by justdrew » Thu Jun 05, 2014 10:06 am
there are constant swarms of bots trying to create accounts. our new Q-n-A based CAPTCHA has cut down on the number of 'fake' accounts asking for membership, but they still hit the registration page constantly. many spiders from questionable search engines such as baidu and yandex scrape way to much content, etc. I've tightened the limits on mod_evasive to reduce the load from such things, so now if you sit on a page and just hit F5 as fast as you can, there's a good chance you'll be temporarily blocked for a few minutes. Memory use is up because of the huge blacklist of ips of known malware blocked. Gotta look for a better way to do that. The ssh is constantly being tested by lackluster attackers. it doesn't look like anyone 'got in' root can't ssh and they don't know any other usernames to try. sshd/openssl is now fully up to date too btw.
Probably we'll start a new server instance and migrate the site to it in the not too distant future, just to keep everything fresh, but it's not urgent.
Things should be stable for awhile at least.
By 1964 there were 1.5 million mobile phone users in the US