Transition Technology: Ticket Query

#881: Site on ParrotServer with a memory leak?

chris — Fri, 23 Oct 2015 11:19:04 GMT

It appears a site, or application, on ParrotServer might have a memory leak.

#541: Documentation of the WordPress sites

chris — Wed, 01 May 2013 20:25:57 GMT

These pages have been created for the documentation of the wiki:WordPress sites running on wiki:PenguinServer:

So far they only have a listing on the plugins for each site.

Ideally they would document all the plugins, the theme and the steps that need to be taken to upgrade each site and also any other things that need documenting.

Laura is this something you might be able to help with? I'm happy doing some work on it but you know your way around these sites far better than anyone else.

#538: intransitionmovie.com checks and updates

chris — Tue, 30 Apr 2013 20:02:03 GMT

The http://www.intransitionmovie.com/ site has been migrated to wiki:ParrotServer, the DNS might not have yet updated for everybody.

Laura -- could you check that the site is working OK if you get a chance, especially the ecommerce elements?

There are some outstanding updates, WordPress is version 3.3.2 need updating to 3.5.1 and there are 12 plugins with updates available:

18 installed plugins:
 UA affiliates
 UA affiliates-woocommerce-light
 UA akismet
  A backupwordpress
 UI bad-behavior
 UA bwp-minify
  A contact-form-7
 UA event-o-matic
  A transposh-translation-filter-for-wordpress
 UA usernoise
  A woocommerce
 UA woocommerce-export-csv
  A woocommerce-currency-converter
 UA woocommerce-dynamic-pricing
  A woocommerce-delivery-notes
 UA woocommerce-shipping-table-rate
 UA wp-customer-reviews
 UI wp-super-cache
Legend: A = Active, I = Inactive, U = Update Available

I'm happy to do all these updates but I wouldn't know what exactly to check to see that the updates don't break anything -- would Laura be able to help with a quick check that updates haven't broken anything?

#539: REconomy site migration and updates

chris — Wed, 01 May 2013 10:01:00 GMT

This ticket is to keep track of the tasks undertaken and the time spent on the migration of the http://www.reconomy.org/ site to wiki:ParrotServer.

#542: Parrot RAM

chris — Wed, 01 May 2013 20:35:50 GMT

I'm concerned that wiki:ParrotServer might not be able to cope with load spikes due to it only having 1GB of RAM, these are the Munin graphs we need to key an eye on:

If the server runs out of RAM it will basically stop responding.

#550: Transition Town Totnes migration

chris — Sun, 19 May 2013 14:59:44 GMT

It has been agreed to migrate Transition Town Totnes, http://transitiontowntotnes.org/ to wiki:ParrotServer and this ticket has been created to record this process and the time spent on it and the documentation of the migration.

There is also an issue regarding what, if anything, to do with the old Drupal site at http://archive.transitiontowntotnes.org/

#577: Transition Streets Wordpress Migration

chris — Tue, 06 Aug 2013 21:28:25 GMT

This is a ticket to document the migration of the Transition Totnes http://www.transitionstreets.org.uk/ wiki:WordPress site to wiki:ParrotServer.

#583: tmp files on parrot exceeded inode limit

ed — Mon, 02 Sep 2013 12:28:46 GMT

Users are attempting to purchase a DVD and the cart always zeros out even after attempts to update cart etc.

Laura suggests that this may be a server issue and to start with Chris:

The prob could v likely be on the hosting side, so be worth contacting Chris first (and mention can add to cart all okay when logged in, view cart and alter and get to billing page, so could be a session setting that's changed) -

Does the server have disk space left on /tmp. Session data is most likely written there. (sometimes this cart faff issue can happen because of that.)

Are the PHP Session settings correct/ have they changed recently? Chris can fix this if needing a tweakette in php.ini or other places in the underworld of those types of files.

DB could potentially need check/repair.

Another one is the shop element relies on cookies so if a user has set browser to not accept cookies may poss not work! (but think thats something not to think about here, as I tested as both logged in and logged out with cookies set to work on my browser, logged out got the 'cart empty' faff factor like other users will be getting.)

If Chris can't spot the bug (does sound server side and sessions related from a quick test here, haven't looked at the server logs, but if get a mo later will see if I can), poss good to chat and I can think some more on it, but first thoughts alert me mostly to server side, sometimes a roll back to php 5.2 clicks things back into place (but shouldn't be needed). Be good to see if there is a correlation with any server changes/tweaks happening around same timing that the cart stopped working. Keep me in the loop if it is a server fix-y thing as always interested to hear results on bug fixing on sites.

#594: WordPress 3.6.1 Maintenance and Security Release

chris — Wed, 11 Sep 2013 22:05:01 GMT

The following is from http://wordpress.org/news/2013/09/wordpress-3-6-1/

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:

Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Reported by Tom Van Goethem.
Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user. Reported by Anakorn Kyavatanakij.
Fix insufficient input validation that could result in redirecting or leading a user to another website. Reported by Dave Cummo, a Northrup Grumman subcontractor for the U.S. Centers for Disease Control and Prevention.
Additionally, we’ve adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.

#631: Move Transition Culture onto PARROT

ed — Mon, 25 Nov 2013 11:57:44 GMT

We are about to move TC onto PARROT. List of likely actions here:

Ed speak to Simon (move the host, keep the developer if poss)
Chris speak to Simon about TC issues - traffic, size etc.
analyse TC traffic and DB size
prepare PARROT
move TC

Chris thinks we'll need to up PARROT to VPS2 + 2 GB RAM

#639: earthin site wordpress error

chris — Fri, 29 Nov 2013 14:06:01 GMT

When using wp on the command line for wiki:EarthInheritorsWordPress

PHP Fatal error:  Call to undefined function get_post_format_slugs() in /home/earthin/sites/default/wp-includes/theme.php on line 1264

#656: Spam being sent out via Transition Culture

chris — Sat, 14 Dec 2013 14:48:21 GMT

I'm getting several of thee day day:

From: Mail Delivery System <Mailer-Daemon@parrot.webarch.net>
Date: Sat, 14 Dec 2013 13:21:02 +0000
To: tc@parrot.webarch.net
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
  inxzkysnf@gmail.com
    SMTP error from remote mail server after RCPT TO:<inxzkysnf@gmail.com>:
    host gmail-smtp-in.l.google.com [173.194.78.26]:
    550-5.1.1 The email account that you tried to reach does not exist. Please try
    550-5.1.1 double-checking the recipient's email address for typos or
    550-5.1.1 unnecessary spaces. Learn more at
    550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596 l11si2175565wjw.16 - gsmtp
------ This is a copy of the message, including all the headers. ------
Return-path: <tc@parrot.webarch.net>
Received: from tc (uid=1011)
        by parrot.webarch.net with local (Exim 4.80)
        (envelope-from <tc@parrot.webarch.net>)
        id 1Vrp9L-0002BF-Kf
        for inxzkysnf@gmail.com; Sat, 14 Dec 2013 13:20:56 +0000
To: inxzkysnf@gmail.com
Subject: Thanks for your message
X-PHP-Originating-Script: 1011:lib_nonajax.php
From: robjhopkins@gmail.com
Reply-To: robjhopkins@gmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----MIME_BOUNDRY_main_message"
Message-Id: <E1Vrp9L-0002BF-Kf@parrot.webarch.net>
Date: Sat, 14 Dec 2013 13:20:55 +0000
This is a multi-part message in MIME format.
------MIME_BOUNDRY_main_message
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: quoted-printable
Dear timberland france,
Thank you for your message on the Transition Culture website - I will get back to you as soon as possible.
------MIME_BOUNDRY_main_message
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><BODY>
<div style=3D"font:normal 1em arial; margin-top:10px"><p><strong>Dear timberland france,</strong></p>
<p>Thank you for your message on the Transition Culture website - I will get back to you as soon as possible.
<div style=3D"width:80%; background:#f4faff ; color:#aaa; font-size:11px; padding:10px; margin-top:20px"><strong>This is an automatic
+confirmation message. 14 December, 2013.</strong></div></div></BODY></HTML>

It appears to be spam sent fro the Transition Culture WordPress site to a Gnmail user who doesn't exist.

It appears, from the email headers that this form is being used for the spamming /home/tc/sites/default/wp-content/plugins/contactforms/lib_nonajax.php.

This needs some more investigation.

#687: Set up cert expiry date checking for all SSL certs

chris — Mon, 03 Feb 2014 13:35:01 GMT

Last month the *.transitionnetwork.org cert expired before it was replaced with a new one and users therefore got warnings for around half a day, see ticket:685.

A script to check the expiry dates was set up on wiki:PuffinServer on ticket:685#comment:9 and this ticket is to document setting this up for wiki:PenguinServer and wiki:ParrotServer.

#695: File upload problem with TTT WordPress site

chris — Sun, 02 Mar 2014 19:46:50 GMT

Laura has reported:

Had a report this evening that the TTT website isn't letting any uploads happen (adding of a new plugin by another admin, and also media/image uploads not being able to uploaded - no real error message as such just doesn't upload).

I just logged in quickly to see if I could upload a pic to test and wouldn't upload. Just wanted to check if anything had changed server side re permissions.

#696: Disk space error on parrot for TTT site

chris — Mon, 03 Mar 2014 10:51:46 GMT

Email from Laura:

Message appearing at top of ttt website when I just took a look-

Warning: session_start():
open(/home/ttt/tmp/sess_mnme76d2k5s6vopk5u1it126p5, O_RDWR) failed: No
space left on device (28) in
/home/ttt/sites/default/wp-content/plugins/tt-resource-database/participants-database.php
on line 2534

and something in the sidebar -

Warning: call_user_func_array() expects parameter 1 to be a valid
callback, array must have exactly two members in
/home/ttt/sites/default/wp-includes/plugin.php on line 199

#699: Update Core & Plugins on transitionculture.org

sam — Mon, 10 Mar 2014 11:46:33 GMT

This site needs an update.

I'll do a database backup then update it.

#709: Reconomy sites appears to be sending out spam

chris — Fri, 28 Mar 2014 18:48:53 GMT

This failed email has just been returned:

From: Mail Delivery System <Mailer-Daemon@parrot.webarch.net>
Date: Fri, 28 Mar 2014 18:14:32 +0000
To: recon@parrot.webarch.net
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
  fionaward@transitionnetwork.org
    SMTP error from remote mail server after end of data:
    host mx1.spamfiltering.com [72.249.150.158]: 550 An address in this message (at sleepingteensex . com) is listed on
+sbl-multi.rbl.spamrl.com. Please organise removal and retry.
------ This is a copy of the message, including all the headers. ------
Return-path: <recon@parrot.webarch.net>
Received: from recon (uid=1006)
        by parrot.webarch.net with local (Exim 4.80)
        (envelope-from <recon@parrot.webarch.net>)
        id 1WTbIM-0001Sz-6R
        for fionaward@transitionnetwork.org; Fri, 28 Mar 2014 18:14:22 +0000
To: fionaward@transitionnetwork.org
Subject: roulette89
X-PHP-Originating-Script: 1006:class-phpmailer.php
Date: Fri, 28 Mar 2014 18:14:22 +0000
From: casino10 <fmzsb@www.reconomy.org>
Message-ID: <28cbb75557094e41d2f5e7e070dcd660@www.reconomy.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
From: casino10 <fmzsb@www.reconomy.org>
Subject: roulette89
Message Body:
интернет казино игровые автоматы рулетка зарубежный <a href= http://pobedim11.sleepingteensex.com/item280.html >можно ли играть в
+игровые автоматы в интернете на деньги</a> игровые автоматы через интернет 3g еще <a href= http://pobedim11.sleepingteensex.com >Новый
+Игровой Автомат</a> казино интернет казань.
--
This mail is sent via contact form on REconomy http://www.reconomyproject.org

#710: Incorrect email address for Sam on Transition Culture

chris — Tue, 01 Apr 2014 12:01:47 GMT

I'm seeing quite a few emails like this:

From: Mail Delivery System <Mailer-Daemon@parrot.webarch.net>
Date: Tue, 01 Apr 2014 08:04:28 +0100
To: tc@parrot.webarch.net
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
  samrossiter@transitionentwork.org
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <tc@parrot.webarch.net>
Received: from tc (uid=1011)
        by parrot.webarch.net with local (Exim 4.80)
        (envelope-from <tc@parrot.webarch.net>)
        id 1WUskG-0005Rv-Sa
        for samrossiter@transitionentwork.org; Tue, 01 Apr 2014 08:04:28 +0100
To: samrossiter@transitionentwork.org
Subject: [Wordfence Alert] Problems found on Transition Culture
X-PHP-Originating-Script: 1011:class-phpmailer.php
Date: Tue, 1 Apr 2014 07:04:28 +0000
From: WordPress <wordpress@transitionculture.org>
Message-ID: <11e64e1b3cdb24f69d0069ecdc224524@transitionculture.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Wordfence found the following new issues on "Transition Culture".
NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone)
and country blocking which are both effective methods to block attacks.
You can also schedule when your scans occur with Wordfence Premium.
Click here to sign-up for the Premium version of Wordfence now.
https://www.wordfence.com/wordfence-signup/
Alert generated at Tuesday 1st of April 2014 at 08:04:28 AM
Critical Problems:
* The Plugin "Spam Destroyer" needs an upgrade.

#718: REconomy site showing adverts randomly

ed — Thu, 10 Apr 2014 08:19:34 GMT

Load http://www.reconomy.org and the first time you get it, and other times at random and you get spam.

URGENT check please - on REconomy and all WP sites...

#749: Probs with REconomy site again - compromised?

chris — Thu, 26 Jun 2014 11:18:01 GMT

Email from Laura:

Looks like REconomy website has been compromised again.

Fi contacted this morning via email to say she's received a batch of 'new post' notifications on exceedingly old posts, so I logged into the site to check things out. I noted the footer wasn't correct on the site too displaying 'proudly powered by wordpress' rather than the widgets.

Had a whizz through folders/files via sftp to see any recent changes to files - and in the Reconomy theme files the 404.php and footer.php had been changed with a copy of the default wp twenty something one and base code 64 along the top. The footer was changed on 23/6 at 21.46, and I should have remembered when the 404 was changed before overwriting it - either the same date or time or on the 20/6. I've reinstated the correct files (but have downloaded a copy of the rogue 404 and footer files before replacing them with the correct ones if you wanted a copy for any purpose, though want to nuke these asap from my machine!)

Unlike the last time, no extra 'odd plugins' seem to have been added, nor anything odd by a (very) quick scan in wp-content/uploads folders and sub-folders.

Not sure how this has happened again, be good to know if you can spot anything your side, esp how these attacks happen especially incase I need to do something with the theme files (eg could it be some form of injection attack via the comments form somehow? Can't see how, but just wondering how these things tend to happen!). (do you think the file perms okay on the theme files, maybe worth a check too?). People can't register for an account on the website any longer, new users are added manually (been the case for some while now to stop spam signups)

All wp core is up-to date btw, and I've updated a couple of plugins whilst in there today.

And a follow up:

Following on from previous message just now, and quite poss unrelated altogether to the current site issue, looking at some of their blog posts on the site such as this one - http://www.reconomy.org/get-your-oats-here/, trackbacks come from a scraper type site eg - http://500biz.com/realwealth/get-your-oats-here-community-support-helps-new-enterprise-transform-local-food-supply-chain/ which seems to reprint reconomys posts.

#778: need access to Parrot

annesley — Wed, 27 Aug 2014 12:16:39 GMT

i need a publicly available WordPress demo install to play with. should this be on Parrot? what (sub)domain can i use?

#811: WordPress critical security release

chris — Thu, 20 Nov 2014 20:25:07 GMT

From the blog:

WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be updated to 3.9.3, 3.8.5, or 3.7.5 to keep everything secure. (We don’t support older versions, so please update to 4.0.1 for the latest and greatest.)

WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

#829: Creation of web space request

ade — Mon, 02 Feb 2015 10:11:03 GMT

Hi Chris, As discussed, can you please set up some webspace on Penguin? If you could also set up a sub-domain of 'projects' and confirm the FTP access details?

Many thanks Ade

#891: Issue with TTT and REconomy websites after upgrade to WP 4.4

chris — Thu, 17 Dec 2015 11:18:38 GMT

Email from Laura:

Just to let you know there's a bit of an oddity going on with both the TTT and Reconomy websites.

I upgraded to WP 4.4 after running full tests on my local copies here, and for some odd reason images aren't showing on the site. If you try to open an image in the browser eg https://www.reconomy.org/wp-content/uploads/2015/10/hubs-logos-landscape.jpg takes you to the - "Server error! The server encountered an internal error and was unable to complete your request Either the server is overloaded or there was an error in a CGI script. Please return to the front page of the site."

I've updated over 20 sites over the past few days (!) and these are the only two this has happened on. There are a few discussions here, (and have tried the temp fix of various functions.php tweaks in the theme files to see if that helps, but it doesn't)... https://wordpress.org/support/topic/after-upgrade-to-44-media-files-are-not-showing and even though sites are not appearing to use SSL wondering if related somehow to that or other? Has this happened to any other WP 4.4 sites on your servers?

I'll let TTT and REconomy know their site has been updated, but there is a glitch at present.

I've also added Wordfence to the sites too as there are swathes of brute force attacks happening on lots of WP sites everywhere currently and this plugin seems to help somewhat currently. I don't think it's the Wordfence plugin, as disabled it to test the missing images issue.

#911: Disk space for /home on Parrot is running out

chris — Mon, 30 May 2016 20:58:53 GMT

Getting this alert from ParrotServer every 5 mins:

transitionnetwork.org :: parrot.transitionnetwork.org :: Disk usage in percent
        WARNINGs: /home is 96.06 (outside range [:96]).
        OKs: /run/shm is 0.00, /run is 0.09, /dev is 0.00, / is 95.94, / is 95.94, /run/lock is 0.00.

#914: SSH to parrot please

sam — Wed, 13 Jul 2016 10:58:05 GMT

Hi Chris

Could you set up a SSH account on parrot for:

Kevin support@…

Using this public key

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgO8Uuk3ry+NvVvScbhV+edjJK8evIwnhoi1in1FtWvFTSjjb0NkZLXN5VEsWzq3TPvECggpAgVtdXFoCbmv6+wLKpLoVR7ZU+qcFOlEhVKju0zFRoIl25O9Hv5YqBPXgwzXKJg/ftiKWllXm6pZ97hAwxPoqBj42jwRlyndNLMozjomvXIxiNzgf95BmY7jVDc/JH2Dixe9poLWknXglTPAVHL5UtiP37dsgJj4JgWH9BqFixlEUopcLHhv6KPZpP5WS476KKV6MeiJhLeBpir8JcmqR84Lsoq2z9PUbZ4HyTUBTlMY4j9npFFF+Wqhrk3wxY6Q8TxdTrQDUC5VZ9GYufRS/ep2GPOg67wyOHoYdW3n7l+bX9+pWktD3KyA0KiJqhKG7BTNuhDYl0JqX396H+p80EAhAtFRj8+CnQRVYzogLGExhrKnlptT88rmqx5uJxSqGuuHrmcgncHH6f+qJzaecirJgFKSyPKtESFtBCAdKjbuh22o1EZTARNpdBWtwKNr3BG7D0RzpgVIoEiAxDw9YRSFHmra8pxd/k7F0ue51JO5RUsMxZ0izrgqHkefE+D6uf151Uj8V9Y+rK8C7Hqnc+bOvwixkkwSfglBIz+Y+3YzhEnCf1yCv2TpFnHGLYu0iDTwubDMBIUogi/m/lmGuR0DYxmpwxFNmNww== root@transition

Thanks

Sam

#915: SSH to parrot please

sam — Wed, 13 Jul 2016 10:58:11 GMT

Hi Chris

Could you set up a SSH account on parrot for:

Kevin support@…

Using this public key

Thanks

Sam

#921: HTTP_PROXY env var vulnerability

chris — Tue, 19 Jul 2016 12:34:30 GMT

See https://httpoxy.org/

#537: Parrot setup and documentation

chris — Tue, 30 Apr 2013 11:11:36 GMT

Things done setting up parrot.webarch.net -- a new virtual machine for running Wordpress sites, see wiki:ParrotServer

#540: HTTPS for WordPress sites

chris — Wed, 01 May 2013 20:20:32 GMT

Currently the wiki:WordPress sites have have the following SSL certificates:

https://www.intransitionmovie.com/ -- Gandi commercial certificate and dedicated IP address
https://www.reconomy.org/ -- CAcert non-commercial certificate and shared IP address (SNI)
https://www.earthinheritors.net/ -- CAcert non-commercial certificate and shared IP address (SNI)
https://parrot.transitionnetwork.org/ -- Gandi TN wild card cert and shared IP address (SNI)
https://parrot.webarch.net/ -- CAcert non-commercial certificate, this is the default site for clients without SNI support

None of the site are set to enforce HTTPS for logins, this should be done ASAP for intransitionmovie.com

I think we have several options going forward, the first 3 of this are the only viable ones though, IMHO:

SNI and Seperate Certs and Shared IP

Get a Gandi SSL cert for each site and rely on SNI rather than having a dedicated IP address for each site, this is the cheapest way to solve the problem, the certs are around £15 each.

The clients that don't work with SNI are listed here: https://en.wikipedia.org/wiki/Server_Name_Indication#Client_side

Multi-domain Cert and Shared IP

Get a Gandi SSL cert with all the domains in, this is a little more expensive than seperate certs (around £20 per site) but it means that all the clients that don't work with SNI will work. One issue with this is when adding new site is that a brand new cert would be needed as additional names can't be added to multi-domain certs during their lifetime, this could be worked around by getting a single domain cert to run to the end of the life of the multi domain cert (this would use SNI).

Seperate Certs and Dedicated IPs

Getting a cert per site and a dedicated IP per site, this would cost the most as each IP address costs around the same as each cert, (so about £30 per site). It also seems like a great waste to use up a IP per site when they are so scarce and when technical workarounds to this old problem like multi-domain certs and SNI are now available. I don't favour this option.

Non-commercial CAcert Cert

This is the cheapest, it's fine if people are able to install the http://cacert.org/ root certificate but this is something that non-technical people seem to find hard and they also don't understand the security warnings that they get when the cert isn't installed. This option is the one currently in use but it's far from ideal and one of the other options needs to be adopted before enforcing HTTPS logins is deployed. I don't favour this option.

#619: Upgrade WordPress sites to 3.9.1

chris — Fri, 15 Nov 2013 14:38:05 GMT

News regarding the WordPress versions released since the sites were upgraded to 3.6.1 on ticket:594

We should consider how best to upgrade the wiki:WordPress sites running on wiki:ParrotServer and then ensure that they are upgraded.

#719: Transition Culture HTML Problems

chris — Mon, 14 Apr 2014 20:07:09 GMT

If you look at old Transition Culture articles they had hyperlinks and blockquotes, for example:

https://web.archive.org/web/20070228081440/http://transitionculture.org/2006/01/24/local-energy-local-currency-local-power/

If you look at the version we now have this formatting has been lost and the first paragraph is a mess:

http://transitionculture.org/2006/01/24/local-energy-local-currency-local-power/

The formatting wasn't lost when the new TC design was first deployed:

https://web.archive.org/web/20080429205320/http://transitionculture.org/2006/01/24/local-energy-local-currency-local-power/

It has happened since then.

We should consider investigating what caused the problems and how they can be fixed?

This might be a task that Simon would be best placed to undertake?

#808: WordPress email being rejected due to From field

chris — Mon, 17 Nov 2014 19:28:23 GMT

This issues is like ticket:737 but with WordPress rather than Drupal causing the problem.

Laura has forwarded one of the returned emails which contains:

host aspmx.l.google.com [173.194.67.26]: 550-5.7.1 Unauthenticated email from yahoo.com is not accepted due to domain's 550-5.7.1 DMARC policy. Please contact administrator of yahoo.com domain if 550-5.7.1 this was a legitimate mail. Please visit 550-5.7.1 http://support.google.com/mail/answer/2451690 to learn about DMARC

#851: Bot attacks on Transition Culture

chris — Sun, 10 May 2015 11:12:12 GMT

Yesterday there was a load spike on ParrotServer caused by a bot doing thousands of POSTs to xmlrpc.php.

#853: Parrot access please

sam — Tue, 19 May 2015 17:07:13 GMT

Hi Chris

Ade & I were going to have a play around with making a proof of concept Wordpress microsite on Parrot.

Could you add me as a SSH user using the SSH keys associated with my sam@… account so I can follow the instructions here: https://trac.transitionnetwork.org/trac/wiki/ParrotServer#AddingaNewWordPressSite

Or if you'd rather not do that, just spin up a site titled 'conference15' with a user 'conference15' and my TN email as the admin email.

Thanks

Sam

#868: Is conference15.tn.org backed up in a convenient manner?

sam — Tue, 28 Jul 2015 13:05:25 GMT

Hi Chris

I was just wondering if the conference site is backed up in such a way that it would be easy to restore?

I could set up a database backup onto some free file hosting if not?

Thanks

Sam

#871: Brute Force Attacks Against WordPress Sites

chris — Mon, 21 Sep 2015 13:41:26 GMT

Today there have been 53,932 attempts to login to the TTT web site on ParrotServer all from the same IP address:

grep POST /home/ttt/logs/access.log | grep wp-login.php | grep 217.174.240.254 | wc -l
53932

I noticed this due the higher than usual load it was generating.

Would it be OK to spend an hour or two installing the WP fail2ban plugin on all the sites on the server?

Some more background on this issue:

https://docs.webarch.net/wiki/WordPress#Brute_Force_Attacks

#873: New Wordpress site please

sam — Tue, 22 Sep 2015 12:25:12 GMT

Hi Chris

I couldn't ssh into parrot for some reason, I think you said you created me a 'sam' user on there but I can't get in.

So could you set up a new Wordpress site on there.

wpdev.tn.org or similar, it's only going to be for testing some stuff so URL doesn't really matter.

Thanks

Sam

#887: Lot's of failed logins on conference15.transitionnetwork.org

sam — Fri, 04 Dec 2015 11:39:10 GMT

Hi all

Overnight I had 150 notifications of failed login attempts and subsequent IP address bans from the https://en-gb.wordpress.org/plugins/wordfence/ security plugin I installed.

It's coming from multiple IP addresses in multiple countries.

It seems like Wordfence is doing it's job and blocking IP's. I only mention it as I'm wondering if it could be related to the recent downtime.

Feel free to close this ticket, just thought it was worth sticking in here.

Thanks

Sam

#894: Brute Force Attacks Against WordPress XMLRPC

chris — Thu, 07 Jan 2016 11:23:51 GMT

For a few months I have see a lot of requests going to WordPress /xmlrpc.php and wasn't sure why, now it is clear:

Instead of going against wp-login.php (which can be easily blocked or protected via .htaccess) or doing a single attempt against xmlrpc, attackers are leveraging the system.multicall method to attempt to guess hundreds of passwords within just one HTTP request.

https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html

I'd like to install Stop XML-RPC Attack on all the WordPress site we host, unless anyone has a good reason not to. This plugin simply whitelists the JetPack/Automattic's subnets and blocks all other access to /xmlrpc.php.

I started tracking the abuse a while ago and you can see it and manually address it on ParrotServer like this:

sudo -i
wp-xmlrpc-abuse
IP addresses accessing xmlrpc.php more than twice for the last 1000 lines of each access.log:
      2 46.148.XX.XX
    733 195.62.53.243
    177 195.62.53.243
      2 66.76.XX.XX
dig -x 195.62.53.243 +short
  53-243.static.spheral.ru.
ipdrop 195.62.53.243

But we need to be more pro-active in blocking access or we are going to probably see some compromised sites.

#912: Stats for TTT

chris — Tue, 21 Jun 2016 10:29:02 GMT

Nicola at TTT has asked:

Could you let me know the size of the TTT and Transition Streets sites please? I have Google Analytics for TTT but not for Transition Streets, and I wonder if you could also tell me how many visitors it gets annually?

#917: Any misc files in Transition Culture web root?

sam — Thu, 14 Jul 2016 11:54:50 GMT

Hi Chris

Simon from Lumpy lemon has migrated Transition Culture.

We only have WP admin access & he was wondering:

"Just one small question: can you check in the webroot folder on your server and let me know if there are any non-WordPress files in there? e.g. Google verification files, that sort of thing. I don't think there should be, but best to check. If there are, can you send them over."

Thanks

Sam

#598: Redirect reconomyproject.org to reconomy.org

chris — Fri, 20 Sep 2013 12:16:56 GMT

Request from Shane:

I've noticed that the domain www.reconomyproject.org is still live and running. i.e. can surf around it. I think you set it up so that it would auto redirect to reconomy.org - not 100% sure about the technical spec behind how you did this but is it still working? I noticed this because a lot of the referrals on to our fb page our coming from reconomyproject.org rather than reconomy.org