Loading ...
Sorry, an error occurred while loading the content.

www.vim.org is down

Expand Messages
  • mattn
    It seems database server is down -- -- You received this message from the vim_dev maillist. Do not top-post! Type your reply below the text you are replying
    Message 1 of 15 , Apr 30, 2013
    • 0 Attachment
      It seems database server is down

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Tony Mechelynck
      ... I can display http://www.vim.org/ as non-logged-in but an attempt to log in gives me: Query attempt failed: Can t connect to local MySQL server through
      Message 2 of 15 , Apr 30, 2013
      • 0 Attachment
        On 30/04/13 11:06, mattn wrote:
        > It seems database server is down
        >

        I can display http://www.vim.org/ as non-logged-in but an attempt to log
        in gives me:

        Query attempt failed: Can't connect to local MySQL server through socket
        '/var/lib/mysql/mysql.sock' (2)

        while the URL bar gets set to "http://www.vim.org/login.php".


        Best regards,
        Tony.
        --
        Faith, n:
        That quality which enables us to believe what we know to be
        untrue.

        --
        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php

        ---
        You received this message because you are subscribed to the Google Groups "vim_dev" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
        For more options, visit https://groups.google.com/groups/opt_out.
      • Bram Moolenaar
        ... Yes, the database appears to be down. They upgraded the project recently, but I have no reason to assume this is related. Please check the sourceforge
        Message 3 of 15 , Apr 30, 2013
        • 0 Attachment
          Tony Mechelynck wrote:

          > On 30/04/13 11:06, mattn wrote:
          > > It seems database server is down
          > >
          >
          > I can display http://www.vim.org/ as non-logged-in but an attempt to log
          > in gives me:
          >
          > Query attempt failed: Can't connect to local MySQL server through socket
          > '/var/lib/mysql/mysql.sock' (2)
          >
          > while the URL bar gets set to "http://www.vim.org/login.php".

          Yes, the database appears to be down.
          They "upgraded" the project recently, but I have no reason to assume
          this is related.

          Please check the sourceforge site for any known problems.
          Or file a support ticket.
          I'm afraid I don't have time right now to look into it.

          --
          hundred-and-one symptoms of being an internet addict:
          250. You've given up the search for the "perfect woman" and instead,
          sit in front of the PC until you're just too tired to care.

          /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
          /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
          \\\ an exciting new programming language -- http://www.Zimbu.org ///
          \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

          --
          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php

          ---
          You received this message because you are subscribed to the Google Groups "vim_dev" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
          For more options, visit https://groups.google.com/groups/opt_out.
        • John Beckett
          ... The database is still there because I m currently looking at it through the phpMyAdmin web interface (admin only access). I can connect to the database and
          Message 4 of 15 , Apr 30, 2013
          • 0 Attachment
            Bram Moolenaar wrote:
            > Yes, the database appears to be down.
            > They "upgraded" the project recently, but I have no reason
            > to assume this is related.
            >
            > Please check the sourceforge site for any known problems.
            > Or file a support ticket.
            > I'm afraid I don't have time right now to look into it.

            The database is still there because I'm currently looking at it
            through the phpMyAdmin web interface (admin only access). I
            can connect to the database and see the tables as normal, and
            can run a SQL query to see an individual script.

            Standard web browser access to a script like:
            http://www.vim.org/scripts/script.php?script_id=231

            shows error:
            Can't connect to local MySQL server through socket
            '/var/lib/mysql/mysql.sock' (2)

            Bram reported this same error in February 2011:
            https://sourceforge.net/apps/trac/sourceforge/ticket/17514

            and the solution was to change $DB_HOST to "mysql-v". However,
            that was done two years ago, and I cannot see any indication on
            Sourceforge that a change to MySQL has occurred, and I can't
            find anything relevant in Google.

            I'll poke around some more.

            John

            --
            --
            You received this message from the "vim_dev" maillist.
            Do not top-post! Type your reply below the text you are replying to.
            For more information, visit http://www.vim.org/maillist.php

            ---
            You received this message because you are subscribed to the Google Groups "vim_dev" group.
            To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
            For more options, visit https://groups.google.com/groups/opt_out.
          • John Beckett
            ... I ve poked around and can t find anything, so I have filed a support ticket: https://sourceforge.net/p/forge/site-support/3872/ John -- -- You received
            Message 5 of 15 , Apr 30, 2013
            • 0 Attachment
              Bram Moolenaar wrote:
              > Please check the sourceforge site for any known problems.
              > Or file a support ticket.

              I've poked around and can't find anything, so I have filed a
              support ticket:
              https://sourceforge.net/p/forge/site-support/3872/

              John

              --
              --
              You received this message from the "vim_dev" maillist.
              Do not top-post! Type your reply below the text you are replying to.
              For more information, visit http://www.vim.org/maillist.php

              ---
              You received this message because you are subscribed to the Google Groups "vim_dev" group.
              To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
              For more options, visit https://groups.google.com/groups/opt_out.
            • Marc Weber
              ... There are none (http://sourceforge.net/blog/category/sitestatus/) ... Not sure where to create one which is related to mysql hosting. I ve sent a message
              Message 6 of 15 , Apr 30, 2013
              • 0 Attachment
                > Please check the sourceforge site for any known problems.
                There are none (http://sourceforge.net/blog/category/sitestatus/)

                > ticket
                Not sure where to create one which is related to mysql hosting.

                I've sent a message to #sourceforge at freenode hoping that staff will
                reply soon.

                Logging in using SSH I see
                ERROR 1203 (42000): User v8rw already has more than 'max_user_connections' active connections
                when trying to connect to the database.

                If you're looking for scripts you can either try
                vim-scripts.org (which should mirror almost all scripts)
                or github.com/MarcWeber/vim-addon-manager-known-repositories
                (which also contains a full list of all scripts @ www.vim.org, but
                withhout description).

                If nothing happens till tomorrow I'll try to find different ways to
                fix this.

                Marc Weber

                --
                --
                You received this message from the "vim_dev" maillist.
                Do not top-post! Type your reply below the text you are replying to.
                For more information, visit http://www.vim.org/maillist.php

                ---
                You received this message because you are subscribed to the Google Groups "vim_dev" group.
                To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                For more options, visit https://groups.google.com/groups/opt_out.
              • Marc Weber
                ... admin user: access is ok rw user ERROR 1203 (42000): User v8rw already has more than max_user_connections active connections ro user (don t know, maybe
                Message 7 of 15 , Apr 30, 2013
                • 0 Attachment
                  Excerpts from John Beckett's message of Tue Apr 30 13:22:53 +0200 2013:
                  > Bram Moolenaar wrote:
                  > > Please check the sourceforge site for any known problems.
                  > > Or file a support ticket.
                  >
                  > I've poked around and can't find anything, so I have filed a
                  > support ticket:
                  > https://sourceforge.net/p/forge/site-support/3872/

                  admin user: access is ok
                  rw user "ERROR 1203 (42000): User v8rw already has more than 'max_user_connections' active connections"
                  ro user (don't know, maybe password is different)

                  Admin user for the PHP does work, but I'm not happy with that change.
                  So we have a solution, but I'd still like to wait for staff to reply
                  before setting up such a change permanently.

                  Marc Weber

                  --
                  --
                  You received this message from the "vim_dev" maillist.
                  Do not top-post! Type your reply below the text you are replying to.
                  For more information, visit http://www.vim.org/maillist.php

                  ---
                  You received this message because you are subscribed to the Google Groups "vim_dev" group.
                  To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                  For more options, visit https://groups.google.com/groups/opt_out.
                • John Beckett
                  The vim.org problem has been fixed by Sourceforge. However, my checking of some recent changes to the vim.org database shows that vim.org was scanned by
                  Message 8 of 15 , Apr 30, 2013
                  • 0 Attachment
                    The vim.org problem has been fixed by Sourceforge.

                    However, my checking of some recent changes to the vim.org
                    database shows that vim.org was scanned by someone with Acunetix
                    Web Vulnerability Scanner. That was used to generate at least
                    124 user accounts, including text fields intended to probe for
                    bugs that might be exploited to break in to the system.

                    It will take me a few days to think about what to do. After
                    talking with Bram, I'll delete the junk accounts.

                    To save people the nuisance of downloading junk scripts, I have
                    deleted scripts 4555 to 4566 inclusive, and the user who created
                    them, and the script downloads.

                    John

                    --
                    --
                    You received this message from the "vim_dev" maillist.
                    Do not top-post! Type your reply below the text you are replying to.
                    For more information, visit http://www.vim.org/maillist.php

                    ---
                    You received this message because you are subscribed to the Google Groups "vim_dev" group.
                    To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                    For more options, visit https://groups.google.com/groups/opt_out.
                  • Bram Moolenaar
                    ... It still looked broken to me. After a little digging I discovered that the PHP function we were using to connect to the database no longer worked. I
                    Message 9 of 15 , Apr 30, 2013
                    • 0 Attachment
                      John Beckett wrote:

                      > The vim.org problem has been fixed by Sourceforge.

                      It still looked broken to me.

                      After a little digging I discovered that the PHP function we were using
                      to connect to the database no longer worked. I changed it by one letter
                      and now it's working again.

                      > However, my checking of some recent changes to the vim.org
                      > database shows that vim.org was scanned by someone with Acunetix
                      > Web Vulnerability Scanner. That was used to generate at least
                      > 124 user accounts, including text fields intended to probe for
                      > bugs that might be exploited to break in to the system.
                      >
                      > It will take me a few days to think about what to do. After
                      > talking with Bram, I'll delete the junk accounts.
                      >
                      > To save people the nuisance of downloading junk scripts, I have
                      > deleted scripts 4555 to 4566 inclusive, and the user who created
                      > them, and the script downloads.

                      Thanks. For the bogus user accounts, please dump the information
                      and then delete the accounts.

                      The danger is that someone injects bad code into a popular script.
                      Please check what scripts changed, if you can.

                      --
                      Vi is clearly superior to emacs, since "vi" has only two characters
                      (and two keystrokes), while "emacs" has five. (Randy C. Ford)

                      /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
                      /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
                      \\\ an exciting new programming language -- http://www.Zimbu.org ///
                      \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

                      --
                      --
                      You received this message from the "vim_dev" maillist.
                      Do not top-post! Type your reply below the text you are replying to.
                      For more information, visit http://www.vim.org/maillist.php

                      ---
                      You received this message because you are subscribed to the Google Groups "vim_dev" group.
                      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                      For more options, visit https://groups.google.com/groups/opt_out.
                    • Marc Weber
                      ... The bot did at least 20 login attemps per second ! http://www.vim.org/account/register.php I ve added a minimal I m human test - that should at least
                      Message 10 of 15 , Apr 30, 2013
                      • 0 Attachment
                        Excerpts from John Beckett's message of Wed May 01 04:29:16 +0200 2013:
                        > 124 user accounts, including text fields intended to probe for
                        > bugs that might be exploited to break in to the system.
                        The bot did at least 20 login attemps per second !

                        http://www.vim.org/account/register.php
                        I've added a minimal "I'm human test" - that should at least protect against
                        "random attacks" made by bots without human intelligence.
                        And if there are humans running the attack, then we have lost anyway.

                        So its pretty easy:

                        create a new table.
                        Log IP when $_POST is not empty

                        If an IP is using POST more than 15 times in 4 hours assume its a bot
                        and die.

                        A typical session:
                        - login (POST 1)
                        - update 5 scriptsr (POST 2-5)

                        Thus 7 post requests. If you forgett your password 5 times - then you're
                        still fine.

                        Yes, there might be false positives - eg many people behind
                        firewalls try to update their scripts within 4 hours but honestly
                        scripts are not updated *that* often. Another problem could be you
                        typing the same password 15 times ..)

                        If this causing problems, please report it. The die message also tells
                        this.

                        vim.org/search.php is not affected, $_GET is used the way it should.
                        Neither should it affect google (which may also run some post requests,
                        usually based on JS init scripts)

                        I hope this makes www.vim.org a lot more "bot proof" now.

                        The implementation can be found in the datab*.inc file.

                        Maybe its not the right place, but it should work.

                        There have been too many issues lately.

                        Marc Weber

                        --
                        --
                        You received this message from the "vim_dev" maillist.
                        Do not top-post! Type your reply below the text you are replying to.
                        For more information, visit http://www.vim.org/maillist.php

                        ---
                        You received this message because you are subscribed to the Google Groups "vim_dev" group.
                        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                        For more options, visit https://groups.google.com/groups/opt_out.
                      • Marc Weber
                        This still does not protect agains resource exhaustion (mysql users exceeded - which appened). There are modules for apache to prevent excessive site usage by
                        Message 11 of 15 , Apr 30, 2013
                        • 0 Attachment
                          This still does not protect agains resource exhaustion (mysql users
                          exceeded - which appened). There are modules for apache to prevent
                          excessive site usage by bot like attacks. Maybe we should propose
                          sourcreforge to set them up?

                          Marc Weber

                          --
                          --
                          You received this message from the "vim_dev" maillist.
                          Do not top-post! Type your reply below the text you are replying to.
                          For more information, visit http://www.vim.org/maillist.php

                          ---
                          You received this message because you are subscribed to the Google Groups "vim_dev" group.
                          To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                          For more options, visit https://groups.google.com/groups/opt_out.
                        • Marc Weber
                          I ve introduced a total limit of 500 POST requests within 4h which is slightly more than POST requests happen within 24h on an average day (380 posts in 24h)
                          Message 12 of 15 , Apr 30, 2013
                          • 0 Attachment
                            I've introduced a total limit of 500 POST requests within 4h which is
                            slightly more than POST requests happen within 24h on an average day
                            (380 posts in 24h)

                            Thus if a bot uses multiple IPs, he should still fail soon
                            (unfortunately everybody else, too) - I think its more importatnt to
                            protect against attacks in these cases.. Because we don't want to delete
                            that many scripts and user accounts.

                            I hope vim.sf.net is much safer now. I don't have any additional ideas.
                            So let me know whether you think these changes are appropriate.

                            Marc Weber

                            --
                            --
                            You received this message from the "vim_dev" maillist.
                            Do not top-post! Type your reply below the text you are replying to.
                            For more information, visit http://www.vim.org/maillist.php

                            ---
                            You received this message because you are subscribed to the Google Groups "vim_dev" group.
                            To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                            For more options, visit https://groups.google.com/groups/opt_out.
                          • Bram Moolenaar
                            ... Thanks for doing this! I think we can be rather strict. If a human is doing a lot of work, we can ask him to try again in 4 hours. And send us a message
                            Message 13 of 15 , May 1 10:02 AM
                            • 0 Attachment
                              Marc Weber wrote:

                              > I've introduced a total limit of 500 POST requests within 4h which is
                              > slightly more than POST requests happen within 24h on an average day
                              > (380 posts in 24h)
                              >
                              > Thus if a bot uses multiple IPs, he should still fail soon
                              > (unfortunately everybody else, too) - I think its more importatnt to
                              > protect against attacks in these cases.. Because we don't want to delete
                              > that many scripts and user accounts.
                              >
                              > I hope vim.sf.net is much safer now. I don't have any additional ideas.
                              > So let me know whether you think these changes are appropriate.

                              Thanks for doing this!

                              I think we can be rather strict. If a human is doing a lot of work, we
                              can ask him to try again in 4 hours. And send us a message that this
                              happened, so that we can tune the limit. Perhaps for specific cases.

                              Please send me a diff of the changes you made (or the new files)
                              privately. Otherwise a sync from my side might overwrite your changes.
                              Cc John Beckett, he is also keeping an eye on things.


                              --
                              hundred-and-one symptoms of being an internet addict:
                              255. You work for a newspaper and your editor asks you to write an
                              article about Internet addiction...in the "first person."

                              /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
                              /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
                              \\\ an exciting new programming language -- http://www.Zimbu.org ///
                              \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

                              --
                              --
                              You received this message from the "vim_dev" maillist.
                              Do not top-post! Type your reply below the text you are replying to.
                              For more information, visit http://www.vim.org/maillist.php

                              ---
                              You received this message because you are subscribed to the Google Groups "vim_dev" group.
                              To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                              For more options, visit https://groups.google.com/groups/opt_out.
                            • Christian Brabandt
                              Hi Bram! ... I think it just happened: http://www.vim.org/scripts/script.php?script_id=4509 regards, Christian -- Es herrscht Chaos. Wir befinden uns auf einer
                              Message 14 of 15 , May 7 1:28 PM
                              • 0 Attachment
                                Hi Bram!

                                On Mi, 01 Mai 2013, Bram Moolenaar wrote:

                                > I think we can be rather strict. If a human is doing a lot of work, we
                                > can ask him to try again in 4 hours. And send us a message that this
                                > happened, so that we can tune the limit. Perhaps for specific cases.

                                I think it just happened:
                                http://www.vim.org/scripts/script.php?script_id=4509

                                regards,
                                Christian
                                --
                                Es herrscht Chaos. Wir befinden uns auf einer Drehscheibe, die
                                Richtung in die Zukunft ist noch nicht gefunden. Vielleicht muß diese
                                Menschheit untergehen, damit eine andere entstehen kann.
                                -- Stanislav Lem

                                --
                                --
                                You received this message from the "vim_dev" maillist.
                                Do not top-post! Type your reply below the text you are replying to.
                                For more information, visit http://www.vim.org/maillist.php

                                ---
                                You received this message because you are subscribed to the Google Groups "vim_dev" group.
                                To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                                For more options, visit https://groups.google.com/groups/opt_out.
                              • Marc Weber
                                Thanks for reporting - looks like he finally suceeded - and didn t read the message .. Hi xingchao, (this mail also goes to vim_dev mailinglist) If you cannot
                                Message 15 of 15 , May 7 2:10 PM
                                • 0 Attachment
                                  Thanks for reporting - looks like he finally suceeded - and didn't read
                                  the message ..

                                  Hi xingchao,

                                  (this mail also goes to vim_dev mailinglist)

                                  If you cannot upload, you should see a message instead.
                                  Due to attacks we've limited actions to 15 POST requests by IP.
                                  Another global limit does exist.

                                  Do you remember which one was hit? The message should have told you.
                                  Eventually we should allow more operations.

                                  In any case - do you have any idea why "why I can't upload" is shown
                                  that often :) ?

                                  Sincerly
                                  Marc Weber

                                  --
                                  --
                                  You received this message from the "vim_dev" maillist.
                                  Do not top-post! Type your reply below the text you are replying to.
                                  For more information, visit http://www.vim.org/maillist.php

                                  ---
                                  You received this message because you are subscribed to the Google Groups "vim_dev" group.
                                  To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
                                  For more options, visit https://groups.google.com/groups/opt_out.
                                Your message has been successfully submitted and would be delivered to recipients shortly.