Bugzilla out of service
myk at mozilla.org
Tue Dec 9 18:52:28 UTC 2003
Pete Collins wrote:
> Christian Robottom Reis wrote:
>>> This link was accessed 448 times since 12:00AM last night
>>> continually from the same IP. It looks like an attack or an attempt
>>> to crack the
>> We've been having similar trouble over at bmo, so you might want to talk
>> to Myk or Justdave about it.
Indeed, we've had at least two DOS attacks since Saturday, the last one
>>> We blocked the IP. Any thoughts on how best to deal w/ this kind of
That's what we've been doing as well. We used to use mod_throttle to
limit connections per minute from any given IP. We should do that again.
> Should I upgrade to 2.17?
2.17 is pretty good and has some very useful features. I would
recommend upgrading to the latest release of it.
> It seems that there should be a page limit for queries that are huge
> so attacks like this can never happen. Just limit the query to say 50
> itmes, per page and then let the user click forward if they want more
I'm not sure how much of an effect that would have. Output generation
is just one cost of querying. If you limited output, DOSers could still
construct queries with a high query execution cost and use up your
server's resources that way.
> Myke any quick fixes I can add to bugzilla to prevet an attacker from
> scripting http GET's like the one I found in my log files below, that
> can be used as a DOS/CRACK attack?
You could change query.cgi's query form from a GET to a POST and then
block GET requests in buglist.cgi, but this makes Bugzilla less usable
(f.e. users can't bookmark queries or modify them via the URL) and is
thus unpalatable. I suggest a suitably configured mod_throttle as the
More information about the developers