Perl 6 - the future is here, just unevenly distributed

IRC log for #webwork, 2014-09-17

| Channels | #webwork index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:21 soumya__ joined #webwork
00:31 mgage joined #webwork
01:50 ilbot3 joined #webwork
01:50 Topic for #webwork is now WeBWorK (http://webwork.maa.org) is an open-source online homework system for math and sciences courses. WeBWorK is supported by the MAA and the NSF. | Release notes: http://goo.gl/Ry5HN | Channel logged at http://goo.gl/jELTn
01:53 mgage joined #webwork
01:53 soumya__ joined #webwork
02:37 mgage joined #webwork
03:03 rbeezer joined #webwork
03:11 mgage joined #webwork
03:16 mgage rbeezer
03:32 mgage rbeezer:
04:24 Shdwdrgn joined #webwork
04:24 Shdwdrgn I don't suppose anyone is awake this evening?
11:43 mgage joined #webwork
12:35 mgage joined #webwork
13:06 mgage joined #webwork
14:25 shdw_work joined #webwork
15:14 shdw_work hey folks, I have a couple issues going on here today
15:16 shdw_work we had the _key table for one of the classes crash overnight, and there was an attack on the server itself the night before
15:16 shdw_work I'm wondering if you have seen any reports of targeted attacks on webwork 2.8, and/or if anyone has reporting any sql injection-type attacks?
15:20 goehle joined #webwork
15:29 shdw_work oh, also does anyone know of a general log file that would be recording those sql errors so I could see if any other courses are having problems?
15:29 goehle logs/debub.txt if debugging is turned on
15:29 goehle logs/debug.log rather
15:30 shdw_work is that done in a config file of from the admin page?
15:30 goehle neither
15:30 goehle you have to edit the line
15:30 goehle $WeBWorK::Debug::Enabled
15:30 goehle in lib/WeBWorK/Constants.pkm
15:32 shdw_work hmm I bet I need to restart apache for that change to take effect?
15:32 goehle yeah
15:32 shdw_work bummer
15:33 shdw_work since nobody else replied, did you happen to see my other comments from right before you joined the channel? (I don't know if you guys have an online log somewhere)
15:33 goehle no
15:33 goehle we do
15:33 goehle but I never read it
15:33 shdw_work haha
15:33 shdw_work ok I'll re-paste
15:33 goehle nah
15:33 goehle I can look at it
15:33 goehle one sec
15:33 shdw_work oh ok, it was only two comments
15:34 goehle nobody has reported sql injection type attacks
15:34 goehle although we certainly want to keep an eye out for those
15:34 shdw_work ah crap, just had another table crash
15:36 goehle hmm
15:37 shdw_work just got an email from our IT team suggesting they could convert the tables to InnoDB which might solve the problem.
15:38 rbeezer joined #webwork
15:39 shdw_work I had a student last night getting this error when she tried to log in...
15:39 shdw_work addKey: key exists (perhaps you meant to use putKey?) at /usr/local/webwork/webwork2/lib/WeBWorK/Authen.pm line 730.
15:40 goehle I doubt its sql injection.  All of our sql statements go through perl DBI which should scan for that kind of thing.  However, it hasn't really been looked at in a while
15:40 shdw_work I couldn't find anything recent on google about it, however the class she is in is the same table that just crashed
15:40 goehle that means she already had a cookie key in the db
15:41 shdw_work she tried logging in from 2 different computers and got the same error.  Is there a way to clear that out so a student can get logged back in again?
15:41 goehle honestly it shouldn't really be happening.  You can delete her row from the _key table
15:43 shdw_work oh, regarding the sql injection... it was just a thought, I haven't actually seen anything to suggest it happened.  But the night before last someone run a ddos against the server that took the whole machine down, so it made me wonder if someone was trying to get access.
15:43 goehle its certainly something to keep an eye on
16:10 goehle Let me know if it ends up being something wrong with WeBWorK
16:12 shdw_work will do.  I think the conversion to InnoDB sounds like a good idea.  For some reason I thought it was already using that by default.
16:13 goehle Its done for newer installations
16:14 shdw_work I just installed 2.8 this Spring.  How new are we talking?
16:14 goehle Things installed using Jason Aubrey's installer script
16:15 shdw_work oh there's a script now?  Fancy! :-)
16:15 shdw_work that takes all the fun out of it
16:15 goehle :P
16:15 goehle wait
16:15 goehle no his script changes it to myisam
16:15 goehle innodb is default for mysql installations as of 5.5.5
16:16 goehle but its something set in the mysql conf
16:16 goehle not on the webworks ide
16:16 goehle sid
16:16 goehle grr
16:16 goehle side
17:02 goehle joined #webwork
17:02 shdw_work just got a reply back from the student with the existing key error... after I ran repair table, she is able to log into her class now.
17:03 goehle joined #webwork
17:03 ChanServ joined #webwork
17:03 Brando753 joined #webwork
17:03 Shdwdrgn joined #webwork
17:03 rbeezer joined #webwork
17:03 goehle so its unlikely (but not impossible) that its sql injection
17:33 aubreyja joined #webwork
17:33 aubreyja joined #webwork
17:34 goehle I had a long conversation with someone installing on centos aubreyja
17:34 goehle I ended up adding a package to the yum side of the isntallation on master
17:34 aubreyja hey - the guy with the bug reports?
17:34 goehle yeah, on ww_install
17:34 goehle well
17:34 goehle I mean that was the conversation
17:35 aubreyja great -thanks
20:43 goehle hey shdw_work
20:43 goehle figure it out?
20:48 shdw_work aww now you did it
20:48 shdw_work you broke me
20:49 goehle oh?
20:49 shdw_work ;-)
20:49 shdw_work Shdwdrgn is my home computer
20:49 goehle ah
20:49 goehle notification script died then
20:49 goehle or something
20:49 shdw_work I have ipv6 at home, but the freenode ipv6 servers seem to split more often
20:50 goehle fancy
20:50 shdw_work anyway... no, I haven't dug up any reason why those tables crashed, and I haven't seen any others have a problem today
20:51 goehle so what do you mean by crashed.  Mike gage was asking
20:52 shdw_work DBD::mysql::st execute failed: Table './webwork/Math2300@002dFall@002d2014_key' is marked as crashed and should be repaired
20:52 shdw_work so I run repait table on Math2300-Fall-2014, and it works again
20:52 shdw_work er.. "repair table"
20:53 shdw_work the error page was coming up just from students trying to reach the login page, before they could enter anything
20:53 goehle It was querying the key table to see if they had a cookie key or not
20:54 goehle Its not impossible that the DOS attack could have something to do with it indirectly.  That table is accessed every time someone tries to access a page.  I can imagine that many many reads, mixed with the occasional write of someone logging in, could bork something
20:57 goehle were you on myisam before?
20:58 shdw_work the attack happened the night before.  Everything was working fine yesterday, then the table crashes happened last night and this morning... So separate times, and the original attack crashed the server, requiring a full reboot.
20:58 shdw_work apparently we're on myisam currently
20:58 goehle ah ok
20:58 goehle so myisam is faster but more prone to crashes.
20:58 goehle (or so I am reading)
20:58 goehle innodb might solve your issues
20:59 shdw_work I don't know how that part is configured, they don't let me touch the good bits ;-)
20:59 goehle Its in my.cnf in /etc
20:59 goehle but it would change the whole mysql server over
20:59 goehle but when they said they might do innodb that is what they meant
21:00 goehle it can also happen when shutdowns don't happen cleanly
21:01 goehle so if you had to do any kind of hard reboot on your server that do it as well
21:01 goehle I've got to run
21:01 shdw_work yeah but webwork was working fine yesterday after the server was brought back up
21:01 shdw_work ok see ya
21:01 goehle ttyl
23:16 mgage joined #webwork

| Channels | #webwork index | Today | | Search | Google Search | Plain-Text | summary