Server up and down.
Moderators: Bookworm, starkruzr, MrFireDragon, PrettyPrincess, Wapsi
Server up and down.
I've been trying to delay doing some upgrades, but there's a plugin (or an assault on the site) that's locking the server up repeatedly.
Right now, I have wordpress moved aside with just a basic text/html page. I have a new processor and motherboard ready to go in, but that's only a short term fix. To fix it long term, I need to figure out what plugin is being attacked, or otherwise why the server is spawning off 150+ php-cgi processes within 60 seconds of the system coming online - all to Wapsi Square.
BW
Right now, I have wordpress moved aside with just a basic text/html page. I have a new processor and motherboard ready to go in, but that's only a short term fix. To fix it long term, I need to figure out what plugin is being attacked, or otherwise why the server is spawning off 150+ php-cgi processes within 60 seconds of the system coming online - all to Wapsi Square.
BW
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
- AnotherFairportfan
- Posts: 6402
- Joined: Thu May 01, 2014 2:53 pm
Re: Server up and down.
Ewww.
Of course, last night, my net connection crashed, too ... right in the middle of the last stage of e-filing our taxes. (The data was all in and saved online, but when it came back a couple of hours later, i had to re-do the e-file.)
Of course, last night, my net connection crashed, too ... right in the middle of the last stage of e-filing our taxes. (The data was all in and saved online, but when it came back a couple of hours later, i had to re-do the e-file.)
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Re: Server up and down.
Seems like something is happening across the board... the internet seems to crawl for me anymore and I've got 10gb internet... All the sudden my main computer is suffering all kinds of crap too.
You know that light at the end of the tunnel?
Yeah... it's a bullet. Sorry.
Yeah... it's a bullet. Sorry.
Re: Server up and down.
Bookworm, if what I read in one of the anti-spam forums is correct, it's not just you. The Bad Guys are out scanning around looking for exploitable WordPress sites again.
EDIT: the RevSlider plugin has been a target recently ("Slider Revolution"). Apparently comes bundled with many UI themes, with auto-updates disabled. Versions prior to 4.1.4 were at risk.
There may well be some new (even "zero-day") explioits in WordPress plugins being used
EDIT: the RevSlider plugin has been a target recently ("Slider Revolution"). Apparently comes bundled with many UI themes, with auto-updates disabled. Versions prior to 4.1.4 were at risk.
There may well be some new (even "zero-day") explioits in WordPress plugins being used
Re: Server up and down.
Well, I did a manual upgrade to the wp-super-cache plugin, but I wasn't willing to spend another two hours breaking back into the server if it didn't work. (I have the flu)
I'm going to change the board out - from a dual core to a quad core, with double the ram. That should absorb the impact better and let me figure out what's going nuts.
151 apache processes, of which they want between .7 and 1.7 percent CPU does some damage.
I'm going to change the board out - from a dual core to a quad core, with double the ram. That should absorb the impact better and let me figure out what's going nuts.
151 apache processes, of which they want between .7 and 1.7 percent CPU does some damage.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
Re: Server up and down.
The page directing traffic to the forums has the URL misspelled.
Currently the redirect page has: http://forum.wapsisqare.com
Should be http://forum.wapsisquare.com
Currently the redirect page has: http://forum.wapsisqare.com
Should be http://forum.wapsisquare.com
Re: Server up and down.
Fixed. Would you believe I had to retype that three times to get it to that level of incorrect? Being ready to collapse from the flu isn't condusive to accurate spelling.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
Re: Server up and down.
Ugh... sorry to hear that it's not just the server/board that is under the weather.
Here's hoping that proper application of chicken soup, hot rum toddies, and sleep (in whatever order) help you get back to feeling better soon!
Here's hoping that proper application of chicken soup, hot rum toddies, and sleep (in whatever order) help you get back to feeling better soon!
Re: Server up and down.
I changed out the board and memory, and it looks like the load is back to normal. I do suspect there is/was an assault going on.
BW
BW
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
- AnotherFairportfan
- Posts: 6402
- Joined: Thu May 01, 2014 2:53 pm
Re: Server up and down.
So, i'm seeing yesterday's comic, not today's.
Perhaps the intermediate servers haven't updated yet?
Perhaps the intermediate servers haven't updated yet?
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Re: Server up and down.
You did the best that could possibly be done and it worked. Thank you for bringing the site back to life. Now please just take care of yourself Bookworm.
This message is brought to you by the "Let the artist know how much you LOVE his work" council.
Re: Server up and down.
I haven't gotten back home yet.
Anyway - tracked it down. It wasn't just wapsi, but that's the biggest target, and it was wapsi the last few times.
Specifically, it's an attack on xmlrpc.php (used for pingbacks, mostly). Apparently often used to try to inject a referral to another website. One attacking server is in Missouri, another in Russia. (The Russian one is trying to hack wp-login.php)
The new hardware should be better at absorbing the impact of the assaults until I can block their IP's.
Anyway - tracked it down. It wasn't just wapsi, but that's the biggest target, and it was wapsi the last few times.
Specifically, it's an attack on xmlrpc.php (used for pingbacks, mostly). Apparently often used to try to inject a referral to another website. One attacking server is in Missouri, another in Russia. (The Russian one is trying to hack wp-login.php)
The new hardware should be better at absorbing the impact of the assaults until I can block their IP's.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
Re: Server up and down.
Ouch! Sorry you're in somebody's sights.
Would OSSEC or a similar automated defense mechanism help out? (Of course, there's the problem of distinguishing between genuine attackers, and rabid Wapsi fans )
Would OSSEC or a similar automated defense mechanism help out? (Of course, there's the problem of distinguishing between genuine attackers, and rabid Wapsi fans )
Re: Server up and down.
These are automated attacks. I'm seeing them on at least three different sites.
the "fix" is to disable xmlrpc.php - but that also disables the ability to do pingbacks. Of course, for webcomics, I suspect that pingbacks aren't that important.
the "fix" is to disable xmlrpc.php - but that also disables the ability to do pingbacks. Of course, for webcomics, I suspect that pingbacks aren't that important.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.