[09:45:25] hmm getting some weird presumed attacks (?): "GET /w/index.php?title=%2D5125%20%20UNION%20ALL%20SELECT%20CONCAT%280x696733%2C0x36626d54%2C0x6c4657%29%2D%2D%20%2D%20&returnto=Skins/Sport HTTP/1.1" [09:45:41] is this something MW specific or just people trying to poke around generically? [09:54:31] oh, judging by some queries, it uses Oracle SQL syntax [10:02:44] Remilia: it looks like a standard SQLi attempt [10:03:17] RhinosF1: yeah I urldecoded some of the requests and ended up at the same conclusion [10:03:42] Remilia: it won't do anything but if it makes you happy you could probably block them [10:03:50] Or install some WAF [10:05:52] RhinosF1: haproxy autobanned some of the hosts based on request rate and then I did grep SELECT hostname-access.log | ipstats | awk [10:05:52] '{ print $3}'|xargs whois | grep "route:" | awk '{ print $2}' >> /root/etc/pf.blacklist.http [10:05:53] haha [10:06:19] That'll work [10:06:41] looks like a rather sizable cluster of hosts across the UK [10:06:43] Worst I've seen was when someone made googlebot do SQLi attempts [10:06:55] It's very common [10:07:31] yeah figures, the good thing is that all of these blocks seem to be datacentres, so users will not be affected even with this blanket ban [10:07:32] I've seen various attempts at vulnerability testing [10:08:05] Most come from big cloud providers [10:08:18] You could try contacting their abuse team [10:08:28] Microsoft CERT are best abuse response I've seen [10:08:58] hmm, these are mostly "Fine Group" [10:09:01] I will try [10:10:03] RhinosF1: basically I saw https://pbs.twimg.com/media/FACrdt_UcAg395v?format=png&name=small and was like "why is my load avg spiking above 0.7" [10:10:20] Remilia: fun graph [10:10:57] 2800 requests over 3 minutes [10:11:43] thanks for your suggestions, going to file some abuse reports and then get back to work [10:55:56] Uploaded file: https://uploads.kiwiirc.com/files/602914337eddfafcd8410282cd8ea61b/Screenshot%20from%202021-09-24%2016-25-14.png [10:56:21] how to remove header and flag from my private wiki? [20:16:17] can someone help me debug why I can't access my database? I just migrated from another server https://kikwiki.tk [20:16:53] copied everything to the same locations and it seems to be accessible as far as I can tell [20:19:13] check that your database username and password in LocalSettings.php are correct [20:19:40] there is no password, this is sqlite [20:19:41] wait, sqlite [20:19:44] yeah [20:22:23] file permissions? [20:22:43] make sure it's an absolute path? [20:23:08] codebam: can you give the exception message you get? (set $wgShowExceptionDetails = true; to get more info if it gives a generic message) [20:23:41] moonmoon: I sent the link with the exception [20:23:43] kikwiki.tk [20:23:46] also hi [20:23:51] except the useful bit is truncated [20:24:04] newExceptionAfterConnectError('Error 8: attemp...') [20:24:08] how do I make it not truncated? [20:24:54] you can't [20:24:59] but the error number is enough [20:25:07] 8 is "attempt to write a readonly database" [20:25:27] so either a) file permissions on the db file, or b) the filesystem containing the db file is mounted read-only [20:25:31] oh I see. let me double check the permissions are correct [20:25:53] I'm using docker volumes to mount it so maybe something got messed up when I copied them over [20:26:15] could also be selinux/apparmor [20:27:12] it looks like they're all set to -rw-r--r-- [20:27:30] I applied labels correctly using :z when mounting the volumes in podman [20:48:21] codebam: other possibility is that the uid inside the container isn't being mapped to the file owner so it's hitting either the group or other acl entry [21:00:38] I'm not sure. I just gave up. might attempt it again later