[Blackpool] Saturday
Michael
heed at bigmassiveheed.co.uk
Fri Feb 13 20:55:02 UTC 2015
Just block all the ip addresses with iptables. Did have a script to do it
but I'm not sure where it went :(
On 13 Feb 2015 20:32, "James Page" <jmsp.1983 at gmail.com> wrote:
> Seems your suggestion worked, Michael!
>
> I just need to figure out which site has been compromised now...
>
> Moral of the story - don't let dormant sites be so dormant, I suppose (and
> get them migrated to Multisite much sooner).
>
>
>
>
> Best wishes,
> James
>
> On 13 February 2015 at 13:34, Michael <heed at bigmassiveheed.co.uk> wrote:
>
>> Is it possible to disable them to see if it has any effect.
>>
>> Could be the wp sites getting hammered.
>>
>> One thing to watch for is the xmlrpc exploit (
>>
>> https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=wordpress%20xmlrpc%20attack
>> )
>> ....basically server keeps getting a request for the item and eventually
>> struggles.
>>
>> Have a look through the apache logs for the wp sites and see if there any
>> requests for it.
>>
>> On 13 February 2015 at 13:28, James Page <jmsp.1983 at gmail.com> wrote:
>>
>> > Re 'dormant' - yes, public-facing, but no longer actively maintained
>> > Wordpress sites.
>> >
>> > Re the forum - not Belinda Carlise or Jo Guest-related I'm afraid! Long
>> > story short, I used to be a member of a music-related forum until a few
>> > years ago. After some regime change, which we didn't like, we upped
>> sticks
>> > and made a new home for ourselves.
>> >
>> > I'm afraid I haven't quite reached the levels of doing anything
>> intriguing
>> > or worthy yet!
>> >
>> >
>> >
>> >
>> > Best wishes,
>> > James
>> >
>> > On 13 February 2015 at 13:22, Arthur Garlick <
>> arthur_garlick at hotmail.com>
>> > wrote:
>> >
>> > > I once worked with a guy that let slip he maintained the No1 fan
>> > > website for a world famous pop star but we were all intrigued when he
>> > > wouldn't give up the URL or who it was.
>> > >
>> > > After a while and snooping of some logs it came out it was Belinda
>> > > Carlisle, the website has gone but it was halftheworld.com. After a
>> bit
>> > > this guy unravelled and confessed he was obsessed with her.
>> > >
>> > > This was in a dev team where the culture was a bit macho/competitive
>> > > and he lost his footing in the pecking order entirely. It was never
>> the
>> > > same for him.
>> > >
>> > >
>> > > Another guy I once knew maintained an online repository of Jo Guest
>> (page
>> > > 3 stunna model at the time) animated gifs. You'd have never guessed
>> > > talking to him.
>> > >
>> > >
>> > >
>> > > I confess, I am totally intrigued and wasting my Friday afternoon
>> trying
>> > > to guess what subject James would run a forum on.
>> > >
>> > > Regards
>> > >
>> > > Arthur
>> > >
>> > >
>> > > > Date: Fri, 13 Feb 2015 13:08:11 +0000
>> > > > From: jmsp.1983 at gmail.com
>> > > > To: blackpool at mailman.lug.org.uk
>> > > > Subject: Re: [Blackpool] Saturday
>> > >
>> > > >
>> > > > Michael,
>> > > >
>> > > > I'm with HTTPZoom. I think it's the following package:
>> > > >
>> > > > Platform OpenVZ
>> > > > 4GB Dedicated Ram
>> > > > 4GB vSwap Ram
>> > > > 50GB Diskspace
>> > > > 2TB Transfer
>> > > > 4 Core CPU Fair Share
>> > > > 100mb Shared Port
>> > > > SolusVM Control Panel
>> > > > Maidenhead Location
>> > > >
>> > > > I don't suspect a resources issue - at least, Webmin isn't showing
>> any
>> > > > unusual RAM or CPU usage, anyway.
>> > > >
>> > > > I'm running a myBB forum on Apache. It's only got a handful of
>> members
>> > > and
>> > > > posts each day, whilst the other sites being hosted are also
>> dormant,
>> > > > low-traffic WP sites.
>> > > >
>> > > > The forum's only started to run noticeably slow over the past week
>> or
>> > so.
>> > > > I'd had a look at some Apache optimisation pages, but they didn't
>> tally
>> > > > with what I saw in my httpd.conf file, so I didn't touch it.
>> > > >
>> > > > I thought it might be brute force attempts on the server which were
>> > > slowing
>> > > > things down, so I made some changes in iptables to close off SSH as
>> a
>> > > route
>> > > > in, whilst I increased my Cloudflare security settings to deal with
>> > those
>> > > > trying to get in via Web. No change, but at least I think I managed
>> to
>> > > > deal with some security issues.
>> > > >
>> > > >
>> > > >
>> > > > Best,
>> > > > James
>> > > >
>> > > >
>> > > > Best wishes,
>> > > > James
>> > > >
>> > > > On 13 February 2015 at 12:39, Michael <heed at bigmassiveheed.co.uk>
>> > wrote:
>> > > >
>> > > > > @Elizabeth
>> > > > >
>> > > > > For an amusing abut aimed at numpties look at how the internet
>> works
>> > > have a
>> > > > > look at: https://www.youtube.com/watch?v=PBWhzz_Gn10
>> > > > >
>> > > > > @Arthur
>> > > > >
>> > > > > It can be explained simpler than that....If I get some time I'll
>> > knock
>> > > > > something together.
>> > > > >
>> > > > > @James
>> > > > >
>> > > > > Who is the VPS provider and what level package have you got.
>> > > > > Are you going via Apache or nginX
>> > > > > Important question....is it a Wordpress site?
>> > > > >
>> > > > > On 13 February 2015 at 12:25, Arthur Garlick <
>> > > arthur_garlick at hotmail.com>
>> > > > > wrote:
>> > > > >
>> > > > > > Hi,
>> > > > > > I'm sceptical that it can be written in a useful guide, or else
>> I'd
>> > > have
>> > > > > > found one someone else had done that fit the job when I googled
>> it.
>> > > > > >
>> > > > > > In my mind it's more a learning by doing experience than a
>> written
>> > > down
>> > > > > > guide. We do need a crib sheet at the end with the details of
>> the
>> > > things
>> > > > > > we did so that people can go off and do the experiments in their
>> > own
>> > > > > time.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > So:
>> > > > > > ipV4 addresses, how to find yours.
>> > > > > >
>> > > > > > Difference between our ip address and a real fixed ip on the
>> > > internet.
>> > > > > > Touch on Class C and what is DHCP on a local router.
>> > > > > >
>> > > > > > What is a router, why do we need one.
>> > > > > >
>> > > > > > What a web server is and does. HTML. What actually is a browser.
>> > > Whats
>> > > > > > that http:// about, and https:// ?
>> > > > > >
>> > > > > > How we find all of these webservers without knowing ip
>> addresses of
>> > > > > > everything - DNS
>> > > > > >
>> > > > > > Routing worldwide, the origins of internet and robustness of
>> packet
>> > > > > > switching.
>> > > > > >
>> > > > > > Traceroute, just like on the TV with the hackers, where did the
>> > data
>> > > > > visit
>> > > > > > on it's way to us
>> > > > > >
>> > > > > >
>> > > > > > I'd cover all that in 15 minutes but by doing hands on stuff,
>> like
>> > > this:
>> > > > > >
>> > > > > > find out your ip address using command line
>> > > > > > find out ip address of someone else's pc
>> > > > > > notice similarities in the ip address's (talk about DHCP,
>> router,
>> > > real ip
>> > > > > > addresses vs class C.)
>> > > > > > ping somebody elses ip address in the room, what does that time
>> > mean?
>> > > > > > open the router setup in a browser look at DHCP (need to ask
>> about
>> > > > > that...)
>> > > > > > Have a machine with a standalone web server running and access
>> it
>> > via
>> > > > > http
>> > > > > > direct from its ip
>> > > > > > Open the default html file on the server and edit it
>> > > > > > Do view source at the browser side
>> > > > > > Quick overview of the F12 debug features in a browser are to
>> find
>> > the
>> > > > > code
>> > > > > > behind a particular area in a big web page
>> > > > > > Use reverse DNS to look up an ip of a famous site
>> > > > > > Ping that ip address - understand what just happened request and
>> > > response
>> > > > > > compare time with the local ping.
>> > > > > > Use traceroute to see how that data was routed across the world
>> > > > > >
>> > > > > > Also something about what Jo (and James!) does, managing VMs
>> that
>> > > are on
>> > > > > > boxes physically half way around the world and the reasoning to
>> > have
>> > > two
>> > > > > > VMs.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > Maybe back it up with a handout which might need to be custom to
>> > the
>> > > kit
>> > > > > > that person has so that the commands are right for them
>> > > > > > Mint/Ubuntu/PC/Raspbian. In my mind it's too hard to have a
>> proper
>> > > > > printed
>> > > > > > guide... too many variables. (But we can try!)
>> > > > > >
>> > > > > >
>> > > > > > So in my mind it's a snappy practical exercise (15mins might be
>> > > > > > optimistic) that we can do with all sorts of people, this would
>> be
>> > > just
>> > > > > as
>> > > > > > good done with Pis at the CoderDojo or new families that visit
>> the
>> > > > > > Makerspace for example.
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > I am a dev, I just do the code, there are people on here that
>> could
>> > > take
>> > > > > > the idea and improve it or put it in the bin and do it better
>> from
>> > > > > > scratch... PLEASE DO!
>> > > > > >
>> > > > > >
>> > > > > > regards
>> > > > > >
>> > > > > > Arthur
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > > > > Date: Fri, 13 Feb 2015 11:46:20 +0000
>> > > > > > > From: heed at bigmassiveheed.co.uk
>> > > > > > > CC: blackpool at mailman.lug.org.uk
>> > > > > > > Subject: Re: [Blackpool] Saturday
>> > > > > > >
>> > > > > > > How deep do you want this guide to be?
>> > > > > > >
>> > > > > > > On 13 February 2015 at 10:47, Elizabeth C <
>> > > > > > elizabethcoop1945 at hotmail.co.uk>
>> > > > > > > wrote:
>> > > > > > >
>> > > > > > > > re " I want to write down what will be in our 15 minute
>> > practical
>> > > > > > guide to
>> > > > > > > > how the internet works."
>> > > > > > > >
>> > > > > > > > I would be sooooo very grateful for something like that
>> > > written....
>> > > > > > > >
>> > > > > > > > Elizabeth
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > > From: arthur_garlick at hotmail.com
>> > > > > > > > > To: jmsp.1983 at gmail.com; blackpool at mailman.lug.org.uk
>> > > > > > > > > Date: Fri, 13 Feb 2015 10:01:05 +0000
>> > > > > > > > > Subject: Re: [Blackpool] Saturday
>> > > > > > > > >
>> > > > > > > > > Hi,
>> > > > > > > > > The plan with the Pi wearable got changed to me
>> delivering it
>> > > to
>> > > > > Les
>> > > > > > and
>> > > > > > > > Tom at Mereside tomorrow morning. We will be making a
>> slightly
>> > > late
>> > > > > > > > appearance at the makerspace.
>> > > > > > > > >
>> > > > > > > > > I know nothing James! But interested.
>> > > > > > > > >
>> > > > > > > > > Been busy this week, I'll be playing with the Arduino
>> > > compatible
>> > > > > > Teensy
>> > > > > > > > and working out what the 'compatible' there actually means.
>> > > > > > > > >
>> > > > > > > > > I want to write down what will be in our 15 minute
>> practical
>> > > guide
>> > > > > to
>> > > > > > > > how the internet works.
>> > > > > > > > >
>> > > > > > > > > Or maybe I'll just drink coffee, sit back and pontificate
>> on
>> > > the
>> > > > > vast
>> > > > > > > > expanse of things tech that doth offend mine eye.
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > See you tomorrow
>> > > > > > > > >
>> > > > > > > > > A
>> > > > > > > > >
>> > > > > > > > > > Date: Thu, 12 Feb 2015 21:42:29 +0000
>> > > > > > > > > > From: jmsp.1983 at gmail.com
>> > > > > > > > > > To: blackpool at mailman.lug.org.uk
>> > > > > > > > > > Subject: [Blackpool] Saturday
>> > > > > > > > > >
>> > > > > > > > > > Ahoyehoyey, peeps!
>> > > > > > > > > >
>> > > > > > > > > > If there's anybody coming on Saturday who knows their
>> way
>> > > around
>> > > > > a
>> > > > > > Web
>> > > > > > > > > > server, could you help me out with a site on my VPS? I
>> run
>> > a
>> > > > > small
>> > > > > > > > forum
>> > > > > > > > > > and it's recently started running pretty slowly - I'm
>> at a
>> > > loss
>> > > > > as
>> > > > > > to
>> > > > > > > > what
>> > > > > > > > > > it could be. I haven't noticed anything unusual in
>> terms of
>> > > > > > processes
>> > > > > > > > and
>> > > > > > > > > > memory.
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > > >
>> > > > > > > > > > James
>> > > > > > > > > > _______________________________________________
>> > > > > > > > > > Blackpool mailing list
>> > > > > > > > > > Blackpool at mailman.lug.org.uk
>> > > > > > > > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > > > > > > > >
>> > > > > > > > > _______________________________________________
>> > > > > > > > > Blackpool mailing list
>> > > > > > > > > Blackpool at mailman.lug.org.uk
>> > > > > > > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > > > > > > >
>> > > > > > > > _______________________________________________
>> > > > > > > > Blackpool mailing list
>> > > > > > > > Blackpool at mailman.lug.org.uk
>> > > > > > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > > > > > > >
>> > > > > > > _______________________________________________
>> > > > > > > Blackpool mailing list
>> > > > > > > Blackpool at mailman.lug.org.uk
>> > > > > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > > > > >
>> > > > > _______________________________________________
>> > > > > Blackpool mailing list
>> > > > > Blackpool at mailman.lug.org.uk
>> > > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > > > >
>> > > > _______________________________________________
>> > > > Blackpool mailing list
>> > > > Blackpool at mailman.lug.org.uk
>> > > > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> > >
>> > _______________________________________________
>> > Blackpool mailing list
>> > Blackpool at mailman.lug.org.uk
>> > https://mailman.lug.org.uk/mailman/listinfo/blackpool
>> >
>> _______________________________________________
>> Blackpool mailing list
>> Blackpool at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/blackpool
>>
>
>
More information about the Blackpool
mailing list