Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 11.6.4, 11.6.5, 220.127.116.11, 18.104.22.168, 22.214.171.124
Opened: Mar 27, 2018
MySQL partition size reaching 100%. The ASM log contains continuously reports 'Web scraping attack' being started/finished.
The 'DCC.CLIENT_SIDE_DROPPED_STAT' table exceeds the maximum of 20,000 rows, as defined in '/etc/ts/tools/clean_db.yaml' (a limit that should be imposed by the 'clean_db' process, which appears to be running without errors, verified by viewing the following log: /var/log/ts/clean_db.log). That ASM log is filled (~85% of it) with reports about 'Web scraping attacks' being started/finished. Most of the time, a new attack starts every second or so, indicating, perhaps, that the 'clean_db' process cannot keep up with cleaning that table.
-- ASM provisioned -- A new attack starts every second or so.
Back up that single table and truncate it as follows: 1. To check how many records there are, run the following MySQL query: mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "Select count(*) from DCC.CLIENT_SIDE_DROPPED_STAT;" 2. To back up the records, run the following MySQL query: mysqldump --single-transaction -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` DCC CLIENT_SIDE_DROPPED_STAT >/shared/CLIENT_SIDE_DROPPED_STAT.sql Specify a target backup partition with at least 6 GB of available space. 3. To delete records, run the following MySQL query: mysql -uasm -p`perl -MF5::Cfg -e 'print F5::Cfg::get_mysql_password()'` -e "delete from DCC.CLIENT_SIDE_DROPPED_STAT;"