ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: Fwd: Distributed Denial of Service attack on Apache's servers today: Please be advised of changes enacted
Date Mon, 31 Aug 2015 23:13:26 GMT
I just fixed an issue in Bigtop's toolchain installation caused by this
change. The format of new script got changed, so if there is any reliance on
the content of the page - it better be checked.

On Mon, Aug 31, 2015 at 03:42PM, Dmitriy Setrakyan wrote:
> On Mon, Aug 31, 2015 at 3:10 PM, Konstantin Boudnik <cos@apache.org> wrote:
> 
> > If we are using the CGI version then yes.
> >
> 
> Well, the original email said that existing CGI scripts should continue to
> work. I have no experience with CGI, so I thought I would ask.
> 
> 
> >
> > On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> > > Brane,
> > >
> > > Will this affect our mirror selecting CGI script on the download page?
> > >
> > > D.
> > >
> > > ---------- Forwarded message ----------
> > > From: Daniel Gruno <humbedooh@apache.org>
> > > Date: Mon, Aug 31, 2015 at 1:31 PM
> > > Subject: Distributed Denial of Service attack on Apache's servers today:
> > > Please be advised of changes enacted
> > > To: infrastructure-private@apache.org
> > >
> > >
> > > Hello PMCs,
> > >
> > > Earlier today we discovered that a new type of DDoS had been started
> > > against our servers, where in the slow mirror selecting script used for
> > > most TLP sites' download pages had been abused, causing our server load
> > > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> > > our machines, so things slowed down to a grinding halt, pages became
> > > unresponsive.
> > >
> > > To combat this, given the fact that it was (and still is) distributed,
> > > we have put in place a new mirror script that makes use of far more
> > > efficient data gathering and compiling to produce roughly the same
> > > output. This change means that within a day or two, we will be
> > > deprecating the .cgi scripts that we used to have, and replace it with
> > > our new Lua-driven system (which has proven to be ~500 times faster,
> > > thus mitigating the DDoS).
> > >
> > > IF you have a custom .cgi script on your TLP site with an accompanying
> > > .html file of the same name, you most likely do not need to change
> > > anything. Our new system will catch that request and use the old CGI EZT
> > > file to produce the output.
> > >
> > > If you refer to www.apache.org/dyn/closer.cgi, please refer to
> > > www.apache.org/dyn/closer.lua instead from now on.
> > >
> > > Any non-conforming CGI scripts are no longer enabled, and are all
> > > rewritten to go to our new mirror system.
> > >
> > > PLEASE, check your sites, make sure the download section works. If it
> > > does not, and you cannot figure out how to get it working, let us know,
> > > and we will do our best to help you out.
> > >
> > > As mentioned, this was an emergency fix and it is a permanent fix. If
> > > your current download page is off, you WILL need to change it, and ASAP.
> > >
> > > With regards,
> > > Daniel on behalf of the Apache Infrastructure Team.
> >

Mime
View raw message