Looking at the bodhi-web pods logs it seems that Bodhi is being flooded by invalid requests to fake update aliases (the url itself is also wrong):alien:
2024-11-25 06:50:35,886 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2021-22d74b54e8 2024-11-25 06:50:35,955 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2023-0830dde91b 2024-11-25 06:50:36,260 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:36,605 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-09d03d2a43 2024-11-25 06:50:36,953 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:37,050 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-dbdf746d1a 2024-11-25 06:50:37,476 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:37,603 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2019-a02474637d 2024-11-25 06:50:37,847 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:37,880 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-dd53c71ec1 2024-11-25 06:50:39,017 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-f371b47bec 2024-11-25 06:50:39,120 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:39,582 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-11464 2024-11-25 06:50:39,679 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b 2024-11-25 06:50:39,711 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:39,767 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /comments/updates/FEDORA-2014-14944 2024-11-25 06:50:39,879 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-dbdf746d1a 2024-11-25 06:50:40,178 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-f371b47bec 2024-11-25 06:50:41,109 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b 2024-11-25 06:50:41,170 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550 2024-11-25 06:50:41,295 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2016-94bffcb6ed 2024-11-25 06:50:41,333 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-EPEL-2014-2386 2024-11-25 06:50:41,459 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2015-3653 2024-11-25 06:50:41,958 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2017-0e31803fc1 2024-11-25 06:50:42,177 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-d468cf5d22 2024-11-25 06:50:42,210 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa 2024-11-25 06:50:42,371 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check 2024-11-25 06:50:42,900 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2020-c2c030d4e9 2024-11-25 06:50:43,956 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa 2024-11-25 06:50:43,961 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550
This leads to high cpu usage, I don't know if it's the cause for sporadic pod reboots (yesterday morning I received a couple of notifications about that).
Is there a way to block these requests from happening? Maybe looking at the apache logs and block the offending IP(s)?
As soon as someone is able to do so... I'm not ;-)
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: Needs investigation, medium-gain, ops
I checked that and found out that the requests stopped at 9:21 UTC today. I checked the proxy httpd logs and found around 900 machines sending that requests. All of those are from same cloud IP range. But I'm not sure if it's OK to just block the whole cloud because of this.
Let's wait if this start again and if it will we will block them.
I don't think this has happened again. Closing for now.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
It started again today
Metadata Update from @mattia: - Issue status updated to: Open (was: Closed)
I don't think it's happening anymore?
Typically this seems to be AI scrapers... we can block their /24's at the proxies sometimes... sometimes they come from a vast number of different cloud ips... ;(
It's very frustrating.
Anyhow, if you are stil/again seeing it, let us know.
Log in to comment on this ticket.