Right now Weblogs.us is in the progress of migrating select blogs to the new Apache server. This is one of those blogs. The new mtekk.weblogs.sc (temporary) is much, much faster than the old location. All blogs on the new server will be running WordPress 2.7 (we are doing a mandatory upgrade for all blogs).
Weblogs.us will be migrating hosted blogs over to the new Apache and SQL servers beginning on Wednesday, December 17, 2008 at 4:00PM CST. This will continue through the end of the week. During this time availability of this blog and all others hosted by Weblogs.us may be sporadic. Once the migration is complete, speed and availability for hosted blogs should greatly increase.
So this past weekend the new database server was installed (physically) at the data center. On Monday JD installed Gentoo, and then I setup mySQL on it (plus some security things). Last night JD transfered over this blog and another over to the new database server for initial performance testing. Later this week and month, additional blogs hosted by Weblogs.us will be transfered over and performance tweaks will be applied. Hopefully, by June everyone will be on the new database server. At that point, signups for more blogs may be possible. It also looks like we may be reintroducing the Weblogs.us front page that I designed a while back.
Right now, the speed increase is apparent on this blog, especially when working in the WordPress dashboard. All those AJAX elements instantaneously load now. Additionally, Spam Karma 2’s administrative section loads much faster than before. There should not be any more of those failed comment submissions due to timeouts now, which is an all around plus.
The patient is recovering from the operation and doing well, we’re surprised is held up to that attack. The bullets were removed, and the surgeon decided to do a little liposuction while he was operating. Now that the patent is all sewn up, it’s time to step back and look at what happened.
The Weblogs.us server suffered a massive attack sometime between the 26th of October and the first week of November. Many blogs hosted by Weblogs.us were affected by the attack, which involved SQL injection as mentioned in the previous post. This attack was a spam sort of attack, not a delete/drop tables attack. Though the damage was extensive, not every blog was affected. Additionally, the attack was not limited to the WordPress blogs hosted by Weblogs.us, some of the old Moveable type blogs were affected as well. This means some some passwords were compromised, due to this global password changes may be coming later this week. JD, when looking at the extent of the damage was surprised the database server survived the attack (it was that bad, and that many malicious entries).
What the attack did was enter iframes to googlerank.info/counter which used the css value display:none; to hide them. These appeared at the bottom of every page, and were also cleverly added to some blogroll links by adding a fake and hidden <a href after itself to keep the HTML valid. Googlerank.info is a know mailware site, that preys on users of Internet Explorer. Since Firefox and other modern browsers are not affected by this site, the Russian owners started showing them a fake 404 page that they ripped from Google. Hopefully, the owners of that site will meet an untimely death.
But, the storm is not over yet, someone with malicious intents has been searching Google with the query:
intext:”leave a reply” intext:”Mail (will not be published) (required)” intext:”Responses to” site:us
This is a quick and dirty way to harvest many sites that run WordPress. I have little doubt that the intents of the individual that submitted that query are malicious (either intent to spam or hack). Thus that IP address will be blocked in the Weblogs.us firewall indefinitely.
After a brief absence due a hardware failure, Weblogs.us is back. A slue of new hardware accompanies the return. From this time forward service outages should be rare (unless someone gets Dugg).
JD installed a new 8 core Woodcrest server with 8GiB ram for the new Apache/PHP/file server, and the SQL server was replaced as well. Since some nasty traffic was making it to the old Apache server, a dedicated hardware firewall was installed a good thing all around as the bad traffic was at times taking up to half of the network activity. Look forward to some more interesting updates here as some projects wrap up and the semester winds down.
One final thing, Happy Birthday James (jmweirick)! (This may be off by a day or so)