[Savannah-hackers] Re: cpuload on savannah

[Mathieu Roy]

Ward Vandewege <address@hidden> a tapoté :

> On Thu, Mar 13, 2003 at 11:26:07PM +0100, Mathieu Roy wrote:
> > I do not think we should make any decision until we get less than
> > 25000 https request for mldonkey files - which is absolutely not
> > usual. 
> 
> So what is going on then? Is this a DoS attack? Is Savannah (mldonkey) being
> slashdotted? Are all the requests coming from the same IP address(es)? Would
> some firewalling rules help?

Worst,

Mldonkey people had the tremendous idea to hardcode in their recent
version a initialization process of mldonkey which download 4 files on
savannah.nongnu.org via http.

As result, we seen load increasing day by day. And finally the problem 
finally became obvious reading apache-ssl logs.

I forbidded access to the pages, wrote to mldonkey and they directly
released a new clean version, asking users to upgrade.

But the last time I checked, I found more than 60000 request on the
log of the day (apache-ssl logs are rotated daily).

Aside from waiting, I do not see what can we do. I reduce the
apache-ssl MaxClient value, I shutdowned many services for a while
(apache, crond) to get back a normal load, Loic was even forced to
reboot the server due a to hard disk failure (and remount of / in
read-only).

There's no much things we can do about. 
We cannot identify mldonkey clients as some versions return "wget" as
UA.



-- 
Mathieu Roy
 
 << Profile  << http://savannah.gnu.org/users/yeupou <<
 >> Homepage >> http://yeupou.coleumes.org           >>
 << GPG Key  << http://stock.coleumes.org/gpg        <<