Archive for Uncategorized

Disabling XML-RPC

If you have been reading this blog for awhile, you will probably realize that onMason, like many WordPress blogs, has been under constant attack by hackers for quite some time. We’ve had brute force login attacks and comment spam problems (between April 2014 and June 2014). However, I like to think that we’ve done a decent job mitigating those attacks.

The latest thing that the hackers are trying to do is to exploit the XML-RPC interface. WordPress uses the XML-RPC interface to handle Pingbacks and allow remote publishing programs like the WordPress mobile app and Windows Live Writer to work.

To mitigate this latest attack, we are disabling the XML-RPC interface since almost no users actually use either Pingbacks or remote publishing programs.


Spring Cleaning – Upcoming Upgrades

During Spring Break (March 10, 2014 – March 16, 2014) we will be upgrading the software running onMason.

We do not expect any extended outages during the upgrade process.

After the upgrade, there will be a few changes to onMason. The most noticeable change will be a new look to the admin dashboard. It will feature a higher contrast color theme (with blacks replacing the grays). However, the menu items will largely remain the same.

We will also take the opportunity to remove a number of seldomly used, obsolete or broken plugins. Those plugins include:

Calendar* – we recommend that you use the Google Calendar Events plugin instead.

Do Follow* – the functionality of this plugin is already part of the standard SEO controls we offer.

Pulish2 – no alternative or replacement is planned.

Widget Logic* – no alternative or replacement is planned.

Wickett Twitter Widget – this plugin will be replaced with the Twitget plugin.

*These plugins were only available to a select number of sites.

It is important for us to remove these plugins as they affect the stability and performance of onMason.


Recent issues with onMason

I’m sure some of you have noticed that onMason has experienced some times recently when the site was either inaccessible or sluggish. The reason this has been happening is that onMason has been under constant attack since April.

An unknown party has attempted to gain access to the onMason administrator password using “brute force” methods. What this means is that the unknown party tries to log into onMason several times a second using random passwords, hoping to guess the correct password. This attack does not currently pose a threat to the security of onMason as they have been attempting to access non-existent accounts.

Unfortunately, the sheer volume of login attempts has caused performance issues with the site.

We do not believe this attack is specific to onMason or any of the sites we host since similar attacks have been reported by other WordPress sites.

See:
http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack

In order to maintain the performance, stability and safety of onMason, we have implemented the following change:

After 5 incorrect login attempts, your account will be locked for 15 minutes. Please do try to login again before the 15 minutes are up as further attempts to login can result in an indefinite lock out.

If you are accidently locked out of your site or as experiencing any other issues due to the attacks, please contact the onMason Webmaster at webmaster@onmason.com.

We thank you for you understanding as we deal with this issue.

onMason Webmaster
Office of Student Media


Upcoming Upgrade

We will be upgrading the software running onMason on Wednesday, October 3, 2012 between 10:00 a.m. – 11:00 a.m. As a result, onMason will be periodically unavailable during that time.


Upgrade Notice

We will be upgrading the software running onMason on Thursday, August 23, 2012 between 10:00 a.m. – 11:00 a.m. As a result, onMason will be periodically unavailable during that time.


Server Upgrade (Update: Done!)

We will be upgrading servers in the next 24 hours. There may be some some downtime during this process. We apologize for any inconvenience this may cause, but this is necessary in order for us to continue to provide a high level of service to our users. onMason will be ready to go well before the semester starts next Monday. Again, thank your for your patience.

UPDATE: The upgrade has been completed. Please let us know if you run across any problems.


Theme Updates

Over the past few days, we have been updating many of our themes in order to bring you added customizability and to increase the stability of onMason.

As part of this update, when you check the Appearance menu in your Dashboard, you might notice additional options. Additionally, you may notice slight changes in the spacing and alignment of elements on some pages.

All of these changes should be positive. However, if you are experiencing any problems as a result of this update, please submit a support ticket through your Dashboard. You may also leave feedback by commenting on this post.


onMason Experiences Unanticipated Downtime

Hello all,

onMason was down briefly today, from sometime around 1:00 p.m. to 5:45 p.m. We’re currently unsure of the reason why the server went down, however we are investigating the incident now and it should not happen again.

We’re sorry for any inconvenience this may have caused, we understand that the sites you create are important and that it is important that they remain up.

Thank you,

-The onMason Team