As you may have noticed, HA started experiencing technical difficulties almost the minute I stepped onto the plane to Austin. If I was paranoid, I might have thought it was exquisitely timed.
It turns out we were being assaulted by waves of spam comments, overwhelming our database server from time to time, an attack that escalated some time early this morning to eventually take down the entire server… web, email, DB and all. According to my hosting company HA was being hit with hundreds of comments a second, from multiple, rolling IPs. So they removed the WordPress file that handles comment posting, and everything seems to be functioning normally now.
That is, except for comments.
Right now, if you attempt to post a comment, you should be getting a blank screen. I’m working on a more elegant interim solution until we figure out a permanent one.
As for the motivation of the spammers, I can’t say whether it is political or not, but I’m not seeing similar reports of this happening at other WordPress blogs, except for Darryl’s Hominid Views. Hmm.
UPDATE:
I’ve just flipped a switch requiring you to log in as a registered user in order to post a comment. Of course, there is no registration enabled yet, so it’s merely a cosmetic change that prevents you from seeing a comment form that won’t work.
UPDATE, UPDATE:
My hosting company confirms HA is currently the target of a DDoS attack—”Distributed Denial of Service”—and offers no solution other than disabling comments and riding this out. If there are any server/Wordpress gurus out there with some advice, please feel free to drop me an email.
UPDATE, UPDATE, UPDATE:
My hosting company has clarified that HA is the only site it is serving currently being targeted by this DDoS attack, so I can only assume that Darryl and I have been specifically targeted via a weakness in WordPress. Cowards.
This is a test to see if my new mods are working.
Testing now to see if it works for non registered users.
Glad to see you up and annoying the right wing once again.
Perhaps one of those “type the numbers” systems might help prevent this in the future?
I’m trying to avoid a “captcha,” so we’ll see if this interim solution works for now.
All this is just one more reason to require registration in the end.
I’m not testing, I’m ranting against denial of service attacks.
Cowards indeed. Love to hear more details as they become available. Russians? Dirty cossacks!
Roger Rodent must be going crazy; anyone call 911? Site is down! Site is down! Defcon 2! (Roger runs amok shrieking hysterically)
@6: Oh yeah, it is always cute when right wing bloviators make jokes about suppression of speech.
Ugh. What a drag. Getting DDOSed sucks. Cowards.
Captchas are a good solution to automated attacks like this. And don’t worry, I doubt they’ll slow down the trolls much. (Technically I suppose they *are* human, if only barely. ;-)
Be sure to keep up with WordPress upgrades if you aren’t religious about it already.