Immediately upon return from 6 weeks leave, I was met with this<\/p>\n
<\/p>\n
On Tue, 27 Aug 2013, Scott Dellinger wrote:<\/p>\n
After we started getting alerted again about webdb server load, I have spent the last several hours looking into the recurring load issues on
\nwebdb. \u00a0The issues we\u2019ve been having are due to attacks on several vulnerable PHP scripts on\u00a0www.uvm.edu<\/a>, inserting code into SQL statements\u00a0that causes them to run for very long periods of time while holding open table locks. \u00a0This is being done by calling the BENCHMARK()\u00a0function,\u00a0which makes code run repeatedly, in combination with SLEEP(). \u00a0We have seen this type of attack before, but it\u2019s been a while.<\/p><\/blockquote>\nSpecifically, http:\/\/www.uvm.edu\/landscape and http:\/\/www.uvm.edu\/~geomorph<\/p>\n
Since they shared code base, I only had to fix the one and copy-paste to the other; nonetheless, some aspects were non-trivial. Ultimately, I prevailed.<\/p>\n
Soon after, however, I heard<\/p>\n
Looks like the back door you gave us for use by our publisher’s been shut both for them (and I just tried it, for me)<\/p>\n
http:\/\/www.uvm.edu\/~geomorph\/gallery\/xxxxxx.php<\/a><\/p>\n
Funny, the landscape back door works fine\u2026<\/p>\n
In fact, I can’t get into the gallery at all from here in Paris unless I use any connect – otherwise I get a forbidden error.<\/p><\/blockquote>\n
The site was temporarily blocked from outside UVM access pending code fixes to address the DoS attacks. I unlocked it, and delivered a much enhanced “back door,” URL of which cannot be revealed.<\/p>\n
But wait — there’s more<\/p>\n
\nFrom: Steve Bergeron <steve.bergeron1@gmail.com<\/a>>
\nSubject: Re: Landscape Change Comment
\nDate: September 5, 2013 7:32:24 PM EDT
\nTo: Paul Bierman <paul.bierman@uvm.edu<\/a>><\/p>\nPaul,
\nI know that you personally may not be able to address this concern, but I am trying to upload a reshot image for LS69689. \u00a0When I enter the photo number that I want to submit a reshoot for, I get this generic looking screen (the error on the top may have something to do with the problem)<\/p><\/blockquote>\n<\/blockquote>\nVariety of\u00a0Bugs introduced in latest bug fix (denial of service stuff). Squashed.<\/p>\n","protected":false},"excerpt":{"rendered":"
Immediately upon return from 6 weeks leave, I was met with this On Tue, 27 Aug 2013, Scott Dellinger wrote: After we started getting alerted again about webdb server load, I have spent the last several hours looking into … Continue reading