Re: [leshan-dev] Upgrade Sandbox Leshan

[Simon Bernard <contact@xxxxxxxxxxxxxxx>]

I will try to upgrade the Leshan Sandbox to a recent ubuntu LTS  now. So it may be unavailable for few minutes(hours?).

@Benjamin, thx for reporting that. I don't know if we can do easily something to protect ourself about that. Maybe just watching to see if it happened again is a good start.

Le 25/06/2018 à 14:24, Benjamin Cabé a écrit :

Sure, please go ahead!

FWIW there might have been someone DDoS’ing the server, intentionally or no, by making lots of API calls?

Those entries, for example, seem suspicious:

##.###.##.### - - [25/Jun/2018:06:06:05 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:13 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:21 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:29 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:37 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:45 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:06:53 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:07:01 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:07:09 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

##.###.##.### - - [25/Jun/2018:06:07:17 +0200] "GET /devices.php?mode=checkID&device_id=100003934 HTTP/1.1" 404 524 "-" "EtherShield/1.6"

Benjamin -

On Jun 25, 2018, at 2:10 PM, Simon Bernard <contact@xxxxxxxxxxxxxxx> wrote:

Hi,

  I notice an issue on the Leshan sandbox this morning.
  Both, http://leshan.eclipse.org/ and http://leshan.eclipse.org/bs/ didn't respond.

  Looking at apache log I see :

...
[Mon Jun 25 12:03:21.247636 2018] [mpm_event:error] [pid 4268:tid 129245195483008] AH00485: scoreboard is full, not at MaxRequestWorkers
[Mon Jun 25 12:03:22.248814 2018] [mpm_event:error] [pid 4268:tid 129245195483008] AH00485: scoreboard is full, not at MaxRequestWorkers
[Mon Jun 25 12:03:23.249994 2018] [mpm_event:error] [pid 4268:tid 129245195483008] AH00485: scoreboard is full, not at MaxRequestWorkers
[Mon Jun 25 12:03:24.251169 2018] [mpm_event:error] [pid 4268:tid 129245195483008] AH00485: scoreboard is full, not at MaxRequestWorkers
[Mon Jun 25 12:03:25.252308 2018] [mpm_event:error] [pid 4268:tid 129245195483008] AH00485: scoreboard is full, not at MaxRequestWorkers
...

   It seems this is an old bug of apache httpd : https://bz.apache.org/bugzilla/show_bug.cgi?id=53555
   It is fixed since 2.4.25 but we have an old 2.4.10.

   I check the system we used and this is a Ubuntu 15.04 which is not supported since 4th Feb 2016.

   I think we should go at least for a supported LTS version. (ideally I would prefer to go with a debian stable, but an Ubuntu migration should be simple)

   Benjamin, could I made the upgrade ?

Thx

Simon

_________

Benjamin Cabé
IoT Program Manager

Eclipse Foundation
+33 (0) 619196101
@kartben

_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev