Jerry 🦙💝🦙Dec 16, 2022
Now at 1700 new accounts on the day @infosec.exchange. This is what it looks like on the load balancer:
Show threadJerry 🦙💝🦙Dec 16, 2022
And this is what's happening at the CDN:
Show threadJerry 🦙💝🦙Dec 16, 2022
And this is what the aggregate CPU on the PUMA servers look like (note, almost no change)
Show threadJerry 🦙💝🦙Dec 16, 2022
And this is the aggregate load on the sidekiq servers (also, nearly no change)
Show threadJerry 🦙💝🦙Dec 16, 2022
Transaction growth on the postgresql database:
Show threadJerry 🦙💝🦙Dec 16, 2022
CPU on the redis/elasticsearch server. I can barely find it:
Show threadJerry 🦙💝🦙Dec 16, 2022
final graph (I don't have much else that would be interesting) is the sidekiq graph:
Show threadJerry 🦙💝🦙Dec 16, 2022
I lied. One more. I feel bad that I am just now realizing I didn't tell Prometheus to monitor the load balancer, so here is a snapshot of nmon from the load balancer:
Show threadVissDec 17, 2022

@jerry kinda surprised you dont have a giant linux terminal with:
- htop
- nload
- iftop
- atop
- ioping

and prolly asciiquarium and cmatrix for good measure :D

Show threadzeno's paradox speedrunnerDec 17, 2022

@Viss @jerry https://nicolargo.github.io/glances/

tho it can be a little heavy

Glances - An Eye on your system

Glances is a cross-platform curses-based system monitoring tool written in Python.

Show threadJerry 🦙💝🦙Dec 17, 2022
@pixelnull @Viss oh that looks amazing
Show threadzeno's paradox speedrunnerDec 17, 2022

@jerry @Viss it has a package avail for most distros.

i wouldn't do a github or pip install for it, they can get a little experimental with releases in my exp

Show threadJerry 🦙💝🦙Dec 17, 2022
@pixelnull @Viss yeah, I will play with it on other systems before curl $randosite |bash on the load balancer
Show threadzeno's paradox speedrunnerDec 17, 2022
@jerry @Viss it's literally in my first install on my systems, i mean in a long chain of other things
Show threadWaLLy3K Dec 17, 2022

@pixelnull @jerry @Viss Piping to bash is convenient, but not a great option if you're wanting to do it on a prod box.

https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

Detecting the use of "curl | bash" server side | Application Security

Another reason not to pipe from curl to bash. Detecting curl | bash serverside.

Show threadVissDec 17, 2022

@wally3k @pixelnull @jerry

curl hax.lol

you can also do it with apache rewrite rules by detecting the user-agent.

Show threadRallias  
@Viss @wally3k @pixelnull @jerry I disclaim any relationship with this website.
Dec 17, 2022 at 1:56amWeb
Show threadVissDec 17, 2022
@rallias @wally3k @pixelnull @jerry good, cuz i own it :D
Show threadRallias  Dec 17, 2022
@Viss @wally3k @pixelnull @jerry I approve, I just disclaim relationship.
Show threadVissDec 17, 2022
@rallias @wally3k @pixelnull @jerry if you hit it in a browser its a bit more colorful. if your browser is old enough itll play the goat simulator theme :D
Show threadRallias  Dec 17, 2022
@Viss @wally3k @pixelnull @jerry With that website name, I'm not sure I want to load it with an old browser, no offense.
Show threadzeno's paradox speedrunnerDec 17, 2022

@rallias @Viss @wally3k @jerry

do it. this is me bullying

Show threadVissDec 17, 2022

@pixelnull @rallias @wally3k @jerry their loss :D

i use it at every con for a harmless kiosk bypass payload

Show threadRallias  Dec 17, 2022

@pixelnull @Viss @wally3k @jerry Ok, fine, I did it in a VM...

Erm...