Potential abuse of Vikunja backend server

Support
1

I have vikunja running in docker behind Traefik v2. Was surprised to find my vps servers disk full today. This turned out to be because the vikunja-api container log file was 20Gigs in size.

Updated to the latest vikunja docker images (docker-compose pull etc) and that cleared out the log regaining me 20Gigs of disk space - but lost most of the interesting logs. oh well.

iirc The logs were full of lots of create tasks, delete tasks etc for everything vikunja does (namespaces, tasks, lists, team members comments and so on).

There’s a snippet of logs below from after I restarted - but these just look like the server adding handlers at start up, not anything nefarious.

The disk was filling at about 1MB every couple of minutes before I updated the vikunja container, not entirely clear whether this was something nefarious or just a bug at this point. Kicking myself for accidentally deleting the container log.

I’ve restricted access to the container for now and will investigate more later (particularly want to look at the db).

{"log":"2021-03-07T14:52:48.500126238Z: INFO\u0009▶ cmd/func2 063\u001b[0m Vikunja version v0.16.0+87-6de3d8b3a1\n","stream":"stdout","time":"2021-03-07T14:52:48.500248544Z"}
{"log":"2021-03-07T14:52:48.500747484Z: INFO\u0009▶ [EVENTS] 068\u001b[0m Adding handler, handler_name=list.deleted.list.counter.decrease, topic=list.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.501591325Z"}
{"log":"2021-03-07T14:52:48.502243339Z: INFO\u0009▶ [EVENTS] 069\u001b[0m Adding handler, handler_name=namespace.created.namespace.counter.increase, topic=namespace.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502342766Z"}
{"log":"2021-03-07T14:52:48.502401311Z: INFO\u0009▶ [EVENTS] 06a\u001b[0m Adding handler, handler_name=team.deleted.team.counter.decrease, topic=team.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.50247437Z"}
{"log":"2021-03-07T14:52:48.502548579Z: INFO\u0009▶ [EVENTS] 06b\u001b[0m Adding handler, handler_name=team.member.added.team.member.added.notification, topic=team.member.added\n","stream":"stdout","time":"2021-03-07T14:52:48.502656083Z"}
{"log":"2021-03-07T14:52:48.502673489Z: INFO\u0009▶ [EVENTS] 06c\u001b[0m Adding handler, handler_name=list.created.list.counter.increase, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502723767Z"}
{"log":"2021-03-07T14:52:48.502749754Z: INFO\u0009▶ [EVENTS] 06d\u001b[0m Adding handler, handler_name=list.created.send.list.created.notification, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502799941Z"}
{"log":"2021-03-07T14:52:48.502826009Z: INFO\u0009▶ [EVENTS] 06e\u001b[0m Adding handler, handler_name=namespace.deleted.namespace.counter.decrease, topic=namespace.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502873146Z"}
{"log":"2021-03-07T14:52:48.502845233Z: INFO\u0009▶ [EVENTS] 06f\u001b[0m Adding handler, handler_name=task.created.task.counter.increase, topic=task.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502881808Z"}
{"log":"2021-03-07T14:52:48.502854438Z: INFO\u0009▶ [EVENTS] 070\u001b[0m Adding handler, handler_name=task.deleted.task.counter.decrease, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502921031Z"}
{"log":"2021-03-07T14:52:48.502865178Z: INFO\u0009▶ [EVENTS] 071\u001b[0m Adding handler, handler_name=task.deleted.task.deleted.notification.send, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.502927639Z"}
{"log":"2021-03-07T14:52:48.502905831Z: INFO\u0009▶ [EVENTS] 072\u001b[0m Adding handler, handler_name=team.created.team.counter.increase, topic=team.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502953979Z"}
{"log":"2021-03-07T14:52:48.502922681Z: INFO\u0009▶ [EVENTS] 073\u001b[0m Adding handler, handler_name=task.comment.created.task.comment.notification.send, topic=task.comment.created\n","stream":"stdout","time":"2021-03-07T14:52:48.50295983Z"}
{"log":"2021-03-07T14:52:48.502932969Z: INFO\u0009▶ [EVENTS] 074\u001b[0m Adding handler, handler_name=task.assignee.created.task.assigned.notification.send, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.502973558Z"}
{"log":"⇨ http server started on [::]:3456\n","stream":"stdout","time":"2021-03-07T14:52:48.503007154Z"}
{"log":"2021-03-07T14:52:48.503016473Z: INFO\u0009▶ [EVENTS] 075\u001b[0m Adding handler, handler_name=task.assignee.created.task.assignee.subscribe, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.503094391Z"}
{"log":"2021-03-07T14:52:48.503104706Z: INFO\u0009▶ [EVENTS] 076\u001b[0m Adding handler, handler_name=user.created.increase.user.counter, topic=user.created\n","stream":"stdout","time":"2021-03-07T14:52:48.503136633Z"}
{"log":"2021-03-07T14:52:48.506982718Z: INFO\u0009▶ [EVENTS] 088\u001b[0m Starting handler, subscriber_name=list.deleted.list.counter.decrease, topic=list.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507109898Z"}
{"log":"2021-03-07T14:52:48.507023608Z: INFO\u0009▶ [EVENTS] 089\u001b[0m Starting handler, subscriber_name=namespace.deleted.namespace.counter.decrease, topic=namespace.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507129905Z"}
{"log":"2021-03-07T14:52:48.507036575Z: INFO\u0009▶ [EVENTS] 08a\u001b[0m Starting handler, subscriber_name=team.created.team.counter.increase, topic=team.created\n","stream":"stdout","time":"2021-03-07T14:52:48.50714844Z"}
{"log":"2021-03-07T14:52:48.507047761Z: INFO\u0009▶ [EVENTS] 08b\u001b[0m Starting handler, subscriber_name=task.assignee.created.task.assigned.notification.send, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507228232Z"}
{"log":"2021-03-07T14:52:48.507059658Z: INFO\u0009▶ [EVENTS] 08c\u001b[0m Starting handler, subscriber_name=namespace.created.namespace.counter.increase, topic=namespace.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507237138Z"}
{"log":"2021-03-07T14:52:48.507069795Z: INFO\u0009▶ [EVENTS] 08d\u001b[0m Starting handler, topic=user.created, subscriber_name=user.created.increase.user.counter\n","stream":"stdout","time":"2021-03-07T14:52:48.507241204Z"}
{"log":"2021-03-07T14:52:48.507120047Z: INFO\u0009▶ [EVENTS] 08f\u001b[0m Starting handler, subscriber_name=task.deleted.task.deleted.notification.send, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507253383Z"}
{"log":"2021-03-07T14:52:48.507157998Z: INFO\u0009▶ [EVENTS] 090\u001b[0m Starting handler, topic=team.member.added, subscriber_name=team.member.added.team.member.added.notification\n","stream":"stdout","time":"2021-03-07T14:52:48.507303577Z"}
{"log":"2021-03-07T14:52:48.507201915Z: INFO\u0009▶ [EVENTS] 091\u001b[0m Starting handler, subscriber_name=list.created.list.counter.increase, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.5073138Z"}
{"log":"2021-03-07T14:52:48.507238155Z: INFO\u0009▶ [EVENTS] 092\u001b[0m Starting handler, subscriber_name=task.created.task.counter.increase, topic=task.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507320739Z"}
{"log":"2021-03-07T14:52:48.507483297Z: INFO\u0009▶ [EVENTS] 093\u001b[0m Starting handler, subscriber_name=list.created.send.list.created.notification, topic=list.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507571587Z"}
{"log":"2021-03-07T14:52:48.507514146Z: INFO\u0009▶ [EVENTS] 094\u001b[0m Starting handler, subscriber_name=task.assignee.created.task.assignee.subscribe, topic=task.assignee.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507583958Z"}
{"log":"2021-03-07T14:52:48.507531829Z: INFO\u0009▶ [EVENTS] 095\u001b[0m Starting handler, subscriber_name=task.deleted.task.counter.decrease, topic=task.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507635158Z"}
{"log":"2021-03-07T14:52:48.507079836Z: INFO\u0009▶ [EVENTS] 08e\u001b[0m Starting handler, subscriber_name=team.deleted.team.counter.decrease, topic=team.deleted\n","stream":"stdout","time":"2021-03-07T14:52:48.507643608Z"}
{"log":"2021-03-07T14:52:48.507548011Z: INFO\u0009▶ [EVENTS] 096\u001b[0m Starting handler, subscriber_name=task.comment.created.task.comment.notification.send, topic=task.comment.created\n","stream":"stdout","time":"2021-03-07T14:52:48.507650556Z"}
2

That doesn’t look very unusual to me. What is your log level set to? Do you have database logs enabled? Those could cause a lot of noise.

3

I’m not currently setting any env vars for logging. So it’s whatever the default is…

4

The defaults should be pretty reasonable: vikunja/api: The to-do app to organize your life. - config.yml.sample at main - api - Gitea

5

In a day or so (with vikunja being IP limited to me) the fresh log file grew to 1.5Mb - getting up to over 20Gigs would take quite some time at that rate :slight_smile:

So yes, the defaults seem reasonable. Especially given this log file gets wiped out every time the container is updated.