Fwd: Distributed Denial of Service attack on Apache's servers today: Please be advised of changes enacted

> Brane,
>
> Will this affect our mirror selecting CGI script on the download page?
>
> D.
>
> ---------- Forwarded message ----------
> From: Daniel Gruno <[hidden email]>
> Date: Mon, Aug 31, 2015 at 1:31 PM
> Subject: Distributed Denial of Service attack on Apache's servers today:
> Please be advised of changes enacted
> To: [hidden email]
>
>
> Hello PMCs,
>
> Earlier today we discovered that a new type of DDoS had been started
> against our servers, where in the slow mirror selecting script used for
> most TLP sites' download pages had been abused, causing our server load
> averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> our machines, so things slowed down to a grinding halt, pages became
> unresponsive.
>
> To combat this, given the fact that it was (and still is) distributed,
> we have put in place a new mirror script that makes use of far more
> efficient data gathering and compiling to produce roughly the same
> output. This change means that within a day or two, we will be
> deprecating the .cgi scripts that we used to have, and replace it with
> our new Lua-driven system (which has proven to be ~500 times faster,
> thus mitigating the DDoS).
>
> IF you have a custom .cgi script on your TLP site with an accompanying
> .html file of the same name, you most likely do not need to change
> anything. Our new system will catch that request and use the old CGI EZT
> file to produce the output.
>
> If you refer to www.apache.org/dyn/closer.cgi, please refer to
> www.apache.org/dyn/closer.lua instead from now on.
>
> Any non-conforming CGI scripts are no longer enabled, and are all
> rewritten to go to our new mirror system.
>
> PLEASE, check your sites, make sure the download section works. If it
> does not, and you cannot figure out how to get it working, let us know,
> and we will do our best to help you out.
>
> As mentioned, this was an emergency fix and it is a permanent fix. If
> your current download page is off, you WILL need to change it, and ASAP.
>
> With regards,
> Daniel on behalf of the Apache Infrastructure Team.

>
> On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> > Brane,
> >
> > Will this affect our mirror selecting CGI script on the download page?
> >
> > D.
> >
> > ---------- Forwarded message ----------
> > From: Daniel Gruno <[hidden email]>
> > Date: Mon, Aug 31, 2015 at 1:31 PM
> > Subject: Distributed Denial of Service attack on Apache's servers today:
> > Please be advised of changes enacted
> > To: [hidden email]
> >
> >
> > Hello PMCs,
> >
> > Earlier today we discovered that a new type of DDoS had been started
> > against our servers, where in the slow mirror selecting script used for
> > most TLP sites' download pages had been abused, causing our server load
> > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> > our machines, so things slowed down to a grinding halt, pages became
> > unresponsive.
> >
> > To combat this, given the fact that it was (and still is) distributed,
> > we have put in place a new mirror script that makes use of far more
> > efficient data gathering and compiling to produce roughly the same
> > output. This change means that within a day or two, we will be
> > deprecating the .cgi scripts that we used to have, and replace it with
> > our new Lua-driven system (which has proven to be ~500 times faster,
> > thus mitigating the DDoS).
> >
> > IF you have a custom .cgi script on your TLP site with an accompanying
> > .html file of the same name, you most likely do not need to change
> > anything. Our new system will catch that request and use the old CGI EZT
> > file to produce the output.
> >
> > If you refer to www.apache.org/dyn/closer.cgi, please refer to
> > www.apache.org/dyn/closer.lua instead from now on.
> >
> > Any non-conforming CGI scripts are no longer enabled, and are all
> > rewritten to go to our new mirror system.
> >
> > PLEASE, check your sites, make sure the download section works. If it
> > does not, and you cannot figure out how to get it working, let us know,
> > and we will do our best to help you out.
> >
> > As mentioned, this was an emergency fix and it is a permanent fix. If
> > your current download page is off, you WILL need to change it, and ASAP.
> >
> > With regards,
> > Daniel on behalf of the Apache Infrastructure Team.
>

> On Mon, Aug 31, 2015 at 3:10 PM, Konstantin Boudnik <[hidden email]> wrote:
>
> > If we are using the CGI version then yes.
> >
>
> Well, the original email said that existing CGI scripts should continue to
> work. I have no experience with CGI, so I thought I would ask.
>
>
> >
> > On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> > > Brane,
> > >
> > > Will this affect our mirror selecting CGI script on the download page?
> > >
> > > D.
> > >
> > > ---------- Forwarded message ----------
> > > From: Daniel Gruno <[hidden email]>
> > > Date: Mon, Aug 31, 2015 at 1:31 PM
> > > Subject: Distributed Denial of Service attack on Apache's servers today:
> > > Please be advised of changes enacted
> > > To: [hidden email]
> > >
> > >
> > > Hello PMCs,
> > >
> > > Earlier today we discovered that a new type of DDoS had been started
> > > against our servers, where in the slow mirror selecting script used for
> > > most TLP sites' download pages had been abused, causing our server load
> > > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> > > our machines, so things slowed down to a grinding halt, pages became
> > > unresponsive.
> > >
> > > To combat this, given the fact that it was (and still is) distributed,
> > > we have put in place a new mirror script that makes use of far more
> > > efficient data gathering and compiling to produce roughly the same
> > > output. This change means that within a day or two, we will be
> > > deprecating the .cgi scripts that we used to have, and replace it with
> > > our new Lua-driven system (which has proven to be ~500 times faster,
> > > thus mitigating the DDoS).
> > >
> > > IF you have a custom .cgi script on your TLP site with an accompanying
> > > .html file of the same name, you most likely do not need to change
> > > anything. Our new system will catch that request and use the old CGI EZT
> > > file to produce the output.
> > >
> > > If you refer to www.apache.org/dyn/closer.cgi, please refer to
> > > www.apache.org/dyn/closer.lua instead from now on.
> > >
> > > Any non-conforming CGI scripts are no longer enabled, and are all
> > > rewritten to go to our new mirror system.
> > >
> > > PLEASE, check your sites, make sure the download section works. If it
> > > does not, and you cannot figure out how to get it working, let us know,
> > > and we will do our best to help you out.
> > >
> > > As mentioned, this was an emergency fix and it is a permanent fix. If
> > > your current download page is off, you WILL need to change it, and ASAP.
> > >
> > > With regards,
> > > Daniel on behalf of the Apache Infrastructure Team.
> >

>
> On Mon, Aug 31, 2015 at 03:42PM, Dmitriy Setrakyan wrote:
> > On Mon, Aug 31, 2015 at 3:10 PM, Konstantin Boudnik <[hidden email]>
> wrote:
> >
> > > If we are using the CGI version then yes.
> > >
> >
> > Well, the original email said that existing CGI scripts should continue
> to
> > work. I have no experience with CGI, so I thought I would ask.
> >
> >
> > >
> > > On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote:
> > > > Brane,
> > > >
> > > > Will this affect our mirror selecting CGI script on the download
> page?
> > > >
> > > > D.
> > > >
> > > > ---------- Forwarded message ----------
> > > > From: Daniel Gruno <[hidden email]>
> > > > Date: Mon, Aug 31, 2015 at 1:31 PM
> > > > Subject: Distributed Denial of Service attack on Apache's servers
> today:
> > > > Please be advised of changes enacted
> > > > To: [hidden email]
> > > >
> > > >
> > > > Hello PMCs,
> > > >
> > > > Earlier today we discovered that a new type of DDoS had been started
> > > > against our servers, where in the slow mirror selecting script used
> for
> > > > most TLP sites' download pages had been abused, causing our server
> load
> > > > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on
> > > > our machines, so things slowed down to a grinding halt, pages became
> > > > unresponsive.
> > > >
> > > > To combat this, given the fact that it was (and still is)
> distributed,
> > > > we have put in place a new mirror script that makes use of far more
> > > > efficient data gathering and compiling to produce roughly the same
> > > > output. This change means that within a day or two, we will be
> > > > deprecating the .cgi scripts that we used to have, and replace it
> with
> > > > our new Lua-driven system (which has proven to be ~500 times faster,
> > > > thus mitigating the DDoS).
> > > >
> > > > IF you have a custom .cgi script on your TLP site with an
> accompanying
> > > > .html file of the same name, you most likely do not need to change
> > > > anything. Our new system will catch that request and use the old CGI
> EZT
> > > > file to produce the output.
> > > >
> > > > If you refer to www.apache.org/dyn/closer.cgi, please refer to
> > > > www.apache.org/dyn/closer.lua instead from now on.
> > > >
> > > > Any non-conforming CGI scripts are no longer enabled, and are all
> > > > rewritten to go to our new mirror system.
> > > >
> > > > PLEASE, check your sites, make sure the download section works. If it
> > > > does not, and you cannot figure out how to get it working, let us
> know,
> > > > and we will do our best to help you out.
> > > >
> > > > As mentioned, this was an emergency fix and it is a permanent fix. If
> > > > your current download page is off, you WILL need to change it, and
> ASAP.
> > > >
> > > > With regards,
> > > > Daniel on behalf of the Apache Infrastructure Team.
> > >
>