A fun afternoon (attacked website)

Thursday, December 15 was a day like any other until the afternoon. Then I got the notice from the Jetpack plugin for one of my WordPress sites that it was down, and couldn’t be reached.

This happens occasionally, so I wasn’t too upset. Pointing my browser to the site Home2Baja gave a Database connection error. Simple enough to fix.

So I fired up PuTTY, and logged in. I attempted to restart MySQL, the first line of fixing the issue. Weirdly, it restarted, then stopped automatically again.

What f*ckery is this?

So I restart the droplet (this is hosted on the incredibly awesome service Digital Ocean) and after a minute try to browse to the site again. Same issue.

Grrrrr.

So I once again fire up PuTTY, and log in. Now all sorts of bat-shittery is happening. I am getting BASH errors, not enough memory to fork. I can’t even log in, so I go to the Droplet service on DO, and log into the console.

… and the screen fills with Apache error codes.

A little Google-fu, and it appears that the site is getting hammered with XML-RPC requests, causing Apache to use all the memory, and essentially shutting down the droplet.

The problem was that I could power it off, and on, but before I could SSH in, the site was jacked with the cascade of XML-RPC requests.

Finally, I got in, and was able to apply a fix (also, documented well on the Digital Ocean support knowledge base), and got it back under control.

Now, I have Cloudflare running interference, so that in the future if/when I get hammered like this again, I can block it without being locked out of my own VPS.

A fun afternoon.

(Background: The “Home2Baja site is a website I created for a friend who is selling his home in San Felipe, B.C. We use Google Adwords to drive traffic to it, and it gets 30 – 50 hits a day. Clearly someone pointed their attack vector at it, and it was getting 4,000 xml-rpc queries a second. No wonder why my measly 1gb droplet was getting inundated. Yes, there is a firewall, a fairly restrictive firewall, but these queries come via HTTP, or port 80.)

Book review: All the Birds in the Sky

In the aftermath of the 2016 elections, the lead up to November 8th, I had been reading a lot of political history of the latter half of the 20th century. After The Donald won, I needed a change.

While I have often found modern SciFi a bit hard to get into, I steeled myself and asked a High School friend, Chuck Serface for a couple of recommendations. First up was “All the Birds in the Sky” by Charlie Jane Anders,  which appeared on my Kindle as if by magic.

That night, when I picked up my Kindle at bedtime, I fell into a trance, reading the entirety of the first “Book” (the novel is broken into 4 “Books” in a fairly natural divisions). I usually nod off after 15 minutes or so, strong praise indeed.

Read more

Good things are coming my way!

Well, I have something VERY Important to say. Apparently, I have some money coming my way, as I have recently received an urgent communiqué from none other than the FED chairwoman, Janet Yellen, herself.

Yessir, the good times are soon to be here in Casa Geoff. As you can see, from the email I have quoted below that it is a Major Award.

From Mrs. Janet L Yellen

Federal Reserve Bank New York.

33 Liberty Street New

York , NY 10045-0001.

United States.

Attention Geoff Anderson,

The bank have re-opened your fund payment file/records again due to the high importance the authority and United States placed on the project that has lingered for too long, your inability to see the efforts and results been posted now and what is obtainable now and before has placed the fund under a serious threat of confiscation by the board. This very amount of $1.6 Million usd is very much available for assessment with the Federal Reserve Bank of America New York City .We want to bring smiles to all over due payments of American and other G7 Community citizens at this financial demanding season of financial year 2016 ending.

We have taken steps been enforced by security investigative agents by inviting you to come down to the bank here in NEW York City USA to iron out security papers issue that will pave way for the deposition or delivery of the fund to you. But all our effort proved abortive due to your past ugly experience but the authority hereby plead for a re-think so that we can cooperate with the bank and have the fund transferred to you.

This payment re-visitation comes up every last financial year. The management will after this very one stop further consultation to you if you fail to clear this fund from our custody and move to take over the financial allocation in order to meet the yearly financial obligation that is highly challenging.

You are hereby advise to give this matter your adequate attention, you will be convinced with the due processing going on and removal of protocols and bureaucracy, this cash flow into your bank account/delivery if you can cooperate with the bank on due processing, it will aide you to revive your financial statue that has been under a serious threat at this festive time ahead. Give us a listening ear and have your fund just like others cleared from our custody.

Waiting for your urgent reply!

Regards,

Mrs. Janet L Yellen

Federal Reserve Bank New York

I bet you are totally jealous.

(Yes, this was submitted in a form on one of my websites. I guess the scammers are becoming ever cleverer)

That Tone Thing

The other day, as the train was lumbering towards my terminal station, a great Mr. Big song came on. From their Raw like Sushi Vol. 2 album, the song was Road to Ruin with the Paul Gilbert guitar solo appended at the end. I turned up the volume, and basked in the glory that is Paul Gilbert and reminisced about that elusive thing that all guitarists chase: “Tone”.

It wasn’t a particularly great solo, yes, as expected technical proficiency, some ginormous moves, and a couple of gaffes (you can tell that Paul wings it to some degree, unlike Yngwie Malmsteen). But that fat, ballsy, ripping tone.

I could plop down the bucks and buy a Paul Gilbert custom Ibanez Fireman guitar (his signature axe), and a stack of Laney amps. I could probably put together his signal path, and match it perfectly, but you know what? I would still not sound like Paul.

Early in my 3+ decades of playing, I spent a lot of money chasing the tone. The latest fuzz box, better amps, all tube, bigger speakers. And I was lost. I would religiously read GFPM (Guitar for the Practicing Musician) and try to duplicate the signal chains. I had digital delays, chorus pedals, DOD distortion boxes. I even chased the elusive Ibanez stomp boxes that are so revered today that original ones often sell for $500 or more on ebay.

The more I chased it, the less satisfied I was. Ultimately, I got away from all the gear. I kept my two main amps (Gallien Krueger 250ML, and a phat Fender Super 60), but along the way I shed all the extraneous gear.

I began working on my technique. I realized that the killer sounds weren’t magic from some analog of digital processing, but they come from your fingers and your guitar. What pickup, how you attack the strings, where you pick them (or mute them), that these were what made the great players sound great.

Alas, I finally “discovered” the secrets that I chased. Of course, there are some things that you can’t do, a good stereo chorus, or a phaser effect. But get a decent eq setting, and a solid overdrive, and rely on your skills, and you are golden.

I just wish I had the discipline to practice as much now as I could in my early 20’s (and also that the arthritis didn’t halt a lot of my practice sessions short). But that’s life.

Email Clients – Redux

Again, I find myself at a crossroads. Being a Mac person, and relying heavily on Google’s email products (I have 5 different email identities, all hosted on Google’s Gmail or G-suite apps), I must have a mail client that works well with the Google way.

Alas, the built in Apple mail client is okay, but on alternating releases they really foul up the way it works with the Google imap/smtp world. Not fail, but irregularities and some general suckage.

Word has it that in the new 10.12 MacOS Sierra it is good again. But I know that will change. Again.

About 5 months ago, I stumbled on CloudMagic, which seemed truly magic with the Google world, and its iOS clients were great too. But a couple weeks ago, they flipped their business model, and now it is $50 a year subscription. So I needed to switch clients.

Read more