torios team mailing list archive

Thread
Date

Why the domain went down

To: torios <torios@xxxxxxxxxxxxxxxxxxx>
From: William <william@xxxxxxxxxx>
Date: Mon, 20 Jan 2014 16:53:15 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

I was able to trace back to the IP address that caused the evil-scriptactivity on the ToriOS.org domain resulting in Turnkey's firewallblocking it. It came from, wait for it... wait for it... me.


Here's what happened:

I woke up early that morning so I decided to take the time to learnphpBB inside and out. I decided I would commit to a break-neck speedcomb over of the whole systems administrative capabilities. Thisresulted in the following activity on my part: logging in as admin,making changes, logging out, logging back in as a regular user,observing changes, logging out as regular user, logging back in asadmin, make more changes... you can see where this is going and it wasall coming from a single IP address. There was enough to explore that Imust have kept at it for a couple of hours, and I was moving fast. Thiscaused Turnkey's firewall to (rightfully) flag me as a malicious scriptdue the unusual activity and the fact that it was all coming from asingle IP, and block the domains IP. I really should have known better -live and learn I guess. Why there was first a throttling down ofbandwidth with a slightly delayed blocking I do not know, perhaps anetwork guru here does but it's not really important.


Do not expect our domain to be blocked in the future:

It is perfectly safe to administrate the forum or any part of the website. Again: it was the bizarre activity on my part that caused this. Ifanything we should be grateful that Turnkey's systems are smart enoughto hit the kill switch. This was also not an issue of bandwidth, we havemore than we could ever use. Normal administration and end user activitywill not cause this to happen. We can handle hundreds if not thousandsof simultaneous logged on users all doing there thing.


Sorry about all that.

BTW - We are on a shared server so please do not ever attempt an SSHsession, that is the only other that could get us blocked.


Going back to chilling now, I promise Ali : )