devicemap-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Keil <werner.k...@gmail.com>
Subject Re: Distributed Denial of Service attack on Apache's servers today: Please be advised of changes enacted
Date Tue, 01 Sep 2015 12:34:35 GMT
Will do, thanks.
I'll probably give you a heads-up and put stuff to review before the actual
vote.

Werner

On Tue, Sep 1, 2015 at 2:31 PM, Radu Cotescu <radu@apache.org> wrote:

> Hi Werner,
>
> I think that DeviceMap's download script has probably been already
> migrated since the Downloads page works as expected.
>
> I suggest you prepare the C# release artifact in the meantime and restart
> the voting thread / restage the artifact.
>
> Cheers,
> Radu
>
>
> On Tue, 1 Sep 2015 at 13:09 Werner Keil <werner.keil@gmail.com> wrote:
>
>> Does this have an impact on DeviceMap?
>>
>> As usual, please reply directly if immediate answer was required.
>>
>> Otherwise could somebody please look into it, if a change is needed, it'll
>> affect all of DeviceMap, not just some components.
>>
>> I decided to wait before proposing adjustments to the C# release. Will do
>> when the dust has settled over these recent issues.
>> It shouldn't affect a vote or preview of artifacts in a personal space.
>>
>> Werner
>>
>> ---------- Forwarded message ----------
>> From: Daniel Gruno <humbedooh@apache.org>
>> Date: Tue, Sep 1, 2015 at 1:04 PM
>> Subject: Re: Distributed Denial of Service attack on Apache's servers
>> today: Please be advised of changes enacted
>> To: infrastructure-private@apache.org
>>
>>
>> Just a quick update (sorry for the noise):
>>
>> For those struggling with these changes, we now have a simple guide to
>> changing your download page(s) at:
>> https://reference.apache.org/pmc/mirror_scripts
>>
>> With regards,
>> Daniel.
>>
>> On 08/31/2015 10:31 PM, Daniel Gruno wrote:
>> > Hello PMCs,
>> >
>> > Earlier today we discovered that a new type of DDoS had been started
>> > against our servers, where in the slow mirror selecting script used for
>> > most TLP sites' download pages had been abused, causing our server load
>> > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
>> > our machines, so things slowed down to a grinding halt, pages became
>> > unresponsive.
>> >
>> > To combat this, given the fact that it was (and still is) distributed,
>> > we have put in place a new mirror script that makes use of far more
>> > efficient data gathering and compiling to produce roughly the same
>> > output. This change means that within a day or two, we will be
>> > deprecating the .cgi scripts that we used to have, and replace it with
>> > our new Lua-driven system (which has proven to be ~500 times faster,
>> > thus mitigating the DDoS).
>> >
>> > IF you have a custom .cgi script on your TLP site with an accompanying
>> > .html file of the same name, you most likely do not need to change
>> > anything. Our new system will catch that request and use the old CGI EZT
>> > file to produce the output.
>> >
>> > If you refer to www.apache.org/dyn/closer.cgi, please refer to
>> > www.apache.org/dyn/closer.lua instead from now on.
>> >
>> > Any non-conforming CGI scripts are no longer enabled, and are all
>> > rewritten to go to our new mirror system.
>> >
>> > PLEASE, check your sites, make sure the download section works. If it
>> > does not, and you cannot figure out how to get it working, let us know,
>> > and we will do our best to help you out.
>> >
>> > As mentioned, this was an emergency fix and it is a permanent fix. If
>> > your current download page is off, you WILL need to change it, and ASAP.
>> >
>> > With regards,
>> > Daniel on behalf of the Apache Infrastructure Team.
>> >
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message