LXer is back!

Forum: LXer Meta ForumTotal Replies: 35
Author Content
gus3

Nov 14, 2010
8:56 AM EDT
What happened?

(Please tell, so the rest of us can learn from your mistake...)
jimbauwens

Nov 14, 2010
11:07 AM EDT
Yep, its back, have been waiting since yesterday (and I hope its not my fault that it was down)
Scott_Ruecker

Nov 14, 2010
11:29 AM EDT
You all have our sincere apologies, I do not know the details as of yet but it looks like we are back up and running full speed again.

Scott
bigg

Nov 14, 2010
11:37 AM EDT
Are you running Windows? If so, you might consider a switch to Linux, I hear it's more stable.
Scott_Ruecker

Nov 14, 2010
12:09 PM EDT
How did I know that was coming? Very funny bigg, very funny..;-)
jimbauwens

Nov 14, 2010
12:18 PM EDT
No, they run fedora, I checked the http headers about a week ago:)
tuxchick

Nov 14, 2010
1:00 PM EDT
Yay it's back! Whoever tripped over the power cord, confession is good for the soul.
hkwint

Nov 14, 2010
1:36 PM EDT
Phew, that was a boring day without LXer.

It made me do all those social things like meet people in real world, talk to them and stuff. I even restarted my ADSL router in despair, and tried Lynx because ping LXer still worked.

Glad it's back!

And I really like the new interface you've been working on so hard the past day! It's magic, simply revolutionary!
azerthoth

Nov 14, 2010
3:48 PM EDT
the twitching can stop now.
gus3

Nov 14, 2010
4:07 PM EDT
@Hans:

For the super-low-level, try "telnet http://www.example.com 80". Once it connects, type "GET / HTTP/1.0" followed by two returns.
Sander_Marechal

Nov 14, 2010
4:36 PM EDT
@gus: I always use this: http://downforeveryoneorjustme.com/
Scott_Ruecker

Nov 14, 2010
4:46 PM EDT
Trust me, I was tweaking without my LXer to feed my need..;-)
hkwint

Nov 14, 2010
9:09 PM EDT
Sander: Great tool!

Sadly I can't enter "KPN's ADSL-network" when there's yet another cable breakage somewhere...
tuxchick

Nov 14, 2010
9:40 PM EDT
I think Scott did a fancy drumstick toss and pierced the server. I'm sure I heard the power supply explode.
Scott_Ruecker

Nov 14, 2010
9:53 PM EDT
No Carla, I left Phoenix for the weekend to go to LA to visit family and the server started to get lonely..;-)
tracyanne

Nov 14, 2010
11:39 PM EDT
I don't suppose it had anything to do with the power outage we had on the weekend?
gus3

Nov 17, 2010
1:32 AM EDT
Still no word on what it was all about? (or "aboot" if that tickles your fancy)
tracyanne

Nov 17, 2010
1:51 AM EDT
consider my fancy tickled
dinotrac

Nov 17, 2010
8:06 AM EDT
D@mn it, Janet, er Scott --

I go away for a couple of days or maybe more and this is what happens.

Unacceptable. Completely unacceptable.

Consider yourself chastised, rebuked, and utterly humiliated.
Scott_Ruecker

Nov 17, 2010
12:31 PM EDT
Here is what happened;

A registered user of LXer initiated an SQL-injection attack against a vulnerability in our user login processing. The attack resulted in excessive MySQL load and loss of time synchronisation which created a denial of service for site users. During the denial of service, the LXer server remained active, and MySQL eventually recovered automatically. The LXer login processing has since been updated to protect it from further exploits.

So however they did it, it should not happen again..

Scott
gus3

Nov 17, 2010
1:29 PM EDT
Did you report said miscreant to his/her ISP?

Or, you could do like UserFriendly.org and call the miscreant's parents. Heh.

EDIT: It's apparent it was a parent that did it. http://xkcd.com/327/

*rimshot*
jimbauwens

Nov 17, 2010
3:06 PM EDT
I am to blame
jimbauwens

Nov 17, 2010
4:21 PM EDT
Its was never my intention to put the site down. When I found the exploit, I immediately contacted LXer. But because I did not get a reply I decided to try to find a way to login into someones account without password. This was to demostrate how big the problem was. I never managed to login into my account without a password, but one of the side effect was that I created a denial of service attack again the MySQL server (this was not my intention). When the site was down I did not realize that it was because of me, but only after the Idea popped into my head. (as you can see in my post on the top of this thread) I am deeply sorry that this happend, it was never my intention :( Jim Bauwens
dinotrac

Nov 17, 2010
4:49 PM EDT
Jim --

Way to 'fess up and take it like a man.

Nasty little hackholes don't do that.
hkwint

Nov 17, 2010
7:19 PM EDT
Jim: Maybe ask for a sandbox next time?
Sander_Marechal

Nov 18, 2010
1:30 AM EDT
Yup, good of you to fess up. May I ask how you tried to contact LXer about this issue? I haven't seen any e-mails from you at our editors@ address.
Scott_Ruecker

Nov 18, 2010
2:01 AM EDT
Jim and Bob have been in contact since his post in this thread.

Jim meant no harm..but still did some. Figuratively..;-) But he is good, we are good and all with LXer is good.

All I want for Christmas is my 200 lines of kernel speed increase goodness.
vainrveenr

Nov 18, 2010
10:48 AM EDT
An intermittent MySQL() error message. Saw this when attempting to access LXer.com at approximately Nov 18, 2010 9:40 AM EST (1440 UTC).
JaseP

Nov 18, 2010
11:06 AM EDT
Those wascally white-hats!!! Sufferin' succotash!
jimbauwens

Nov 18, 2010
11:10 AM EDT
Bob is busy fixing the flaws, so you probably just accessed the site when he was updating/fixing something. @scott, the liquorix kernel should include the patch already (accoring to someone on phoronix) EDIT : I removed the link to the Liquorix kernel, because it did something really evil to my system. Just trust me, and don't use it :)
Scott_Ruecker

Nov 18, 2010
11:22 AM EDT
@Jim; I am running Linux Mint so I think I will just wait until it comes down the pipe in an update. But I can't imagine with as effective as it is and as widely known as it is that it would take too long..;-)

I hope. I'm running 2.6.31-22 as it is. Is that old?

Scott
jimbauwens

Nov 18, 2010
11:48 AM EDT
@Scott : The patch is for 2.6.37 but is already backported to 2.6.35-36. I don't know if they can backport it 2.6.31, because there have been really many changes betwoon those kernel versions. Actually, I am sure that they can, the question is just are they going to do it :)
dinotrac

Nov 18, 2010
12:10 PM EDT
Scott -

You're running the same kernel I am. That's old.
gus3

Nov 18, 2010
12:21 PM EDT
@jim, where may we find the the backported diffs? A stable release kernel is preferable to pre-release versions, on "important" systems.
jimbauwens

Nov 18, 2010
3:32 PM EDT
@gus3, the 2.6.36 backport you can find the phoronix discusion forums, and the 2.6.35 backport in the gentoo forums (Sorry that I don't provide links, I almost have a exam, so I don't really have alot of time, and I just wrecked my Linux OS on my netbook (see modified post above), so I can't look in my history for the url's)
hkwint

Nov 18, 2010
5:35 PM EDT
Quoting:The patch is for 2.6.37


Thanks, that might explain why my kernel (both 36 / 35) didn't compile and threw an error!

Posting in this forum is limited to members of the group: [Editors, MEMBERS, SITEADMINS.]

Becoming a member of LXer is easy and free. Join Us!