[Owasp-leaders] Fwd: Pingdom Alert: Incident #3 for OWASP (www.owasp.org), has been assigned to you.
seba at owasp.org
Sun Jan 25 14:46:10 UTC 2015
the site is down again?
=> It's not just you! http://owasp.org looks down from here.
On Sat Jan 24 2015 at 11:18:07 PM Matt Tesauro <matt.tesauro at owasp.org>
> No I don't.
> I'm 95%+ certain that yesterday's was due to my inaccurate estimate of the
> number of Apache workers needed for the radically different new wiki
> setup. Apache logged as much yesterday:
> [Fri Jan 23 07:56:30.986686 2015] [mpm_prefork:error] [pid 10052] AH00161:
> server reached MaxRequestWorkers setting, consider raising the
> MaxRequestWorkers setting
> It showed up again and I've bumped up MaxWorkers a second time.
> For those with free time, the logs files for today up to a couple of
> minutes ago can be had by downloading the tar.bz file at:
> If you find something interesting and actionable, feel free to email me
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> On Sat, Jan 24, 2015 at 11:46 AM, Jerry Hoff <jerry.hoff at whitehatsec.com>
>> Hi all,
>> Matt - do we know the reason for the outages? Is this due to
>> infrastructure issues or is this an DOS/DDOS type event?
>> Thank you,
>> On Jan 24, 2015, at 10:43, Matt Tesauro <matt.tesauro at owasp.org> wrote:
>> Regrettably, this is the second time its had issues between 5:30 AM
>> and 6 AM where I live so I'm sleeping.
>> Last weekend, the architecture for the wiki was radically changed, the
>> MediaWiki source updated to the latest, and the underlying OS updated to
>> the latest.
>> * The serving of www.owasp.org was moved from a single large VM holding
>> Apache + MySQL on one host was moved into two VMs, one for the web head and
>> anther running MariaDB. (MariaDB is what Wikipedia uses for their
>> install). The VMs available during this migration were also substantially
>> better - most importantly full SSD based disks.
>> * MediaWiki was upgraded to the latest version of the 1.23.x version
>> * Ubuntu Server was updated to 14.04 LTS from 12.04 LTS to get the
>> latest OpenSSL options available. The wiki now supports forward secrecy
>> Yesterday's event was caused by MaxWorkers being reached by Apache, the
>> settings were increased to account for the growing traffic on the wiki.
>> I've not had a chance to fully investigate today's event, but I did
>> notice that the error log for Apache was huge (7.6 GB) due to wiki skins
>> using a deprecated method existing on the server (see
>> https://www.mediawiki.org/wiki/Manual:Skin_autodiscovery) which I've
>> Additionally, there was an old Twitter feed plugin written by a member
>> of the community years ago which was making deprecated PHP calls and also
>> causing Apache errors - including fopen'ing non-existent files and causing
>> unnecessary file reads with each request. it has been removed.
>> I'm going to eat a quick breakfast and go watch my son play
>> basketball. I'll look for any other contributing factors later after we
>> finish celebrating my daughters 13th birthday, which is today.
>>  https://www.ssllabs.com/ssltest/analyze.html?d=owasp.org
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> On Sat, Jan 24, 2015 at 5:53 AM, psiinon <psiinon at gmail.com> wrote:
>>> Looks like owasp.org is down again :(
>>> ---------- Forwarded message ----------
>>> From: <alert at pingdom.com>
>>> Date: Sat, Jan 24, 2015 at 10:19 AM
>>> Subject: Pingdom Alert: Incident #3 for OWASP (www.owasp.org), has been
>>> assigned to you.
>>> To: psiinon at gmail.com
>>> Hi Simon Bennetts,
>>> This is a notification sent by Pingdom.
>>> Incident 3, OWASP (www.owasp.org),
>>> has been assigned to you.
>>> Log in to your account at https://my.pingdom.com/ to acknowledge, see
>>> further details and take
>>> the necessary actions.
>>> Best regards,
>>> The Pingdom Team
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> The contents of this electronic message, including any attachments, are
>> intended only for the use of the individual or entity to which they are
>> addressed and may contain confidential information. If you are not the
>> intended recipient, you are hereby notified that any use, dissemination,
>> distribution, or copying of this message or any attachment is strictly
>> prohibited. If you have received this transmission in error, please send an
>> e-mail to postmaster at whitehatsec.com and delete this message, along with
>> any attachments, from your computer.
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders