Comments on: An Update

By: Geof F. Morris's Indiana Jones School of Management

Geof F. Morris's Indiana Jones School of Management — Sun, 17 Jun 2007 04:20:41 +0000

Geof’s New Music: 10-16 Jun 2007…

Not only have I been very busy at work, but then my laziness made for a server exploit that I’ve been working on fixing for the last four hours [and have several more left to go]. :sigh:

26 Feb 2001 [New York, NY, USA] concert bootleg of Jeff T…

By: [rmfo-blogs.com]: About » Blog Archive » WordPress 2.2

[rmfo-blogs.com]: About » Blog Archive » WordPress 2.2 — Sun, 17 Jun 2007 00:08:06 +0000

[...] As I noted last night, RMFO-Blogs’s WordPress installations are the reason that the server has…. Starting in the next 15 minutes, I’ll be making upgrades to RMFO-Blogs installations. If you’ve bookmarked your WordPress admin pages, those URLs are going to change. Why? If all of WordPress’s files are in /wordpress/, things get far, far, far easier to update. That hard-to-update nature is why your installs are all out-of-date. I’ve got to fix this, and it’ll just take time tonight, but that’s why they pay me the big bu— … wait, no. [...]

By: Geof F. Morris

Geof F. Morris — Sat, 16 Jun 2007 14:48:44 +0000

Actually, that was my first concern, as I have a WPMU install on the box that I’ve not done much with. No, it’s that almost all RMFO-Blogs are on an unsecure, outdated version of WP. It’s gonna take some work to 1) get them updated and 2) move the infrastructure around so that I can automate keeping them up-to-date so this doesn’t happen again. RMFO-Pro blogs aren’t affected.

How did I figure it out? Finally, I got to looking at outbound traffic from the server, and it was all coming from one IP … the RMFO-Blogs IP. At that point, I knew exactly what it was. Seeing the IP address block that was exploiting incoming, I was able to block that group to give me cover to patch the exploit. Load averages went from 30+ to ~0.7 almost instantly.

By: Chris Hubbs

Chris Hubbs — Sat, 16 Jun 2007 14:37:55 +0000

WpMU?