Forum Rule: Always post complete source code & details to reproduce any issue!
Results 1 to 9 of 9

Thread: Forum downtime planned, Oct 9-12, 2013

  1. #1
    Administrator Paul's Avatar
    Join Date
    Oct 2012
    Posts
    338

    Forum downtime planned, Oct 9-12, 2013

    Robin and I will be moving this forum to a new server over the next few days. As part of this move, the forum will be briefly locked to new postings.

    We're hoping to run a test tonight (Oct 9), probably lasting less than 1 hour. When the actual move occurs, within the next few days, the forum will again be locked to new posts.

  2. #2
    Administrator Robin's Avatar
    Join Date
    Oct 2012
    Location
    PJRC Global Headquarters
    Posts
    316
    I will be turning off the forum today (09-October) at 5 PM PDT (12 PM GMT) for 10 minutes.

  3. #3
    Junior Member
    Join Date
    Oct 2013
    Posts
    1
    2 Minute warning...

  4. #4
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,680
    If you're seeing version 4.2.2 at the bottom of the page, you're on the new server. The old one is supposed to be closed.

    Hopefully everything is working??

  5. #5
    Administrator Paul's Avatar
    Join Date
    Oct 2012
    Posts
    338
    Are email notifications for new posts working???

  6. #6
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,680
    another test

  7. #7
    Senior Member
    Join Date
    Jun 2013
    Location
    So. Calif
    Posts
    2,828
    Response time is good.. less than 1 second from when I click to view, to when the item is displayed here.
    email notices of additions to topic threads.. haven't gotten any yet, but maybe that's correct.

  8. #8
    Please read this Paul

  9. #9
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,680
    As far as I know, we're safe here.

    I deleted the install folder, on the old server right after installing, and on this new one right after running the upgrade script. I did the upgrade and all the new server setup with my own private nameserver configured with the new server's IP, but the public ns1.pjrc.com configured to the old forum, so it's highly unlikely anyone would have accessed the server during those few hours of setup time. I upgraded to 4.2.2 (you can see the version on the page footer). Version 4.2.2 supposedly fixes that particular install vulnerability (if you disregard the instructions to delete the install folder), plus another recently discovered bug in the "runner" app, which we never installed, and lots of other bugs they didn't specify.

    vBulletin actually sent an advisory message several weeks ago about this vulnerability. I checked that day. I had already deleted the install folder when setting the forum up. It's a pretty well documented part of the installation process. Looks like some sites just upload the whole thing with FTP and once they get the forum working, they disregard the cleanup steps?

    For another quick sanity check, I just looked at the server log file. Over the last 48 hours, bots have tried to access the /install/upgrade.php script 54 times. The server is sending them 404 errors. Most of the hack attempts came from these 3 IPs: 192.99.3.146, 198.57.168.169, and 69.89.31.198.

    It turns out the bots are also appending "/install/upgrade.php" to the end of regular forum URLs, perhaps hoping some sites have misconfigured mod_rewrite or something? Our server is returning 200 status for those. I just checked and everything looks fine. For example, here's a link with the extra install stuff added, and here's the same link normally. The server is ignoring the extra stuff.

    I do full backups, but only every 2 to 4 weeks. If we do get hacked and lose everything, at least it will be possible to fully restore the forum to a backup from a few weeks ago. I retain about 10 backups.


    Edit: here's the article's google query for pjrc only.
    Last edited by PaulStoffregen; 10-15-2013 at 10:15 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •