Hey! It happens to the best of us. Just when you’re minding your own business, some botnet arrives from the Netherlands and you’ve got a DoS attack. Yes, we neglected to shut down the XMLRPC vulnerability on the UWeb installation, and, well, we got taken down.
The lesson learned is NOT about the fact that we are using WordPress (I can hear the Drupal folks out there, and the sysadmin “lock it all down” contingent, getting ready to pounce). Rather, it’s about the difficulty of managing a website that is ancillary to our main jobs here at U.Va. It’s harder to keep up the same level of diligence when it’s an “extra” job that’s not on your list of duties. So, that extra site doesn’t get the love, and, well, things happen.
The good news is that no data was corrupted or lost, and we were able to backup and restore all our old content. Then, through the graciousness of Jonelle Kinback in University Communications, and Steve Losen in ITS, we were able to configure new web space within the main U.Va. cluster. And a nod to the crisis management team of Allison Ruffner (School of Medicine), Pete Thorsen (ITS), and Joe Burch (ITS).
We took advantage of the time we were down to change our look to a more responsive and lively theme. We hope that our brand new website can signal a fresh start for UWeb this year!
Meanwhile, let’s let bygones be bygones, listen to some Diesel Disko, and learn love the Netherlands all over again.