badrihippo Posted January 12, 2020 Posted January 12, 2020 Hi all,Something weird happened just now and I'm a little freaked. Three things, actually. Some background: I run a Ghost site on Heroku, which uses a HelioHost database via "remote MySQL". Today, the site failed to startup due to an application timeout, which I assume was a timeout while trying to connect to the database (it was working fine in the morning so I can't think of any other explanation). When I tried to sign in, the password was rejected thrice. That might have been just me in a panic, but I know what my password's supposed to be, so was wondering if someone's broken in and changed it. In any case, I reset via email to a different one. After signing in, I tried opening phpMyAdmin to test the database, but it fails with an error:No response from subprocess (php): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file. As a side note: Tommy's cPanel seems much slower than usual. This might be unrelated, but it may also explain all the errors (maybe the password checks and database calls all timed out). If possible, would you admins be able to do the following:Send me IPs and login times for my last 3 cPanel logins (I got the last one's IP, but I'm travelling so would need a couple others to compare). Maybe also password reset logs or something to see if there's anything suspicious.Look into phpMyAdmin and remote SQL and see if others are having issues tooNot sure what else, but maybe something in the syslogs to indicate what may be happening?Thanks in advance!
badrihippo Posted January 12, 2020 Author Posted January 12, 2020 (edited) Update: The remote SQL (via Ghost) is back in action! phpMyAdmin still crashing though. Maybe it was a load issue after all? Update to the update: it's down again database requests are timing out Edited January 12, 2020 by badrihippo
wolstech Posted January 13, 2020 Posted January 13, 2020 Something/someone was overloading Tommy earlier. It looks like it was a DoS attack, which isn't terribly uncommon...we sometimes get hit with these, usually as retaliation for things like banning someone's phishing site. If it were internal (software malfunction or abusive user), they'd end up suspended, typically within a few minutes. The fact it lasted for hours alone suggests external causes. That's backed up by Tommy's firewall log having a ton of new blocked IPs from China today... Notice all the orange and red betwen 1500 and 2000 UTC): http://heliohost.grd.net.pl/monitor/ During such events, it's not uncommon for connections to fail or for things to randomly hang or crash. If you're logging in using our website, an Invalid Password message will be display if the server is down and cannot be contacted to verify your password (it really should be modified to report that the server timed out verifying the password). The event in question has since subsided and service should have returned to normal. If your account is still not working, please let us know and we'll get it going again for you 1
badrihippo Posted January 13, 2020 Author Posted January 13, 2020 Oh, yes. It's back to working now! That's a relief (Side note: didn't imagine I would be relieved by a DDoS attack ). Then my guess about timeouts was correct. I'd checked for news updates on Twitter but didn't realise there was a Discord channel too. Is that the new "go-to" place for updates?
Sn1F3rt Posted January 13, 2020 Posted January 13, 2020 Not necessarily as the updates are posted in the 'News' section here as well, but you could still join Discord as you could get help within a few minutes, from the active community and with the one-to-one interaction in the chat. Ofc all updates are posted there.
wolstech Posted January 13, 2020 Posted January 13, 2020 Discord is best for real-time stuff. An ongoing attack is likely to be discussed in Discord (or possibly a forum help request) first, and assuming it subsides quickly, will never make it to the News forum or other media channels. Planned events such as migrations, server updates, maintenance, etc. are always announced in the News forum, as are unplanned events with an extended impact (extended DoS attacks lasting longer than a day or so, disk failures, etc.) Twitter and Facebook are managed by a bot and will post the same announcements made in the News forum. They aren't manned.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now