Comments on: Status

By: Chris R

Chris R — Fri, 23 Oct 2009 20:34:27 +0000

Glad you’re back up. Was missing the great articles you write!

By: Rei Onryou

Rei Onryou — Mon, 19 Oct 2009 19:29:07 +0000

It’s possible that some attacks were through SQL injections. By typing SQL commands into the comments box, an evil walrus could gain access to, or affect, the database.

XKCD does a better job of explaining the dangers here: http://xkcd.com/327/

By: Mike Arthur

Mike Arthur — Mon, 19 Oct 2009 10:55:23 +0000

The problem with the subnet mask banning is if, for instance, someone in the same neighbourhood tried to hack your site then everyone on the same ISP in the same block will get blocked too.

The Supercache options are fairly good by default as long as they are set to “on”. It basically means there won’t be any PHP run or database queries done.

Looking at the footer of the page it looks like you might not have set up the .htaccess stuff properly yet. I could be wrong though.

Hope you’re alright now though!

By: Pentadact

Pentadact — Mon, 19 Oct 2009 09:07:31 +0000

Cheers Mike. I did see your Tweet, but thanks for reminding me now I’m back and able to follow up on it. Installed Supercache, don’t completely understand the options but I put it fully on and unchecked the thing for ‘VERY busy sites’.

I’ll try that IP subnet mask banning thing if the problem recurs – so far, since the measures I took yesterday, there hasn’t been a single slow SQL query. Compare that with about fifty in the first five minutes of the site going back online, or the one day last week when there were so many that the log files of when they occured came to over 100MB of raw text. I may be in the clear.

By: Mike Arthur

Mike Arthur — Mon, 19 Oct 2009 08:09:13 +0000

Glad to see the site back up. Don’t know if you got my comments on Twitter.

As you’re running WordPress you really want to get yourself using the WP Super Cache plugin, it makes a huge difference to the CPU time and reducing the amount of SQL queries.

Also, investigate possibly changing your web server (if your host allows it) to nginx or lighttpd. Both perform a lot better when serving the static content which WP Super Cache provides than Apache does.

I assume you’ve always kept WordPress fully up-to-date? If not, do so and if so then considering using an .htaccess file to put another password on your /wp-admin/ folder, this helps prevent some of the bots which crawl the web looking for WordPress sites to attack.

Hope this is of some use. If you want a hand with any of it then contact me and I’ll give you a hand. My contact details are on my website.

By: The Nervous Walrus

The Nervous Walrus — Sun, 18 Oct 2009 23:51:46 +0000

I found my bucket now, sorry for attacking your website manthing. Any future attacks I blame entirely on my friend the Carpenter.

By: Aeneas

Aeneas — Sun, 18 Oct 2009 22:41:14 +0000

I just assumed you had died and not paid your bill. But good to see you back.

By: Lb

Lb — Sun, 18 Oct 2009 21:45:33 +0000

Try blocking the source ip subnet, not just the host. Find th subnet with a bgp looking glass. Might cause some collateral damage, but if the attacker has a dynamic ip from an ISP blocking one ip won’t work. That’s assuming they are attacking from their own connection…

By: J-Man

J-Man — Sun, 18 Oct 2009 20:48:39 +0000

Has Tom gotten over his fear of large sea life?

By: Jethro

Jethro — Sun, 18 Oct 2009 19:50:01 +0000

Nice to have you back on the things people call the webs. :D

By: Lack_26

Lack_26 — Sun, 18 Oct 2009 19:15:35 +0000

I know, we make the server private to anyone who hasn’t personally been vetted by Tom himself. We send him a request and he comes round for a cup of Tea and certifies our profiles. Perhaps even biscuits and a scone.

By: Jonas

Jonas — Sun, 18 Oct 2009 18:27:11 +0000

Good job finding that bad code. I’ve had stuff like this happen to me several times before, and if I didn’t know a really competent and nice web developer, I would never be able to fix it when it happens. Who are these tossers, anyway?

Looking forward to more posts out of you.

By: Dr. ROCKZO

Dr. ROCKZO — Sun, 18 Oct 2009 18:00:20 +0000

Great to see you back!

By: Ludo

Ludo — Sun, 18 Oct 2009 17:41:58 +0000

@Dr. Nerfball:

Coo coo ca choo!

By: Dr. Nerfball

Dr. Nerfball — Sun, 18 Oct 2009 17:22:55 +0000

Dangit. *If he were a suspect it would be Tom who would be terrified.

Also curse my need to be coherent in my ramblings!

By: Dr. Nerfball

Dr. Nerfball — Sun, 18 Oct 2009 17:21:31 +0000

@Iain: He’s definately aiding said lolrus. Otherwise why would the walrus be nervous? It would be Tom who would be terrified. I mean, isn’t several hundred (or whatever) pounds of blubber with GIANT TUSKS not the scariest thing in the history of forever when you are between it and it’s bucket?

Also, what noise does a Walrus make anyway?

By: vladh

vladh — Sun, 18 Oct 2009 16:54:06 +0000

Tom, maybe it’s not WordPress. Maybe there’s a hole in some of the other files you have on the server, or maybe there’s a hole in BlueHost’s server. I wouldn’t be surprised, why the hell are you signed up with them anyway?

By: Iain "DDude" Dawson

Iain "DDude" Dawson — Sun, 18 Oct 2009 16:47:43 +0000

So, were you aiding the lolrus bukkit search, or are you a suspect?

By: EGTF

EGTF — Sun, 18 Oct 2009 16:27:09 +0000

@ZomBuster
I think it was the Eggman personally.

Amusingly I came across about a dozen pieces published in the week or so you were offline, all linking to articles from here.

Good to see your blog back Tom. Thanks for still taking the time to write interesting things for no real fiscal return on here.

By: ZomBuster

ZomBuster — Sun, 18 Oct 2009 16:17:50 +0000

It was the walrus, he just wanted to check if you had his bucket.

By: Jazmeister

Jazmeister — Sun, 18 Oct 2009 16:17:25 +0000

Cute picture! Man, dicks on the internet are so not in short supply. We should all write programs to scour every corner of this website for dicks! All day, every day!