LXer is back!
|
| Author | Content |
|---|---|
| gus3 Nov 14, 2010 8:56 AM EDT |
What happened? (Please tell, so the rest of us can learn from your mistake...) |
| jimbauwens Nov 14, 2010 11:07 AM EDT |
Yep, its back, have been waiting since yesterday (and I hope its not my fault that it was down) |
| Scott_Ruecker Nov 14, 2010 11:29 AM EDT |
You all have our sincere apologies, I do not know the details as of yet but it looks like we are back up and running full speed again. Scott |
| bigg Nov 14, 2010 11:37 AM EDT |
Are you running Windows? If so, you might consider a switch to Linux, I hear it's more stable. |
| Scott_Ruecker Nov 14, 2010 12:09 PM EDT |
How did I know that was coming? Very funny bigg, very funny..;-) |
| jimbauwens Nov 14, 2010 12:18 PM EDT |
No, they run fedora, I checked the http headers about a week ago:) |
| tuxchick Nov 14, 2010 1:00 PM EDT |
Yay it's back! Whoever tripped over the power cord, confession is good for the soul. |
| hkwint Nov 14, 2010 1:36 PM EDT |
Phew, that was a boring day without LXer. It made me do all those social things like meet people in real world, talk to them and stuff. I even restarted my ADSL router in despair, and tried Lynx because ping LXer still worked. Glad it's back! And I really like the new interface you've been working on so hard the past day! It's magic, simply revolutionary! |
| azerthoth Nov 14, 2010 3:48 PM EDT |
the twitching can stop now. |
| gus3 Nov 14, 2010 4:07 PM EDT |
@Hans: For the super-low-level, try "telnet http://www.example.com 80". Once it connects, type "GET / HTTP/1.0" followed by two returns. |
| Sander_Marechal Nov 14, 2010 4:36 PM EDT |
@gus: I always use this: http://downforeveryoneorjustme.com/ |
| Scott_Ruecker Nov 14, 2010 4:46 PM EDT |
Trust me, I was tweaking without my LXer to feed my need..;-) |
| hkwint Nov 14, 2010 9:09 PM EDT |
Sander: Great tool! Sadly I can't enter "KPN's ADSL-network" when there's yet another cable breakage somewhere... |
| tuxchick Nov 14, 2010 9:40 PM EDT |
I think Scott did a fancy drumstick toss and pierced the server. I'm sure I heard the power supply explode. |
| Scott_Ruecker Nov 14, 2010 9:53 PM EDT |
No Carla, I left Phoenix for the weekend to go to LA to visit family and the server started to get lonely..;-) |
| tracyanne Nov 14, 2010 11:39 PM EDT |
I don't suppose it had anything to do with the power outage we had on the weekend? |
| gus3 Nov 17, 2010 1:32 AM EDT |
Still no word on what it was all about? (or "aboot" if that tickles your fancy) |
| tracyanne Nov 17, 2010 1:51 AM EDT |
consider my fancy tickled |
| dinotrac Nov 17, 2010 8:06 AM EDT |
D@mn it, Janet, er Scott -- I go away for a couple of days or maybe more and this is what happens. Unacceptable. Completely unacceptable. Consider yourself chastised, rebuked, and utterly humiliated. |
| Scott_Ruecker Nov 17, 2010 12:31 PM EDT |
Here is what happened; A registered user of LXer initiated an SQL-injection attack against a vulnerability in our user login processing. The attack resulted in excessive MySQL load and loss of time synchronisation which created a denial of service for site users. During the denial of service, the LXer server remained active, and MySQL eventually recovered automatically. The LXer login processing has since been updated to protect it from further exploits. So however they did it, it should not happen again.. Scott |
| gus3 Nov 17, 2010 1:29 PM EDT |
Did you report said miscreant to his/her ISP? Or, you could do like UserFriendly.org and call the miscreant's parents. Heh. EDIT: It's apparent it was a parent that did it. http://xkcd.com/327/ *rimshot* |
| jimbauwens Nov 17, 2010 3:06 PM EDT |
I am to blame |
| jimbauwens Nov 17, 2010 4:21 PM EDT |
Its was never my intention to put the site down. When I found the exploit, I immediately contacted LXer. But because I did not get a reply I decided to try to find a way to login into someones account without password. This was to demostrate how big the problem was. I never managed to login into my account without a password, but one of the side effect was that I created a denial of service attack again the MySQL server (this was not my intention). When the site was down I did not realize that it was because of me, but only after the Idea popped into my head. (as you can see in my post on the top of this thread) I am deeply sorry that this happend, it was never my intention :( Jim Bauwens |
| dinotrac Nov 17, 2010 4:49 PM EDT |
Jim -- Way to 'fess up and take it like a man. Nasty little hackholes don't do that. |
| hkwint Nov 17, 2010 7:19 PM EDT |
Jim: Maybe ask for a sandbox next time? |
| Sander_Marechal Nov 18, 2010 1:30 AM EDT |
Yup, good of you to fess up. May I ask how you tried to contact LXer about this issue? I haven't seen any e-mails from you at our editors@ address. |
| Scott_Ruecker Nov 18, 2010 2:01 AM EDT |
Jim and Bob have been in contact since his post in this thread. Jim meant no harm..but still did some. Figuratively..;-) But he is good, we are good and all with LXer is good. All I want for Christmas is my 200 lines of kernel speed increase goodness. |
| vainrveenr Nov 18, 2010 10:48 AM EDT |
An intermittent MySQL() error message. Saw this when attempting to access LXer.com at approximately Nov 18, 2010 9:40 AM EST (1440 UTC). |
| JaseP Nov 18, 2010 11:06 AM EDT |
Those wascally white-hats!!! Sufferin' succotash! |
| jimbauwens Nov 18, 2010 11:10 AM EDT |
Bob is busy fixing the flaws, so you probably just accessed the site when he was updating/fixing something. @scott, the liquorix kernel should include the patch already (accoring to someone on phoronix) EDIT : I removed the link to the Liquorix kernel, because it did something really evil to my system. Just trust me, and don't use it :) |
| Scott_Ruecker Nov 18, 2010 11:22 AM EDT |
@Jim; I am running Linux Mint so I think I will just wait until it comes down the pipe in an update. But I can't imagine with as effective as it is and as widely known as it is that it would take too long..;-) I hope. I'm running 2.6.31-22 as it is. Is that old? Scott |
| jimbauwens Nov 18, 2010 11:48 AM EDT |
@Scott : The patch is for 2.6.37 but is already backported to 2.6.35-36. I don't know if they can backport it 2.6.31, because there have been really many changes betwoon those kernel versions. Actually, I am sure that they can, the question is just are they going to do it :) |
| dinotrac Nov 18, 2010 12:10 PM EDT |
Scott - You're running the same kernel I am. That's old. |
| gus3 Nov 18, 2010 12:21 PM EDT |
@jim, where may we find the the backported diffs? A stable release kernel is preferable to pre-release versions, on "important" systems. |
| jimbauwens Nov 18, 2010 3:32 PM EDT |
@gus3, the 2.6.36 backport you can find the phoronix discusion forums, and the 2.6.35 backport in the gentoo forums (Sorry that I don't provide links, I almost have a exam, so I don't really have alot of time, and I just wrecked my Linux OS on my netbook (see modified post above), so I can't look in my history for the url's) |
| hkwint Nov 18, 2010 5:35 PM EDT |
Quoting:The patch is for 2.6.37 Thanks, that might explain why my kernel (both 36 / 35) didn't compile and threw an error! |
Posting in this forum is limited to members of the group: [Editors, MEMBERS, SITEADMINS.]
Becoming a member of LXer is easy and free. Join Us!