Hi,
I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding, at
least not reliably enough to be able to file a SAC ticket 
Confirmed from
someone from the US, so not an issue at my end.
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
Works fine/fast here in Canada.
On Sun, May 8, 2016 at 6:17 PM, Even Rouault <even.rouault@spatialys.com> wrote:
Hi,
I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding, at
least not reliably enough to be able to file a SAC ticket
someone from the US, so not an issue at my end.Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
Le lundi 09 mai 2016 00:40:56, Tom Kralidis a écrit :
Works fine/fast here in Canada.
Seems back to normal. Temporary server over-load ?
On Sun, May 8, 2016 at 6:17 PM, Even Rouault <even.rouault@spatialys.com>
wrote:
> Hi,
>
> I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not
> responding, at least not reliably enough to be able to file a SAC ticket
>
>
> Even
>
> --
> Spatialys - Geospatial professional services
> http://www.spatialys.com
> _______________________________________________
> Sac mailing list
> Sac@lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
Spatialys - Geospatial professional services
http://www.spatialys.com
On Mon, May 09, 2016 at 12:31:18PM +0200, Even Rouault wrote:
Le lundi 09 mai 2016 00:40:56, Tom Kralidis a écrit :
> Works fine/fast here in Canada.Seems back to normal. Temporary server over-load ?
The fail2ban anti-dos setup takes some time to realize there's
an attack in progress. I'm sure it could be improved. Help is welcome!
--strk;
Hi,
at time trac is almost unusable 
I can neither update tickets nor get into the admin panel.... (GRASS
GIS trac). Timeout..
Any idea?
Markus
On 09-05-16 21:35, Markus Neteler wrote:
Hi,
at time trac is almost unusable
I can neither update tickets nor get into the admin panel.... (GRASS
GIS trac). Timeout..
FYI, Maybe related?
https://trac.osgeo.org/openlayers/wiki/SettingZoomLevels
shows:
Error
TracError: The Trac Environment needs to be upgraded.
Run "trac-admin /var/www/trac/openlayers upgrade"
Regards,
Richard
On Mon, May 09, 2016 at 09:54:28PM +0200, Richard Duivenvoorde wrote:
Error
TracError: The Trac Environment needs to be upgraded.
Run "trac-admin /var/www/trac/openlayers upgrade"
Should not be related. But should be fixed now, please test.
--strk;
On Mon, May 09, 2016 at 09:35:06PM +0200, Markus Neteler wrote:
Hi,
at time trac is almost unusable
I can neither update tickets nor get into the admin panel.... (GRASS
GIS trac). Timeout..Any idea?
You're probably banned by osgeo-http-dos.
Which IP do you come from ?
--strk;
On May 9, 2016 10:02 PM, “Sandro Santilli” <strk@keybit.net> wrote:
On Mon, May 09, 2016 at 09:35:06PM +0200, Markus Neteler wrote:
Hi,
at time trac is almost unusable
I can neither update tickets nor get into the admin panel… (GRASS
GIS trac). Timeout…Any idea?
You’re probably banned by osgeo-http-dos.
Grrrr 
Which IP do you come from ?
Sorry, no idea. I left the office in favor of dinner… It is a Telekom Germany connection AFAIK.
Markus
On 09-05-16 22:01, Sandro Santilli wrote:
On Mon, May 09, 2016 at 09:54:28PM +0200, Richard Duivenvoorde wrote:
Error
TracError: The Trac Environment needs to be upgraded.
Run "trac-admin /var/www/trac/openlayers upgrade"Should not be related. But should be fixed now, please test.
Yep, working!
Thanks,
Richard
On Mon, May 09, 2016 at 10:04:48PM +0200, Markus Neteler wrote:
On May 9, 2016 10:02 PM, "Sandro Santilli" <strk@keybit.net> wrote:
>
> On Mon, May 09, 2016 at 09:35:06PM +0200, Markus Neteler wrote:
> > Hi,
> >
> > at time trac is almost unusable
> >
> > I can neither update tickets nor get into the admin panel.... (GRASS
> > GIS trac). Timeout..
> >
> > Any idea?
>
> You're probably banned by osgeo-http-dos.Grrrr
It looks like more than 30 requests are easy to do in 2 minutes.
Especially when using SVN (now that I checked)
I've reduced the check so it takes 30+ requests in 1 minute now,
and only check trac (jail name changed accordingly).
Don't reload too much !
> Which IP do you come from ?
Sorry, no idea. I left the office in favor of dinner... It is a Telekom
Germany connection AFAIK.
The ban lasts 15 minutes. While banned you'll get the timeout as you
mentioned.
--strk;
On Mon, May 9, 2016 at 10:16 PM, Sandro Santilli <strk@keybit.net> wrote:
On Mon, May 09, 2016 at 10:04:48PM +0200, Markus Neteler wrote:
...
I've reduced the check so it takes 30+ requests in 1 minute now,
and only check trac (jail name changed accordingly).Don't reload too much !
I did not reload a single time...
> Which IP do you come from ?
Sorry, no idea. I left the office in favor of dinner... It is a Telekom
Germany connection AFAIK.
Back in the office now - but still blocked!
The ban lasts 15 minutes. While banned you'll get the timeout as you
mentioned.
Unfortunately I appear to be banned forever.
Markus
On Tue, May 10, 2016 at 2:48 PM, Markus Neteler <neteler@osgeo.org> wrote:
On Mon, May 9, 2016 at 10:16 PM, Sandro Santilli <strk@keybit.net> wrote:
On Mon, May 09, 2016 at 10:04:48PM +0200, Markus Neteler wrote:
...
I've reduced the check so it takes 30+ requests in 1 minute now,
and only check trac (jail name changed accordingly).Don't reload too much !
I did not reload a single time...
> Which IP do you come from ?
Sorry, no idea. I left the office in favor of dinner... It is a Telekom
Germany connection AFAIK.Back in the office now - but still blocked!
Indeed: again blocked. I just checked on trac:
2016-05-10 06:02:36,617 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban 217.86.229.XXX
So I cannot even authenticate at time.
Markus
On Tue, May 10, 2016 at 3:05 PM, Markus Neteler <neteler@osgeo.org> wrote:
On Tue, May 10, 2016 at 2:48 PM, Markus Neteler <neteler@osgeo.org> wrote:
Back in the office now - but still blocked!
Indeed: again blocked. I just checked on trac:
2016-05-10 06:02:36,617 fail2ban.actions: WARNING [osgeo-trac-auth]
Ban 217.86.229.XXXSo I cannot even authenticate at time.
Since I wanted to continue, I have now whitelisted my IP 
cheers
Markus
Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
Hi,
I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding,
at least not reliably enough to be able to file a SAC ticket
from someone from the US, so not an issue at my end.
Hi,
http://trac.osgeo.org/ has started again being unresponsive since
approximately 10 minutes.
Sandro seemed to suggest this might be due to to the fail2ban script running
(not sure if I understood well) ? Anyway making it run while preserving some
disponibility of Trac ?
Even
--
Spatialys - Geospatial professional services
http://www.spatialys.com
On Tue, May 10, 2016 at 03:20:37PM +0200, Markus Neteler wrote:
On Tue, May 10, 2016 at 3:05 PM, Markus Neteler <neteler@osgeo.org> wrote:
> On Tue, May 10, 2016 at 2:48 PM, Markus Neteler <neteler@osgeo.org> wrote:
>> Back in the office now - but still blocked!
>
> Indeed: again blocked. I just checked on trac:
>
> 2016-05-10 06:02:36,617 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban 217.86.229.XXX
>
> So I cannot even authenticate at time.Since I wanted to continue, I have now whitelisted my IP
Approved 
Anyway, the 'osgeo-trac-auth' ban doesn't have to do with reloads
or excessive requests, but with authentication failures. Check out
the rule, and let me know if you think it needs to be tweaked.
--strk;
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> Hi,
>
> I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding,
> at least not reliably enough to be able to file a SAC ticketConfirmed
> from someone from the US, so not an issue at my end.http://trac.osgeo.org/ has started again being unresponsive since
approximately 10 minutes.
The http://trac.osgeo.org page redirects to https://trac.osgeo.org
which serves a static page.
Sandro seemed to suggest this might be due to to the fail2ban script running
(not sure if I understood well) ? Anyway making it run while preserving some
disponibility of Trac ?
My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.
I could dig more if you gave me the IP you are coming from.
--strk;
Le mardi 10 mai 2016 18:17:24, Sandro Santilli a écrit :
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
> Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> > Hi,
> >
> > I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not
> > responding, at least not reliably enough to be able to file a SAC
> > ticket
> > end.
>
> http://trac.osgeo.org/ has started again being unresponsive since
> approximately 10 minutes.The http://trac.osgeo.org page redirects to https://trac.osgeo.org
which serves a static page.> Sandro seemed to suggest this might be due to to the fail2ban script
> running (not sure if I understood well) ? Anyway making it run while
> preserving some disponibility of Trac ?My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.I could dig more if you gave me the IP you are coming from.
(off-list response to avoid my ip being too widespreadly known)
My IP (fixed) : 88.162.84.61
Could you white-list it ?
--strk;
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
Spatialys - Geospatial professional services
http://www.spatialys.com
Le mardi 10 mai 2016 18:17:24, Sandro Santilli a écrit :
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
> Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> > Hi,
> >
> > I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not
> > responding, at least not reliably enough to be able to file a SAC
> > ticket
> > end.
>
> http://trac.osgeo.org/ has started again being unresponsive since
> approximately 10 minutes.The http://trac.osgeo.org page redirects to https://trac.osgeo.org
which serves a static page.> Sandro seemed to suggest this might be due to to the fail2ban script
> running (not sure if I understood well) ? Anyway making it run while
> preserving some disponibility of Trac ?My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.
That might probably be it. This restarted working, and right now I'm stuck
again (both Trac and SVN rejecting me)
This fail2ban mechanism seems to prevent legitimate uses. Yes, I do refresh
Trac or do svn operations a lot when working on GDAL.
I could dig more if you gave me the IP you are coming from.
(seing that my "off-list" attempt ended up on the list... anyway... )
--strk;
_______________________________________________
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
--
Spatialys - Geospatial professional services
http://www.spatialys.com
On Tue, May 10, 2016 at 06:31:53PM +0200, Even Rouault wrote:
This fail2ban mechanism seems to prevent legitimate uses. Yes, I do refresh
Trac or do svn operations a lot when working on GDAL.
I relaxed the rule to allow up to 60 requests in 60 seconds.
And, I whitelisted your static IP.
--strk;
