Welcome to the world of Saab ! Register
Results 1 to 2 of 2
  1. #1
    Frank Wulfers
    Administrator
    Join Date
    30 Jul 2010
    Location
    NW Michigan, USA
    Posts
    7,410
    Saab(s)
    previous: 2006 9-3, 2001-06 9-5, 2011 9-4X
    Thumbs Up:   31

    SaabWorld under attack - connection problems and database errors.

    The site has been mostly unusable since Saturday evening. The servers of our host were hit very hard with all kinds of attacks resulting in the forum not loading at all and many database errors. SaabWorld.net has shared hosting with other sites on the same server.

    Tech support at our host is top notch and they identified and fixed the issue at their Strasbourg, France server location where SaabWorld.net is hosted. SaabWorld.org hosted in Rotterdam has not been affected.

    It looks like the forum is back to normal at times but still suffers the occasional outage. It also may be a bit slower than usual for now.

    Info from our webhost:

    You may have a website at the NABOO server, since Saturday night / Early Sunday this server was under attack. While the main issue was spotted quikly we also noticed this issue had no 'fast' solution.

    What we encountered on the server where nearly all wordpress sites on the server being attacked, while this is a common attack vector we also found that one of our main protections against this type of attack did not function correctly. The only resolution we had at that time was starting to block the attacking IPs ; but as each IP was unique and once we blocked one we got 10 new connections from different IPs in its place.

    We started to write a script to automatically starting to filter the attacks, this worked for a while but caused the firewall to have a reload every 15 minutes; which was still stressing the server and even though we already blocked tens of thousands of attacking IP's it did not bring the server back to its normal level.

    At this point also the developer of the security tools was busy trying to investigate the issue, which they still remain doing; but we still had a server which sometimes worked. and sometimes did not. The worst part was that the server disks started to get out of sync due to the heavy attacks as well, slowing things down even further.

    As the xmlrpc.php atacks on wordpress continued we decided to rename the xmlrpc.php service on all accounts which where under attack to : attack.xmlrpc.php ; THIS WILL BREAK THE XMLRPC SERVICE FOR WORDPRESS SITES! but was our only solution to stop the xmlrpc.php attacks and making sure the server resources where not spend on only loading firewall rules and filtering IPs leaving all sites unavailable.

    To our shock this did NOT resolve the issue, and the server did remain responding, however the load did come down; this is when we spotted another account which was actually sending out an attack (DOS) to an external host; we have SUSPENDED this account pending investigation. At this point the server load is back to normal and sites start to load again. However the disk is still out of sync and is rebuilding, unfortunately with large disks this can take a day or more to fully recover. This may leave the sites a bit slower, but they will load again.

    Together with our security tool provider we keep monitoring and stabelizing the server to acceptable levels in the coming hours.

    If you have a wordpress website please make sure you have updated ALL your plugins, not only automatically upgrade wordpress, 9 out of 10 wordpress hacks are not related to the tool itself but to the plugins you may have installed; some very popular plugins have security issues and should be upgraded. We recommend to check your wordpress site for updates at least once a week.

    0 Not allowed!

  2. #2
    Bruno
    Saab Nut swisssaabist's Avatar
    Join Date
    18 Nov 2016
    Location
    Cheeseland or TICTAC land
    Posts
    316
    Saab(s)
    9-5 ARC Wagon 2002 2 t auto engine B205E
    Thumbs Up:   36
    When i want to connect yesterday I have thinking about an attack ...nice you can resolve the problem. you make a great work on that site Thanks Frank !!

    1 Not allowed!

 

 

Similar Threads

  1. Replies: 6
    Last Post: 08 April 2017, 12:57
  2. 2007 9-3 Convertible Turbo V6 multiple errors
    By jmbogey in forum Saab 900 and 9-3 (1994-2003)
    Replies: 0
    Last Post: 18 May 2015, 20:22
  3. Saabarchive.net - colors and wheels database
    By saabeirik in forum Saab Talk
    Replies: 26
    Last Post: 15 April 2015, 10:07
  4. Saab parts database for 900, 9000, 9-3, 9-5
    By nordwulf in forum Tech Talk
    Replies: 3
    Last Post: 02 June 2011, 02:45
  5. Errors when posting dyno runs to garage
    By sab in forum Administration
    Replies: 4
    Last Post: 28 January 2011, 21:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT. The time now is 00:05.
Powered by vBulletin® Version 4.2.5
Copyright © 2017 vBulletin Solutions Inc. All rights reserved.