Jan Moir and the PCC: why its website crashed
A lot is being written about Jan Moir's nasty attack on Stephen Gately, and the supposedly organised internet campaign (quick, shred the memos) that led to the Daily Mail squirming (including removing the adverts from the page).
As a result of her poisonous bile, the Press Complaints Commission (PCC) received 21,000 complaints - more complaints in a single weekend than the regulator has received in total in the past five years.
This would explain why the PCC website ran so slowly on Friday and today. Actually, no it wouldn't. 21,000 isn't that many.
I mean, it's not running off some two-bob hosting arrangement that likely to fall over at the first sign of too much traffic is it? Oh, right it is.
And it's not like it has overlooked simple security measures and is exposing its database on a public-facing server. It is doing that too, you say?
And it's not like it has had all weekend to fix the problem and it's still going on. What? It is?
Warning: the rest of this article is about the PCC's web hosting arrangements. I've tried to make it untechnical though.
How web hosting works
There are two main options:
- You can have your own hosting solution: Costs money.
- Or you can go down the cheap route, and share a server. If you share a server then it's difficult to do much about traffic surges, and every other site on the server gets hit as well if your site gets a traffic spike (and vice versa): Cheaper.
What was the PCC doing?
The PCC site struggled badly on Friday - and still is today, Monday - under the weight of traffic. If you do a reverse DNS check for the PCC, you can see where it's hosted and its IP address: jack.codecircus.co.uk at a host called Rackspace and 18.104.22.168.
So who are Code Circus? Well, they say:
Although Code Circus did not build the Press Complaints Commission website, we were asked to take on the responsibility of managing their suite of sites. Contracted on a monthly basis, we provide ad-hoc technical support services, including HTML development, content management, web application restore and technical audit services.
On Friday, their own website was being redirected to v2.codecircus.co.uk, which was also sitting on jack.codecircus.co.uk - and both this site and the PCC site were showing an identical error:
xyBox1.3.0e - [Fatal Error]:
unable to connect to database host
Details: Can't connect to MySQL server on '127.0.0.1' (4)
This might not mean much to you but it means the 127.0.0.1 bit means that the MySQL database and the website itself appear to be running on the same server.
This is generally a bad idea as if you can hack the public-facing website and access the server, you can also access the backend database (and who knows what is stored there - let's hope the PCC don't keep all the complaint details in there ...).
Someone even more technical than me might like to confirm this ...
If the PCC were sharing a server to save money, we would be able to do a reverse IP lookup on the 22.214.171.124 address and see who else is there. Oh look! If we do, we find all these sites:
2-dk.com, africanpressagency.com, cavgds.co.uk.codecircus.co.uk,cdaperform.co.uk.codecircus.co.uk, danvirgo.com, dimensional-media.com, grantbarnett.com.codecircus.co.uk, reporter.codecircus.co.uk, secure.thetoolman.co.uk, shop.cfauk.org, simonrumley.com.codecircus.co.uk, tmm.codecircus.co.uk, uksip.org.codecircus.co.uk, v2.codecircus.co.uk, www.2-dk.co.uk, www.airsafetyinyourhands.com, www.aquista.com, www.atlas.guernseyci.com, www.atlasgibraltar.com, www.atlasoffshorejobs.com, www.bicha.co.uk, www.bolero.net, www.cavgds.co.uk, www.cdaperform.co.uk, www.cerethouse.com, www.cfauk.org, www.codecircus.co.uk, www.colouring-in.co.uk, www.cut-coms.co.uk, www.emberjd.com, www.estelabravo.com, www.grantbarnett.com, www.jhw.co.uk, www.mymediasafe.co.uk, www.newwavefilms.co.uk, www.omexperts.co.uk, www.onlinemediaexperts.co.uk, www.pcc.org.uk, www.pcc.org.uk.codecircus.co.uk, www.phoebusassociates.co.uk, www.robertcohen.info, www.simonrumley.com, www.stephenaustin.co.uk, www.sun-sea-golf-spain.com, www.theagency.co.uk, www.thebrianjacketletdown.com, www.thecollectivedesign.co.uk, www.uksip.org, www.vistacarespain.co.uk, www.vocalbaobab.co.uk, www.wordswork.co.uk, www2.uksip.org
I tried a few of these on Friday, and they were all struggling as well - database errors or just nothing appearing. I'm not sure what the UK Society of Investment Professionals or the Civil Aviation Authority make of this (actually, I'm not sure what I think of the CAA's airsafetyinyourhands.com having air safety in anyone's hands if this is their hosting arrangement).
The PCC is supposed to deal with complaints about sensitive matters. To cope with this, it should put in place (1) scaleable web hosting (that both the software supplier and hosting partner can achieve) to ensure it can cope with any surge in traffic and (2) security checks to ensure its backend is secure (which include not just checking its own site's security but every other one on the same server).
It appears to have done neither. Which is what I imagine it will do with the 21,000 complaints it has received.