WeatherMaine.com Maintenance Log

** Web Hosting Issue - Web Site Hack? **
5/22/05
WeatherMaine's visitor counter reset again today. Local Internet connection was down for most of yesterday and part of today.
*

** Web Hosting Issue - Web Site Hack? **
8/19/04
WeatherMaine's visitor counter reset again today. Maybe this indicates there is a new hack/exploit out there for IIS?
*

** Rain Collector Maintenance**
8/13/04
Rain collector bucket plugged. This resulted in inaccurate rain raets. The obstruction was cleared and the rain fail was counted all at once, resulting in a rain arte of 72" per hour. This value should be ignored. The rainfall totals for the event were accurate, though.
*

** Web Hosting Issue - Web Site Hack? **
6/9/04
WeatherMaine's visitor counter reset again today. The counter uses a test file and code to increment the counter for the main page. Every time there has been a site hack (see below) the counter has reset to zero. It resets to zero when non-numerical values are found in the counter text file. After this was reset, another zero-day exploit was found. I suspect this happened to Internland again. At least now they have fixed it quickly.
*

** Web Hosting Issue - Web Site Hack **
11/3/03
Malicious footer inserted into the Weather Maine pages again today. The inserted text in the HTML Footer used javascript instead of the iframe. The tags were <script language="text\javascript">{command}</script>. This is at least the second time that Interland has had this new type of malicious insertion into their pages. I cannot believe that this is still an issue.
*

** Web Hosting Issue - Web Site Hack **
10/15/03
Malicious footer inserted into the Weather Maine pages again today. This time, the inserted text in the HTML Footer used javascript instead of the iframe. The tags were <script language="text\javascript">{command}</script>. The {command} was the 'document.write' action followed by a long string of directories. The result of this is that a 'directory/path' string is being interpreted by the browser as javascript. Given the length or the 'URL' referenced by the directory/path string, it likely bypassed the safeguards built after the original attacks. Just speculation, but I'm sure some sort of 'invisible' script was added to the server farms' document footers to remove any 'iframe' or similar references when hacked. The 'length of the directory/path' exploit' is used against FTP servers to create directories that are not 'deleteable' from the windows explorer. I suggest to turn off ActiveX controls in your browser, since they represent a security risk. You should either disable or set to 'prompt' to tell you when they are present. If you go to your won page and it is infected, then you will know by the prompt to run ActiveX controls. This could be a good thing in the long-run, given the Patent restrictions and future of ActiveX and other Internet plug-in technologies.
*

** Web Hosting Issue - Web Site Hack **
9/5/03
Malicious iframe appears to be gone from the site(s)- my ticket was closed last night before midnight. I've implemented an automatic check to notify me when and if this returns. There has been an increase in site latency, but that could be just my Internet connection. I hope that whatever hole there was is now plugged for good.
*

** Web Hosting Issue - Web Site Hack **
9/4/03
The iframe was gone for a while this AM, but re-appeared at 12 Noon EDT. In an email from an Interland Tech., whatever they have has an expiration date of September 10th. I hope it is resolved before that. Seems there's not much you acn do to combat this from a webmaster standpoint. I suppose you could add a open comment tag at the end of the html?: <!---
*

** Web Hosting Issue - Web Site Error **
9/3/03
Site down between 11AM and 12AM EDT. Probable cause is a fix for the recent hacking of Interland. Error is:
Server Configuration Error
The server has encountered a configuration error attempting to process your request. The configuration parameter MD_FOOTER_DOCUMENT (6009) has an invalid value. Please contact the server administrator for assitance.
Site appears to be back up at 12:05PM EDT.
Addenda: Site down again at 1:46PM EDT, 9/3/03.
At 3:20 PM EDT, 9/3/03, Interland posted a notice on their main support page that:

WARNING
(During the event on this date) Just By Visiting any Interland Web Page-
If you do not have these patches installed: MS99-040, MS99-042, or MS01-058, YOU MAY HAVE A VIRUS or WORM
'iframe' virus affecting Interland web hosting!

*

** Web Hosting Issue - Web Host Hack **
9/3/03
Same malicious footer appeared again this AM. Ticket with Interland re-opened. Have posted warning on the main page. Also found out that Interland will be putting some script into place that will attempt to battle the worm. The information available on this suggests that the hacker gained access to Interland's IIS servers by using a previously-unknown exploit. The hacker is using a low-TTL DNS server to move the infecting code's physical location, thus making it harder to shut down the infection location. This is a huge security hole, and anyone running unpatched Windows 98 with IE 5.5 or less should install, update and run Antivirus ASAP, as you are likely infected. Weather Maine apoligizes for this, but it is not in our control. The blame for this event squarely lies on Interland and Microsoft. If you haev been infected, you may contact Weather Maine, and we will pass the information along to Interland, our web host. Please note that it is not just Weather Maine that is affected, but any site hosted on an infected server at Interland; we are talking about several thousand + web sites. I'm sure we'll see a proliferation of these types of hacks over the upcoming months. There is no better time than now to 1) install a hardware firewaal at your Internet POP/connection, 2) install all security/software patches, 3) install a personal firewall, 4) set-up TCP/IP filtering, 5) remove all network shares, and 6) reset/check passwords to make sure that they are adequately complex and not blank! In addition, disabling certain components in Windows and Internet Explorer can also help to give a safer computing environment. There are many on-line references on this topic. Try TruSecure, eEye or Shavlik for some good information and software.
*

** Web Hosting Issue - Web Host Hack **
9/2/03
Same malicious footer appeared again this AM. Another ticket opened up. Interland will hopefully have a more permanent fix this time. The same URL in the exploit was used in the recet spate of attacks. Tech support said that the hack/virus will expire on September 10th.
*

** Web Hosting Issue - Web Host Hack **
8/29/03
Same malicious footer appeared again this AM. Another ticket opened up. Interland will hopefully have a more permanent fix this time. The same URL in the exploit was used in today and yesterday's attacks. Hopefully the exploits attempted are at least released and patched. The hack last month had a file dropping utility with an unknown payload.
Some Interesting reading on the same type of thing:
Link #1: at LabMice.net
*

** Web Hosting Issue - Web Host Hack **
8/28/03
Malicious footer appeared on the site again today - exactly one month since the last time. Ticket opened and footer removed. Footer attempts to use an <iframe> exploit to perform an unknown action.
*

** Weather Maine Harrison, Maine Location **
8/8/03
Internet connection at the Harrison, Maine location is down. The cause is unknown at this time, but chances are its equipment failure of the cable modem. The Harrison location is quite a distance from the cable company, and that modem is probably pushing high dBs -> burn out. Will change out the network adapter and reconfigure to see if that is that cause.
*

** Web Hosting Issue - Web Host Hack**
7/28/03
Interland, Weather Maine's web host, is having issues with a 'patch' or virus that is causing text to be appended to most files. This text appears to be a virus that attempts to exploit the iframe hole in Internet Explorer. Unpatched Internet Emplorer users who access any site at Interland, not just this one, should update their browser and virus definitions. While this site was not impacted due to the way the files are used and hanlded, many other sites on the Internet could be vectors for infection. All of this means that some of the content, like the live weather ticker images, will be unavilable until the engineers at Interland fix the issue.
*

** Weather Maine's WML/XHTML Weather**
7/20/03
WeatherMaine.com now has its data from South Portland, Maine available for access by next-generation phones. XHTML/WAP 2.0 provisioning required to view the weather. Only a few pieces of data are available right now, but more will be added in the coming days.
http://www.weathermaine.com/wml
*

** Weather Maine's Second Site**
7/19/03
WeatherMaine.com's second site is now partially up. You can see this at http://www.weathermaine.com/davis/wxme_harr/index.asp... There are a few issues to work out, but it should be up in time for mid-week. Need to re-establish remote connectivity to unit- Linksys wireless PC card and US Robotics wireless AP not liking each other. Had to use a hard-wired connection temporarily.
*

** Live Weather Image**
7/6/03
Having a few issues with the ASOS weather write for NWS locations/data. Something changed wihout my intervention in the middle of the night last Thursday, and it knocked them off-line. Will try to get them going again real soon. Will move the processing of the weather images locally soon- need to buy a license for ASP Image.
*

** Ticker Update**
6/15/03
ASP Image issues appear to be resolved. Some minor server issues this AM, but tech support dealt with the issue quickly. Regional Conditions Scroll needs an update soon, but other than that, all systems appear to be running AOK.
*

** Weather Station Rain Funnel Maintenance**
6/14/03
Rain rates suspect in last storm. Rain continued to be registered about .01" each hour for the last 10 hours. Went onto roof and discovered a partial obstruction of the bottom opening. Obstruction is now removed and sensor package looks to be in good shape. Nothing other to note about this maintenance except for my dropped camera- at least it was in the case- will have to replace the camera mounting hole, though.

Rain Collector With Obstruction
*

** Weather Ticker Image Write Failure **
6/11/03
Image writing failing partially. Will have update soon.
*

** Weather Maine Routing Issue **
5/31/03
Web site down from maine.rr.com all day. AT&T had a bad router in Georgia that was part of the route from Maine to Interland, Weather Maine's web hosting provider. Sites outside of this particular route could access the site, but since Weather Maine's Internet connection was not routing properly, the live data links were disrupted. Service appears to be back. Interland notified AT&T for me, and Road Runner National Helpdesk never offered... It is hard to believe that neither has Standard Operating Procedure for this type of incident. This routing incident prevented many of the Road Runner customers of Southern Maine from getting any site hosted at Interland. 24 hours and 9 tickets/updates.
*

** WeatherMaine = Weather Maine **
5/24/03
WeatherMaine.com will now use 'Weather Maine' in reference to itself in this site; this is to increase search engine indexing.
*

** WeatherMaine SV25 Back From Factory **
5/21/03
Weather Maine PC (Shuttle SV25) is back from warranty repair. Had bad power supply fan and bad capacitor. Likely result was volatge irregularities, which may be part of why the PC was acting up. Hopefully there is no damage to the internal components of the PC. Have it 'burning-in' currently, and will install soon at another site for an additional live weather feed.
*

** New WeatherMaine PC **
4/24/03
Weather Maine is finally on a new PC. 'New' PC is really oldest Weather Maine server-grade PC (SuperMicro P6DGE) with twin PII 400MHz processors and 327,316 KB RAM. Have new case (and P/S), and got new BIOS chip as well. Drive is kind of old (WD 36200 6.4GB 5400RPM DMA2), but should serve the purpose from now on. Old (SV25 from Shuttle) Weather Maine PC is being sent back for a bad power supply fan. It hopefully should be back soon. Here's a picture of the new Weather Maine PC! It has a clear side window with fan and a blue cold-cathode fluorescent light on the inside. Unit has only HDD installed, which is 'stealthed' in the top-most drive bay to hide it. HDD is 3.5" so a 3.5" to 5" adapter is in use for this install.
Will move weather feed to Davis Instruments' Weather Envoy (FW 1/8/03) soon... Need to set calibration values on both receivers 6150 (Wireless Vantage Console) and 6314 (Envoy) for the switch to make data consistent.

Weather Maine's Weather Server
*

** Interland Web Hosting Resolution **
4/17/03
Web site routing problems appear to be resolved. Packet loss and web site seem to respond more reliably. This {should} be the final note on this issue.
*

*** Interland Web Hosting Issue **
4/13/03
Web site down again today for a short period of time. Issue mid-last week was a bad route or router. A new route from maine.rr.com to weathermaine.com appears to be in place. Site now is responds to pings better and without much in the way of packet loss. Packet loss last week about 5-10%, which is too high. Interland will be monitoring the server to figure out why the web services stop. Have opened up about a ticket a day for the last week. The plan is to build a web-monitoring piece to the VB application that runs weathermaine.com... Tht way, I can be alerted when it is down so I can open a ticket and track how often it is down. Hopefully will not have to switch hosts.
*

** Web Page Sendmail and Guestbook Errors **
4/12/03
Just realized that the permissions to the folder that holds the Guestbook database had its permissions changed by Interland when trying to solve the FTP issues a while back. This happened sometime after March 13th, 2003. This should be all set now, as permissions were updated.
Also fixed an issue with the Web page email functions. Somewhere along the line, relaying for the CDONTS object was restricted more closely. People sending email without a valid from address were having email dropped (not sent) with no notification by the script. Really nothing to trap except to make sure there's a @ and some text in the email. Now have a work-around in place.
*

** WxME Ticker Software Update **
4/11/03
Updated VB weather program to include rain data and heat index when applicable. May drop the Resolution of the live weather GIF in lieu of more data. Haven't decided. Also changed data type in user-defined variables in the VB app's code to allow for "---" in temperature when no connection to the weather station. Error was trapped anyway by app, but should let other errors be seen more easily. Just better that way anyway.
*

** Interland Web Hosting Issue Update **
4/3/03
Web host has determined that McAfee VirusScan on the WWW Server is causing the issue periodically... Since there is no way to exclude the ticker and forecast files from the scanning, the issue may happen from time to time. Will just have to keep an eye on it.
*

** Vantage Pro Firmware Update**
3/24/03
Firmware on Davis Vantage Pro is now at firmware Rev B, Jan 8, 2003. Previous firmware was Rev. B, April 24, 2003. No issues during upload of new firmware.
*

** Interland Web Hosting Issue Update **
3/23/03
Three day time stamp of hosting issue.
Ticket still open. Have reopened ticket three times so far, as the solutions
given to the issue before ticket close not exactly what has transpired.
Should have fix soon, since Interland has escaleted this to a higher level.
*

** Interland Web Hosting Issue **
3/20/03
A process on the web server periodically locks up the file that populates the Regional Conditions scroll. This causes the software at WXME to fail to update the scroll to the most current conditions. This has occurred at various intervals over the last year. Most recent ticket is escalated to a specialized group at Interland. Hopefully this will be resolved soon.
*

** WXMETICK.exe Program Bug Update **
03/08/03
Error handing code expanded to cover the newer modules. Failure of Interner
connection was causing error that would make file read fail and loop, eating
up system resources. Also caused continuous file uploads. File uploads failing due to
ISP issue, so weathermaine.com should be back up for a while now.
*

** ISP Cable Modem Issue RES **
03/07/03
TWCable dispatched today and fixed line to house junction
Outbound signal attenuation causing modems to shut down. TWCable/Road Runner
will be running new line to the house next week.
*

** ISP Cable Modem Connection Issue **
03/06/03
Experiencing intermitant downtime of Internet connection.
Hopefully problem will be fixed soon.
*

** WXMETICK.exe Program Bug **
03/06/03
WeatherMaine.com VB ticker prgram has bug that will not write current forecast ticker correctly if forecast on PUB FTP is corrupt or unavailable. This results any text not in a <table> tag to be aligned at width 133- open table tag in VB program. Also will put in bug check to kill HTTP SEND session to web server when Internet connection unavailable- makes "No Internet handle available" message/error pop and comsume resources.
*

** Serial Port Adapter For UPS**
03/01/03
Serial port adapter received and installed OK. Connection to UPS now staying up 100%. Was using USB to COM adapter, and that doesn't work very well for longer-term use. Will finish the APC UPS functions soon to show power levels and outages on-line for diagnosis of downtime when away.
*