ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: Fwd: Distributed Denial of Service attack on Apache's servers today: Please be advised of changes enacted
Date Mon, 31 Aug 2015 22:10:14 GMT
If we are using the CGI version then yes.

On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> Brane,
> 
> Will this affect our mirror selecting CGI script on the download page?
> 
> D.
> 
> ---------- Forwarded message ----------
> From: Daniel Gruno <humbedooh@apache.org>
> Date: Mon, Aug 31, 2015 at 1:31 PM
> Subject: Distributed Denial of Service attack on Apache's servers today:
> Please be advised of changes enacted
> To: infrastructure-private@apache.org
> 
> 
> Hello PMCs,
> 
> Earlier today we discovered that a new type of DDoS had been started
> against our servers, where in the slow mirror selecting script used for
> most TLP sites' download pages had been abused, causing our server load
> averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> our machines, so things slowed down to a grinding halt, pages became
> unresponsive.
> 
> To combat this, given the fact that it was (and still is) distributed,
> we have put in place a new mirror script that makes use of far more
> efficient data gathering and compiling to produce roughly the same
> output. This change means that within a day or two, we will be
> deprecating the .cgi scripts that we used to have, and replace it with
> our new Lua-driven system (which has proven to be ~500 times faster,
> thus mitigating the DDoS).
> 
> IF you have a custom .cgi script on your TLP site with an accompanying
> .html file of the same name, you most likely do not need to change
> anything. Our new system will catch that request and use the old CGI EZT
> file to produce the output.
> 
> If you refer to www.apache.org/dyn/closer.cgi, please refer to
> www.apache.org/dyn/closer.lua instead from now on.
> 
> Any non-conforming CGI scripts are no longer enabled, and are all
> rewritten to go to our new mirror system.
> 
> PLEASE, check your sites, make sure the download section works. If it
> does not, and you cannot figure out how to get it working, let us know,
> and we will do our best to help you out.
> 
> As mentioned, this was an emergency fix and it is a permanent fix. If
> your current download page is off, you WILL need to change it, and ASAP.
> 
> With regards,
> Daniel on behalf of the Apache Infrastructure Team.

Mime
View raw message