Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Opened: Mar 27, 2018 Severity: 3-Major
MySQL partition size reaching 100%. The ASM log contains continuously reports 'Web scraping attack' being started/finished.
The 'DCC.CLIENT_SIDE_DROPPED_STAT' table exceeds the maximum of 20,000 rows, as defined in '/etc/ts/tools/clean_db.yaml' (a limit that should be imposed by the 'clean_db' process, which appears to be running without errors, verified by viewing the following log: /var/log/ts/clean_db.log). That ASM log is filled (~85% of it) with reports about 'Web scraping attacks' being started/finished. Most of the time, a new attack starts every second or so, indicating, perhaps, that the 'clean_db' process cannot keep up with cleaning that table.
-- ASM provisioned -- A new attack starts every second or so.
Back up that single table and truncate it as follows: 1. To check how many records there are, run the following MySQL query: mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "Select count(*) from DCC.CLIENT_SIDE_DROPPED_STAT;" 2. To back up the records, run the following MySQL query: mysqldump --single-transaction -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` DCC CLIENT_SIDE_DROPPED_STAT >/shared/CLIENT_SIDE_DROPPED_STAT.sql Specify a target backup partition with at least 6 GB of available space. 3. To delete records, run the following MySQL query: mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "delete from DCC.CLIENT_SIDE_DROPPED_STAT;"
None