Mount Sutro: An Electronic Periodical

103102022
1811Hours EDT

Whoops

by Archived Article (2001–2014) Help
My apologies to everyone for the technical issue this morning that brought the Forum software to a screeching halt. The MySQL database table that keeps track of session ID's and their corresponding IP addresses was full. To prevent a security breach, the software is designed to then halt all operations in the event the error was caused not by the table being full, but by a hacking attempt. I have corrected the problem and will be looking into preventing a similar incident in the future.

Two Comment Bubbles One Comment

  • David July

    After getting back in this evening, I had an instant message from Chris indicating this error had returned. Sure enough, after enabling the debug mode, I confirmed the same problem that I had corrected only 12 hours prior had returned. I did more research into this issue and discovered it is not uncommon with this software. The combination of recently medium to high non-registered user traffic (coming from other sites and search engines) plus search engine spiders themselves, the table that keeps the session information was getting very full, very quickly.

    I specify non-registered user traffic (which would include the spiders as well) because when you register here, a cookie is stored on your machine that keeps the session information local to you. If cookies are rejected or you are just a guest user, the session information is stored in the database and accessed via the URL.

    To curb this problem, I have implemented the following:
    I installed a code modification so that if the sessions table in the database becomes full, the first 50 entries from the list will automatically be deleted to make room for more. In theory, this should single-handedly prevent this error from every occurring again.

    I installed another code modification which limits the number of sessions an IP address is allowed. This should help keep search engine spiders from tearing up the place as they come through.

    I increased the amount of rows allowable in the sessions database table.

    I edited the amount of time a session is allowed to be open (both cookie and non) to one (1) hour. After that time has elapsed, a user would be forced to login and authenticate again. I do not ever see this being an issue unless you keep this forum on your browser 24/7.

    In conclusion, it is my belief that these code and configuration modifications should prevent this error from occurring again. However, should anyone stop by Mount Sutro and/or the Forum at any time and note an error of any type, please e-mail me immediately!

    Thank you for visiting Mount Sutro!

Closed Comment Bubble Comments Closed

  • Article comments are disabled after ninety days. Alternatively, you can send feedback via email.