On Dec 22, 2017, at 10:20 AM, Olivier R. <m...@grammalecte.net> wrote: > > Le 22/12/2017 à 16:10, Warren Young a écrit : > >> 1. Your repo is public-facing. Is this a reasonable number of >> clients to be connected at any given time to this repo? It seems >> high to me, given the transient nature of most Fossil connections. > > Only two devs have the right to modify the online repository. > I’d be surprised if there were more than 5 people connected to this repo at > the same time.
Your first netstat -na output shows 24 established connections, most to distinct remote peer IPs. Additionally, Fossil connections tend to be short-lived due to the nature of Fossil. Even if you have someone “actively” working with Fossil, the connections will come and go rapidly in a series, not have a single long-lived connection. Therefore, one of two things is happening: 1. You have a high rate of connections to the server, so that at any one time, we can see dozens of them. Disproving this hypothesis is the purpose of the tshark test. 2. You have connections that stay open for a long time, which suggests: 2a. A connection handle leak. But if this were common, lots of people would have found it before you. 2b. Bad actors on those remote hosts, which is why I bought up the possibility of a botnet attack. If we have a 2b case, then you’d want to find some way to identify the connections somehow, so that you can block them. > I assume that people who go to dev section are not the majority. Maybe 20 > visitors per day if I’m optimistic… 20 *legitimate* visitors. That doesn’t count those hitting your site for no good reason, which does happen on the wild Internet. > I’ve added the user to the “wireshark” group, but it doesn’t work. You have to log out and back in before group changes will take effect. > Same error message if i run this as root. Better to follow tshark’s advice and run it as a normal user, with group privileges allowing network capture. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
