Housekeeping: The Horde Advances

Thanks for your patience while the site was down. It might happen again; we are currently being intermittently targeted by a lightweight denial-of-service attack. If it continues, I’ll have to put the site behind Cloudflare or something similar. It’s not uncommon for us to receive 150,000 fraudulent login attempts in the space of ten minutes, all launched simultaneously from sites across China and Eastern Europe.

In other words, somebody is paying good money for a botnet to knock the site down as often as possible. This is the sincerest form of flattery but it’s also sincerely annoying. Look at it this way: At least we’re managing to serve the current version of the site to non-logged-in users, something with which the poor fellows at TTAC are currently struggling!

20 Replies to “Housekeeping: The Horde Advances”

  1. Felis Concolor

    Be careful; Cloudflare’s CEO might wake up in a bad mood and decide to kick you off the internet.

    Reply
      • Ben Johnson

        Clouflare has had their childish censorship moments – but this site has nothing to fear.

        There’s a time and place to go all GNU-Linux/Ghandi.net/TOR/MY-WHOLE-WEBSITE-IS-A-TEXT-FILE-VI-FOREVAR.html/AR-15-lower-with-built-in-2600-whistle.gcode

        and there’s a time to just get it working. Cloudflare. Do it. Spend the time saved advancing civilization.

        Reply
        • Jack BaruthJack Baruth Post author

          Wait a minute, I’m registered with GANDI and I volunteered for the FSF… I feel triggered

          orders Ghost Gunner

          Reply
        • Eric L.

          Woah, isn’t using Gandi + FastMail the most sensible thing to do in our spy age? whois lawler.io. Do you see any of my information on there? Nope. And my emails are stored on a server in Australia, so good luck convincing FastMail to comply with warrant-less, gag-ordered data requests, g’mnt!

          Reply
      • Ben Johnson

        Low-hanging fruit:

        Password protect your wp-admin folder with .htaccess file. It’s an annoying double login, but your server doesn’t have to query the database for the initial .htaccess check – it will be cached.

        Get cheap SSL cert or use Let’s Encrypt – honestly the ecosystem around Let’s Encrypt makes it easy. This makes the clients in the botnet have to think – many IoT devices don’t have enough horsepower to handle SSL well depending on a lot of circumstances of the attack.

        Let me know if I can help – I’ll be more than happy to donate some time to the cause.

        Reply
        • Jack BaruthJack Baruth Post author

          I appreciate it. I should be doing more to protect the site, I was a frontline Linux sysadmin for 17 years and I’ve been to SANS school and all that.

          The shoemaker’s children go barefoot.

          Reply
  2. Disinterested-Observer

    Once again, not relevant but nobody else I “know” would be interested. Just saw Cowboy Junkies again. They played The Last Spike at what I like to think was my request, as in I sent them an email asking them to play it and they did, and Margo said it was a request, but didn’t say from whom. The intro was funny, Alan and Pete left while Margo, Mike, and Jeff did a couple of acoustic songs. Margo says something like “this next song has a lot of words. I don’t know this song at all, so I am going to have to cheat. I mean, I always cheat, but I am going to have to cheat more than usual.” They then proceeded to kill it. Anyway if they ever get within 200 Miles of East Jesus Ohio or wherever you live you should check them out. They are all very good musicians and very professional. My kids got a shout out from Margo too, which was cool. I think they were literally the only kids in the joint, out of ~500 people. I don’t know why more people don’t take their children to concerts unless they’re philistines or their kids are little shits who don’t know how to act.

    Reply
    • CJinSD

      Most concerts are extremely loud. Some people probably don’t want to damage their children’s hearing.

      Reply
      • Disinterested-Observer

        In my experience that is not the problem at all. We bought ear plugs prior to the show because we forgot their over-the-ears at home but we didn’t need them despite being in the front row. Just a nice venue with solid acoustics, and the band’s style isn’t especially loud. We have brought hearing protection to other concerts and it’s been necessary more than once. A couple of post punk bands, especially at outdoor venues and you’re damn right the kids had their ears on. That being said I think the reason people don’t bring their kids to concerts is because either they don’t want to or they don’t think they can. There was a woman at the show who said to us the next time Cowboy Junkies came around she would bring her son who was two years older than my kids. She added that couldn’t tell him what inspired her to do so (i.e. seeing us at the show) or her son would be disappointed that he didn’t get to go to this show.

        Reply
    • Aoletsgo

      LOVE me some Cowboy Junkies, I have all their CD’s. They are my go to music when painting the inside of my house or working on my bikes. Saw them at the Ark and they were fantastic!
      We took our kids to a fair amount of concerts when they were young and they both are very active concert goers on their own now.

      Reply
  3. Cdotson

    On a housekeeping note I seem to recall you wanting us to keep an eye on your ads to ensure they weren’t becoming too invasive or overtly specific to one’s browsing habits. Today I have seen ads for trucks I’ve been searching on Craigslist and cargurus and for my local pick-n-pull. I’m of the mind that there are no coincidences.

    Reply
    • Jack BaruthJack Baruth Post author

      That kind of targeting is part of what Google does. What we’ve opted out of is the part where it reads your email and shows you stuff from your emails in the ads. I hope.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.