Jump to content
MDGarcia

Site Outage (January 14-15, 2015)

Recommended Posts

Now that we're finally back online, I wanted to talk a little bit about what happened.

 

In essence, the server was overrun by zombies.  As many of you are aware, we've been attacked a number of times thanks to malicious code.  Yesterday afternoon, we received a notice from our service provider stating that our main archive and forum servers were attacking other servers out on the Internet.  This specific attack was in danger of getting us shut down as we were violating our ToS.  This resulted in shutting down our web services as we moved to investigate what was going on and we found a large number of files that were showing the same kind of infection we battled about two years ago.

 

The bottom line is that leftover files infected others until the entire server was overrun with the same problem.  The entire server was attacking multiple sites.  It seemed that the one site that was unaffected was the main story archive, but the forums and blogs were heavily bogged down.  That's why we had to take them offline last night and finally brought them back online in the wee hours of the morning.

 

The forums, due to their complexity, were a far stickier problem and we had to engage Invision Support (thanks to Ryan Ashbrook who was the hero in getting us back online, along with Mark Higgins, Marc Stridgen, and Alan Wagstaff for coordinating the initial support requests).  By our powers combined, the forums are now back.

 

We've taken some additional security steps for our blogs to prevent this kind of code from being injected into our server.

 

And now after 30 hours of work, I am try not to think about PHP for a while.

 

MDg

 

 

 

 

Link to comment
Share on other sites

Make sure you use strong passwords for your archive, forum, and blog logins.  If you need an idea of how strong your password is, test it out on this website:

 

https://howsecureismypassword.net/

 

Several of my security colleagues like it because it tells you how long it'll take to crack your password.  What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files.  After that, all of the blogs were affected.

 

MDg

Link to comment
Share on other sites

Make sure you use strong passwords for your archive, forum, and blog logins.  If you need an idea of how strong your password is, test it out on this website:

 

https://howsecureismypassword.net/

 

Several of my security colleagues like it because it tells you how long it'll take to crack your password.  What happened was that a script was run against a blog and ran it through so many iterations until it finally broke someone's password and was able to gain access to one of the blogs and start modifying files.  After that, all of the blogs were affected.

 

MDg

That is a handy little site and earns a bookmark. Nice find and will check site-related passwords against it.

Link to comment
Share on other sites

I've been using Wordpress for probably 6-7 years now and I recently deleted all my installs. Keeping it secure and up-to-date is practically a full time job, and the longer your site exists, the more exploits and hacks are directed your way. I suspect my next blogging endeavor will be a more-static platform.

 

Nowadays, too many people use Wordpress, something like 80%+ of all implementations have glaring security holes, and it's the favorite target of script kiddies.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×