From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 98E6E43CC8 for ; Sun, 7 Aug 2022 09:34:08 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4406F68B6DD; Sun, 7 Aug 2022 12:34:06 +0300 (EEST) Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CEC0E68AEA2 for ; Sun, 7 Aug 2022 12:33:59 +0300 (EEST) Received: (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 7F594240007; Sun, 7 Aug 2022 09:33:57 +0000 (UTC) Date: Sun, 7 Aug 2022 11:33:56 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20220807093356.GO2088045@pb2> References: <20220727111645.GX2088045@pb2> MIME-Version: 1.0 In-Reply-To: <20220727111645.GX2088045@pb2> Subject: Re: [FFmpeg-devel] ffmpeg.org issue today X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Alexander Strasser , Nikolay Aleksandrov , Reimar =?iso-8859-1?Q?D=F6ffinger?= Content-Type: multipart/mixed; boundary="===============0968829505582185378==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0968829505582185378== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hND5PKUeuErErcgH" Content-Disposition: inline --hND5PKUeuErErcgH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi everyone as some may have noticed there was a 2nd hang happening yesterday 5th/6th a= ugust so heres a update about what i/we know/guess the 2nd hang seems to have looked like the first. ive spend some time yesterday looking over logs, there are some showers of slightly odd entries in the apache webserver logs, similar entries occured= =20 3 times, 2 of which preceeded the server hangs by 1-2 minutes these entries come from 2 IP addresses 143.198.181.190 and 159.89.231.156 first preceeded the first hang and 2nd the 2nd hang https://www.malwareurl.com/listing.php?domain=3D143.198.181.190 says "Vulnerability Scanner" https://www.malwareurl.com/listing.php?domain=3D159.89.231.156 says "Brute-force attacker IP" it seemed these IPs spidered over random bits of the webpage, lots of gitweb a little bit of old trac links and other tiny bits of random bits, some nonsensical urls too with randomly faked browser ids all of this is alot of guessing but if we assume this was some sort of Vulnerability scanner seaching for some interresting bits on public web (where it maybe did not find much) a subsequent step of the scanner may have triggered a unfixed bug in something that caused the server to hang.=20 thats alot speculation, and other things are possible including some hw issue that got triggered from higher load no signs of any successfull intrusion, not even anything crashing, its just the whole box hanging raz has updated the kernel now beyond what is teh default for our ubuntu also i recommand everyone to always check signatures of releases that obviosuly is not just for ffmpeg but for anything you download from the internet. thx On Wed, Jul 27, 2022 at 01:16:45PM +0200, Michael Niedermayer wrote: > Hi all >=20 > ffmpeg.org was down today, heres what I know & what happened >=20 > i woke up, looked at IRC saw someone saying ffmpeg.org is down, tried log= ing > in with ssh and that timed out (i kept trying to login while trying other= things) > i mailed the other root admins and started to look around > what i found was the host and VM where running, no signs of any anomalies= on the host > loging into the VM was not successfull, i decided to wait for raz or othe= rs to > take a look before attempting to restart it as raz has vastly more knowle= dge and > experience and i didnt want to do more harm or loose information about wh= at > happened. raz also failed to gather usefull information about the vm so he > restarted ffmpeg.org > the box came up as if nothing ever happened, we both looked over logs in = search > of the cause, but came up empty handed. logs just ended Jul 26 22:47:14 w= hich is > probably when the box did hang > all relevant packages where uptodate, the running kernel also seems to ha= ve > been the latest avalable for the ubuntu distrubution >=20 > thx >=20 > --=20 > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB >=20 > Dictatorship naturally arises out of democracy, and the most aggravated > form of tyranny and slavery out of the most extreme liberty. -- Plato > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel >=20 > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Observe your enemies, for they first find out your faults. -- Antisthenes --hND5PKUeuErErcgH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYu+HAAAKCRBhHseHBAsP qy8/AJ9yvUhkG6amdZTJ398K2nhMIeD6VgCfZw8k0cJ1Nef19BT0/5K+kYaM7NQ= =7DoF -----END PGP SIGNATURE----- --hND5PKUeuErErcgH-- --===============0968829505582185378== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0968829505582185378==--