Still seeing more than the “normal” amount of brute force password guessing attempts by botnets. We’re banning around 500 addresses per day which is about 50% higher than average.
If you run Windows, please be sure your anti-virus software is current, the databases it uses are current, and scan your machines.
I’ve also read that some home routers have recently been compromised and being used as part of these BotNets but I do not have details at present.
We are now recommending the installation of WP Super Cache plugin for WordPress installations. Properly configured, this will speed-up your WordPress blog substantially.
For details, please see our WordPress installation page.
We’ve banned over 900 different IP addresses today for password guessing. A typical day would see about 350. When this number rises like this the usual cause is new Windows malware circulating.
Please be sure your anti-virus and anti-malware software is up to date. If you’re running Windows and NOT running MalwareBytes, I highly recommend doing so. It catches much malware that traditional anti-virus programs don’t find and when a customer brings an infected computer to me, nine times out of ten MalwareBytes will find an infection after Norton, Kaspersky, and others have failed.
I have no affiliation with MalwareBytes other than using it on my own computers and customers computers successfully, that is to say I get no financial incentive from them, but if your machine is clean then it’s less stress on our network and I appreciate that.
Shellx.eskimo.com is restored to service and all maintenance activity for this evening has been completed.
I made a bad error tonight and accidentally powered down one of the virtual host machines and had to take a trip to the co-location facility 22 miles SE of where I am to go power it back up.
As a consequence, I did not get all the work done I had intended to complete tonight so I will be continuing tomorrow between 10PM and 2AM.
I will be rebooting all EL6 based servers, this will include Iglulik, the main file server and server for some virtual machines, Virtual, another virtual machine server, mx1 and mx2 incoming mail servers, mail, shellx, scientific, radius1 to load a new kernel that fixes a new exploit that doesn’t lead to privilege escalation but can allow someone to remotely crash a server with properly crafted packets.
I will also be imaging these machines while they are down so that if we have to restore a system the restoration image will have the fixes for Ghost in place. If time allows I may take some other machines down for imaging as well.
Because Iglulik has the user files and mail spool, I will be rebooting it just after midnight and during this time everything else will freeze. This process takes about 20 minutes.
Servers which are replicated will be done earlier in the day. The shell severs will start at 10pm, and I will take one at a time so others will be available for your use when any given server is being worked upon. I will do the client mail server and web server when I’ve completed the shell servers.
We suffered a denial of service attack this morning that used DNS query packets with source addresses forged as our mail servers to cause our fail2ban scripts to firewall our DNS servers from our mail servers. This started around 7:30AM and caused intermittent inability to receive mail until I was able to modify the fail2ban configuration to ignore these attacks and restore DNS service to the mail servers and with it incoming mail. The servers rapidly processed the backlog and service was restored to normal by approximately 10:30AM. The configuration is fixed so that this particular mode of attack is no longer possible.
All machines which were vulnerable to the ghost exploit have been updated and rebooted.
There will be some brief interruptions of various services including the shell servers because of a serious vulnerability in glibc.
I will be applying updates to various systems as they become available and then rebooting so that old code no longer runs.
This will cause a brief interruption of all services. The main file server and host machines take longer to reboot so I will do those after 10PM tonight. There will be about twenty minutes between 10pm-midnight where virtually everything grinds to a halt while this is done.
If there is any interest in resuming user meetings in April, we need to find a location. Also what time and day of the week would people like to meet?
Please join the discussion regarding a new meeting sight on our forum.