| Pages:
1
2
3 |
pantone159
National Hazard
Posts: 590
Registered: 27-6-2006
Location: Austin, TX, USA
Member Is Offline
Mood: desperate for shade
|
|
Three cheers for Polverone!
For all the work he had to do to recover from this annoying hack, so we can have our forum back. 
I did notice one thing that might not be right - I had a U2U message that seemed to relate to a post of mine that had been reported to a mod - but the
report was actually MADE by me, not a post of mine. That just showed up now, although the post was older. Not an issue unless it points to other
problems.
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Is it really a settled issue as to whether this attack was specifically against SMDB? If I understoof what Polverone wrote, the hackers took down the
entire host server and screwed with a lot of people's sites not just this one.
The hack replacement for the splash page certainly appeared to be a generic sort of merry-prankster hacker thing of an adolescent variety, and there
was nothing to indicate any connection to any former member (like the two recognized trolls I know of) who might otherwise be prime suspects.
Polverone also indicated that the hackers showed no interest in the forum or its database. That does not sound to me like the behavior of a malicious
former member out for revenge.
|
|
|
YT2095
International Hazard
Posts: 1091
Registered: 31-5-2003
Location: Just left of Europe and down a bit.
Member Is Offline
Mood: within Nominal Parameters
|
|
| Quote: | Originally posted by pantone159
I did notice one thing that might not be right - I had a U2U message that seemed to relate to a post of mine that had been reported to a mod - but the
report was actually MADE by me, not a post of mine. That just showed up now, although the post was older. Not an issue unless it points to other
problems. |
Ditto, I had 18 new U2U`s all with posts I`de reported (mostly that Spam Fest we had a week or 2 back).
but the whole U2U system looks a bit different too, so it`s probably a New system that gives you a recipt of your report, and as soon as it was
implemented, they all came flooding in.
that would be My Guess anyway.
\"In a world full of wonders mankind has managed to invent boredom\" - Death
Twinkies don\'t have a shelf life. They have a half-life! -Caine (a friend of mine)
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
| Quote: | Originally posted by Sauron
Is it really a settled issue as to whether this attack was specifically against SMDB? If I understoof what Polverone wrote, the hackers took down the
entire host server and screwed with a lot of people's sites not just this one.
The hack replacement for the splash page certainly appeared to be a generic sort of merry-prankster hacker thing of an adolescent variety, and there
was nothing to indicate any connection to any former member (like the two recognized trolls I know of) who might otherwise be prime suspects.
Polverone also indicated that the hackers showed no interest in the forum or its database. That does not sound to me like the behavior of a malicious
former member out for revenge. |
Actually, I was told that this issue was confined to my site when I reported it to Micfo. I thought it might have affected multiple users since there
was an incident that affected multiple Micfo users as recently as January, but the representative told me that the flaws used then have been patched
and that my site was the only one affected. I hope they're right.
I imagine this site was specifically targeted, but only in the sense that someone went out looking for people running software with known holes in it
and then exploited those holes.
PGP Key and corresponding e-mail address
|
|
|
Magpie
lab constructor
Posts: 5939
Registered: 1-11-2003
Location: USA
Member Is Offline
Mood: Chemistry: the subtle science.
|
|
Praise be to Polverone for such dedication to bring the forum back on line as rapidly as possible!  I was thinking that if it was not back soon I would be needing psychotherapy.
The single most important condition for a successful synthesis is good mixing - Nicodem
|
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
The old smilies are back ! Yiiippeeeeeee!!!!
The newer smilies looked sooooooo , I hate to use the
word ....Detestably Dorky  ...
But these are classic beauties by comparison
much easier to live with .
The U2U window *display width* should be set to the same display width as the index page width and thread display page page width which are just
perfect for easy reading and vertical scrolling . The U2U display window is a bit wide and the vertical scrolling bar is hidden on the right margin
for a machine set at 800 by 600 with a right hand vertical toolbar , like is the configuration a lot of us older folks run .
Hmmm.....one of the problems with the older forum software was allowing images to be posted that were
too wide for the page and messed up the page formatting on some threads . Did the new version
have any image filtering capability for administrator option
to limit the pixel dimensions for image file attachments ?
Setting that function if it's available could block problems
ever being posted by folks who won't edit their posted
images to something sane like 600 - 650 pixels .
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Ah. So it was a function of the forum software being exploitable, and the content didn't matter to the hackers one iota?
That should cool off the conspiracy theorists who laid this at the door of Big Brother, supposedly spanking us for talking about tetrazoles.
|
|
|
Ozone
International Hazard
Posts: 1269
Registered: 28-7-2005
Location: Good Olde USA
Member Is Offline
Mood: Integrated
|
|
Good to see everyone again!
I've been watching this since the splash went up (it kind of reminded me of the old school FBR crack headers for old C64 games--albeit with better
graphics).
I too am suspicious of certain recent events possibly being tied to this, but there was finally some reference made to a widespread attack presented
by the "news". They did not mention this server specifically, but it looks like it coexisted with a scheduled attack made by the US agency dealing
with these matters--a sort of "drill".
It makes me wonder if this was not a casualty of a drill related to cyber-warfare initiatives.
I'ts probably nothing, but the timing is a bit coincidental.
Give Polverone extreme props for getting us back on line! The level of dedication and personal involvment is mind boggling and an inspiration, in this
day and age.
Glad to be back,
O3
-Anyone who never made a mistake never tried anything new.
--Albert Einstein
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Cyber-warfare sounds like a crock to me. My old pal Chuck deCaro has been writing and lecturing on infowar for many years but never made a believer
out of me. As far as I'm concerned it's a geeky extension of the Leaflets & Louspeakers Brigade (psyops) and they never amounted to anything,
anywhere, anytime.
Communist China might want to have the means to do this sort of thing. They fear the Internet. The US need not fear the Internet, the US government
created it in the first place. Anyway if this administration was going to hack anything they'd be hacking porn sites not forums like this, because
frankly we are not a concern to anybody.
Only the troll thinks we are jihadis. And he obviously is off his rocker.
|
|
|
Ozone
International Hazard
Posts: 1269
Registered: 28-7-2005
Location: Good Olde USA
Member Is Offline
Mood: Integrated
|
|
That was the particular thing I speaking of, but I didn't know if mention might cause more problems. On the other topic, why is there someone now paid
a *lot* to head up national cyber security in the US (they unveiled him this evening)? Apparently his agency coordinated a large internet "drill" to
test security (it apparently did well).
I do not think that they took us out (if they did, it was simply collateral internet shockwave); I do not believe that they would have left the
splash. I think that an agency at that level would have much more concern over content, and since content was not compromised, I assume that the
attack was perpetrated by some lesser agency (unless it was decided that it would be more interesting to watch us; I think were interesting ).
Oh yes, I remember when *good* internet content was free (the good old days ).
Anyhoo, glad to see you again,
O3
-Anyone who never made a mistake never tried anything new.
--Albert Einstein
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Obviously cyber means a lot more than the Internet. The government has legitimate security concerns over its own sensitive computer facilities and
networks, generally these do not interface with the Internet at all. Someone might hack CIA's public-relations website but that won't get them inside.
Likewise, legitimate concerns exist over infrastructure and corporate/institutional networks. There, an enemy might do economic damage to us, and vice
versa.
However, in the more usual sense of cyber warfare regarding the Internet, it's a joke.
The last cyber security czar at the WH level is now security chief for eBay. I think he has reached his level of incompetence, and the govt couldn't
have been paying him so much if they were outbid by those idiots.
|
|
|
Ozone
International Hazard
Posts: 1269
Registered: 28-7-2005
Location: Good Olde USA
Member Is Offline
Mood: Integrated
|
|
Too true!
We will have to see, they were parading him about with some fanfair.
Cheers,
O3
-Anyone who never made a mistake never tried anything new.
--Albert Einstein
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Sort of the way LBJ used to parade his surgical scar.
The WH is in damage control mode after Scooter's conviction and trying to convince the natiuon that they are Serious Officials Just Doing Their Jobs.
(It's a tenet of criminal justice that obstruction and perjury are charges that are only brought when you can't nail the target on anything
substantive.)
|
|
|
polymer
Harmless
Posts: 36
Registered: 9-12-2006
Location: in deep space
Member Is Offline
Mood: unsteady
|
|
Thanks Polverone
This has been the month of PHP bugs. You might want to consider installing the latest PHP update to the server.
E/m*c^2
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
| Quote: | Originally posted by polymer
Thanks Polverone
This has been the month of PHP bugs. You might want to consider installing the latest PHP update to the server. |
I'm on a shared machine. I don't have control over which version of PHP is installed.
PGP Key and corresponding e-mail address
|
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
Its almost all back to normal Nice dedication to getting it all back up
Polverone!
Only 2 diiferences I see, location of hyperlinks on first page, and colour of the 'whose online' list.
(And thank you so much for changing the smilies)
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
The hyperlink location on the front page was deliberately changed because I realized that the text was too hard to read. The front page really needs a
redesign. The changed "who's online" list comes with the XMB upgrade (actually, I don't remember it looking any different from how it does now).
PGP Key and corresponding e-mail address
|
|
|
Rosco Bodine
Banned
Posts: 6370
Registered: 29-9-2004
Member Is Offline
Mood: analytical
|
|
| Quote: | Originally posted by Polverone
The hyperlink location on the front page was deliberately changed because I realized that the text was too hard to read. The front page really needs a
redesign. The changed "who's online" list comes with the XMB upgrade (actually, I don't remember it looking any different from how it does now).
|
Yeah the font is different for the member names shown in
" who's online " .
Also I noticed in the size designation for attached files ,
the abbreviation has changed to " KiB " , from the " KB " that it used to be . Never seen the " KiB " abbreviation before , so it looked strangely
kiddified immediately ,
thought it might be unnoticed residue from the hack .
http://en.wikipedia.org/wiki/Binary_prefix
Somebody , msp2 , posted that it is a new naming convention being implemented so it must have been included with the upgrade . That post then got
deleted ....
hey don't worry about it ,
I have a duh moment occasionally
and keep on going
And daylight savings time is 3 weeks early arriving this year
also .
Convention changes ......don't you just love 'em
[Edited on 11-3-2007 by Rosco Bodine]
|
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
Apparently the site is not back up for all. In an off board communication with woelen he says he is getting the following error messages.
"Accessing sciencemadness is very weird. I now see that I can access it, but only with firefox. I have two PC's on different networks from which I
access sciencemadness, and on both of them I simply can't get it to work again. From the new PC, with Ubuntu Linux and Firefox, it works now. So, I
need to do some more homework, to get it working on Windows again. It's not a cache problem, I refreshed the site completely, but the problem
persists, I obtain the following page:
Warning: main(./lang/English~.lang.php) [function.main]: failed to open stream: No such file or directory in
/home/sciencem/public_html/talk/header.php on line 409
Warning: main(./lang/English~.lang.php) [function.main]: failed to open stream: No such file or directory in
/home/sciencem/public_html/talk/header.php on line 409
Fatal error: main() [function.require]: Failed opening required './lang/English~.lang.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in
/home/sciencem/public_html/talk/header.php on line 409
"
EDIT: more
"I still have severe problems with sciencemadness. Whatever PC I use, I can access sciencemadness and read the forums as guest, but as soon as I login
as 'woelen', I get the error page, I mailed you before. I already tried with a newly installed PC, and with my other PC's, on which the cache was
cleared. Is there something wrong with the 'woelen' account on sciencemadness?
So, I can read now, but posting with the 'woelen' account still is not possible. Any idea what I can do about this?"
[Edited on 12-3-2007 by The_Davster]
|
|
|
Eclectic
National Hazard
Posts: 899
Registered: 14-11-2004
Member Is Offline
Mood: Obsessive
|
|
Are the posting dates recoverable? There no longer seems to be any way to tell how old a thread is, or if a reply is to a question asked in the
distant past...
|
|
|
testwoelen
Unregistered
Posts: N/A
Registered: N/A
Member Is Offline
|
|
This is woelen, with a test account. I can register with a new account, and post, but my real 'woelen' account seems to be broken. As soon as I log
in, I get the error messages, posted by The Davster a few posts above.
The username/password combination is OK, but after I am logged in, the problems appear. If I login with the wrong password, then I simply get a
message that I did not enter a correct username/password combination, as expected. So, the error messages only happen, when I am really logged in with
the 'woelen' account.
The problem exists on Internet Explorer and Firefox (both on Linux and Windows, also on freshly installed OS), so I really think it is a server-side
problem.
I really hope that I can get back my 'woelen' account again
[Edited on 13-3-2007 by testwoelen]
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Woelen, I am going to change your password so I can log into your account, to see if it behaves differently for me too. Do not be alarmed that the
password has changed. I will email the new password to you after I have tested.
PGP Key and corresponding e-mail address
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
Woelen, I have fixed your account. The problem was that you were using a copy of the English language file, "English~", that should not have been a
language option; its availability was accidental and it was removed when I upgraded the board. I had to temporarily recreate this file, set your
account to use the correct English file, then delete the bad file. The password I set on your account has been emailed to you.
PGP Key and corresponding e-mail address
|
|
|
woelen
Super Administrator
Posts: 8012
Registered: 20-8-2005
Location: Netherlands
Member Is Offline
Mood: interested
|
|
Polverone, many thanks for your quick action. I'm really happy being able to use my own account again .
You may remove the 'testwoelen' account.
[Edited on 14-3-07 by woelen]
|
|
|
JohnWW
International Hazard
Posts: 2849
Registered: 27-7-2004
Location: New Zealand
Member Is Offline
Mood: No Mood
|
|
It looks as though http://www.roguesci.org/theforum has been hacked again. They have now been offline for 3 days, supposedly due to "SQL problems", and promising to
be back online soon.
|
|
|
| Pages:
1
2
3 |
![[*]](images/xpblue/default_icon.gif){kind=icon}
