Closed anandhakumarpalanisamy closed 3 years ago
Test Environment
Bank App can be accessed here : http://157.230.222.172:3000/ a) Register a user b) Login and check the balance and transfer functionalities.
The transactions can be seen in hyperledger explorer : http://157.230.222.172:8090/
Updated Observations
Debugging to find the reason for docker service restart
When checked docker stats in master machine, CPU utilization for _hyperledger_explorerdb container was nearly 190% and memory usage was around 60% even in idle scenarios.
docker stats in worker machine, where fabric services were running showed normal behavior with less CPU utilization and memory.
The master machines in the docker swarm may have been compromised by some DDoS Trojan attacks as mentioned here: https://admin-ahead.com/forum/server-security-hardening/unix-trojan-ddos_xor-1-chinese-chicken-multiplatform-dos-botnets-trojan/.
I checked the processes running on the master machine (top command).
A random process with some random name was running in the master machines that consumes maximum cpu utilisation.
I am not sure whether that random process is linked with hyperledger_explorer_db container.
I guess it may be linked . Because when i searched for the exe for that random process, it pointed to postregres data folder.
May be that is why hyperledger_explorer_db container was utilising 150% of CPU when checked through docker stats.
But hyperledger_explorer_db is a docker service. It runs in a separate container. That should not affect the host droplet.
Further Observations :
When i killed that random process. CPU utilisation became normal and hyperledger_explorer_db container showed 0 to 0.01 % of CPU utilisation in docker stats .
But after some random time interval, again some random process with random name was started consuming 150 % CPU utilization and 60% memory.
I think ram maxed out issue is caused in random intervals because of this.
To test the behavior :
Conclusion :
Not sure if that trojan Ddos virus is generated by:
However the worker machines are not effected by that virus.
hyperledger_explorer_db service container is always started only in master machine. So that is why it may be affecting only the master machine.
UPDATE
That trojan Ddos virus is mostly generated by:
Verification method:
If the hyperledger explorer services are removed,
Asked a question in hyperledger explorer chat form : https://chat.hyperledger.org/channel/hyperledger-explorer/thread/Csg6M8BkBkuhDzq5L?jump=Rt6bbcLG9eo7d6t9r
Docker services are automatically restarted in random periodic intervals
The issue is discussed in this forum: https://forums.docker.com/t/docker-swarm-periodically-restarts-all-services/69790/5 ,
Possible Reason :
As suggested in the forum , https://forums.docker.com/t/docker-swarm-periodically-restarts-all-services/69790/5 docker randomly restarts services when memory of CPU is maxed out