漂移 - 11月的蕭邦 - 周傑倫
— Young W (@cleoold) February 7, 2020
首先祝賀新年快樂，我們真正地來到了 2020 年。話説回來，這一年的開頭實在是不怎麽樣（不是針對我噢）。在中國因爲2019-20新型冠狀病毒疫情的影響，大家的工作和娛樂以至於新年該有的聚會都受到了很嚴重的影響。雖然我身不在疫區，但是我時時刻刻都在主動或者被動地關注著這個事件的進展，我希望情況能馬上好起來。一周之間患者人數從一千達到上萬也是很嚇人的，雖然突然暴增的病例也有可能是之前沒有檢測出來罷了。
周末做了一件愚蠢的事情，在 AWS 面板中的一個選項是所謂的 "Saving plan"，即一次性支付長時間的費用來使用雲主機（相比於按小時計費來説就會“便宜”一些）。我當時沒有注意，我本來是像瀏覽一下詳細信息，結果直接點上了支付。爲什麽呢？我當時使用的是手機瀏覽的網頁，相比於電腦就有可能出現因爲兼容而出現的 oveflow 或者操作不便，我沒有看到支付，就 GG 了。花了 120$ 購買了一個完全用不到的服務，而且面板中完全沒有回退的選項。只好在 support 裡面發送了一個工單（至少對我而言，AWS 的幫助列表裡對於退款的信息几乎沒有），一周後的現在我只得到了 111$，剩下的 9 元就不知道因爲什麽原因不翼而飛了。
在某一天半夜我在用 ssh 到服務器的時候發現在 access log 裡有一些不得了的東西（可能我之前不太注意），有一些不同的 IP 在以 10 秒一次的頻率不斷地對管理員頁面發送 GET 和 POST 請求，簡單地說就是一直在嘗試破解用戶名及密碼。因爲 IP 不一樣，自動的安全機制也都不受影響。太麻煩了，於是用了一些方法進行補救，而且把登陸頁面 URL 給移到一個臉滾鍵盤生成的 URL 裡了。
第三天服務器又因爲突然長時間 CPU 100% 宕機了，我只好先在 Cloudflare 裡暫時給網站加個安全驗證，持續時間一周。不過在日志中並沒有發現太過異常的 traffic，是我最近安裝的插件導致的嗎？我先看著問題是不是復發在做決定吧。如果是因爲服務器太渣跑不動的話我可能也要購買 saving plan 來升級服務器了。
當然登陸頁面歸登陸頁面，和以往發佈過的一篇日志不一樣，這個網站一直都沒有 phpmyadmin，請不要嘗試 404 了。
最近地平綫 4 推出了新的可以玩的車 （AE86），很興奮，於是想要繼續分享一些截圖在這裡。请看下页。
First week in Feb
First happy Lunar New Year! We are really in the year of 2020, which did not have a good start apparently (not only to me). In China, due to the 2019–20 Wuhan coronavirus outbreak, our work, entertainment, even gathering and celebration for the New Year were impacted seriously. Though I am not personally at the epidemic area, I have been actively or passively watching the news of this outbreak. I also hope this ends quickly. It is surprising and severe that the number of patients went from 1k to 10k in one single week, though the suddenly added positives were probably just those who were not tested before.
I did a foolish thing that weekend in the AWS console's 'saving plan' option, which lets you pay once for a longer term for an cloud instance ('cheaper' than being billed hourly). I clicked purchase by accident while I was just looking for information. Why? Because at the time I was browsing the website using mobile phone, which could have compatibility issues that cause text overflow or inconvinience of touching, and then I missed the important keyword and paid. GG and I bought a 120$ service that I would never use in my life. Also I did not find any option to reverse it. So I had to submit a ticket through support centre (Per my findings, there were almost nothing about refund policy in Support). After a week, which is now, I only got 111$ back while I don't know about the rest 9$.
So if you are shopping online, unless they have mobile apps as an option, it is not recommended trying websites related to money on smart phones, or you end up like me.
Second week in Feb
One day when I was ssh-ing to my server I found some wierd yet unignorable things (maybe I did not pay much attention before) that some different IPs were, at a frequency of once per 10s, sending GET followed by POST requests. Or simply they were trying to guess user credentials. As they came from different IPs, the automatic security settings would not be effective. Worried, I used some methods to remedy this, and I replaced the URL for login to somewhere random else.
It was good that this attack (seems to) stopped. But on the midnight of the second day I couldn't connect to the server so I had to restart it.
The third day the server again suddenly had a long time of 100% CPU usage so I was forced to add a human check to the website temproraly (it could last one week). However I did not find many abnormal traffic. I question whether it came from a recent plugin I installed; let me see if the same problem happens again. If that's because my server was too poor, maybe I could buy a saving plan to upgrade it.
Above is for login. But differently from what I used to post before, this website does not, ever, have phpmyadmin. Please do not try it.
Recently Horizon 4 updated with a new playable car (AE86). Excited, so I want to share more screenshots here in addition to the previous post, see next page.