[rabbitmq-discuss] Management plugin trashing a server?

Ivan Sanchez s4nchez at gmail.com
Fri Mar 18 09:12:53 GMT 2011


   We are still using the java rabbitmq client 2.1. We also use a amqp
0.8 actionscript3 library to connect from flash (only place where the
user 'flash' is used).

   Agreed that it seems like a coincidence all this authentication
errors. Unfortunately there was nothing else unusual in the logs.

   Thanks for the help, anyway. If there's anything else I could look
for please let me know.

--
Ivan

On Mar 17, 6:12 pm, Simon MacMullen <si... at rabbitmq.com> wrote:
> On 17/03/11 14:31, Ivan Sanchez wrote:
>
> >    Thanks for the answer. Our log had a bunch of:
>
> > =ERROR REPORT==== 16-Mar-2011::10:09:53 ===
> > exception on TCP connection<0.364.0>  from ******************:64318
> > {channel0_error,starting,
> >                  {amqp_error,access_refused,
> >                              "AMQPLAIN login refused: user 'flash' -
> > invalid credentials",
> >                              'connection.start_ok'}}
>
> >     The user 'flash' is a valid login, and the only place it's used is
> > from our own app, where the password is properly set.
>
> >     In the logs I can see 4000+ of these in a 5 minutes periods shortly
> > after the server was started. They all came from external TCP
> > connections (none from our servers). After removing the plugins we
> > didn't get any of those errors anymore.
>
> Hmm. I'm very inclined to think that must be a coincidence.
>
> That log message is not one that can be produced by the management
> plugin - that's a remote host trying and failing to connect over AMQP.
>
> Interestingly it's using the (slightly) oddball AMQPLAIN authentication
> mechanism, which implies it's either the RabbitMQ Erlang client from
> 2.2.0 or earlier (or something that uses that, like rabbitmq-shovel), or
> one of the old QPid clients. Does that sound like anything that could be
> on your network?
>
> I would certainly be inclined to find out who owns the hosts in question
> and go and have a word.
>
> Of course, the fact that this was able to make the server hang is not
> great. There are some anti-DOS provisions in recent versions of
> RabbitMQ, but they don't really help when a ton of hosts are all trying
> to connect at once.
>
> Cheers, Simon
>
> --
> Simon MacMullen
> Staff Engineer, RabbitMQ
> SpringSource, a division of VMware
>
> _______________________________________________
> rabbitmq-discuss mailing list
> rabbitmq-disc... at lists.rabbitmq.comhttps://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss


More information about the rabbitmq-discuss mailing list