MFOHome About Commentary Discussions Funds The Best Resources Support Us!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

small, hopeful signs

David_Snowball
edited November 2013 in Off-Topic
Hi, guys.

For what interest it holds, it looks like Chip & co. identified and remedied one source (the source?) of the extraordinary server demands that got us taken offline over the weekend. As I noted at the bottom of the original thread:
we now think it was our security system. Every site has a front end, the part you and I see, and a back end, the part that administrators see. The back end of our site controls our control panel and our ties to the server. Bots regularly (hundreds to thousands of times an hour) try to break in to the back end. Every time they do, our security program logs their IP address (a series of nine numbers identifying a computer) and permanently bans, or "blacklists" them.

Our security log grew to two megabytes and every time someone tried to access the back end of the site, the software had to check the incoming IP address against every one in the blacklist. We guessing that a thousand or more run-throughs an hour of the blacklist might have been what pushed us over the edge.
We did link to CloudFlare, which takes a picture of MFO on its current server every few seconds and then hosts it on a series of other servers worldwide. If our main server goes down, so do the CloudFlare copies but if the main server is up but slow, Cloud Flare instantly redirects traffic to the fastest server in the system. That should make things load, update and respond much more quickly. Chip reports that our page load times have been cut by 50% since the move.

More adventures are in the offing!

Thought you'd like to know.

David

Comments

  • AnnaAnna
    David, chip & co,
    Microsoft downloaded and installed ie11 on my computer last night. I have had major problems this morning (not MFO problems). But, I was logged out of MFO so I tried to log back in. When I did, the sign-in produced a http: pop-up box. I had to turn my anti-virus, Kaspersky, protection off to type into the password box (Keyboard input was not making it to the box.) The latter is an incompatibility between Kaspersky and ie11 (not MFO problems). But note what I said about the sign-in at MFO being http: and not https:. Should I be seeing this or is it another ie11 problem?
  • chipchip
    Hi, Anna.

    We do not have an SSL certificate, which would allow us to offer an https sign in page. While https is more secure, we don't think it's necessary for us since we don't collect personal information or sell anything online. However, it would be good practice for you (and everyone) to avoid using the same password here that you use on sites with secure transactions.

    I don't think this means there's something wrong with IE11 (although I do prefer Chrome). It just means that it's more sensitive than earlier versions.

    Best,
    chip
  • AnnaAnna
    Thanks chip, I figured as much but just wanted to make sure as I enumerate the data input for my ie11 misery index.
  • Old_Skeet
    Hi David,

    Thanks for the update. It is most appreciated.

    Olde Skeet
Sign In or Register to comment.