On Mon, Aug 31, 2015 at 4:13 PM, Konstantin Boudnik <c...@apache.org> wrote:
> I just fixed an issue in Bigtop's toolchain installation caused by this > change. The format of new script got changed, so if there is any reliance > on > the content of the page - it better be checked. > Thanks Cos! Does anyone have enough expertise to update the Ignite website? > > On Mon, Aug 31, 2015 at 03:42PM, Dmitriy Setrakyan wrote: > > On Mon, Aug 31, 2015 at 3:10 PM, Konstantin Boudnik <c...@apache.org> > wrote: > > > > > If we are using the CGI version then yes. > > > > > > > Well, the original email said that existing CGI scripts should continue > to > > work. I have no experience with CGI, so I thought I would ask. > > > > > > > > > > On Mon, Aug 31, 2015 at 01:53PM, Dmitriy Setrakyan wrote: > > > > Brane, > > > > > > > > Will this affect our mirror selecting CGI script on the download > page? > > > > > > > > D. > > > > > > > > ---------- Forwarded message ---------- > > > > From: Daniel Gruno <humbed...@apache.org> > > > > Date: Mon, Aug 31, 2015 at 1:31 PM > > > > Subject: Distributed Denial of Service attack on Apache's servers > today: > > > > Please be advised of changes enacted > > > > To: infrastructure-priv...@apache.org > > > > > > > > > > > > Hello PMCs, > > > > > > > > Earlier today we discovered that a new type of DDoS had been started > > > > against our servers, where in the slow mirror selecting script used > for > > > > most TLP sites' download pages had been abused, causing our server > load > > > > averages to exceed 2000. Naturally, we do not have a 2000 core CPU on > > > > our machines, so things slowed down to a grinding halt, pages became > > > > unresponsive. > > > > > > > > To combat this, given the fact that it was (and still is) > distributed, > > > > we have put in place a new mirror script that makes use of far more > > > > efficient data gathering and compiling to produce roughly the same > > > > output. This change means that within a day or two, we will be > > > > deprecating the .cgi scripts that we used to have, and replace it > with > > > > our new Lua-driven system (which has proven to be ~500 times faster, > > > > thus mitigating the DDoS). > > > > > > > > IF you have a custom .cgi script on your TLP site with an > accompanying > > > > .html file of the same name, you most likely do not need to change > > > > anything. Our new system will catch that request and use the old CGI > EZT > > > > file to produce the output. > > > > > > > > If you refer to www.apache.org/dyn/closer.cgi, please refer to > > > > www.apache.org/dyn/closer.lua instead from now on. > > > > > > > > Any non-conforming CGI scripts are no longer enabled, and are all > > > > rewritten to go to our new mirror system. > > > > > > > > PLEASE, check your sites, make sure the download section works. If it > > > > does not, and you cannot figure out how to get it working, let us > know, > > > > and we will do our best to help you out. > > > > > > > > As mentioned, this was an emergency fix and it is a permanent fix. If > > > > your current download page is off, you WILL need to change it, and > ASAP. > > > > > > > > With regards, > > > > Daniel on behalf of the Apache Infrastructure Team. > > > >
