Normal service has been resumed….

Update 0539 Friday: save-wye was closed yesterday by a deliberate attack, one we could have survived had it not been for the incompetence of our then hosting service. We are now with a new host and have recovered most of the site.

Friday night update. Please excuse the brief outage tonight. There was nothing suspicious about this. It was just an idiot user — me — forgetting to tell this site to stop using the old temporary database I created to keep it up and running during the move. Many thanks to our new host, Dreamhost, for not only spotting the problem but fixing it.

We got clobbered yesterday. Our US hosting service declared save-wye was too popular for our own good and decided without warning, that it was moving us to another server. After that point, very little of the site worked, as many of you may have noticed, and eventually people started getting an ‘account suspended’ notice, which amazed me since I still have eight paid for months to run on this contract.

To answer the obvious question first: no, we weren’t hacked in the sense that someone got inside. But we appear to have been victim of some kind of attack in which there was an attempt to ‘flood’ the server by repeatedly demanding informaton in such substantial quantities from the site that our hosting service became concerned.

In ordinary circumstances this would have been relatively easy to deal with. Unfortunately our then host, Siteground, compounded matters by deciding peremptorily to move us, without our permission, to a different machine. In the course of this move the site was first broken and then apparently deleted altogether. It was rebuilt from a backup of ours yesterday afternoon and put up on another hosting service, but then Siteground kindly, without telling us, repointed the site name back to their own, dud server which broke the site again. It’s fun out there, I tell you.

Some of the finer points are still missing — and since I am off on holiday tomorrow they won’t be fixed for a while. But the articles are here, and we will be publishing as normal from now on, though you may find some older articles have lost their photographs and file links (we hope to restore them shortly).

Since we are moving from one host to another you may find you flicker between the old dead address and the new site from time to time. You can usually cure this by clearing the cache on your browser. What we did not have the ability to recreate before the original files disappeared altogether are your comments. It would help us enormously if you could find the time to do that yourselves, where you think it’s appropriate. Bear in mind though that our search engine doesn’t search comments (not yet anyway), so old ones may get lost. My feeling is that you’d be better off commenting on what’s happening now than what happened a few months ago. But what do I know?

Nor will we have the same statistics available for a while, since they take a bit of setting up — just a running total of unique users. If you have signed up for a subscription your sub should have been recreated, but we can’t guarantee it will be exactly as you left it. Please revisit the subscription page to check. The Feedburner service is not back up and running yet, and since most people use the site directly I may not resurrect that one (RSS users will see a direct RSS button the front of the site which they can use).

We have no way of trying to pinpoint the source of the attack, so I make no accusations towards anyone on that front. There are a lot of geeks without girlfriends out there. These things happen, unfortunately, and they tend to be the moment when you discover whether you are with a good host or a bad one. That said I have never encountered anything like this in ten years of running web sites. You may rest assured that we have extra measures to guard against this kind of thing in future, and are using a much better, and consequently more expensive, host, one of America’s largest, Dreamhost.


About David Hewson

Professional novelist, published in more than 20 languages. Creator of the Nic Costa series set in modern Rome, Pieter Vos in Amsterdam, adaptions of the Sarah Lund stories in Copenhagen, and versions of Shakespeare worked for Audible.
This entry was posted in News. Bookmark the permalink.

10 Responses to Normal service has been resumed….

  1. Paul Hemsley says:

    I hope this finds you well, & that it doesn’t affect the site, but I thought I’d take time out to thank you for your efforts, & to wish you an enjoyable & well deserved holiday.
    I’m sure I’m not alone in expressing grateful thanks.


  2. Justin Williams says:

    Thanks for working so hard to resume normal service, David. I would like to reassure those who are interested that our print edition is unaffected by this glitch and will appear as normal on Saturday.

  3. David Hewson says:

    Thanks for the kind words, folks. I am reasonably confident normal service will be resumed tomorrow (fingers crossed). I suppose I have to stop teasing Justin about being a ‘print dinosaur’ now. Mind you, if the gremlins have got into the laser printer too….

    I have passed on a technical report on this to someone who knows more about bits and bytes. It is odd in the extreme. This new site is with one of America’s largest hosts and will, I trust, offer us a much better level of speed and reliability, as well as allowing to do some new tricks which I hope to introduce shortly.

  4. Ian Cooling says:

    But David, surely this was all triggered by Imperial sympathisers in MIT backed by someone who sat on a UN committee with David Brooks Wilson with funding supplied by one of Paul Clokie’s maiden aunts and a former patient of Prof Borysiewicz.

    Furthermore, the whole operation was clearly being run under the cover of one of those KCC educational jaunts to the States that Paul Francis covers so well elsewhere.

    Indeed, could this be where you first read that the Kent Messenger Group is itself a player? Paul is obviously employed to generate the smoke-screens and this would also explain why Kentish Express coverage of the whole Wye saga is so low key.

    Only joking! Seriously, my very best wishes for an early return to rude (technical) health.

  5. David Hewson says:

    As you can read in the updated article above, the loss of service was triggered by two things: a deliberate attack and ineptitude on the part of our previous hosting company. I am not in a position to point the finger of blame at anyone over the deliberate attack. And frankly, since I am now sitting in front of this computer at 5.30 in the morning, finally looking at a working site, I must admit my sense of humour on this matter is failing somewhat.

  6. J.Lo says:

    Sadly Mr Cooling, I don’t believe your are joking.

  7. J.Lo says:

    There is an awful lot of vested interests here, but above all let us not lose sight of the objective Wye Village has and that is to stop the building on AONB greenfield sites. If you were inclined David, it might be worth running a background check on the Hosting Service owners just to eliminate them as they are the most obvious. I know of no hosting service that does not run full backup services, so even given an outside attack, they should have been able to restore for you. In fact, using techie tools, they should in 99% of the cases be able to recover the lost data anyway unless far more sophisticated tools were used to destroy the site. Also, there is a service available that will enable you to trace the source of the attack if you really want to know, but I fear that a “professional” would have used some remote external impossible to link to anybody access to the internet or a ghosting service. So the net is, just move on. A great deal was lost when this site went down so I encourage all those who commented before to not lose focus of the overall objective, if you had comments up that were important and revealing take time to put them back.

    In the long run it may be the difference between 40 houses to the acre or greenfields.

  8. David Hewson says:

    I don’t want to bore anyone with technical jargon here but yes, they will have backup, and no I won’t be using it. I wouldn’t dream of relying on anyone else to back up a site I run. To do so would take days of screaming at them for assistance, and frankly we have better things to do. We keep our own backups, but they don’t have the comments, and a few photos and files are missing still, though not many; this is principally because the previous site, unknown to us, was using outdated database server software which is incompatible with that of the new one. We could spend days trying to find a perfect geek fix but frankly I would rather get the site back online in a new home. At the moment we do not even have access to the original data on the former web site, even though the contract has eight months to run. I’m not prepared to have the site offline for more than a week just to make some point.

    From the logs we have we can see that on Wednesday night one, and possibly more, people came on the site and somehow managed to indulge in incredible amounts of usage. The statistics below, broken down into visits, pages, hits, and bandwidth. These show that we had roughly the same number of visitors on March 29 as we did previously but they consumed more than double the pages, hits and bandwidth. This is odd to say the least, but since the extra traffic has come from IP addresses used by public ISPs there is very little we can do about it. In any case this is still not an excuse for Siteground demolishing the site as it did.

  9. Ian Cooling says:

    J Lo : I am – ask David, who I suspect knows me better than yourself, when he has caught up on some sleep.

    David – if this was a denial of service attack then it puts a wholly new and very nasty slant on all this. If there is anything I can do to help tracking down the culprits, just ask.

  10. David Hewson says:

    Thanks for the offer. This is certainly the result of an attack which has resulted in those statistics above, not that they justified Siteground’s action in pulling our service. We have made some inquiries of our own. Short of going through the tedious process of pulling log files from the old site — which is still unavailable to us — and then making formal complaints with individual ISPs, who will doubtless not have the records to reveal what’s gone on, there is precious little we can do.

    The site is now at a new and better home, and we will be using more extensive measures to try to ensure this doesn’t happen again. Let me say again: these problems do not appear to have come from any corporate or organisational network, but seem to originate from individual users. And please don’t feel they need to make you use save-wye less. Our new hosting service offers enough bandwidth and resources to run several sites many times this size. In fact it already seems much quicker to use to me right now.

Comments are closed.