#12305 Bodhi is being flooded with invalid requests
Closed: Fixed 17 days ago by kevin. Opened 3 months ago by mattia.

Describe what you would like us to do:

Looking at the bodhi-web pods logs it seems that Bodhi is being flooded by invalid requests to fake update aliases (the url itself is also wrong):alien:

2024-11-25 06:50:35,886 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2021-22d74b54e8
2024-11-25 06:50:35,955 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2023-0830dde91b
2024-11-25 06:50:36,260 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:36,605 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-09d03d2a43
2024-11-25 06:50:36,953 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:37,050 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-dbdf746d1a
2024-11-25 06:50:37,476 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:37,603 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2019-a02474637d
2024-11-25 06:50:37,847 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:37,880 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-dd53c71ec1
2024-11-25 06:50:39,017 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-f371b47bec
2024-11-25 06:50:39,120 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:39,582 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-11464
2024-11-25 06:50:39,679 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b
2024-11-25 06:50:39,711 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:39,767 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /comments/updates/FEDORA-2014-14944
2024-11-25 06:50:39,879 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-dbdf746d1a
2024-11-25 06:50:40,178 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-f371b47bec
2024-11-25 06:50:41,109 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b
2024-11-25 06:50:41,170 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550
2024-11-25 06:50:41,295 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2016-94bffcb6ed
2024-11-25 06:50:41,333 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-EPEL-2014-2386
2024-11-25 06:50:41,459 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2015-3653
2024-11-25 06:50:41,958 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2017-0e31803fc1
2024-11-25 06:50:42,177 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-d468cf5d22
2024-11-25 06:50:42,210 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa
2024-11-25 06:50:42,371 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
2024-11-25 06:50:42,900 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2020-c2c030d4e9
2024-11-25 06:50:43,956 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa
2024-11-25 06:50:43,961 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550

This leads to high cpu usage, I don't know if it's the cause for sporadic pod reboots (yesterday morning I received a couple of notifications about that).

Is there a way to block these requests from happening? Maybe looking at the apache logs and block the offending IP(s)?

When do you need this to be done by? (YYYY/MM/DD)

As soon as someone is able to do so... I'm not ;-)


Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: Needs investigation, medium-gain, ops

3 months ago

I checked that and found out that the requests stopped at 9:21 UTC today. I checked the proxy httpd logs and found around 900 machines sending that requests. All of those are from same cloud IP range. But I'm not sure if it's OK to just block the whole cloud because of this.

Let's wait if this start again and if it will we will block them.

I don't think this has happened again. Closing for now.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 months ago

It started again today

Metadata Update from @mattia:
- Issue status updated to: Open (was: Closed)

2 months ago

I don't think it's happening anymore?

Typically this seems to be AI scrapers... we can block their /24's at the proxies sometimes... sometimes they come from a vast number of different cloud ips... ;(

It's very frustrating.

Anyhow, if you are stil/again seeing it, let us know.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

17 days ago

Log in to comment on this ticket.

Metadata
Boards 1
ops Status: Backlog