Potential abuse of Vikunja backend server

I have vikunja running in docker behind Traefik v2. Was surprised to find my vps servers disk full today. This turned out to be because the vikunja-api container log file was 20Gigs in size.

Updated to the latest vikunja docker images (docker-compose pull etc) and that cleared out the log regaining me 20Gigs of disk space - but lost most of the interesting logs. oh well.

iirc The logs were full of lots of create tasks, delete tasks etc for everything vikunja does (namespaces, tasks, lists, team members comments and so on).

There’s a snippet of logs below from after I restarted - but these just look like the server adding handlers at start up, not anything nefarious.

The disk was filling at about 1MB every couple of minutes before I updated the vikunja container, not entirely clear whether this was something nefarious or just a bug at this point. Kicking myself for accidentally deleting the container log.

I’ve restricted access to the container for now and will investigate more later (particularly want to look at the db).

{"log":"2021-03-07T14:52:48.500126238Z: INFO\u0009▶ cmd/func2 063\u001b[0m Vikunja version v0.16.0+87-6de3d8b3a1\n","stream":"stdout","time":"2021-03-07T14:52:48.500248544Z"}
{"log":"2021-03-07T14:52:48.500747484Z: INFO\u0009▶ [EVENTS] 068\u001b[0m Adding handler, handler_name=list.deleted.list.counter.decrease, topic=list.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.501591325Z"}
{"log":"2021-03-07T14:52:48.502243339Z: INFO\u0009▶ [EVENTS] 069\u001b[0m Adding handler, handler_name=namespace.created.namespace.counter.increase, topic=namespace.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502342766Z"}
{"log":"2021-03-07T14:52:48.502401311Z: INFO\u0009▶ [EVENTS] 06a\u001b[0m Adding handler, handler_name=team.deleted.team.counter.decrease, topic=team.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.50247437Z"}
{"log":"2021-03-07T14:52:48.502548579Z: INFO\u0009▶ [EVENTS] 06b\u001b[0m Adding handler, handler_name=team.member.added.team.member.added.notification, topic=team.member.added\n","stream":"stdout","time":"2021-03-07T14:52:48.502656083Z"}
{"log":"2021-03-07T14:52:48.502673489Z: INFO\u0009▶ [EVENTS] 06c\u001b[0m Adding handler, handler_name=list.created.list.counter.increase, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502723767Z"}
{"log":"2021-03-07T14:52:48.502749754Z: INFO\u0009▶ [EVENTS] 06d\u001b[0m Adding handler, handler_name=list.created.send.list.created.notification, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502799941Z"}
{"log":"2021-03-07T14:52:48.502826009Z: INFO\u0009▶ [EVENTS] 06e\u001b[0m Adding handler, handler_name=namespace.deleted.namespace.counter.decrease, topic=namespace.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502873146Z"}
{"log":"2021-03-07T14:52:48.502845233Z: INFO\u0009▶ [EVENTS] 06f\u001b[0m Adding handler, handler_name=task.created.task.counter.increase, topic=task.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502881808Z"}
{"log":"2021-03-07T14:52:48.502854438Z: INFO\u0009▶ [EVENTS] 070\u001b[0m Adding handler, handler_name=task.deleted.task.counter.decrease, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502921031Z"}
{"log":"2021-03-07T14:52:48.502865178Z: INFO\u0009▶ [EVENTS] 071\u001b[0m Adding handler, handler_name=task.deleted.task.deleted.notification.send, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502927639Z"}
{"log":"2021-03-07T14:52:48.502905831Z: INFO\u0009▶ [EVENTS] 072\u001b[0m Adding handler, handler_name=team.created.team.counter.increase, topic=team.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502953979Z"}
{"log":"2021-03-07T14:52:48.502922681Z: INFO\u0009▶ [EVENTS] 073\u001b[0m Adding handler, handler_name=task.comment.created.task.comment.notification.send, topic=task.comment.created\n","stream":"stdout","time":"2021-03-07T14:52:48.50295983Z"}
{"log":"2021-03-07T14:52:48.502932969Z: INFO\u0009▶ [EVENTS] 074\u001b[0m Adding handler, handler_name=task.assignee.created.task.assigned.notification.send, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502973558Z"}
{"log":"⇨ http server started on [::]:3456\n","stream":"stdout","time":"2021-03-07T14:52:48.503007154Z"}
{"log":"2021-03-07T14:52:48.503016473Z: INFO\u0009▶ [EVENTS] 075\u001b[0m Adding handler, handler_name=task.assignee.created.task.assignee.subscribe, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.503094391Z"}
{"log":"2021-03-07T14:52:48.503104706Z: INFO\u0009▶ [EVENTS] 076\u001b[0m Adding handler, handler_name=user.created.increase.user.counter, topic=user.created\n","stream":"stdout","time":"2021-03-07T14:52:48.503136633Z"}
{"log":"2021-03-07T14:52:48.506982718Z: INFO\u0009▶ [EVENTS] 088\u001b[0m Starting handler, subscriber_name=list.deleted.list.counter.decrease, topic=list.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507109898Z"}
{"log":"2021-03-07T14:52:48.507023608Z: INFO\u0009▶ [EVENTS] 089\u001b[0m Starting handler, subscriber_name=namespace.deleted.namespace.counter.decrease, topic=namespace.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507129905Z"}
{"log":"2021-03-07T14:52:48.507036575Z: INFO\u0009▶ [EVENTS] 08a\u001b[0m Starting handler, subscriber_name=team.created.team.counter.increase, topic=team.created\n","stream":"stdout","time":"2021-03-07T14:52:48.50714844Z"}
{"log":"2021-03-07T14:52:48.507047761Z: INFO\u0009▶ [EVENTS] 08b\u001b[0m Starting handler, subscriber_name=task.assignee.created.task.assigned.notification.send, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507228232Z"}
{"log":"2021-03-07T14:52:48.507059658Z: INFO\u0009▶ [EVENTS] 08c\u001b[0m Starting handler, subscriber_name=namespace.created.namespace.counter.increase, topic=namespace.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507237138Z"}
{"log":"2021-03-07T14:52:48.507069795Z: INFO\u0009▶ [EVENTS] 08d\u001b[0m Starting handler, topic=user.created, subscriber_name=user.created.increase.user.counter\n","stream":"stdout","time":"2021-03-07T14:52:48.507241204Z"}
{"log":"2021-03-07T14:52:48.507120047Z: INFO\u0009▶ [EVENTS] 08f\u001b[0m Starting handler, subscriber_name=task.deleted.task.deleted.notification.send, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507253383Z"}
{"log":"2021-03-07T14:52:48.507157998Z: INFO\u0009▶ [EVENTS] 090\u001b[0m Starting handler, topic=team.member.added, subscriber_name=team.member.added.team.member.added.notification\n","stream":"stdout","time":"2021-03-07T14:52:48.507303577Z"}
{"log":"2021-03-07T14:52:48.507201915Z: INFO\u0009▶ [EVENTS] 091\u001b[0m Starting handler, subscriber_name=list.created.list.counter.increase, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.5073138Z"}
{"log":"2021-03-07T14:52:48.507238155Z: INFO\u0009▶ [EVENTS] 092\u001b[0m Starting handler, subscriber_name=task.created.task.counter.increase, topic=task.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507320739Z"}
{"log":"2021-03-07T14:52:48.507483297Z: INFO\u0009▶ [EVENTS] 093\u001b[0m Starting handler, subscriber_name=list.created.send.list.created.notification, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507571587Z"}
{"log":"2021-03-07T14:52:48.507514146Z: INFO\u0009▶ [EVENTS] 094\u001b[0m Starting handler, subscriber_name=task.assignee.created.task.assignee.subscribe, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507583958Z"}
{"log":"2021-03-07T14:52:48.507531829Z: INFO\u0009▶ [EVENTS] 095\u001b[0m Starting handler, subscriber_name=task.deleted.task.counter.decrease, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507635158Z"}
{"log":"2021-03-07T14:52:48.507079836Z: INFO\u0009▶ [EVENTS] 08e\u001b[0m Starting handler, subscriber_name=team.deleted.team.counter.decrease, topic=team.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507643608Z"}
{"log":"2021-03-07T14:52:48.507548011Z: INFO\u0009▶ [EVENTS] 096\u001b[0m Starting handler, subscriber_name=task.comment.created.task.comment.notification.send, topic=task.comment.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507650556Z"}

That doesn’t look very unusual to me. What is your log level set to? Do you have database logs enabled? Those could cause a lot of noise.

I’m not currently setting any env vars for logging. So it’s whatever the default is…

The defaults should be pretty reasonable: vikunja/api: The to-do app to organize your life. - config.yml.sample at main - api - Gitea

In a day or so (with vikunja being IP limited to me) the fresh log file grew to 1.5Mb - getting up to over 20Gigs would take quite some time at that rate

So yes, the defaults seem reasonable. Especially given this log file gets wiped out every time the container is updated.

Any idea what would be causing the number of hits Vikunja is making? This ticks up one every 4-5 seconds…

ScreenShot1476×816 152 KB

What are we looking at here? Are these requests to the Vikunja service?

That’s the Vikunja Docker container traffic.

Traffic the container does or traffic the container is receiving?

It’s a parsed graph of Apache logs for the Vikunja service.
Virtual Hosts: This panel will display all the different virtual hosts parsed from the access log. This panel is displayed if %v is used within the log-format string.

So that’s traffic the Vikunja host is receiving, not traffic it is sending?