May be some downtime (sorry). Server maintenance.

Some reports have been coming in that the new-user signup emails aren’t being delivered. Once I started investigating, I found some issues with Exim (the mail service). Once I started trying to fix those issues, I realized that my configuration file has been replaced with some other one (and I don’t think I have a backup of it – lots of changes I made, and I don’t even remember what all I have to do). So further research uncovered a recent exploit in EXIM 4 that lets a person gain root privilege and generally mess stuff up. Apparently, this exploit was only discovered 10 days ago. Looks like my server was hacked on the 16th.

I’m trying to “fix” the problem without restaging the entire server, but I’m about to the point where there may be no other choice. So, just be prepared for errors saying MySQL is down, or the server is inaccessible, etc. I don’t yet know what’s going to be involved to recover.

Gah! Sorry to hear that, and thanks for your hard work.

Man that sucks – hope the whole recovery goes OK. And thanks for administering this!


Bloody hackers… sigh

Thanks for all the work that goes on behind the scenes.

Best of luck sorting it all out. :slight_smile:

Probably a related issue, but as of today (Dec. 27) server access is unbelievably slow – close to a minute any time a page needs to be loaded. Figured I should mention it. As Emily said, thanks for all your behind-the-scenes hard work! This forum is clearly replacing the newsgroup as a primary hub, and that’s a good thing, IMO.

Not related as far as I can tell. The web stat analyzer I use was showing huge usage when I checked it just now. I’ve seen that happen before. There’s a prior version of it that has some kind of security vulnerability, and there are scripts/bots that just peg it endlessly trying to exploit the hack. I’m on a newer version, but all the extra repeated calls really bog things down. I had fixed this before by password protecting that script, but when I switched servers last year it looks like I forgot to configure something right in the web server and so it wasn’t actually forcing authentication anymore. Long story short, looks like that might have been the cause of any recent speed issues, but I’ve taken care of it I think. It should no longer run for whatever would-be hacker that was trying to use it.

I’ve seen several “out of memory” errors lately. Related?

Edit: Sorry, I’d forgotten about this, as it was a while ago since I last saw that error. Never mind.