Busy day at work, and Bitter was busy painting today. Additionally, I’ve been investigating the incident this morning with the server, which I think may have been a Denial of Service attack on the blog. The server does have a failing disk, but it’s more just that I was looking and noticed that, rather than a bad disk being the direct cause of the crash. The direct cause was Apache hitting its MaxClients setting, and being unable to spawn more apache processes. You can see on MRTG the TCP connections shot way up. In the logs I do have a few probes for the timthumb exploit, but that’s a frequent occurrence, and might have just been a coincidence. The other thing that plays against a DoS attack is that things were fine after I rebooted, and I would have expected to see a lot of new TCP connection activity, which I didn’t. For now, I’m really anxious to track this down, but blogging will resume once I figure it out or conclude that I will never really know. I regret I was in a rush to get out the door and didn’t take time to investigate this when it was happening.
UPDATE: OK, coming tomorrow I think. I decided to hold off on replacing the disk for now. It’ll make more sense to change out the disk when I move the server back down to my office when it’s finished being redone.