[Owasp-leaders] Fwd: Pingdom Alert: Incident #3 for OWASP (www.owasp.org), has been assigned to you.

Jerry Hoff jerry.hoff at whitehatsec.com
Sat Jan 24 17:46:37 UTC 2015


Hi all,

Matt - do we know the reason for the outages? Is this due to infrastructure issues or is this an DOS/DDOS type event?

Thank you,
Jerry


On Jan 24, 2015, at 10:43, Matt Tesauro <matt.tesauro at owasp.org<mailto:matt.tesauro at owasp.org>> wrote:

Regrettably, this is the second time its had issues between 5:30 AM and 6 AM where I live so I'm sleeping.

Last weekend, the architecture for the wiki was radically changed, the MediaWiki source updated to the latest, and the underlying OS updated to the latest.

* The serving of www.owasp.org<http://www.owasp.org> was moved from a single large VM holding Apache + MySQL on one host was moved into two VMs, one for the web head and anther running MariaDB.  (MariaDB is what Wikipedia uses for their install).  The VMs available during this migration were also substantially better - most importantly full SSD based disks.

* MediaWiki was upgraded to the latest version of the 1.23.x version

* Ubuntu Server was updated to 14.04 LTS from 12.04 LTS to get the latest OpenSSL options available.  The wiki now supports forward secrecy [1].

Yesterday's event was caused by MaxWorkers being reached by Apache, the settings were increased to account for the growing traffic on the wiki.

I've not had a chance to fully investigate today's event, but I did notice that the error log for Apache was huge (7.6 GB) due to wiki skins using a deprecated method existing on the server (see https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery) which I've fixed.

Additionally,  there was an old Twitter feed plugin written by a member of the community years ago which was making deprecated PHP calls and also causing Apache errors - including fopen'ing non-existent files and causing unnecessary file reads with each request.  it has been removed.

I'm going to eat a quick breakfast and go watch my son play basketball.  I'll look for any other contributing factors later after we finish celebrating my daughters 13th birthday, which is today.

[1] https://www.ssllabs.com/ssltest/analyze.html?d=owasp.org

Cheers!

--
-- Matt Tesauro
OWASP WTE Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download site
OWASP OpenStack Security Project Lead
https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project

On Sat, Jan 24, 2015 at 5:53 AM, psiinon <psiinon at gmail.com<mailto:psiinon at gmail.com>> wrote:
Looks like owasp.org<http://owasp.org> is down again :(

Simon

---------- Forwarded message ----------
From: <alert at pingdom.com<mailto:alert at pingdom.com>>
Date: Sat, Jan 24, 2015 at 10:19 AM
Subject: Pingdom Alert: Incident #3 for OWASP (www.owasp.org<http://www.owasp.org>), has been assigned to you.
To: psiinon at gmail.com<mailto:psiinon at gmail.com>


Hi Simon Bennetts,

This is a notification sent by Pingdom.

Incident 3, OWASP (www.owasp.org<http://www.owasp.org>),
has been assigned to you.

Log in to your account at https://my.pingdom.com/ to acknowledge, see further details and take
the necessary actions.


Best regards,
The Pingdom Team





--
OWASP ZAP<https://www.owasp.org/index.php/ZAP> Project leader

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The contents of this electronic message, including any attachments, are intended only for the use of the individual or entity to which they are addressed and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this message or any attachment is strictly prohibited. If you have received this transmission in error, please send an e-mail to postmaster at whitehatsec.com and delete this message, along with any attachments, from your computer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150124/bb272964/attachment-0001.html>


More information about the OWASP-Leaders mailing list