http://www.sabresjunkie.com/forum/

Why all the down time??
http://www.sabresjunkie.com/forum/viewtopic.php?f=8&t=7781
Page 1 of 1

Author:  Nuthatch [ Tue Sep 24, 2013 8:49 pm ]
Post subject:  Why all the down time??

What was up with the site today? This is the first time today, maybe even since yesterday evening, that the site has been up & running for me. I had no one intelligent to complain to! LOL

Author:  PatGreen [ Wed Sep 25, 2013 11:05 am ]
Post subject:  Re: Why all the down time??

Not sure. I have to reload SJ pages twice almost every time.

Author:  Crosscheck [ Sat Oct 05, 2013 5:20 pm ]
Post subject:  Re: Why all the down time??

Sorry, I just saw this.
I started a new job recently and I haven't had a lot of time to babysit the server. I discovered someone was trying to brute force the drupal installation which was crushing the database.
Since I'm lazy I just removed drupal and put in a redirect from sabresjunkie.com to sabresjunkie.com/forum.

Author:  NYIntensity [ Mon Oct 07, 2013 8:04 am ]
Post subject:  Re: Why all the down time??

For my education, (and to sate my curiosity), what other options did you have? I've always used fail2ban, but I don't know if that would actually help in this case.

Author:  Crosscheck [ Mon Oct 07, 2013 10:36 am ]
Post subject:  Re: Why all the down time??

NYIntensity wrote:
For my education, (and to sate my curiosity), what other options did you have? I've always used fail2ban, but I don't know if that would actually help in this case.

Well the main problem here was the way Drupal hooked in to the phpbb3 back-end (enabling phpbb3 users to sign in to the front page etc.). Ever since I did that years ago I've seen people trying to exploit that implementation specifically.
If you noticed the times we were getting hundreds of spam registrations to the boards, those were actually coming from drupal and not phpbb3 itself.

I could have upgraded drupal (it was overdue)...I could have disassociated drupal from the forums...but ultimately I didn't think drupal was adding much value here (I'm not sure if any humans even went to the main page) so I decided just nixing it was the easiest, and most secure option.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/