-=| Joey Hess, 27.01.2015 18:00:11 -0400 |=- > Source: kgb-bot > Version: 1.33-2 > Severity: important > Tags: security > > 2015.01.19 18:08:39: Listening on http://0.0.0.0:9999?session=KGB > 2015.01.19 18:08:43: Connected to freenode (holmes.freenode.net) > 2015.01.19 18:08:43: Joining #commits... > 2015.01.19 18:08:43: Connected to oftc (graviton.oftc.net) > 2015.01.19 18:08:43: Joining #ikiwiki #vcs-home #git-annex... > Did not get DONE/CLOSE event for Wheel ID 73 from IP 222.186.34.155 at > /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. > I had a problem posting to event Got_Request of session SOAPServer for > DIR handler '.*'. As reported by Kernel: 'No such file or directory', > perhaps the session name is spelled incorrectly for this handler? at > /usr/share/perl5/POE/Session.pm line 483.
Tincho, can you have a look? I'm afraid POE internals are a mystery to me. A way to reproduce the problem would certainly help too. > This has happened to me twice now, and it takes the bot down. > > root@elephant:/home/joey>systemctl status kgb-bot.service > ● kgb-bot.service - LSB: Collaborative IRC helper > Loaded: loaded (/etc/init.d/kgb-bot) > Active: active (exited) since Mon 2015-01-19 14:08:39 JEST; 1 weeks 1 days > ago > Process: 26584 ExecReload=/etc/init.d/kgb-bot reload (code=exited, > status=0/SUCCESS) > > Jan 26 03:57:27 elephant kgb-bot[26584]: Reloading Collaborative IRC helper: > kgb-bot. > > systemd thinks the service is running ok, but the daemon has in fact crashed > or > exited because of the event logged above. Both "service kbg-bot start" and > "systemctl start kgb-bot" do nothing. I have to "service kgb-bot stop" to get > out of this state. (It seems that this could stand to be improved, by eg, > writing a systemd service file that doesn't let the daemon fork, so systemd > can handle logging and know when the process has exited.) This is easy to fix, as the bot has a --foreground parameter. > Here's the log from the previous time it happened: > > 2015.01.15 23:05:33: Connected to freenode (wolfe.freenode.net) > 2015.01.15 23:05:33: Joining #commits... > Did not get DONE/CLOSE event for Wheel ID 1089 from IP 222.186.34.155 at > /usr/share/perl5/POE/Component/Server/SimpleHTTP.pm line 221. > I had a problem posting to event Got_Request of session SOAPServer for DIR > handler '.*'. As reported by Kernel: 'No such file or directory', perhaps the > session name is spelled incorrectly for this handler? at > /usr/share/perl5/POE/Session.pm line 483. > > I don't know the IP 222.186.34.155. I assume it is trying to exploit my > server with its DIR .* "DIR .*" is a red herring here. The SOAP service registers a HTTP handler for all paths, expressed as ".*" (AIUI). > Since this appears to be at least a DOS, I've tagged the bug as > a minor security issue. Thanks. Putting "debug: 1" in /etc/kgb-bot/kgb.conf will turn on debugging (and excessive logging). Perhaps that can give more clues the next time the crash happens. -- dam
signature.asc
Description: Digital signature
