[thechat] site down?

[John Handelaar]

On 12 February 2010 14:18, Stéphane Deschamps <lists at nota-bene.org> wrote:
> <quote who='John Handelaar' when='12/02/2010 14:26'>

>> While looking around for stuff to ditch to make mysqlcheck work more
>> quickly I dumped the sessions, cache and accesslog table contents, and
>> looked in a couple of other places; one such was the 'Access' table
>> which contained multiple entries which had clearly been put there by
>> multiple unauthorised third parties.
>
> Mmmmmh. Bad, bad, bad.

In fact I've just looked further and decided that those entries are
not in fact bogus.

My bad. Looks like Dean (or someone else) added them as bozo filters
for attempted new joiners.

> Is it because of the drupal architecture? I'd say that inherently, when a
> system has to rely on many plugins, you take this kind of risks.

We're using a version of Drupal which is no longer supported by
security releases.  This is ungood.  We're not actually using much in
the way of plugins (the voting widget doesn't write text data anyway)
so I don't think it's that.

But, a quick scan of the server and the comment DB shows that we're
being hammered 24/7 by attempted attacks and attempted code
injections; we need to sort out an upgrade asafp.


jh