Weekend maintenance plans...

[deanwebb]

This weekend, I plan to work on getting http to redirect to https all the time. After that, I want to look at server performance. Since switching to an option that had better support for high traffic, the site has been noticeably slower. It may be time for a robots.txt file... but the site itself is not using all that much CPU, RAM, or HDD...

[deanwebb]

Maybe I might do this before this weekend... I took a look at current users and noticed like 68 guests, pretty much all IPs from the same /24 viewing all the pages at the same time.



BRB, blockin' robots...

[deanwebb]

Just put in a basic robots.txt file, testing...

Nope, still slow, may have to let it bake as I go after some .htaccess control methods.

[deanwebb]

.htaccess loaded to proper directory, lol... now the http is forced to https.

Going to work on the loading time stuff, now...

[deanwebb]

Put in a ton of stuff to .htaccess, specifically to prohibit certain request types used by teh haxxorz and to enable caching of images for a month and css/js files for a week. No caching for cgi and php files, since they're dynamic.

Going back to a cached page should be quicker now, at least. Checking guest numbers... number has dropped of by a third since I changed the .htaccess file. Good.

[icecream-guy]

getting rid of all the spammers, now the crawlers,  that like 95% of the user base. what next ?  updating the new user questions, so they are difficult, or did you already do that?

[deanwebb]

I did a question update a while back when we got like 2 spammers within a few days of each other. I'll have to update those again when we see that uptick in spammin'.

Every time I post a page, I'm counting the seconds it takes to show up...

Also, I found a ton of hits from 54.36.148.0/23, so I added a line in .htaccess to block from there. It's a web host in France that basically hosts hackerspam stuff, so there are other admins that block it.

[deanwebb]

Down to 29 guests, nice... still takes about 6 to 9 seconds for my page to render after I hit "post", though.

[deanwebb]

Added five more IP addresses to the block list, in addition to that French range. These IPs showed up as most active in access.log and didn't belong to Microsoft AND were reported multiple times as spammers. One was from Yandex.ru, another one was just Russian, two were German IPs from a hackerspam host in that country, and the other was from I can't remember, but there were 377 registration attempts from that address, so BLOCK.

[deanwebb]

Of course, with the fact that I've now got a pretty beefy htaccess file that includes the pretty URLs feature, that has to load each time we make a page, which can affect performance, but it shouldn't be all that bad. Page generation speed may also have something to do with it being on a private virtual host now and not a raw metal server like before. I'm open to any tips or tricks that should work...

[deanwebb]

Banned another range via the admin panel, see how that goes. When I look at guests and see a bunch of IPs in a /24 that turns up on a spamlist or has been reported as a hacker host range, I want to block that stuff.

When I see a bunch of IPs in a /24 that's owned by a major company, I let that pass... I've got a setting in .htaccess that slows down the legit bots.

[icecream-guy]

Did all these changes get approved by the change board?
Where is the implementation plan ? The rollback plan? and what services are impacted if the rollback plan fails?

[deanwebb]

I thought we were still in development!

[icecream-guy]

I thought we were still in development!

Not since HavocControl found the place. Been all production since.

[deanwebb]

Um, OK, then...



I'll get the emergency change request filed and I'll need you to approve it ASAP and then we'll get the RMA started, just in case things go really bad, I'll open up a ticket with all the vendors involved so they can be on the line in case anything happens during the upgrade...