lev neiman dot com

Meet Lev Neiman, Staff Software Engineer at Leanplum

Working at Leanplum is an incredible ride of balancing cost, functionality and future foundation at scale.

Check out what I have been up to in my interview:

https://eng.leanplum.com/product-development-spotlight-meet-lev-neiman-senior-software-engineer-at-leanplum-8d2f5c63643d

Crushing race conditions!

New cats!

I finally got my own cats! Checkout Bagheera and Leon!


Bagheera and young LeonI love these two!Looking off into the distance!

Ukranians, WordPress and xmlrpc.php

On this sunny day of February 28, 2016, the year of our Lord, I woke up with a bunch of emails telling me MySQL db on this fine server has been going down a whole number of times.

SSH didn't work, until it did.  At which point I could not execute any command because OS could not fork anything due to the lack of free memory.

Once the top command managed to work I saw that everything was dominated by a big array of apache2 processes, which indicated some sort of DOS attack.

After a nice reboot (and a backup in between, of course!) I took a look at the logs and discovered a whole bunch of accesses like such:


185.93.185.249 - - [28/Feb/2016:21:40:49 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.247 - - [28/Feb/2016:21:41:10 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.249 - - [28/Feb/2016:21:41:35 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.247 - - [28/Feb/2016:21:42:22 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.253 - - [28/Feb/2016:21:42:30 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.253 - - [28/Feb/2016:21:42:36 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.253 - - [28/Feb/2016:21:42:52 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.254 - - [28/Feb/2016:21:42:55 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"
185.93.185.254 - - [28/Feb/2016:21:44:01 +0000] "POST /xmlrpc.php HTTP/1.1" 500 607 "-" "-"

As first order of business, I moved xmlrpc.php somewhere out of sight (who needs it anyway? I can post shit just fine!) then minimized the number of processes apache can spawn and added some golden rules to iptables:


# block ukranians
iptables -I INPUT -m iprange --src-range 185.93.185.1-185.93.185.254 -j DROP

And now you can read this!

Hello World, again

I have gotten fed up with my past provider - JTLNet, and have switched over to DigitalOcean.com

Not only is JTLNet slow as shit, but they kept restarting my instance for mysterious reasons, and always bullshitted me on the support tickets while never fixing the problem.

On the other hand, Digital Ocean is excellent so far, and for over 2x less the price of JTLNet. Highly recommended for anyone looking for a simple VPS.

Hello World!

This is the first post of my new webpage/blog.   I will proceed to post regularly (hopefully) about various stuff like my opinions (they are the only ones that don't stink), my programs and my cat Rijik.

Hopefully this will turn out better than the last attempt.