IRC log of #zope for Tuesday, 2014-04-22

« Monday, 2014-04-21 Index Wednesday, 2014-04-23 »
*** menesis has quit IRC00:28
*** TresEquis has quit IRC00:30
*** pyqwer has quit IRC00:59
*** fdrake has quit IRC01:16
*** nueces has quit IRC02:15
*** tiwula has quit IRC03:20
*** KageSenshi has quit IRC03:32
*** Spanktar has quit IRC03:51
*** tiwula has joined #zope04:23
*** nueces has joined #zope04:46
*** nueces has quit IRC05:12
*** nueces has joined #zope05:12
*** nueces has quit IRC05:53
*** nueces has joined #zope06:03
*** MatthewWilkes is now known as mwilkes|away06:04
*** mwilkes|away is now known as MatthewWilkes06:13
*** MatthewWilkes is now known as mwilkes|away06:14
*** nueces has quit IRC07:04
*** KageSenshi has joined #zope07:13
*** kosh_ has joined #zope07:15
*** kosh has quit IRC07:18
*** __mac__ has joined #zope07:29
*** __mac__ has quit IRC07:31
*** nueces has joined #zope07:38
*** __mac__ has joined #zope07:46
*** kosh_ has quit IRC07:55
*** __mac__ has quit IRC08:05
*** agroszer has joined #zope08:11
*** yvl has joined #zope08:14
*** KageSenshi has quit IRC08:16
*** tiwula has quit IRC08:19
*** dobee has joined #zope09:00
*** dobee has quit IRC09:01
*** dobee has joined #zope09:06
*** dobee has quit IRC09:11
*** nueces has quit IRC09:15
*** __mac__ has joined #zope09:17
*** dobee has joined #zope09:50
*** KageSenshi has joined #zope10:25
*** avoinea has joined #zope10:26
*** avoinea has quit IRC10:28
*** avoinea has joined #zope10:28
*** avoinea has quit IRC10:37
*** avoinea1 has joined #zope10:37
*** avoinea has joined #zope10:39
*** avoinea1 has quit IRC10:42
*** fredvd has joined #zope10:56
*** avoinea1 has joined #zope11:06
*** avoinea has quit IRC11:06
*** Pumukel has joined #zope11:13
*** dobee has quit IRC11:16
*** Pumukel has quit IRC11:34
*** benji has quit IRC11:35
*** benji has joined #zope11:35
*** maurits has joined #zope11:40
*** CosmicB has joined #zope11:41
*** KageSenshi has quit IRC11:50
*** mitchell`off is now known as mitchell`11:50
*** regebro has quit IRC11:57
*** dobee has joined #zope11:57
CosmicBI've got this zope 2.9.7 app that has been hacked, stuff has been injected. I'm a zope n00b, I run the server running the site, devs are long gone. But I'm struggling to figure out how to 'find the hacked' code in the zope admin gui (?)12:04
*** regebro has joined #zope12:04
CosmicBAs I understand, everything is stored in this zodb file, so there isn't any files I can edit from cli, I have to use the zope admin gui in some way (?)12:05
*** _mup_ has quit IRC12:11
*** menesis has joined #zope12:18
*** kiorky has quit IRC12:29
*** kiorky has joined #zope12:30
*** agroszer has quit IRC12:59
mgedminCosmicB, parts of the code are on the filesystem, parts are in the database13:05
betabugCosmicB: there are also some tools that allow you to inspect the db13:05
mgedminCosmicB, can you log in to the Zope Management Interface?  https://example.com/manage13:05
mgedminthere's an Undo tab that shows recent changes made to the ZODB, see if you can find anything suspicious there13:05
CosmicBmgedmin yeah, I've been poking around in the /manage interface without any luck13:10
CosmicBmgedmin ok, looking into it13:10
mgedminbtw can you define "hacked"?13:11
mgedminsends spam, serves malware, the front page is defaced, what?13:11
CosmicBmgedmin check out http://kildenett.no/portal/temaer/krig13:11
CosmicBthe page look fine, but try to view the source, you'll see references to viagra and such, it's 'hidden'13:12
CosmicBmgedmin in the source, search for 'projectradio' , that whole section is hidden. I've found the corresponding css file, tried to comment out the whole thing but it doesn't seem to work either13:13
betabugkildenett?13:17
betabugCosmicB: not all programmers who worked on that are gone, I did some work a while back on that13:18
CosmicBbetabug yeah right13:18
CosmicBbetabug you did ? huh, small world :p13:18
betabugyepp :-)13:18
betabugthey had some huuge performance problems13:18
CosmicBbetabug yeah, it got even worse before xmas, I ended up putting varnish in front and cache'ed the whole site. They don't edit the site anymore, just want it to be online for read references13:19
*** dobee has quit IRC13:19
betabugyeah, but I thought that had already been done?13:20
CosmicBI suspect the performance problems are related to these injections13:20
betabugno, there was some genuine problem there13:20
betabugthe site was recalculating a huge amount of relationships between bits of information for each request13:20
betabugit's really crazy code at the end of it13:21
CosmicBbetabug there _was_ a varnish in front when I started working here a couple years ago, but it didn't really work. It may have been my predecessor who broke the config after moving the site right before he quit13:21
betabughmm, the guy I talked with wasn't really working on the site, just doing some sysadmin stuff13:22
CosmicBbetabug yeah, there are some crazy stuff going on in that site.13:22
CosmicBbetabug yes, and I've taken over his job :)13:22
betabugIIRC he was called Espen13:23
*** menesis has quit IRC13:24
CosmicBbetabug yes, Espen quit when I got here :)13:24
betabugaha, hope he's doing fine13:24
CosmicBbetabug yes he said so last time we spoke :)13:25
betabuggood :-)13:25
betabuglooking through the old mails, there were some refcount leaks, fun stuff13:26
betabugand the code was filling the db object cache anew with each request... fun for all the family13:26
CosmicBbetabug where you hired as a freelance when you worked on kildenett ?13:27
betabugyes13:27
CosmicBbetabug and do you still do freelance jobs ?13:27
betabughttp://betabug-sirius.ch - that's me :-)13:27
betabugsure :-)13:27
CosmicBbetabug ok good, I'll bookmark your page, if I spend too much time on this problem I'll see if my boss agrees to hire extra help then :)13:34
betabugsure, no problem13:34
betabugit's not that I'm actively hunting for projects, but good to see that this weird, but beautiful baby can be online a bit longer13:35
betabugif I can help with any info, feel free to ask, job or no job!13:35
CosmicBbetabug ok great :)13:36
*** agroszer has joined #zope13:47
*** menesis has joined #zope14:15
*** _mup_ has joined #zope14:27
*** Pumukel has joined #zope14:45
*** fredvd has quit IRC14:47
*** dobee has joined #zope14:49
*** agroszer has quit IRC14:55
*** kosh has joined #zope15:10
*** KageSenshi has joined #zope15:58
*** regebro has quit IRC16:04
CosmicBbetabug I finally managed to comment out the css blocks that held the hidden code that was infested. That'll do for now :) I've bookmarked your site in case (when)  that site brakes in the future :)16:08
*** fredvd has joined #zope16:08
*** kosh has quit IRC16:10
*** yvl has quit IRC16:12
*** giacomos has joined #zope16:14
*** KageSenshi has quit IRC16:18
*** giacomos has quit IRC16:18
*** giacomos has joined #zope16:20
*** fdrake has joined #zope16:24
*** giacomos has quit IRC16:26
*** giacomos has joined #zope16:26
*** giacomos has quit IRC16:28
*** giacomos has joined #zope16:29
*** giacomos has quit IRC16:31
*** KageSenshi has joined #zope16:33
*** __mac__ has quit IRC16:52
*** dobee has quit IRC17:05
*** regebro has joined #zope17:18
*** dobee has joined #zope17:20
*** fredvd has quit IRC17:23
*** KageSenshi has quit IRC17:28
*** dobee has quit IRC17:34
*** giacomos has joined #zope17:50
*** giacomos has quit IRC17:50
*** dobee has joined #zope18:08
*** __mac__ has joined #zope18:22
*** daMaestro has joined #zope18:28
*** __mac__ has quit IRC18:31
*** dobee has quit IRC18:32
*** kosh has joined #zope18:40
*** tiwula has joined #zope18:44
*** menesis has quit IRC19:30
betabugcool!19:56
*** regebro is now known as regebro|afk20:01
*** KageSenshi has joined #zope20:02
*** Pumukel has quit IRC20:03
*** maurits has quit IRC20:07
*** __mac__ has joined #zope20:10
*** __mac__ has quit IRC20:17
*** agroszer has joined #zope20:18
*** agroszer has quit IRC20:24
*** tiwula has quit IRC20:33
*** vedic has joined #zope20:37
*** tiwula has joined #zope20:38
*** m8 has joined #zope20:44
*** kosh has quit IRC20:50
*** MrTango has joined #zope20:54
*** vedic has left #zope20:55
*** tiwula has quit IRC21:00
*** tiwula has joined #zope21:15
*** mathjoke has joined #zope21:28
*** Spanktar has joined #zope21:30
*** BGaddie has joined #zope21:32
*** tiwula has quit IRC21:34
BGaddieI'm looking for some help/direction in sorting out an error in my Zope client (Zope 2.13.13) - the issue is outlined here http://www.gossamer-threads.com/lists/zope/dev/233809?do=post_view_threaded21:35
*** tiwula has joined #zope21:36
*** mitchell` is now known as mitchell`off21:39
betabugno idea21:39
BGaddieI'm pretty stumped as well21:40
betabugis the connection to the zeo server unreliable?21:42
betabugI had once a production server where the zeo server was ~1500km away, but never saw this problem21:42
BGaddieit should be pretty reliable - and even when the client is exhibiting the error the other clients are connected and telnet to the zeoserver works well21:44
BGaddiethey're in the same datacenter21:44
BGaddieI've checked for server resources (memory, file descriptors)....tried to strace the process which only gives me that the connect fails with EINPROGRESS status21:47
BGaddierestarting the client fixes the issue for a little while21:49
*** MrTango has quit IRC21:56
*** avoinea1 has quit IRC22:03
*** dixond has quit IRC22:15
*** dixond has joined #zope22:28
*** nueces has joined #zope22:40
*** dobee has joined #zope22:43
*** dobee has quit IRC22:47
*** menesis has joined #zope22:48
*** nueces has quit IRC22:50
*** dobee has joined #zope22:57
*** tiwula has quit IRC23:11
*** motto has joined #zope23:13
*** tiwula has joined #zope23:13
*** m8 has quit IRC23:15
*** tiwula has quit IRC23:24
*** TresEquis has joined #zope23:32
*** rbanffy has joined #zope23:36
*** tiwula has joined #zope23:38
*** nueces has joined #zope23:44
*** __mac__ has joined #zope23:47
*** sm has quit IRC23:47
*** sm has joined #zope23:51
*** motto has quit IRC23:53
*** __mac__ has quit IRC23:54
« Monday, 2014-04-21 Index Wednesday, 2014-04-23 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!