Comments on: Design & Punishment

By: 设计界 » Blog Archive » Links for 2007-07-27 [del.icio.us]

设计界 » Blog Archive » Links for 2007-07-27 [del.icio.us] — Wed, 01 Aug 2007 10:29:52 +0000

[...] Design & Punishment chair - fulminate // Architectures of Control by Ben Cunningham. the chair progressively collapses as the user’s home energy use becomes excessive, and restores itself when corrective action is taken (such as turning devices off): [...]

By: Dan

Dan — Sat, 28 Jul 2007 11:27:45 +0000

Does Ctrl + F5 force Firefox to refresh the page? Even so, the comments may now take a few hours to appear because of the extra caching I’ve enabled on the site to try and reduce the number of queries to the database (it’s a separate but concurrent delay to any delay caused by spam-filtering!)

I am investigating the max_user_connections problem and at present everything seems to be behaving itself - just need to monitor all the processes at the point when the problem recurs.

By: None of 3

None of 3 — Sat, 28 Jul 2007 00:36:02 +0000

Eh, posting that one made the other one magically work too. How odd.

By: None of 3

None of 3 — Sat, 28 Jul 2007 00:35:25 +0000

Test — is something broken with posting? It doesn’t seem to work anymore, or else your damned spam filter has decided to kill “None of 2″ the way it did the original “None of”

By: None of 2

None of 2 — Sat, 28 Jul 2007 00:34:33 +0000

Part of the problem could be that for some reason Firefox refuses to cache individual article pages at this site, and always goes back to the server for them.

By: Dan

Dan — Thu, 26 Jul 2007 23:42:45 +0000

The site has been having a few problems this evening; the hosting company assures me it’s down to an excessive amount of simultaneous requested PHP connections to the database causing things to time out for a lot of visitors, and that it’s something only I can fix, so I’m endeavouring to do so in a number of ways.

I don’t think there was any security breach (the Wordpress “Error establishing a database connection” message which does indeed mention passwords scared me somewhat initially) but I will be trying various things to improve the stability and security of the site. Along with some changes (improvements) to layout, etc, that I intend to make over the next couple of weeks, the site may occasionally look strange, wrong or broken, and I apologise for that in advance.

By: None of 2

None of 2 — Thu, 26 Jul 2007 22:25:09 +0000

Your Web site appears to have been attacked and defaced.

The affected URL is http://architectures.danlockton.co.uk/2007/07/23/another-charging-opportunity/#comments

As of 4:30 central time clicking it results in an incorrect response.

Expected behavior: the Web server sends a page consisting of “Another Charging Opportunity” and its comments, similar to the page where this comment is being entered.

Actual behavior: the Web server either does nothing or sends the wrong page (i.e. one not containing “Another Charging Opportunity” and its comments).

Alarmingly, the “wrong page” appears to contain text directed at the system administrator and discussing passwords, text which presumably should never be displayed to normal surfers, implying a security breach.

Get your server patched up to date on security hotfixes pronto! Whoever did this appears to have made an affirmative effort to expose privileged parts of the system administrator’s interface to the server, perhaps to assist in further intrusions or throw the site wide open to intrusion by anybody.

Most likely on behalf of one of the nastier DRM-using user-hostile corporations that don’t like your shedding a light on some of their “architectures of control”.

Unfortunately you probably have some powerful enemies so you will need top-notch site security now. There seems to be no loss beyond the one article and its comments thus far; compared to what might await, it’s just a warning shot (or maybe a test). You don’t want to face the brunt of a really determined attack without beefier security given that the warning shot managed to do real damage with your current setup. If it was indeed a test, there’s now blood in the water and probably sharks about. Patch the hole and harden everything before it’s too late.