Whee doggies. :( (Destiny)
by Claude Errera 
, Sunday, June 25, 2017, 12:09 (2518 days ago)
So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)
I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.
Fingers crossed it was a one-off.
Whee doggies. :(
Yikes. Thanks, Claude!
Thanks for keeping the site up and running
We appreciate your work and it sucks that someone targeted you. I hope it didn't cause you too much grief.
Thanks for keeping the site up and running
by Cody Miller , Music of the Spheres - Never Forgot, Sunday, June 25, 2017, 15:23 (2518 days ago) @ Robot Chickens
We appreciate your work and it sucks that someone targeted you. I hope it didn't cause you too much grief.
Yeah let me second that. And the fact it's ad free is even better. Giving up a ton of money to make the experience great.
Whee doggies. :(
by Cody Miller , Music of the Spheres - Never Forgot, Sunday, June 25, 2017, 15:22 (2518 days ago) @ Claude Errera
So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)
I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.
Fingers crossed it was a one-off.
I don't know a ton about web permissions and stuff, but how can a random person delete a database?
Whee doggies. :(
by Claude Errera , Sunday, June 25, 2017, 16:00 (2518 days ago) @ Cody Miller
So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)
I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.
Fingers crossed it was a one-off.
I don't know a ton about web permissions and stuff, but how can a random person delete a database?
It looks like it was a security hole in Wordpress; the Vanguard Report section was using the same database permissions as the main site. (Bad practice on my part.) Fixed now by being isolated.
Whee doggies. :(
by ObsidianKitteh , san antonio, tx, Sunday, June 25, 2017, 21:58 (2518 days ago) @ Claude Errera
the company that runs our website uses wordpress and I have to appeal google and wipe the databases every month from attacks. luckily our website isn't much more than a business card.
Wordpress :(
by Blackt1g3r , Login is from an untrusted domain in MN, Monday, June 26, 2017, 10:11 (2517 days ago) @ Claude Errera
That thing always seems to have security vulnerabilities.
Wordpress :(
by stabbim , Des Moines, IA, USA, Monday, June 26, 2017, 11:15 (2517 days ago) @ Blackt1g3r
I'm certainly no developer, but I wonder how much of that perception is actually a prevalence of issues with Wordpress, and how much is just the popularity of the platform?
Wordpress :(
by Blackt1g3r , Login is from an untrusted domain in MN, Monday, June 26, 2017, 11:27 (2517 days ago) @ stabbim
Probably a combination of the two. Wordpress has security vulnerabilities which then are magnified by their popularity (and that many people don't maintain up-to-date versions).
Yeah, it seems like all CMS are pretty common targets, but IIRC Wordpress also has a problem because of how they originally did their plug in extensibility stuff. Thought they overhauled that, though?
On that note.
So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)
I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.
Fingers crossed it was a one-off.
I've been wondering this, and it looks like now is a good time to ask if ever. Is there any reason why DBO doesn't use the Https protocol at all? I mean, it's not like this place is holding any deep dark nonsense, but I've found it surprising as this site is the only site that I frequent that doesn't have Https anywhere, including logins.
All said, thanks for your due diligence Wu! Hopefully it was indeed a one off.
On that note.
by Claude Errera , Sunday, June 25, 2017, 17:08 (2518 days ago) @ INSANEdrive
So it looks like we got attacked this morning. I don't know why. (I haven't pissed anyone off recently, that i know of.)
I've restored things from a backup made last night - but if you posted this morning, any time between about midnight and 10am, Pacific, your post is gone. Sorry.
Fingers crossed it was a one-off.
I've been wondering this, and it looks like now is a good time to ask if ever. Is there any reason why DBO doesn't use the Https protocol at all? I mean, it's not like this place is holding any deep dark nonsense, but I've found it surprising as this site is the only site that I frequent that doesn't have Https anywhere, including logins.All said, thanks for your due diligence Wu! Hopefully it was indeed a one off.
Eh. Money, mostly - or maybe just laziness. (I know. I can buy a decent cert for $10/year. Just never have.)
On that note.
by ZackDark , Not behind you. NO! Don't look., Sunday, June 25, 2017, 18:05 (2518 days ago) @ Claude Errera
Dunno about your specific case, since you mentioned WordPress, but these guys theoretically hand out free SSL certificates and are legitimate.
On that note.
by Claude Errera , Sunday, June 25, 2017, 22:34 (2517 days ago) @ ZackDark
Dunno about your specific case, since you mentioned WordPress, but these guys theoretically hand out free SSL certificates and are legitimate.
Huh. Never heard of them before. Pretty cool. (EFF-based, I guess.)
Installed. :)
I can verify
I'm seeing https now on the forums!
Now we have to wait for our ghost to decrypt each visit?
by Vortech , A Fourth Wheel, Tuesday, June 27, 2017, 10:03 (2516 days ago) @ Kahzgul
- No text -
Now we have to wait for our ghost to decrypt each visit?
by Claude Errera , Tuesday, June 27, 2017, 11:25 (2516 days ago) @ Vortech
I've noticed the delay, as well - but it seems to be getting better.
It doesn't have anything to do with the secure connection (I don't think) - check the front page, it's as quick as it's always been. I'm pretty sure it's a side-product of the database deletion; there's a post cache, which was also reloaded... but my guess is something got hosed, so there's a delay in pulling posts from the post table instead of the cache table. As the cache table gets repopulated with VALID entries, the delay is going down.
At least that's what I think is happening. :)
Now we have to wait for our ghost to decrypt each visit?
by Ragashingo 
, Official DBO Cryptarch, Tuesday, June 27, 2017, 14:18 (2516 days ago) @ Claude Errera
So... to speed things back up I just need to load each and every post? And that'll help out everyone?!
Stand back everyone, nothing here to see
Just imminent danger, in the middle of it, me
Yes, Ragashingo's here, hair blowing in the breeze
And the day needs my saving expertise
:p
Don't make me come over there.
by Claude Errera , Tuesday, June 27, 2017, 14:25 (2516 days ago) @ Ragashingo
- No text -
*Click* *Click* *Click* *Click* *Click* *Click* *Click*
by Ragashingo , Official DBO Cryptarch, Tuesday, June 27, 2017, 15:30 (2516 days ago) @ Claude Errera
You're telling me all I need to do for a personal visit from the Louis Wu / Claude Errera is click on a bunch of posts? Well then! The only DBOer I've ever met in person is that Beorn guy...
*Click* *Click* *Click* *Click* *Click* *Click* *Click*
by MacAddictXIV , Seattle WA, Wednesday, June 28, 2017, 07:42 (2515 days ago) @ Ragashingo
The only DBOer I've ever met in person is that Beorn guy...
Oh, you poor soul. Everyone knows that Santa clause is better than SpiderMan
Dammit!
by Claude Errera , Wednesday, June 28, 2017, 09:00 (2515 days ago) @ MacAddictXIV
Do you know how hard it is to get coffee out of electronics?
Dammit!
by MacAddictXIV , Seattle WA, Wednesday, June 28, 2017, 09:07 (2515 days ago) @ Claude Errera
Do you know how hard it is to get coffee out of electronics?
My job is done here.
Walks away into the sunset
/facepalm
by Beorn , <End of Failed Timeline>, Wednesday, June 28, 2017, 09:47 (2515 days ago) @ MacAddictXIV
- No text -
Now we have to wait for our ghost to decrypt each visit?
by Vortech , A Fourth Wheel, Tuesday, June 27, 2017, 15:26 (2516 days ago) @ Claude Errera
Haha. I was just making a destiny joke. I had not noticed any specific delay (but I've been on vpn a bunch while traveling so I'm inoculated to lag)
Now we have to wait for our ghost to decrypt each visit?
by Claude Errera , Tuesday, June 27, 2017, 15:39 (2516 days ago) @ Vortech
Haha. I was just making a destiny joke. I had not noticed any specific delay (but I've been on vpn a bunch while traveling so I'm inoculated to lag)
Geez. And now look - because of you, Raga's trying to take down the forum!
(There's definitely lag. I'm glad it's not affecting you, but it's definitely present right now, and it's annoying me. ;) )
- No text -
On that note.
by Blackt1g3r , Login is from an untrusted domain in MN, Monday, June 26, 2017, 10:12 (2517 days ago) @ Claude Errera
I didn't even notice until I read this message. Sure enough, we're on https now!
:)
by ZackDark , Not behind you. NO! Don't look., Monday, June 26, 2017, 10:51 (2517 days ago) @ Claude Errera
- No text -
You spoil us Wu!
- No text -
Whee doggies. :(
by Morpheus , High Charity, Sunday, June 25, 2017, 19:35 (2518 days ago) @ Claude Errera
Scared the hell out of me--I thought you meant a home invasion.
But yes, hopefully it was just a one-time thing. If all we had to lose was a few posts, that's relatively good news!
Whee doggies. :(
I find the thought that anyone would attack this fine site so abhorrent I actually spent the first part of your post thinking you were either attacked by dogs, or we went to war with someone. Thanks for getting the site back up and hopefully whoever did the attack never comes back.
Do we need to be concerned about our account info?
- No text -
Nope, not really.
by Claude Errera , Monday, June 26, 2017, 18:18 (2517 days ago) @ DEEP_NNN
Even if they actually GRABBED a copy of the database before deleting it (no way to tell, actually), passwords are hashed; even if you use the same password here as you've used somewhere else, the salt used to create the hash makes the final product different. It's really,really unlikely the passwords are hackable in any real sense.
Changed it anyway. Never hurts.
by Vortech , A Fourth Wheel, Tuesday, June 27, 2017, 10:18 (2516 days ago) @ Claude Errera
- No text -