SoylentNews is people
SoylentNews
We had an hour or so or downtime today. After debugging, the root cause came from the SSL certificates we use to establish a database connection from the webserver to the actual DB. As a prelude GoLive, we migrated from unencrypted connections to encrypted connections as we have to cross the Linode internal LAN. In an attempt to improve data security, we generated a set of SSL certificates and used those to encrypt the MySQL connections. In the flurry of golive, no one thought to check the expiry date on said certificates. Out of the box, OpenSSL generates certificates with a one month expiry unless manually changed.
As you might expect, one month later, the certificates expired, and the database stopped accepting remote connections. New certificates were generated with a ten year expiration, and we continue to work towards better documenting our internal processes on the wiki to prevent this sort of thing from happening again. Apache, and slashd are running again, and we appear to be back to status-quo in terms of site operation.
A full incident report will be written up and posted to the wiki in the next few days.
As you might expect, one month later, the certificates expired, and the database stopped accepting remote connections. New certificates were generated with a ten year expiration, and we continue to work towards better documenting our internal processes on the wiki to prevent this sort of thing from happening again. Apache, and slashd are running again, and we appear to be back to status-quo in terms of site operation.
A full incident report will be written up and posted to the wiki in the next few days.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
"The subspace _W inherits the other 8 properties of _V. And there aren't
even any property taxes."
-- J. MacKay, Mathematics 134b
(Score: 2, Informative) by sglane on Friday March 14 2014, @02:30PM
I honestly don't see what he did wrong. [...] but I'm not buying the ddos accusation without any kind of evidence
Some excerpts from http://logs.sylnt.us/%23soylent/2014-03-11.html [sylnt.us]
[03:29:27] I'm willing to smack both of these ignorant nagging niggers upside the head to teach both of these ignorant fucks a lesson
[03:36:49] I'm sick of being held hostage
[03:37:05] So, I'm about to turn all my video chat servers into a bandwidth buster. Not a DDoS. Just a legitimate bandwidth bill raiser.
[03:37:38] I'll start at 40TB aggregate bw and slowly bring it up to 400TB with legit page refreshes, link trawling, all multi-ip cloud-based
[03:37:41] and you'd admit this in chat?
[03:37:47] Let's see how they like a hostage fighting back
[03:37:51] Why not?
[03:38:00] to what end?
[03:38:18] wait... how are we hostages? And does being a hostage mean no more free cheese?
[03:38:19] Teach them an expensive lesson in holding their comunity hostage
[03:38:27] teach them this squabbling is about to bite them in the ass and HARD
[03:51:34] Well, in about 5 minutes I'll have this script finished and running. Stil not cutting either of these two fuckers some slack until they learn their lesson.
[03:51:49] PLAY NICE OR DON'T PLAY AT AL
[03:56:32] Legitimate page refreshes and link trawling have already been held as legal. I'm not doing a DDoS. I'm simply loading a page as requested by HTTP link trawling. Nothing different from a bot crawler except this one doesn't respond to robots.txt
[03:56:45] and it constantly refreshes every link to check if there's been a change in the page
[03:56:57] Khyber, to what end?
[03:57:06] right, but you've now stated that you're doing it with intention to harm the site owners and users of the stie
[03:57:07] What is the best case scenario resulting from this?
[03:57:07] My own personal satisfaction, damn the lot of you.