[rabbitmq-discuss] Management plugin trashing a server?
Simon MacMullen
simon at rabbitmq.com
Thu Mar 17 18:12:28 GMT 2011
On 17/03/11 14:31, Ivan Sanchez wrote:
> Thanks for the answer. Our log had a bunch of:
>
> =ERROR REPORT==== 16-Mar-2011::10:09:53 ===
> exception on TCP connection<0.364.0> from ******************:64318
> {channel0_error,starting,
> {amqp_error,access_refused,
> "AMQPLAIN login refused: user 'flash' -
> invalid credentials",
> 'connection.start_ok'}}
>
> The user 'flash' is a valid login, and the only place it's used is
> from our own app, where the password is properly set.
>
> In the logs I can see 4000+ of these in a 5 minutes periods shortly
> after the server was started. They all came from external TCP
> connections (none from our servers). After removing the plugins we
> didn't get any of those errors anymore.
Hmm. I'm very inclined to think that must be a coincidence.
That log message is not one that can be produced by the management
plugin - that's a remote host trying and failing to connect over AMQP.
Interestingly it's using the (slightly) oddball AMQPLAIN authentication
mechanism, which implies it's either the RabbitMQ Erlang client from
2.2.0 or earlier (or something that uses that, like rabbitmq-shovel), or
one of the old QPid clients. Does that sound like anything that could be
on your network?
I would certainly be inclined to find out who owns the hosts in question
and go and have a word.
Of course, the fact that this was able to make the server hang is not
great. There are some anti-DOS provisions in recent versions of
RabbitMQ, but they don't really help when a ton of hosts are all trying
to connect at once.
Cheers, Simon
--
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware
More information about the rabbitmq-discuss
mailing list