The Dstl8 Incident Library
A reference of real error patterns Dstl8 surfaces in customer logs — what they look like, why they happen, how to fix them, and how to detect them automatically.
Category
Platform
Start here
Most distinctive entries
🚨 Security
PHP
pearcmd.php RCE Exploit AttemptRemote code execution via local file inclusion of PHP’s pearcmd utility. Includes real attack payloads, exploit chain breakdown, and remediation steps.
🟦 Code Regression
TypeError Cascade Across Services
When one missing argument breaks a function called from four services simultaneously — how to spot it, what causes it, and why traditional alerting misses it.
🟥 Cascading Failures
LiteLLM Context Window → MCP Tool Failures
When your LLM proxy hits a token limit, the agent’s MCP tools start failing too. The two errors look unrelated — most monitoring won’t connect them.
All entries
10 entries
🚨 Security
PHP
pearcmd.php RCE Exploit AttemptRCE via local file inclusion of PHP’s pearcmd utility. Old vulnerability, still actively scanned.
🚨 Security
ThinkPHP RCE Attempt
Framework-specific RCE via
invokefunction. Frequently appears in same scan batch as pearcmd.
🚨 Security
Directory Traversal Attack Patterns
The
../ probe — the underlying technique behind most LFI-based RCE attacks. Detection and mitigation.
🟦 Code Regression
TypeError Cascade Across Services
One missing argument breaks a shared function called from four microservices. How Dstl8 correlates the pattern into a single root cause.
🟥 Cascading Failure
OTLP Exporter UNAVAILABLE → Cascading Service Failures
When the OTel collector hits memory pressure and your blocking exporters stall application threads, the telemetry layer becomes the outage.
🟥 Cascading Failures
LiteLLM Context Window → MCP Tool Failures
When the LLM proxy hits a token limit, MCP tool calls downstream fail too. The cascade most monitors miss.
💾 Storage
S3 NoSuchKey Errors in Data Pipelines
Missing objects in your bucket cause silent pipeline failures. Why this happens (race conditions, deletes) and how to fail loudly.
⚙️ Infrastructure
Lambda Worker Deadline Reached
Function timeouts in long-running pipelines. The pattern that signals a backlog, and how to differentiate workload vs. infra fault.
🟪 Database
PostgreSQL
pg_stat_statements Does Not ExistWhen the query-stats extension isn’t installed in your production cluster. Why monitoring tools fail silently and how to fix it.
⚙️ Infrastructure
OTel Collector Pipeline Failures
When the receiver→processor→exporter chain breaks silently and your dashboards go blank. Backend auth, memory_limiter, processor ordering — the failure surface is wide.
⚙️ Infrastructure
OTel Cardinality Explosion
One innocent
user_id attribute can multiply your time-series count by a million. How to detect it, why it costs you, and where to bound it.
⚙️ Infrastructure
Datadog Agent Redis Authentication Failures
When credentials rotate but the agent doesn’t get the memo — observability blackout from a config-drift class of failure.
🟥 Cascading Failure
Search API Rate-Limiting → Vercel Anomalies
Upstream Google CSE rate limits surface as Vercel error spikes. The detection pattern for upstream→downstream causal chains.
+ More entries coming weekly — submit a request or check back
No entries match your filters
Try selecting “All” or removing a filter to broaden your search.
See real detections in your own logs.
Dstl8 surfaces these patterns automatically — grouped, named by exploit family, and explained in plain English. No alert fatigue, no manual correlation.














