Archive for Uncategorized

Let’s Marie Kondo this Place

This past August, onMason celebrated it’s 10th anniversary. On one hand, it is quite the accomplishment to serve the Mason community for so long. On the other hand, it means that parts of onMason are a decade old. It’s time for some spring cleaning!

We took a look at some of the oldest parts of onMason and asked ourselves, does it still bring us joy? In many cases, the answer was no.

The first thing you might notice is that revamped the login. To prevent brute force password attacks, we have long limited how many incorrect logins you can attempt. While this has kept onMason safe, it resulted in a lot of password reset requests, probably because most people did not realize that we were limiting logins until too late. To reduce this, we added a warning about how many more login attempts are remaining before the system locks you out. Also, the system will automatically release the lock out after a certain amount of time. Yay! Not that I didn’t enjoy all the support requests …

We also ditched CAPTCHA. It has been more annoying than useful for a couple of years now. Not to worry, we employ a number of different, less intrusive methods of keeping your site safe and spam free(ish).

When we first set up onMason over a decade ago, we installed a theme pack that gave us more than 100 different themes – giving our users lots of good options. Fast forward to today, we have more than 100 themes that don’t meet modern coding standards and look very dated – giving our users lots of bad choices. Therefore, we whittled down the number of theme choices. Don’t worry, we didn’t suddenly change themes on existing sites, we just made it so you can’t choose obsolete themes if you change themes.

Along the same lines, we changed the default theme from TwentyTwelve to TwentySixteen. This doesn’t affect existing sites, only new ones.

Finally, we removed a bunch of old, seldom used plugins. This shouldn’t affect too many people since the plugins are seldom used after all.

The hope is that these changes make onMason easier to use and, ultimately, more satisfying.


Happy Birthday! onMason is 10 years old!

On this day in 2009, onMason was made available to the Mason community.

A lot has changed in the tech world since 2009. In August 2009, the fastest computer you could buy came with a Intel Core 2 processor. And Windows Vista. Apple had just released their third iPhone, the iPhone 3GS. And at the time, no one at George Mason University offered WordPress blogs to the entire Mason community. Except us.


We’re moving servers on Thursday, August 24

In order to provide better service, we will be moving servers starting on Thursday, August 24. The site will generally be available during this time, but there may be reduced performance and occasional downtimes during this transition. It is also recommended that you do not make major changes to your site during this time as well.


Disabling XML-RPC

If you have been reading this blog for awhile, you will probably realize that onMason, like many WordPress blogs, has been under constant attack by hackers for quite some time. We’ve had brute force login attacks and comment spam problems (between April 2014 and June 2014). However, I like to think that we’ve done a decent job mitigating those attacks.

The latest thing that the hackers are trying to do is to exploit the XML-RPC interface. WordPress uses the XML-RPC interface to handle Pingbacks and allow remote publishing programs like the WordPress mobile app and Windows Live Writer to work.

To mitigate this latest attack, we are disabling the XML-RPC interface since almost no users actually use either Pingbacks or remote publishing programs.


Spring Cleaning – Upcoming Upgrades

During Spring Break (March 10, 2014 – March 16, 2014) we will be upgrading the software running onMason.

We do not expect any extended outages during the upgrade process.

After the upgrade, there will be a few changes to onMason. The most noticeable change will be a new look to the admin dashboard. It will feature a higher contrast color theme (with blacks replacing the grays). However, the menu items will largely remain the same.

We will also take the opportunity to remove a number of seldomly used, obsolete or broken plugins. Those plugins include:

Calendar* – we recommend that you use the Google Calendar Events plugin instead.

Do Follow* – the functionality of this plugin is already part of the standard SEO controls we offer.

Pulish2 – no alternative or replacement is planned.

Widget Logic* – no alternative or replacement is planned.

Wickett Twitter Widget – this plugin will be replaced with the Twitget plugin.

*These plugins were only available to a select number of sites.

It is important for us to remove these plugins as they affect the stability and performance of onMason.


Recent issues with onMason

I’m sure some of you have noticed that onMason has experienced some times recently when the site was either inaccessible or sluggish. The reason this has been happening is that onMason has been under constant attack since April.

An unknown party has attempted to gain access to the onMason administrator password using “brute force” methods. What this means is that the unknown party tries to log into onMason several times a second using random passwords, hoping to guess the correct password. This attack does not currently pose a threat to the security of onMason as they have been attempting to access non-existent accounts.

Unfortunately, the sheer volume of login attempts has caused performance issues with the site.

We do not believe this attack is specific to onMason or any of the sites we host since similar attacks have been reported by other WordPress sites.

See:
http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack

In order to maintain the performance, stability and safety of onMason, we have implemented the following change:

After 5 incorrect login attempts, your account will be locked for 15 minutes. Please do try to login again before the 15 minutes are up as further attempts to login can result in an indefinite lock out.

If you are accidently locked out of your site or as experiencing any other issues due to the attacks, please contact the onMason Webmaster at webmaster@onmason.com.

We thank you for you understanding as we deal with this issue.

onMason Webmaster
Office of Student Media


Upcoming Upgrade

We will be upgrading the software running onMason on Wednesday, October 3, 2012 between 10:00 a.m. – 11:00 a.m. As a result, onMason will be periodically unavailable during that time.


Upgrade Notice

We will be upgrading the software running onMason on Thursday, August 23, 2012 between 10:00 a.m. – 11:00 a.m. As a result, onMason will be periodically unavailable during that time.


Server Upgrade (Update: Done!)

We will be upgrading servers in the next 24 hours. There may be some some downtime during this process. We apologize for any inconvenience this may cause, but this is necessary in order for us to continue to provide a high level of service to our users. onMason will be ready to go well before the semester starts next Monday. Again, thank your for your patience.

UPDATE: The upgrade has been completed. Please let us know if you run across any problems.


Theme Updates

Over the past few days, we have been updating many of our themes in order to bring you added customizability and to increase the stability of onMason.

As part of this update, when you check the Appearance menu in your Dashboard, you might notice additional options. Additionally, you may notice slight changes in the spacing and alignment of elements on some pages.

All of these changes should be positive. However, if you are experiencing any problems as a result of this update, please submit a support ticket through your Dashboard. You may also leave feedback by commenting on this post.