
> Hi,
> This morning we're past 150 active connections.
>
> 103-1 8274 0/10/10 _ 0.82 29 2016 0.0 0.07 0.07
> 2001:4830:134:7::11 wiki.sugarlabs.org:80 POST
> /index.php?title=Special%3ARunJobs&tasks=jobs&maxjobs=1&si
>
>
> From the log that bernie left in /root/apache-status, I see a bunch of
> connections such as the one above.
>
> I've read a little about RunJobs and it is suggested a change in config
> can make this process less expensive:
> https://www.mediawiki.org/wiki/Manual:Job_queue#Performance_issue
>
> However it looks like its triggering is an attempted Denial Of Service...
>
> Regards,
> Sebastian
>
>
> On 18/02/16 01:43, Bernie Innocenti wrote:
>
> Seems to work now.
>
> Our webserver often ends up in a state in which all 150
> processes are
> sleeping without much going on.
>
> Last time I saw it, there were plenty of connections from some
> shady SEO
> company (ahrefs.com <http://ahrefs.com>). It very much looked
> like a DDoS, so I just
> blackholed their entire subnet with iptables.
>
> Not sure how to stop these in a more generalized way. Maybe we could
> rate-limit connections per-IP using iptables, or find an anti-DDoS
> Apache module.
>
> On 02/17/2016 11:58 PM, James Cameron wrote:
>
> wiki.sugarlabs.org <http://wiki.sugarlabs.org> and
> activities.sugarlabs.org <http://activities.sugarlabs.org>
> are accepting
> connections but not responding to HTTP GET requests.
>
> quozl at sunjammer:~$ wget http://wiki.sugarlabs.org/
> --2016-02-17 23:57:43-- http://wiki.sugarlabs.org/
> Resolving wiki.sugarlabs.org <http://wiki.sugarlabs.org>
> (wiki.sugarlabs.org <http://wiki.sugarlabs.org>)...
> 2001:4830:134:7::11, 208.118.235.53 <http://208.118.235.53>
> Connecting to wiki.sugarlabs.org <http://wiki.sugarlabs.org>
> (wiki.sugarlabs.org
> <http://wiki.sugarlabs.org>)|2001:4830:134:7::11|:80...
> connected.
> HTTP request sent, awaiting response... ^C
> 130!quozl at sunjammer:~$
>
>
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> _______________________________________________
> Systems mailing list
> Systems at lists.sugarlabs.org
> http://lists.sugarlabs.org/listinfo/systems
>
--
_ // Bernie Innocenti
\X/ http://codewiz.org
More information about the Systems
mailing list