- About Scala
- Documentation
- Code Examples
- Software
- Scala Developers
Scala-tools.org is back online
Tue, 2009-04-07, 03:46
Folks,
scala-tools.org is back online. Hudson is not building and we're not pulling from EPFL, so nightlies are not happening. This will be rectified over the weekend.
The machine running scala-tools.org, liftweb.net and wiki.liftweb.net was not configured properly. I did not have a firewall and port 25 was left open and was an open relay. I was notified on Saturday that the machine was responsible for redistribution of some mail containing viruses. At the point that I was notified, I shut down the mail server. However, the machine become the target of what appears to be a denial of service attack. See the attached graphs indicating that the machine was saturating its 100mbps bandwidth.
I have taken the offending machine off-line and I mounted its disks on another machine and removed the static contents. I have not been able to reboot the machine to pull its MySQL contents and thus am not able to put wiki.liftweb.net online.
I will get a static version of the liftweb.net site up in the next day or two, but wiki.liftweb.net will wait until I can boot the machine in isolation (in the event that it was compromised) and dump the wiki.liftweb.net database. I expect that the Lift-related sites will be fully functional by Tuesday 4/14. Note that I'm on vacation this week and the incident cut significantly into fun time with the family.
Going forward, I'm planning to do a couple of things:
Sorry for the inconvenience.
David
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
scala-tools.org is back online. Hudson is not building and we're not pulling from EPFL, so nightlies are not happening. This will be rectified over the weekend.
The machine running scala-tools.org, liftweb.net and wiki.liftweb.net was not configured properly. I did not have a firewall and port 25 was left open and was an open relay. I was notified on Saturday that the machine was responsible for redistribution of some mail containing viruses. At the point that I was notified, I shut down the mail server. However, the machine become the target of what appears to be a denial of service attack. See the attached graphs indicating that the machine was saturating its 100mbps bandwidth.
I have taken the offending machine off-line and I mounted its disks on another machine and removed the static contents. I have not been able to reboot the machine to pull its MySQL contents and thus am not able to put wiki.liftweb.net online.
I will get a static version of the liftweb.net site up in the next day or two, but wiki.liftweb.net will wait until I can boot the machine in isolation (in the event that it was compromised) and dump the wiki.liftweb.net database. I expect that the Lift-related sites will be fully functional by Tuesday 4/14. Note that I'm on vacation this week and the incident cut significantly into fun time with the family.
Going forward, I'm planning to do a couple of things:
- Isolate the layers of the machine running scala-tools.org such that the administration of the machine is different from the functioning of scala-tools.org
- Create a stand-alone Hudson build machine that is separate from scala-tools.org so one can be administered without the other
- Create Xen snapshots of Hudson build machines that will be able to build untrusted code from untrusted repositories (this will help with GitHub integration)
- Have a couple of scala-tools.org mirrors so that even if one of the machines goes down, the others will be available
- Create a team of people, all of whom can take care of the various parts of scala-tools.org so that it's not all about me and DavidB
Sorry for the inconvenience.
David
--
Lift, the simply functional web framework http://liftweb.net
Beginning Scala http://www.apress.com/book/view/1430219890
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
