ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Setrakyan <dsetrak...@apache.org>
Subject Re: Fwd: Distributed Denial of Service attack on Apache's servers today: Please be advised of changes enacted
Date Mon, 31 Aug 2015 22:42:26 GMT
On Mon, Aug 31, 2015 at 3:10 PM, Konstantin Boudnik <cos@apache.org> wrote:

> If we are using the CGI version then yes.
>

Well, the original email said that existing CGI scripts should continue to
work. I have no experience with CGI, so I thought I would ask.


>
> On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> > Brane,
> >
> > Will this affect our mirror selecting CGI script on the download page?
> >
> > D.
> >
> > ---------- Forwarded message ----------
> > From: Daniel Gruno <humbedooh@apache.org>
> > Date: Mon, Aug 31, 2015 at 1:31 PM
> > Subject: Distributed Denial of Service attack on Apache's servers today:
> > Please be advised of changes enacted
> > To: infrastructure-private@apache.org
> >
> >
> > Hello PMCs,
> >
> > Earlier today we discovered that a new type of DDoS had been started
> > against our servers, where in the slow mirror selecting script used for
> > most TLP sites' download pages had been abused, causing our server load
> > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> > our machines, so things slowed down to a grinding halt, pages became
> > unresponsive.
> >
> > To combat this, given the fact that it was (and still is) distributed,
> > we have put in place a new mirror script that makes use of far more
> > efficient data gathering and compiling to produce roughly the same
> > output. This change means that within a day or two, we will be
> > deprecating the .cgi scripts that we used to have, and replace it with
> > our new Lua-driven system (which has proven to be ~500 times faster,
> > thus mitigating the DDoS).
> >
> > IF you have a custom .cgi script on your TLP site with an accompanying
> > .html file of the same name, you most likely do not need to change
> > anything. Our new system will catch that request and use the old CGI EZT
> > file to produce the output.
> >
> > If you refer to www.apache.org/dyn/closer.cgi, please refer to
> > www.apache.org/dyn/closer.lua instead from now on.
> >
> > Any non-conforming CGI scripts are no longer enabled, and are all
> > rewritten to go to our new mirror system.
> >
> > PLEASE, check your sites, make sure the download section works. If it
> > does not, and you cannot figure out how to get it working, let us know,
> > and we will do our best to help you out.
> >
> > As mentioned, this was an emergency fix and it is a permanent fix. If
> > your current download page is off, you WILL need to change it, and ASAP.
> >
> > With regards,
> > Daniel on behalf of the Apache Infrastructure Team.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message