Busy day at work, and Bitter was busy painting today. Additionally, I’ve been investigating the incident this morning with the server, which I think may have been a Denial of Service attack on the blog. The server does have a failing disk, but it’s more just that I was looking and noticed that, rather than a bad disk being the direct cause of the crash. The direct cause was Apache hitting its MaxClients setting, and being unable to spawn more apache processes. You can see on MRTG the TCP connections shot way up. In the logs I do have a few probes for the timthumb exploit, but that’s a frequent occurrence, and might have just been a coincidence. The other thing that plays against a DoS attack is that things were fine after I rebooted, and I would have expected to see a lot of new TCP connection activity, which I didn’t. For now, I’m really anxious to track this down, but blogging will resume once I figure it out or conclude that I will never really know. I regret I was in a rush to get out the door and didn’t take time to investigate this when it was happening.
UPDATE: OK, coming tomorrow I think. I decided to hold off on replacing the disk for now. It’ll make more sense to change out the disk when I move the server back down to my office when it’s finished being redone.
Perhaps our opposition is getting desperate. Either that or it’s time to double up on my tin foil :-).
Time for mod_security.
Take care of it as best you can, we do appreciate the info you supply to us.
Even if we don’t tell you so very often.
Thanks Much!
Well, I was worried. You see, there have been several attacks and successful Hacks against several Pro-Gun Blogs and Sites. Even my one eMail Account was Hacked into, and I used it for the BLNN.
Now, knowing the Anti-Gun Opposition, and the fact that the DOJ under Holder really doesn’t give a Damn about the RKBA, I fully expect that some Techno Geek or two might be out there trying to “Kill the Messenger.”
Cover Your Butts.