[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web

To: Eric Jorgensen <ericj@eskimo.com>
Subject: Re: Web
From: Nanook <nanook@eskimo.com>
Date: Fri, 28 Sep 2007 15:23:30 -0700 (PDT)
Cc: Badger Clan <badger@eskimo.com>, Carl Dinse <carl@eskimo.net>, outages-list@eskimo.com
In-reply-to: <Pine.SUN.4.58.0709281457030.15359@eskimo.com>
List-help: <mailto:outages-list-request@eskimo.com?subject=help>
List-post: <mailto:outages-list@eskimo.com>
List-subscribe: <mailto:outages-list-request@eskimo.com?subject=subscribe>
List-unsubscribe: <mailto:outages-list-request@eskimo.com?subject=unsubscribe>
Resent-date: Fri, 28 Sep 2007 15:23:32 -0700
Resent-from: outages-list@eskimo.com
Resent-message-id: <TJ50zC.A.JiD.j7X_GB@ultra7.eskimo.com>
Resent-sender: outages-list-request@eskimo.com


     Yes, it would but I have a fix in mind, just need to make some changes
to the routing.  I'm going to assign a seperate virtual address for
mysql.eskimo.com, but a router filter in place to block that port from the
outside world (and we can put in exceptions for customers that have a need,
replication or whatever).

     The web server still isn't totally protected, it's a conflict between CIDR
routing and classful routing (the router doing CIDR and the server being
configured with seperate class C address spaces).

     So I have to change the routing to make everything match and that is best
done later at night because of the potential to break things.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
 Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
   Knowledgable human assistance, not telephone trees or script readers.
 See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.

On Fri, 28 Sep 2007, Eric Jorgensen wrote:

> Date: Fri, 28 Sep 2007 15:06:35 -0700 (PDT)
> From: Eric Jorgensen <ericj@eskimo.com>
> To: Nanook <nanook@eskimo.com>
> Cc: Badger Clan <badger@eskimo.com>, carl@eskimo.net
> Subject: Re: Web
> 
> On Wed, 26 Sep 2007, Nanook wrote:
> 
> >
> >      Last night we had an incidence on our web server where output traffic all
> > the sudden shot up to about 60mbit/s and stayed there for more than an hour.
> >
> >      I was unable to determine the cause last night however, the server locked
> > up once and I had to reboot it, and then when it came back up there was some
> > strange behavior.
> >
> >      I found someone was SYN flooding the MySQL server port and so changed the
> > settings so that it does not listen for external connections.
> >
> >      However, I am concerned that someone may have some misbehaving PHP or CGI
> > scripts in their website.
> 
> 
> This seems to break CGIs/PHPs running with "mysql.eskimo.com" as the host,
> but still works with ones connecting to "localhost".
> 
> Examples (PHPs):
> 	http://www.eskimo.com/~ericj/calendar/	(localhost)
> 	http://www.eskimo.com/~ericj/cal_test/	(mysql.eskimo.com)
> 
> Worked with 'design' on the phones earlier to get his re-install of
> Wordpress working, swapping it to 'localhost'.  So in case folks call/email
> about broken database scripts, this might be the trick.
> 
> We had the 'mysql.eskimo.com' one setup initially in case of moving it
> around the servers (like ultra1 vs ultra7, etc.).

Prev by Date: Strange DoS attacks
Next by Date: Telephone Outage
Previous by thread: Web
Next by thread: Web
Index(es):
- Date
- Thread