Tagged: attack Toggle Comment Threads | Keyboard Shortcuts

  • Elmer Masters 4:47 pm on June 7, 2013 Permalink
    Tags: attack,   

    On the Classcaster front, still battling the WordPress admin attack. It comes in waves and appears hard to defeat. I’ve taken a number of precautions but the attacks are still making Classcaster a bit unstable.

     
  • Elmer Masters 9:18 pm on May 15, 2013 Permalink
    Tags: attack, , CDN, , CloudFront,   

    Now supercharging #Classcaster with AWS CloudFront CDN.

     
  • Elmer Masters 4:47 pm on May 15, 2013 Permalink
    Tags: attack, ,   

    Checking Classcaster plugins to make sure everything is working on the new platform

     
  • Elmer Masters 3:42 pm on May 15, 2013 Permalink
    Tags: attack, , w3 Total Cache,   

    Now putting together some higher level caching for Classcaster that should help with boosting performance.

     
  • Elmer Masters 3:18 pm on May 15, 2013 Permalink
    Tags: attack, ,   

    It appears that the public facing part of Classcaster is running. I’m still working a few issues on the backend but I’m pleased with the progress.

     
  • Elmer Masters 3:25 pm on May 14, 2013 Permalink
    Tags: attack, ,   

    Using rsync to replicate WP data sore. Faster than the snapshot, which is still running.

     
  • Elmer Masters 2:40 pm on May 14, 2013 Permalink
    Tags: attack, ,   

    Learned something new: the initial snapshot of an EBS volume takes a lllllllllllllllllllllllooooooooooooooooonnnnnnnnnnnnnnnnnnnnggggggggggggggggggg time. Looking at alternatives to putting this work on hold for up to 36 hours.
    I do have good backups.

     
  • Elmer Masters 2:12 pm on May 14, 2013 Permalink
    Tags: attack, ,   

    Classcaster DNS is on Route 53 already. This is a good thing.

     
  • Elmer Masters 1:35 pm on May 14, 2013 Permalink
    Tags: attack, ,   

    Quick outline:

    • Snapshot EBS volume
    • Backup database
    • Launch and configure AWS RDS instance for db
    • Launch and configure medium EC2 insance w/ Ubuntu 12.04 LTS
    • Attach EBS data volume
    • Configure nginx as server for WordPress
    • Migrate Classcaster away from msfiles.php use
    • Use WP caching plugin
    • Test, test, test
     
  • Elmer Masters 12:40 pm on May 14, 2013 Permalink
    Tags: attack, ,   

    Text of the email sent to Classcaster users this morning:

    You may have noticed that Classcaster has been unavailable or especially sluggish over the past couple of days. This is due to a series of ongoing attacks against WordPress systems worldwide. The attacks against Classcaster continued unabated for most of the night. There were over 100,000 bogus log in attempts made on the system in the past 24 hours. The effect of this activity has been to make Classcaster unresponsive and to cause delays in the database that have rippled over to the main CALI web site.

    It is important to note that there is no evidence that any of the attacks have been successful. A thorough review of all backups and the database system indicate that all Classcaster data is intact.

    I have implemented a number of security measures to protect against the attacks but because of the variable nature of the attacks these have been only partially successful. The next steps in securing the underlying WordPress system require the installation and use of more sophisticated software that requires a more powerful server.

    Today I am planning on isolating the Classcaster database so that it doesn\\’t interfere with the main web site\\’s database and moving the WordPress backend to a more powerful server in the cloud. Typically I would do these sorts of things over a weekend, but because of the impact the attacks are having on all of CALI\\’s systems I can\\’t wait. The process of upgrading Classcaster will result in some downtime for the system.

    I fully realize that this is not the best time to do this sort of work, but it is not something that can be delayed. I expect to have the work completed within the next 24 hours. While the work is underway you may not be able to use Classcaster. I would strongly recommend that you do not try to add or edit any content on the system for the next 24 hours or until I give the all clear.

    If you want to monitor progress of the work on Classcaster, you can monitor this blog, http://edev.classcaster.net/, or twitter account, http://twitter.com/ElmerDev.

    If you have any questions or concerns, please let me know.

    Thank you.

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel