A fun afternoon (attacked website)

Thursday, December 15 was a day like any other until the afternoon. Then I got the notice from the Jetpack plugin for one of my WordPress sites that it was down, and couldn’t be reached.

This happens occasionally, so I wasn’t too upset. Pointing my browser to the site Home2Baja gave a Database connection error. Simple enough to fix.

So I fired up PuTTY, and logged in. I attempted to restart MySQL, the first line of fixing the issue. Weirdly, it restarted, then stopped automatically again.

What f*ckery is this?

So I restart the droplet (this is hosted on the incredibly awesome service Digital Ocean) and after a minute try to browse to the site again. Same issue.

Grrrrr.

So I once again fire up PuTTY, and log in. Now all sorts of bat-shittery is happening. I am getting BASH errors, not enough memory to fork. I can’t even log in, so I go to the Droplet service on DO, and log into the console.

… and the screen fills with Apache error codes.

A little Google-fu, and it appears that the site is getting hammered with XML-RPC requests, causing Apache to use all the memory, and essentially shutting down the droplet.

The problem was that I could power it off, and on, but before I could SSH in, the site was jacked with the cascade of XML-RPC requests.

Finally, I got in, and was able to apply a fix (also, documented well on the Digital Ocean support knowledge base), and got it back under control.

Now, I have Cloudflare running interference, so that in the future if/when I get hammered like this again, I can block it without being locked out of my own VPS.

A fun afternoon.

(Background: The “Home2Baja site is a website I created for a friend who is selling his home in San Felipe, B.C. We use Google Adwords to drive traffic to it, and it gets 30 – 50 hits a day. Clearly someone pointed their attack vector at it, and it was getting 4,000 xml-rpc queries a second. No wonder why my measly 1gb droplet was getting inundated. Yes, there is a firewall, a fairly restrictive firewall, but these queries come via HTTP, or port 80.)

Next up on the Raspberry Pi

Last week, I wrote about how I on a lark bought one of the raspberry pi single board computers. The first round of goodies for it was a SD card (to write the OS to and boot from), and a HDMI cable to connect it to my Samsung monitor.  Got it fired up and all was cool.  Of course, it sitting naked on my CSS reference book was a bit clunky, so back to Amazon I go.

Now it is in a clear plastic case, and I have a dedicated power supply for it.  I also have a WiFI dongle to get it on the internet, and ready to do more heavy lifting. I began to work my way through a Python tutorial, and will continue that this weekend.

Next up, I am going to have to move my kit to the living room for a couple hours.  Alas, to get the Linux install updated, and to add the correct kernel modules for the WiFi dongle, I need to be on the internet, and that is where the router is. Oh well, but after that, I should be good to go.

I am still impressed with what comes on this little board for a mere $35.00. I bought it to bring back memories of my early computer experiences, an 8-bit Atari system, but this has so much more, including internet, and HD video output.  I remember endlessly fiddling to get a decent serial port (the 850 module) and a modem to connect to the outside world (there was no private internet at that time), living with composite video out on a mediocre CRT display. Living with 48K of memory (actually, that was a luxury), writing small assembly language adjuncts to speed up Basic or Basic XL (OSS System software ROCKED), and running a full featured BBS system.

I still have an old Atari (some of its games are still very playable), but I don’t break it out often, because it is so painful to setup, so this will be my “toy” for now.

But what will I do with it in the long term?  Media center? MAME cabinet? Do some robotics?  Maybe build a weather monitoring system?  Hoo boy, it will be fun.

Next post will have pictures, I promise.