Sunday, August 10, 2014

WordPress xmlrpc exploit

WordPress recently announced a bug in their xmlrpc implementation which can result in denial of service attacks by using large amounts of CPU. Many OCF-hosted sites are running affected versions of WordPress.

In response to activity which took out our webserver for about 15 minutes earlier tonight, we are blocking access to xmlrpc.php files to protect the shared OCF webserver. If you would like to request xmlrpc.php files be unblocked from your site, please contact us.

Now would be a good opportunity to make sure all the software on your website is up-to-date!

Online account tools maintenance

OCF's online account tools will be unavailable for a few days while we perform maintenance and upgrades. During this time, requesting an account and resetting passwords via CalNet will not be possible.

There will be no impact on LDAP or other services, and password changes (assuming you know the old password) can be done via the "passwd" command.

Update 2014-08-18: We've completed the maintenance on our online account tools. Note that the URLs have changed; see the wiki or main website for updated links.

Tuesday, August 05, 2014

Campus-wide network issues

As of about 9:00am Tuesday morning, Berkeley campus has been experiencing severe network issues, including high packet loss and latency. Open Computing Facility servers are affected by this outage.

This is a problem on IST's side; updates are available from them.

Friday, August 01, 2014

Virtual hosting email downtime

Virtual hosting email service was unavailable during the last two weeks. Misconfiguration with our spam filter was unfortunately overlooked over summer. Thanks to Berkeley Consulting for bringing this to our attention.

Email messages sent in the last 3-5 days might still be delivered. Older messages would have "bounced" to the sender.

We apologize for this inconvenience.

Monday, July 14, 2014

Kernel updates 07/18

All OCF servers will be restarted Friday night (07/18) in order to apply security updates. We will also be increasing the memory and CPU allocated to tsunami (the login server) during this time.

Tuesday, June 17, 2014

POP/IMAP, webmail phased out

As part of our phasing out of email service for individual OCF members, we have migrated to forward-only email service. This means that no new mail can be stored, so POP/IMAP email access is no longer very useful.

On June 21st, roughly a week from today, we will turn off POP/IMAP email access permanently for individual accounts. Webmail will also be unavailable after this date. We are leaving this window as we understand some users may wish to archive their emails by downloading them via POP/IMAP.

After this date, your mailbox will be moved into your home directory where you can access it at any time (we will never delete any mail). Your mailbox is in standard mbox format, which can be opened by almost any email client, or even a simple text editor.

If you have any trouble downloading your mail or accessing your OCF account, don't hesitate to reach out to us!

Friday, June 06, 2014

Kernel updates 06/07

All OCF servers will be restarted Saturday night (06/07) to apply security updates.

Wednesday, June 04, 2014

Subnet move

We'll be moving from our trusty old subnet, 169.229.172.64/26, to a brand new subnet 4x the size: 169.229.10.0/24. All hosts should be fully migrated by Tuesday, June 10th.

There may be small periods of downtime for all servers during Monday evening/Tuesday morning, but we don't anticipate extended downtime. All services should be otherwise unaffected.

If you access OCF servers via SSH, you may notice a warning that the IP address for ssh.ocf.berkeley.edu has changed. The host key will not change, so you can continue to verify against our SSH fingerprints (available via HTTPS on our wiki). The new IP address for the public login server (tsunami) will be 169.229.10.25.

Update 2014/06/06: All OCF servers are now assigned both their old and new IP addresses. Old IPs have been removed from DNS, and servers will soon be assigned only their new IP. This may break existing connections (such as SSH).