So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)

I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.

Fingers crossed it was a one-off.

Yikes. Thanks, Claude!

We appreciate your work and it sucks that someone targeted you. I hope it didn't cause you too much grief.

So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)

I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.

Fingers crossed it was a one-off.

I don't know a ton about web permissions and stuff, but how can a random person delete a database?

We appreciate your work and it sucks that someone targeted you. I hope it didn't cause you too much grief.

Yeah let me second that. And the fact it's ad free is even better. Giving up a ton of money to make the experience great.

So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)

I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.

Fingers crossed it was a one-off.

I don't know a ton about web permissions and stuff, but how can a random person delete a database?

It looks like it was a security hole in Wordpress; the Vanguard Report section was using the same database permissions as the main site. (Bad practice on my part.) Fixed now by being isolated.

So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)

I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.

Fingers crossed it was a one-off.

I've been wondering this, and it looks like now is a good time to ask if ever. Is there any reason why DBO doesn't use the Https protocol at all? I mean, it's not like this place is holding any deep dark nonsense, but I've found it surprising as this site is the only site that I frequent that doesn't have Https anywhere, including logins.

All said, thanks for your due diligence Wu! Hopefully it was indeed a one off.

So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)

I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.

Fingers crossed it was a one-off.

I've been wondering this, and it looks like now is a good time to ask if ever. Is there any reason why DBO doesn't use the Https protocol at all? I mean, it's not like this place is holding any deep dark nonsense, but I've found it surprising as this site is the only site that I frequent that doesn't have Https anywhere, including logins.

All said, thanks for your due diligence Wu! Hopefully it was indeed a one off.

Eh. Money, mostly - or maybe just laziness. (I know. I can buy a decent cert for $10/year. Just never have.)

Dunno about your specific case, since you mentioned WordPress, but these guys theoretically hand out free SSL certificates and are legitimate.

Scared the hell out of me--I thought you meant a home invasion.

But yes, hopefully it was just a one-time thing. If all we had to lose was a few posts, that's relatively good news!

the company that runs our website uses wordpress and I have to appeal google and wipe the databases every month from attacks. luckily our website isn't much more than a business card.

Dunno about your specific case, since you mentioned WordPress, but these guys theoretically hand out free SSL certificates and are legitimate.

Huh. Never heard of them before. Pretty cool. (EFF-based, I guess.)

Installed. :)

I'm seeing https now on the forums!

I find the thought that anyone would attack this fine site so abhorrent I actually spent the first part of your post thinking you were either attacked by dogs, or we went to war with someone. Thanks for getting the site back up and hopefully whoever did the attack never comes back.

- No text -

That thing always seems to have security vulnerabilities.

I didn't even notice until I read this message. Sure enough, we're on https now!

- No text -

- No text -

I'm certainly no developer, but I wonder how much of that perception is actually a prevalence of issues with Wordpress, and how much is just the popularity of the platform?

Probably a combination of the two. Wordpress has security vulnerabilities which then are magnified by their popularity (and that many people don't maintain up-to-date versions).

- No text -

Even if they actually GRABBED a copy of the database before deleting it (no way to tell, actually), passwords are hashed; even if you use the same password here as you've used somewhere else, the salt used to create the hash makes the final product different. It's really,really unlikely the passwords are hackable in any real sense.

- No text -

Yeah, it seems like all CMS are pretty common targets, but IIRC Wordpress also has a problem because of how they originally did their plug in extensibility stuff. Thought they overhauled that, though?

- No text -

- No text -

I've noticed the delay, as well - but it seems to be getting better.

It doesn't have anything to do with the secure connection (I don't think) - check the front page, it's as quick as it's always been. I'm pretty sure it's a side-product of the database deletion; there's a post cache, which was also reloaded... but my guess is something got hosed, so there's a delay in pulling posts from the post table instead of the cache table. As the cache table gets repopulated with VALID entries, the delay is going down.

At least that's what I think is happening. :)

So... to speed things back up I just need to load each and every post? And that'll help out everyone?!

Stand back everyone, nothing here to see
Just imminent danger, in the middle of it, me
Yes, Ragashingo's here, hair blowing in the breeze
And the day needs my saving expertise

:p

- No text -

Haha. I was just making a destiny joke. I had not noticed any specific delay (but I've been on vpn a bunch while traveling so I'm inoculated to lag)

You're telling me all I need to do for a personal visit from the Louis Wu / Claude Errera is click on a bunch of posts? Well then! The only DBOer I've ever met in person is that Beorn guy...

Haha. I was just making a destiny joke. I had not noticed any specific delay (but I've been on vpn a bunch while traveling so I'm inoculated to lag)

Geez. And now look - because of you, Raga's trying to take down the forum!

(There's definitely lag. I'm glad it's not affecting you, but it's definitely present right now, and it's annoying me. ;) )

The only DBOer I've ever met in person is that Beorn guy...

Oh, you poor soul. Everyone knows that Santa clause is better than SpiderMan

Do you know how hard it is to get coffee out of electronics?

Do you know how hard it is to get coffee out of electronics?

My job is done here.

Walks away into the sunset

- No text -