Yesterday, our Collage web servers began to show signs of another injection attack. The attack was similar to the last one, where the attack attempted to use our website to push visitors a known attack website in China. If successful, the attack would execute malicious java script to download more hostile software to the visitor’s PC. This represents a newer form of attack, attempting to use a trusted source (in this case ALA), to refer web visitors to a hostile site. We have identified a number of other external websites that were attacked by the same method.
We have located the malicious code that the attack inserted into some of our forms databases, and have removed it. We have also added more rules to our filtering system on our two outward-facing Collage web servers to prevent this attack from occurring again. If you experience any odd behavior related to online forms, please send a report to helpdesk@ala.org with as much detail as you can provide.
We will keep you updated by email and the ITTS Update blog as events require.
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
The server on our shared hosting account at Dreamhost is encountering an extremely heavy load. Blogs, wikis, and classes housed on the account may encounter slowness. I have reported the problem, and am monitoring the server’s performance, which appears to be gradually improving. Please contact me any time you run into major problems using the external hosting account, as this data is vital in terms of long range planning for our off site resources.
Matt Ivaliotes - ITTS
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
For some time now, we have had WordPress software available on our offsite hosting account at Dreamhost. We still have about forty weblogs internally hosted on blogs.ala.org using the b2evolution software package. For a host of system stability, security, and efficiency reasons, we’d like to have weblogs migrated off of blogs.ala.org and to Dreamhost-hosted WordPress installations as quickly as reasonably possible. If the address of your weblog begins with http://blogs.ala.org, then it will need to be migrated.
On the Tech support wiki, you will find an instruction document on how to make this migration (thanks to Stephanie Kuenn for putting this together after going through the migration process herself). Please look the instructions over, and plan to move your weblog in the next several weeks. I of course will be happy to answer questions you may have about this process. Note that Stephanie references using an FTP site for uploading a blog theme. If your unit already has applications on Dreamhost, you should have a login and password for FTP-ing files. If not, when you request the new WordPress blog from me, I will send you the FTP information.
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
The wikis at wikis.ala.org are back in service. There was an error that overwrite the password the wikis use to access their databases. The risk of this sort of single point of failure is one of the reasons why no more new wikis are going to be created on this server. We are sorry about this downtime, and do not anticipate a repeat.
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
Some time in the past few days (this started between 7/20/08 and 07/30/2008), several of our web servers began to show signs of a virus attack. The attack attempted to use our website to push visitors to verynx.cn, a known attack website in China. If successful, the attack would execute malicious java script to download more hostile software to the visitor’s PC. This represents a newer form of attack, attempting to use a trusted source (in this case ALA), to refer web visitors to a hostile site.
We have located the malicious code that the virus inserted into some of our forms databases, and have removed it. We have also installed a new filter system on our two outward-facing Collage web servers, and are in the process of fine-tuning its performance. This new filter should block any further attacks of this kind, which will give us the breathing room to take other measures to prevent more attacks in the future. If you experience any odd behavior related to online forms, please send a report to helpdesk@ala.org with as much detail as you can provide.
We will keep you updated by email and the ITTS Update blog as events require.
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
The wikis hosted at wikis.ala.org are encountering another problem. The issue does not appear to be causing any problems for web log analysis using urchin or the weblogs housed at blogs.ala.org using b2evolution. Troubleshooting of a database connectivity issue between Mediawiki and mysql is in progress.
Share and Bookmark:These icons link to social bookmarking sites where readers can share and discover new web pages.
