Community
Participate
Working Groups
This is a repeat occurrence of bug 316880 and bug 316613. Unfortunately, it is early in our day here so we are likely to lose several hours of work, hence the blocker status. This is impacting the Virgo project yet again, so I would appreciate it if I could be given direct access to a means of clearing this problem until such time as we have a robust solution and/or a web master in our timezone (or east of us).
cc'ing Mike Milinkovich in case we need his approval for obtaining direct access to the clearing mechanism.
Glyn, Your subnet was blocked again since, according to patterns, it was likely to re-offend. The whitelist was being ignored, and that will be fixed. My apologies for the lost productivity. One consideration, though: the primary reason for these blocks is multiple invalid login attempts. If a committer cannot remember a password (or a user ID), please contact the webmaster instead of 'guessing'. > This is impacting the Virgo project yet again, so I would appreciate it if I > could be given direct access to a means of clearing this problem We don't have a direct means of clearing the blocks, other than logging onto our database servers from SSH. I'll rename this bug to request such a feature. > and/or a web master in our timezone (or east of us). I'm not sure what your level of membership is with the Foundation, but Strategic and Entreprise members of the Foundation can obtain a Support policy, which would enable you to reach IT support 24/7.
Hi Denis (In reply to comment #2) > Glyn, > > Your subnet was blocked again since, according to patterns, it was likely to > re-offend. The whitelist was being ignored, and that will be fixed. My > apologies for the lost productivity. Thanks. Apologies accepted. > > One consideration, though: the primary reason for these blocks is multiple > invalid login attempts. If a committer cannot remember a password (or a user > ID), please contact the webmaster instead of 'guessing'. It's strange since we got blocked the last time because we were experimenting with various ways to access the download area but those experiments had stopped by this time. Perhaps there's some other suspect activity going on in our subnet. Anyway, if this recurs, it would be worth us trying to correlate the block with what the team here was doing. > > > > This is impacting the Virgo project yet again, so I would appreciate it if I > > could be given direct access to a means of clearing this problem > > We don't have a direct means of clearing the blocks, other than logging onto > our database servers from SSH. I'll rename this bug to request such a feature. Thank you. > > > and/or a web master in our timezone (or east of us). > > I'm not sure what your level of membership is with the Foundation, but > Strategic and Entreprise members of the Foundation can obtain a Support policy, > which would enable you to reach IT support 24/7. Understood. Thanks again. Glyn
> It's strange since we got blocked the last time because we were experimenting > with various ways to access the download area but those experiments had stopped > by this time. That last block was not of your doing -- it was totally our fault. From your past activity, our systems simply considered your subnet as likely to "attack" again, and it totally ignored the fact that you had been whitelisted. A bug in our code, really. FWIW, behind the scenes, a first "attack" offence leads to a 3-minute block. Second offence leads to a 6-minute block. Third offence is a 24-hour block. Fourth offence is a year :-) In that light, I consider our system to be fairly forgiving of accidental logins. Nonetheless, enabling committers to clear a block is worthwhile.
Thanks for the clarification, Denis.
Interestingly, we occasionally see waves of distributed brute-force attempts on our SSH service. From 5:00pm tonight till 9:00pm, our systems locked out 43 (and counting) different subnets around the planet, all of them repeatedly trying random user names starting with the letter m. Right now they're trying the non-existent user ID 'mike'.
I'm no longer watching this, 'cos it seems to have stalled.
If memory serves me correctly, Matt has taken care of the whitelist issue and the long-term attack patterns. Apologies for the inconveniences this has caused -- we're just trying to keep your code repos safe from h4x0rz.
