Forum downtime planned, Oct 9-12, 2013

Status
Not open for further replies.

Paul

Administrator
Staff member
Robin and I will be moving this forum to a new server over the next few days. As part of this move, the forum will be briefly locked to new postings.

We're hoping to run a test tonight (Oct 9), probably lasting less than 1 hour. When the actual move occurs, within the next few days, the forum will again be locked to new posts.
 
I will be turning off the forum today (09-October) at 5 PM PDT (12 PM GMT) for 10 minutes.
 
If you're seeing version 4.2.2 at the bottom of the page, you're on the new server. The old one is supposed to be closed.

Hopefully everything is working??
 
Response time is good.. less than 1 second from when I click to view, to when the item is displayed here.
email notices of additions to topic threads.. haven't gotten any yet, but maybe that's correct.
 
As far as I know, we're safe here.

I deleted the install folder, on the old server right after installing, and on this new one right after running the upgrade script. I did the upgrade and all the new server setup with my own private nameserver configured with the new server's IP, but the public ns1.pjrc.com configured to the old forum, so it's highly unlikely anyone would have accessed the server during those few hours of setup time. I upgraded to 4.2.2 (you can see the version on the page footer). Version 4.2.2 supposedly fixes that particular install vulnerability (if you disregard the instructions to delete the install folder), plus another recently discovered bug in the "runner" app, which we never installed, and lots of other bugs they didn't specify.

vBulletin actually sent an advisory message several weeks ago about this vulnerability. I checked that day. I had already deleted the install folder when setting the forum up. It's a pretty well documented part of the installation process. Looks like some sites just upload the whole thing with FTP and once they get the forum working, they disregard the cleanup steps?

For another quick sanity check, I just looked at the server log file. Over the last 48 hours, bots have tried to access the /install/upgrade.php script 54 times. The server is sending them 404 errors. Most of the hack attempts came from these 3 IPs: 192.99.3.146, 198.57.168.169, and 69.89.31.198.

It turns out the bots are also appending "/install/upgrade.php" to the end of regular forum URLs, perhaps hoping some sites have misconfigured mod_rewrite or something? Our server is returning 200 status for those. I just checked and everything looks fine. For example, here's a link with the extra install stuff added, and here's the same link normally. The server is ignoring the extra stuff.

I do full backups, but only every 2 to 4 weeks. If we do get hacked and lose everything, at least it will be possible to fully restore the forum to a backup from a few weeks ago. I retain about 10 backups.


Edit: here's the article's google query for pjrc only.
 
Last edited:
Status
Not open for further replies.
Back
Top