An Update
Evening, everyone! Hope you’re all surviving the withdrawal of the Rumor Forum.
In doing some diagnostics, I’ve found that the problem seems to be two-fold: a crazy amount of traffic on the server, aimed at an exploit. The exploit seems to be rmfo-blogs.com—which, admittedly, is behind the WordPress power curve. I’ll be correcting all that tomorrow. I’ve blocked the offending IP group hitting that exploit—it’s our Chinese friends—and the server is humming along just fine.
That doesn’t mean that the Rumor Forum still doesn’t need work … but it means that I can take it back off of Critical status and back to Needs to Be Done. [Which means I can do it next weekend.] I’m keeping the Rumor Forum down for the time being, though, until I’m sure that this is the only issue.
Doing what I have to do on rmfo-blogs.com could cause some downtime, and I’m going to make some structural changes to how rmfo-blogs is run … so things will change. Have patience, and drop me a note if need be.
June 16th, 2007 at 8:37 am
WpMU?
June 16th, 2007 at 8:48 am
Actually, that was my first concern, as I have a WPMU install on the box that I’ve not done much with. No, it’s that almost all RMFO-Blogs are on an unsecure, outdated version of WP. It’s gonna take some work to 1) get them updated and 2) move the infrastructure around so that I can automate keeping them up-to-date so this doesn’t happen again. RMFO-Pro blogs aren’t affected.
How did I figure it out? Finally, I got to looking at outbound traffic from the server, and it was all coming from one IP … the RMFO-Blogs IP. At that point, I knew exactly what it was. Seeing the IP address block that was exploiting incoming, I was able to block that group to give me cover to patch the exploit. Load averages went from 30+ to ~0.7 almost instantly.
June 16th, 2007 at 6:08 pm
[...] As I noted last night, RMFO-Blogs’s WordPress installations are the reason that the server has…. Starting in the next 15 minutes, I’ll be making upgrades to RMFO-Blogs installations. If you’ve bookmarked your WordPress admin pages, those URLs are going to change. Why? If all of WordPress’s files are in /wordpress/, things get far, far, far easier to update. That hard-to-update nature is why your installs are all out-of-date. I’ve got to fix this, and it’ll just take time tonight, but that’s why they pay me the big bu— … wait, no. [...]
June 16th, 2007 at 10:20 pm
Geof’s New Music: 10-16 Jun 2007…
Not only have I been very busy at work, but then my laziness made for a server exploit that I’ve been working on fixing for the last four hours [and have several more left to go]. :sigh:
26 Feb 2001 [New York, NY, USA] concert bootleg of Jeff T…