This site’s database failed late at night on Sept. 11th. The admin was on vacation and unfortunately the site was down for a week. It is still unclear whether the database failure was organic or malicious. However, an unauthorized admin account was created listing: jyoti_anju2000@yahoo.com.
Just before the site went down an unresolved IP (that didn’t include Bulgarian, Indian, or Chinese net providers) was:
(unresolved ip) Pages Hits Bandwidth Last visit
217.169.236.12 25 408 4.75 MB 11 Sep 2009 – 03:22
ISP: Defensie Telematica Organisatie
Country: Netherlands
City: Maasland
What is also interesting is the high level of hits received on Sept. 17th while the site was inactive:
89.111.144.26 67 442 9.54 MB 17 Sep 2009 – 13:17
ISP: Garant-Park-Telecom
Organization: Garant-Park-Telecom
Country: Russian Federation
City: Moscow
12.47.208.86 111 369 7.42 MB 17 Sep 2009 – 02:21
ISP: AT&T WorldNet Services
Organization: GOLDMAN SACHS COMPANY
Country: United States
State/Region: NY
City: New York
This marks another record month for Dutch spies visiting GTM. Read all about them here. So was the database crash accidental or intentional?
[Update: 9/20]
After going through months of logs it appears an RSS error caused a recurring failure that eventually overloaded the database. This doesn’t explain the peculiar email address fixed to a new admin account, but it explains the crash.
