Opening a fun can of worms. Thanks in advance.
I received a notification 8:47pm local time that my Discourse site was not reachable.
My server was getting hammered (load average was running anywhere from 8 on the low side to 15 on the high side), discourse was running, and there was nothing I could easily discern as an issue.
I ran discourse doctor, not problem.
I ended up having to reboot the compute instance, which did not solve the problem.
Ultimately I stopped the instance for over 30 minutes before restarting.
Problem gone.
Keep in mind my discourse site is really, really small - about 20 active users.
I can’t prove there was some sort of DDoS activity, the symptoms sure line up with that possibility.
Below is a log snippet.
I am sure folks want to keep known bugs that are security risks obfuscated.
Do the logs below match any known indicators of compromise?
Any and all thoughts appreciated. Thank you!