Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#40822 - Arch Linux forum server crash reproducible

Attached to Project: Arch Linux
Opened by David Couzelis (drcouzelis) - Thursday, 12 June 2014, 18:28 GMT
Last edited by Evangelos Foutras (foutrelis) - Sunday, 15 August 2021, 21:13 GMT
Task Type Bug Report
Category Web Sites
Status Closed
Assigned To Jelle van der Waa (jelly)
Sven-Hendrik Haase (Svenstaro)
Giancarlo Razzolini (grazzolini)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
I can bring down the Arch Linux forum server. I discovered this accidentally. :(


Additional info:
The forums went down this morning. I had no idea why. I figured it was just some random problem with the server. I then saw posts from other people about having trouble accessing the forums:

https://bbs.archlinux.org/viewtopic.php?id=182751
https://bbs.archlinux.org/viewtopic.php?id=172901

So then I thought, "Hmmm... The forum went down just as I did something I rarely do on it. Maybe... I caused it?" After a few hours and the forum coming back online I decided to do a little test by doing the same thing that I did previously. Aaaaand BOOM! Down went the forums again. :( :(


Steps to reproduce:
Go the search page. With the default search options selected, do a search for this term (without quotes):

"*rxvt*"

The forum is now inaccessible. It came back after about 10 minutes.

(To anyone reading this report, please don't do this. Seriously. I don't want the forums to go down any more. I need them.)

I hope there is a way to disable the ability to do searches like this or something.
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Sunday, 15 August 2021, 21:13 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed/worked around in archbbs commit 2cc50bea33fc.
Comment by Dave Reisner (falconindy) - Thursday, 12 June 2014, 18:37 GMT
Marked this as private. In the future, please take your own advice and don't publicize this. Contact developers by email.

Also, we know that the search is terrible. It's not us, it's FluxBB.
Comment by Dan McGee (toofishes) - Thursday, 12 June 2014, 18:48 GMT
I don't know if we can, but would disabling leading-wildcard searches at least help make this a tad better?
Comment by Pierre Schmitz (Pierre) - Saturday, 14 June 2014, 19:58 GMT
I assume anything but a trailing $ does not make sense as MySQL cannot use the index then. I'll have a look and send a patch upstream.
Comment by Doug Newgard (Scimmia) - Monday, 06 July 2015, 05:35 GMT
Status? I don't want to test it. :p
Comment by Evangelos Foutras (foutrelis) - Monday, 06 July 2015, 08:49 GMT
Just tested and it is still an issue.
Comment by Florian Pritz (bluewind) - Sunday, 06 January 2019, 15:44 GMT
Tested again and it's still an issue.
Comment by Jelle van der Waa (jelly) - Sunday, 06 January 2019, 18:23 GMT
As Bluewind noted, this triggers a query which is horribly inefficient and locks the whole db.

Query_time: 243.218009 Lock_time: 0.000305 Rows_sent: 17672 Rows_examined: 130164753 Rows_affected: 0
Comment by Pierre Schmitz (Pierre) - Monday, 07 January 2019, 18:24 GMT
I wonder what Pierre from 2014 was looking at back then.

1) A quick fix would be to remove any '*'. ATM it seems the code replaces every * with a % which is insane. I deployed this fix for now which disables any complex search queries.
2) The real solution would be to use something like Elasticsearch as we approach a huge amount of postings in our forums which FluxBB simply cannot handle. Funny enough I am currently evaluating Elastic search for archlinux.de.

For now I'd say we could live with this; at least till people complain.

Comment by Florian Pritz (bluewind) - Monday, 07 January 2019, 19:04 GMT
Yeah, a decent search engine would probably work wonders. It doesn't seem like fluxbb supports this out of the box though. There is fluxsphinx[1], but I don't know anything about sphinx and fluxsphinx seems to use cronjobs to update the search data. I'm not sure how much I like that. Also it seems mostly dead for the last 3 years.

[1] https://github.com/llaumgui/fluxsphinx
Comment by Pierre Schmitz (Pierre) - Monday, 07 January 2019, 19:08 GMT
I did use sphinx in the past, but the recent versions are closed source now. Using a cron job to update the index is fine I guess. Updating the index on every post wirte might be expensive.

I'd assume building a search service separate from Fluxbb might be a valid idea.

Loading...