Has the plug website been down?

Lisa Kachold lisakachold at obnosis.com
Tue Nov 20 10:18:45 MST 2012 

Thanks for the call yesterday Joe.

I don't have Brian's phone number, but his domain is rarely down.  An email
to Hans or Brian would have been the most direct recovery action?   Since
they both interact with Deru Hosting.

On Tue, Nov 20, 2012 at 8:26 AM, <joe at actionline.com> wrote:

> For the last 2 or 3 days, I've been unable to access the plug website.
> Today, it is working again.  But I can't get to the archives.
>
> Instead, I see this error:
>
> Lurker - failed to render page:
>

Lurker is a mailing list archiver designed for capacity, speed, simplicity,
and configurability in that order. It is capable of handling gigabytes of
mail without slowing down. Lurker has been designed to scale to support
sites with thousands of concurrent users and hundreds of new messages a
second. To facilitate finding interesting data, lurker supports: - full
keyword search by body, subject, author, ... - a graphical representation
of message relationships - charts of the current activity about a topic -
searching lists or queries around an estimated time - signature
verification to confirm the author - messages markup to find related
information.

Cannot open database snapshot (No such file or directory):
>

Linux and opensource systems are very similar to a good business or
domestic partner:  They all will tell you very directly what is wrong with
them.

This means there is "No such file or directory".
Since you didn't provide the link that was clicked on, we can't recreate
that error to determine the issue.

>
> The configured database 'dbdir' in the config file could not be opened.
> Typically this means that it is not readable by the user which the cgi is
> invoked as. We suggest making dbdir and all files in it readable by
> everyone since you are serving them on a website anyways.
>

This error was originated within main.cpp:

http://lurker.sourcearchive.com/documentation/2.1-9/render_2main_8cpp-source.html

This could be a URL link problem or a DNS resolution issue (the lurker
configurations call for server names which I believe are on Lufthans); or a
simple database server failure on that server itself.

>
> And when I try to login, I see this message (in part):
>
> This Connection is Untrusted
>

It's common to see this when DNS resolution is at issue, since the RFC for
SSL under HTTPS requires name resolution.  If you could not resolve the
name to the IP address and match that to the DN/CN the cert would appear
invalid.

>
> You have asked Firefox to connect
> securely to plug.phoenix.az.us, but we can't confirm that your connection
> is secure.
> Normally, when you try to connect securely,
> sites will present trusted identification to prove that you are
> going to the right place. However, this site's identity can't be verified.
>
Drop to a terminal window and run these troubleshooting tools:

slug> nslookup plug.phoenix.az.us

If you can swiftly resolve name to number, this is not your issue.
However it still could be an issue on the server itself.  If the
/etc/resolv.conf contained an upstream DNS server that was no longer
available, certificates would fail.

slug> sudo traceroute plug.phoenix.az.us
Watch each hop carefully to see where lag might be occurring.
If your trace times out right before Deru, this might simply be due to ICMP
filtering at their bastion, which is a common security practice.

slug> nmap -P0 plug.phoenix.az.us

This will give you a list of open ports.  Try to pull up the website via
the IP address:

https://140.99.58.163

http://140.99.58.163

>
>
> What is going on with that?
>

Many things could cause this at the server.

1) SYN 3 way handshake SSL hacking.
2) DNS cache poisoning.
3) Change to a BGP route from an upsteam provider (or change from dual
honed to single honed).
4) Local issues, such as failure of the DNS server defined in the
resolv.conf file, mysql server corruption (SQL injection exploits), failure
of the authoritive DNS servers themselves, or a zone record
misconfiguration (the last change to the bind name records was Nov. 9) and
intermittent failures are FIRST commonly seen when the DNS cache times out
(TTL).

I've never had this problem before.
>

Troubleshooting issues with web systems and DNS can be difficult, so we use
tools:

http://www.mtgsy.net/dns/utilities.php

http://www.checkdns.net/quickcheck.aspx?domain=plug.phoenix.az.us&detailed=1
 excerpt:

*CheckDNS.NET is testing plug.phoenix.az.us*

CheckDNS.NET is asking root servers about authoritative NS for domain  Got
DNS list for 'plug.phoenix.az.us' from NS1.DERU.NET or NS1.DERU.NET  Found
NS record: ns1.plug.phoenix.az.us[140.99.58.163], was resolved to IP
address by NS1.DERU.NET   Found NS record: ns4.lufthans.com[174.79.56.141],
was resolved to IP address by NS1.DERU.NET   Domain has 2 DNS server(s)
CheckDNS.NET is verifying if NS are alive  Tried to fetch SOA record for
domain, but DNS server ns1.plug.phoenix.az.us [140.99.58.163] returned
error code Server Failure   DNS server ns4.lufthans.com[174.79.56.141] is
alive and authoritative for domain plug.phoenix.az.us   1 server(s) are
alive
CheckDNS.NET checks if all NS have the same version  Master DNS defined by
SOA (nina) was not found among NS records.
CheckDNS.NET is verifying if NS are alive  DNS server
ns1.plug.phoenix.az.usfailed and will be dropped from other tests
CheckDNS.NET checks if all NS have the same version  Your server has zone
version 2012111901
CheckDNS.NET verifies www servers  Checking HTTP server
www.plug.phoenix.az.us [208.77.223.83]   HTTP server
www.plug.phoenix.az.us[208.77.223.83]
answers on port 80   Received: HTTP/1.1 200 OK (Server: Apache/2.2.22
(Ubuntu)) 7c3a . . . . . . . Phoenix Linux Users Group. . . . . . . . .
About PLUG. Meetings. Calendar. Email Lists. Chat. Search.... Main Menu.
Home. Educational Opportunities. Contact Us. Job Postings. The News. OSS
News. FAQ. Web Links. News Feeds. From the Chairman. Login Form. User Name.
Password. Remember Me. Forgot your passw
CheckDNS.NET tests mail-servers  Domain plug.phoenix.az.us has only one
mail-server   Checking mail server (PRI=10)
ns4.LuftHans.com[174.79.56.141]   Mail
server ns4.LuftHans.com[174.79.56.141] answers on port 25   <<< 220
smtp2.LuftHans.com ESMTP Postfix (Debian/GNU)  >>> HELO www.checkdns.net  <<<
250 smtp2.LuftHans.com  >>> MAIL FROM: <dnscheck at uniplace.com>  <<< 250
2.1.0 Ok  >>> RCPT TO: <postmaster at plug.phoenix.az.us>  <<< 250 2.1.5 Ok  >>>
QUIT  Mail server ns4.LuftHans.com [174.79.56.141] accepts mail for
plug.phoenix.az.us   All MX are configured properly

Here's the record:

*NS-Lookup Results For : plug.phoenix.az.us*

; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 371
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;plug.phoenix.az.us.		IN	A

;; ANSWER SECTION:
plug.phoenix.az.us.	600	IN	A	208.77.223.83

;; AUTHORITY SECTION:
plug.phoenix.az.us.	600	IN	NS	ns1.plug.phoenix.az.us.
plug.phoenix.az.us.	600	IN	NS	ns4.LuftHans.com.

;; ADDITIONAL SECTION:
ns1.plug.phoenix.az.us.	600	IN	A	208.77.223.82

;; Query time: 2953 msec
;; WHEN: Tue Nov 20 17:00:45 2012
;; MSG SIZE  rcvd: 116

This was last changed on Nov 9!  The old address was configured on the
hackfest shirts (ordered again 2 weeks ago) as 248.99.158.163.

Assumption:


This appears to be a simple DNS propigation issue.  To reduce issues
with TTL and caching next time, reduce the record TTL well in advance
of the actual change.


Secondary assumption:  Security issues with the site

Script kiddies can and will attack anything that is not properly buttoned down.



-- 



(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121120/4aef05f6/attachment.html>

More information about the PLUG-discuss mailing list