Re: Log4j Vulnerability

[Ken Anderson via Webobjects-dev]

The vulnerability is only log4j 2

> On Dec 13, 2021, at 05:26, Daniele Corti via Webobjects-dev 
>  wrote:
> 
> 
> Hi List!
> Today the vulnerability CVE-2021-44228 details (log4j) are out and looks like 
> all log4j versions are affected!
> 
> I’ve seen many attempt on the logs of the servers, but I was not able to 
> understand if also my ERJar which contains the log4j-1.2.17 is affected.
> 
> Anyone was able to check if the standard 
> er.extensions.logging.ERXConsoleAppender is vulnerable?
> 
> Best regards!
> 
> Daniele
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com
 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Excessive resource usage: appserver (4787 (Parent PID:4787))

[Ken Anderson via Webobjects-dev]

No, you’re definitely using too much CPU.

I had a problem recently moving a webobjects implementation with a similar 
problem. The issue was a wonky DNS problem where the hostname wasn’t always 
returning the correct address (still haven’t figured that out). I put the 
correct address in /etc/hosts and it quieted down.

> On Oct 14, 2020, at 5:12 AM, Gino Pacitti via Webobjects-dev 
>  wrote:
> 
> I just transferred my apps to a new Linux VPS server and I am getting lots of 
> these type emails complaining about excessive resource usage.
> 
> Is it actually that or a over sensitive monitoring system?
> 
> Any ideas
> 
> Gino 
> 
>> Begin forwarded message:
>> 
>> From: xxx
>> Subject: lfd on xxx: Excessive resource usage: appserver (4787 (Parent 
>> PID:4787))
>> Date: 14 October 2020 at 10:09:53 BST
>> To: 
>> 
>> Time: Wed Oct 14 10:09:53 2020 +0100
>> Account:  appserver
>> Resource: Process Time
>> Exceeded: 25789 > 1800 (seconds)
>> Executable:   
>> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/jre/bin/java
>> Command Line: java -DWORootDirectory=/opt -DWOLocalRootDirectory=/opt/Local 
>> -DWOUserDirectory=/opt/Local/Library/WebObjects/JavaApplications/wotaskd.woa 
>> -DWOEnvClassPath= -DWOApplicationClass=funnel.store.app.Application 
>> -DWOPlatform=UNIX -Dcom.webobjects.pid=4787 -Djava.awt.headless=true 
>> -Xms128m -Xmx256m -classpath WOBootstrap.jar 
>> com.webobjects._bootstrap.WOBootstrap -WOPort 2005 -WOCachingEnabled YES 
>> -WODebuggingEnabled NO -WOOutputPath /tmp/StripePayments-1 
>> -WOAutoOpenInBrowser NO -WOAutoOpenClientApplication NO -WOLifebeatInterval 
>> 30 -WOLifebeatEnabled YES -WOLifebeatDestinationPort 1085 -WOAdaptor 
>> WODefaultAdaptor -WOWorkerThreadCount 8 -WOListenQueueSize 4 
>> -WOWorkerThreadCountMin 2 -WOWorkerThreadCountMax 8 -NSProjectSearchPath () 
>> -WOSessionTimeOut 10800 -WOStatisticsPassword amex1234 -WOApplicationName 
>> StripePayments -WOMonitorEnabled YES -WONoPause YES -Djava.awt.headless=true 
>> -WODirectConnectEnabled false -EOAdaptorDebugEnabled false 
>> -WOFrameworksBaseURL /WebObjects/SalesF
>> unnel.woa/Frameworks
>> PID:  4787 (Parent PID:4787)
>> Killed:   No
> 
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: How often do you bounce your apps?

[Ken Anderson via Webobjects-dev]

I never bounce them - even with EOF ;)

> On Aug 5, 2020, at 07:07, Jesse Tayler via Webobjects-dev 
>  wrote:
> 
> What do you use to keep an eye on memory? JAVA has such an old-school 
> approach with the VM I use AWS and really don’t have any good automated 
> visualizing report on how instances or JAVA is running under the hood.
> 
> My apps seem to run for a long time as a few times my scheduler has failed 
> and they racked up 10X or even 100X normal sessions, but who knows what the 
> user patterns were really — I have had to increase my JAVA VM and set memory 
> stuff from JavaMonitor to keep things sane.
> 
> 
> 
>> On Aug 5, 2020, at 3:35 AM, Jérémy DE ROYER via Webobjects-dev 
>>  wrote:
>> 
>> Hi Aaron,
>> 
>> (I’m still using EOF) and, for the main apps, I bounce every morning.
>> 
>> After updates I sometimes forget to activate the schedules without any 
>> problems… but I’m used to do it in the pasts where I had a lot of meomry 
>> leaks so I still do it.
>> 
>> Jérémy
>> 
>>> Le 5 août 2020 à 00:04, Hugi Thordarson via Webobjects-dev 
>>>  a écrit :
>>> 
>>> Never. Uptime on my apps is usually weeks or months.
>>> 
>>> Cycled regularly when I used EOF though. That thing leaks.
>>> 
>>> - hugi
>>> 
>>> 
>>> 
 On 4 Aug 2020, at 21:31, Aaron Rosenzweig via Webobjects-dev 
  wrote:
 
 Personally I feel better bouncing my .woa instances daily. Even if it is a 
 small site I have at least two instances and I gracefully cycle them on a 
 daily schedule. I feel better knowing that it is fresh every morning for 
 the new day. 
 
 On the other hand, I could see an argument that a java app shouldn’t have 
 any memory leaks. The garbage collector should get everything. If it 
 cannot do so, then you’ve got something messed up in your app that you 
 should track down and rectify. So maybe it’s better to just leave your 
 .woa instances running forever until the next redeployment to get new 
 features. 
 
 What does the community do? Do you cycle often (daily, twice per day, or 
 once per week) or do you leaving your instances running without a 
 scheduled restart? 
 
 Thanks to all those who chime in :-)
 ___
 Do not post admin requests to the list. They will be ignored.
 Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
 Help/Unsubscribe/Update your Subscription:
 https://lists.apple.com/mailman/options/webobjects-dev/hugi%40karlmenn.is
 
 This email sent to h...@karlmenn.is
>>> 
>>> ___
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
>>> Help/Unsubscribe/Update your Subscription:
>>> https://lists.apple.com/mailman/options/webobjects-dev/jeremy.deroyer%40ingencys.net
>>> 
>>> This email sent to jeremy.dero...@ingencys.net
>> 
>> ___
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/jtayler%40oeinc.com
>> 
>> This email sent to jtay...@oeinc.com
> 
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com
 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Weird deployment issue on Mojave (App runs but does not accept connection)

[Ken Anderson via Webobjects-dev]

Michael,

This looks suspiciously like what I complained about recently. The issue was 
this line in the httpd.conf file:

ScriptAlias /cgi-bin/ “/var/www/cgi-bin/“

If this line is still in your httpd.conf file, comment it out. This doesn’t 
affect people that rename the URL to be something like apps in place of cgi-bin.

Ken

> On Apr 18, 2020, at 3:15 PM, Michael Kondratov via Webobjects-dev 
>  wrote:
> 
> You may try to set the port number manually through WOPort parameter first. 
> Sound as Apache module is not working or not configured correctly.
> 
> Michael 
> 
> Sent from my iPhone
> 
>> On Apr 18, 2020, at 11:53 AM, Markus Ruggiero via Webobjects-dev 
>>  wrote:
>> 
>> For a test I created a deployment env on macOS 10.14.6 Mojave.
>> wotaskd runs
>> startet WOnitor manually and through monitor itself installed it as a WOApp
>> 
>> I can reach WOMonitor through http://localhost: 
>> , however I cannot reach it through 
>> http://localhost/cgi-bin/WOMonitor 
>> 
>> Ok, anyway, let's continue:
>> 
>> I take a deployment build of an app that successfully runs on the customer's 
>> system and deploy it on my Mojave box. Monitor brings it up, logfile tells 
>> me it is waiting for requests, but it does not answer any request, not even 
>> when I try to direct connect http://localhost:2002  
>> (WOMonitor sits on port 2001),  nothing happens in the log file, the Browser 
>> tells me that it cannot connect.
>> 
>> root@gugus_# curl -v http://localhost:2002 
>> * Rebuilt URL to: http://localhost:2002/ 
>> *   Trying ::1...
>> * TCP_NODELAY set
>> * Connection failed
>> * connect to ::1 port 2002 failed: Connection refused
>> *   Trying 127.0.0.1...
>> * TCP_NODELAY set
>> * Connected to localhost (127.0.0.1) port 2002 (#0)
>> > GET / HTTP/1.1
>> > Host: localhost:2002
>> > User-Agent: curl/7.54.0
>> > Accept: */*
>> >
>> * Empty reply from server
>> * Connection #0 to host localhost left intact
>> curl: (52) Empty reply from server
>> 
>> How to debug this? I am at a loss at the moment.
>> 
>> Thanks
>> ---markus---
>> ___
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/michael%40aspireauctions.com
>> 
>> This email sent to mich...@aspireauctions.com
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Help with Apache... stuck - SOLVED

[Ken Anderson via Webobjects-dev]

OK, so the problem was, this line in the regular https.conf file:

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

Since I have WO using cgi-bin, this was apparently taking precedence. When I 
comment out the above line, all works again.

Ken


> On Apr 6, 2020, at 4:43 PM, Ken Anderson via Webobjects-dev 
>  wrote:
> 
> Hi everyone!
> 
> Well, I’ve circled back to a project I was half way through a year ago… and 
> I’m a little stuck. Trying to get a WO project off of AWS and running on a 
> home server.
> 
> CentOS 7
> Apache 2.4
> Wotaskd running
> WOMonitor running
> App installed and running
> 
> Unfortunately, when I go to the expected URL 
> (http://publicserver.anderhome.local//cgi-bin/WebObjects/TrainTime.woa 
> <http://publicserver.anderhome.local//cgi-bin/WebObjects/TrainTime.woa>), I 
> get:
> Not Found
> 
> The requested URL /cgi-bin/WebObjects/TrainTime.woa was not found on this 
> server.
> 
> 
> However, if I go to the root, I see the index.html file, so I know Apache is 
> responding.
> 
> Webobjects.conf is in the conf.d directory, with the following:
> 
> WebObjectsAlias /cgi-bin/WebObjects
> 
> # Specific to Apache 2.4
> 
> 
>   Require all granted
> 
> Require all denied
>
> 
> In the Apache error_log, I get this:
> 
> [Mon Apr 06 16:37:04.792319 2020] [cgi:error] [pid 19829] [client 
> 192.168.1.249:62985] script not found or unable to stat: 
> /var/www/cgi-bin/WebObjects
> 
> Which to me, means the module is not loaded. But I have this:
> 
> LoadModule WebObjects_module  modules/mod_WebObjects.so
> 
> In the webobjects.conf file, and there is a file at 
> modules/mod_WebObjects.so. I don’t get any errors when starting Apache, and 
> the syntax check passes.
> 
> What am I doing wrong? Any thoughts are appreciated!!
> 
> Best,
> Ken
> 
> 
> 
> ___
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/webobjects-dev/kenlists%40anderhome.com
> 
> This email sent to kenli...@anderhome.com

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Re: Help with Apache... stuck

[Ken Anderson via Webobjects-dev]

Jesse,

Hope all is well with you!

Yes, direct connect works if I enable it.

How do you configure it?  This is how I’ve always done it…

Ken

> On Apr 6, 2020, at 4:50 PM, Jesse Tayler  wrote:
> 
> You’ve tested to the ip:port directly and your app runs ok?
> 
> Then it would indeed sound like apache, since wotaskd or monitor would show 
> other error types I’d think.
> 
> I think you could test wotaskd / monitor using a url with a port number like 
> -2001 on the URL, but I don’t think that will reveal anything for you here.
> 
> Are you mixing html website with your app? I’m no good with apache rules 
> myself, but your setup is different than what I typically do.
> 
> I’d fuss with apache first-there’s output logs listed in the config somewhere 
> you might make sure there’s nothing printed there.
> 
> 
> 
>> On Apr 6, 2020, at 4:43 PM, Ken Anderson via Webobjects-dev 
>> mailto:webobjects-dev@lists.apple.com>> 
>> wrote:
>> 
>> Hi everyone!
>> 
>> Well, I’ve circled back to a project I was half way through a year ago… and 
>> I’m a little stuck. Trying to get a WO project off of AWS and running on a 
>> home server.
>> 
>> CentOS 7
>> Apache 2.4
>> Wotaskd running
>> WOMonitor running
>> App installed and running
>> 
>> Unfortunately, when I go to the expected URL 
>> (http://publicserver.anderhome.local//cgi-bin/WebObjects/TrainTime.woa 
>> <http://publicserver.anderhome.local//cgi-bin/WebObjects/TrainTime.woa>), I 
>> get:
>> Not Found
>> 
>> The requested URL /cgi-bin/WebObjects/TrainTime.woa was not found on this 
>> server.
>> 
>> 
>> However, if I go to the root, I see the index.html file, so I know Apache is 
>> responding.
>> 
>> Webobjects.conf is in the conf.d directory, with the following:
>> 
>> WebObjectsAlias /cgi-bin/WebObjects
>> 
>> # Specific to Apache 2.4
>> 
>> 
>>   Require all granted
>> 
>> Require all denied
>>
>> 
>> In the Apache error_log, I get this:
>> 
>> [Mon Apr 06 16:37:04.792319 2020] [cgi:error] [pid 19829] [client 
>> 192.168.1.249:62985] script not found or unable to stat: 
>> /var/www/cgi-bin/WebObjects
>> 
>> Which to me, means the module is not loaded. But I have this:
>> 
>> LoadModule WebObjects_module modules/mod_WebObjects.so
>> 
>> In the webobjects.conf file, and there is a file at 
>> modules/mod_WebObjects.so. I don’t get any errors when starting Apache, and 
>> the syntax check passes.
>> 
>> What am I doing wrong? Any thoughts are appreciated!!
>> 
>> Best,
>> Ken
>> 
>> 
>> 
>> ___
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com 
>> <mailto:Webobjects-dev@lists.apple.com>)
>> Help/Unsubscribe/Update your Subscription:
>> https://lists.apple.com/mailman/options/webobjects-dev/jtayler%40oeinc.com 
>> <https://lists.apple.com/mailman/options/webobjects-dev/jtayler%40oeinc.com>
>> 
>> This email sent to jtay...@oeinc.com
> 

 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Help with Apache... stuck

[Ken Anderson via Webobjects-dev]

Hi everyone!

Well, I’ve circled back to a project I was half way through a year ago… and I’m 
a little stuck. Trying to get a WO project off of AWS and running on a home 
server.

CentOS 7
Apache 2.4
Wotaskd running
WOMonitor running
App installed and running

Unfortunately, when I go to the expected URL 
(http://publicserver.anderhome.local//cgi-bin/WebObjects/TrainTime.woa 
), I get:
Not Found

The requested URL /cgi-bin/WebObjects/TrainTime.woa was not found on this 
server.


However, if I go to the root, I see the index.html file, so I know Apache is 
responding.

Webobjects.conf is in the conf.d directory, with the following:

WebObjectsAlias /cgi-bin/WebObjects

# Specific to Apache 2.4


  Require all granted

Require all denied
   

In the Apache error_log, I get this:

[Mon Apr 06 16:37:04.792319 2020] [cgi:error] [pid 19829] [client 
192.168.1.249:62985] script not found or unable to stat: 
/var/www/cgi-bin/WebObjects

Which to me, means the module is not loaded. But I have this:

LoadModule WebObjects_modulemodules/mod_WebObjects.so

In the webobjects.conf file, and there is a file at modules/mod_WebObjects.so. 
I don’t get any errors when starting Apache, and the syntax check passes.

What am I doing wrong? Any thoughts are appreciated!!

Best,
Ken



 ___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list  (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com