PDA

View Full Version : Apologies for last few days of broken-ness



Franck
14th-February-2012, 02:43 PM
Hi everyone,

I wanted to apologise for the awful forum performance over the last few days.

A combination of a Trojan hack on the server and issues with the backup / re-install has meant that the forum was slow, unpredictable and plain frustrating.

I think most of the issues have now been resolved, but do let me know if you notice anything weird still.

In the meantime, I hope we can continue some of the interesting discussions started recently, and add new ones to keep us informed, entertained and a strong community of dancers.

Franck.

djtrev
14th-February-2012, 03:57 PM
A combination of a Trojan hack on the server and issues with the backup / re-install has meant that the forum was slow, unpredictable and plain frustrating.

.

It still is for me.

Franck
14th-February-2012, 04:06 PM
It still is for me.Is the forum slow for you, or just unpredictable and broken?
I'm happy to continue troubleshooting, so let me know symptoms you encounter.

djtrev
14th-February-2012, 04:13 PM
I am finding it both slow and predictable to log on and also access unread posts

straycat
14th-February-2012, 05:29 PM
I was trying to say that it all seems fine to me... but posting this comment has not been trouble-free.

Franck
14th-February-2012, 05:37 PM
I was trying to say that it all seems fine to me... but posting this comment has not been trouble-free.Thanks, I noticed that myself when replying earlier.

Back to the drawing board :(

straycat
14th-February-2012, 05:43 PM
To expand on the previous post - it seems fairly fast most of the time, with occasional serious slow-downs (they could be from my end though)

When posting the last post, however, I clicked on 'Post Quick Reply', and got an unexpected dialog asking me if I wanted to leave the page, warning of unsaved data. I opted to stay put, then tried again with the same result. Opted to leave the page, and it appeared to do the post, but the post came up blank. I had to edit the post to put something into it. About to find out if this one has the same problem.

[EDIT] Yep - very similar problem (it also tried to post the thing twice) - and it's taken it over five minutes to get to the point I can edit the post.

straycat
14th-February-2012, 05:51 PM
Thanks, I noticed that myself when replying earlier.

Back to the drawing board :(

Sorry :(

[EDIT] On the plus side, the speed seems to have improved...

Franck
14th-February-2012, 05:55 PM
Sorry :(

[EDIT] On the plus side, the speed seems to have improved...No worries :) I quite like tinkering anyway!

djtrev
14th-February-2012, 06:05 PM
+1 to what Straycat said

DJ Mike
14th-February-2012, 07:19 PM
Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?

straycat
14th-February-2012, 08:54 PM
But you've surely not been using the same password on here as you do anywhere else?
(hint - the answer should be 'no')

Seriously though - I'd be astonished if the forum software didn't implement their password security properly, so you shouldn't have to worry. Although you might want to change that password on any systems that matter.

Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?

djtrev
14th-February-2012, 09:06 PM
AS you can see its definately not working for me

Franck
14th-February-2012, 09:52 PM
Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?
I don't believe any password was compromised. The server reported a potential trojan attack, and I dealt with it immediately, asking the server tech people to re-install the server software to be sure security wasn't compromised.

As Straycat pointed out, vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security. If anything, I believe hackers were trying to get control of the server to use it as a spam engine or something similar.

It is also good advice to use different passwords for different websites, especially trivial login details such as discussion fora.

cederic
15th-February-2012, 12:32 AM
vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security.

Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.

In simple terms, change your password on any sites that have the same username/password combo as this one. As Franck and Straycat have suggested, re-using passwords is inherently insecure.

I would be surprised though if anything were compromised - passwords tend to be leaked to people specifically targeting a site, and I don't think Ceroc's competitors are that desparate :)

cederic
15th-February-2012, 12:34 AM
(this post a victim of ongoing forum issues) ;)

Franck
15th-February-2012, 01:17 AM
Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.

In simple terms, change your password on any sites that have the same username/password combo as this one. As Franck and Straycat have suggested, re-using passwords is inherently insecure.

I would be surprised though if anything were compromised - passwords tend to be leaked to people specifically targeting a site, and I don't think Ceroc's competitors are that desparate :)Well, yes, properly encrypted for the security level expected of a dance forum :nice:
The server failure was more due to my attempts at protecting the server than from the hack itself. The IP address showed that somewhere in Jordan, someone was fishing for servers to hack, presumably to use for spam or for bragging rights.

In any event the server passwords were immediately changed and the server software was re-installed.

Franck
15th-February-2012, 01:36 AM
I think I have fixed the posting issue, so let me know if you're still experiencing glitches when replying to threads or browsing the forum...

Franck
15th-February-2012, 01:39 AM
Trying to post from Forum Runner on my iPad now.
Great way to keep up with the forum if you have an iPhone, iPad, android device, etc.

straycat
15th-February-2012, 11:19 AM
Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.

See what you mean - I've just been doing a bit of searching, and I'm a little surprised that vBulletin doesn't have better password hashing. Although I presume the salt is randomly generated on a per-password basis (am I wrong about this? It would seem pointless to do it any other way)

A little more searching suggests that it uses longer salts, and that they are properly generated (different for each password) although that's likely a config option.

DJ Mike
15th-February-2012, 03:15 PM
I don't believe any password was compromised. The server reported a potential trojan attack, and I dealt with it immediately, asking the server tech people to re-install the server software to be sure security wasn't compromised.

As Straycat pointed out, vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security. If anything, I believe hackers were trying to get control of the server to use it as a spam engine or something similar.
It has nothing to do with stored passwords and everything to do with intercepting passwords as they are entered - if you'd had a trojan which was stealing username/password entry and siphoning it off to some third party website, that's a serious problem. Doesn't matter if your database stores passwords encrypted - if you have a keylogger trojan, that really isn't going to matter.

And no, I don't use the password I use here for any other login of value, because I consider VBulletin along with every other major forum system to be an incredibly high security risk, regardless of any "security PR" they care to pump out to the contrary.

Franck
15th-February-2012, 05:39 PM
It has nothing to do with stored passwords and everything to do with intercepting passwords as they are entered - if you'd had a trojan which was stealing username/password entry and siphoning it off to some third party website, that's a serious problem. Doesn't matter if your database stores passwords encrypted - if you have a keylogger trojan, that really isn't going to matter.Fair enough, but as I said, I don't believe the attempt was successful. All servers get regular attempts at breach, and I have security on the server set pretty high. I get notification of all unusual activity and immediately ban ip addresses that are guilty of such.
In this case, I got notification of potential breach, and I immediately changed the server password and notified the hosts, so they could investigate. They couldn't find anything, but, to be on the safe side, I asked them to re-install the server software to avoid any security compromise.

djtrev
21st-February-2012, 02:51 PM
Is anybody else still having difficulties logging on or reliability issues.It has been very poor for me this morning

DJ Mike
21st-February-2012, 04:55 PM
Is anybody else still having difficulties logging on or reliability issues.It has been very poor for me this morning
It seems to slow down quite a bit for me at times - the front page loads just fine, but when I try to look at a thread or search for unread posts, it sometimes takes quite a long time for the site to respond.

DavidY
21st-February-2012, 10:53 PM
It seems to slow down quite a bit for me at times - the front page loads just fine, but when I try to look at a thread or search for unread posts, it sometimes takes quite a long time for the site to respond.I find it's just variable. Sometimes the first page is fine, sometimes it isn't. Depending on what you're trying to do, a retry sometimes feels quicker than waiting for your original request to load.

DavidY
21st-February-2012, 11:34 PM
When posting the last post, however, I clicked on 'Post Quick Reply', and got an unexpected dialog asking me if I wanted to leave the page, warning of unsaved data. I opted to stay put, then tried again with the same result. Opted to leave the page, and it appeared to do the post, but the post came up blank.I just had this very scenario, except the post came up for me, after a really long delay. The other issue was the post came up twice. While waiting to see if the post would appear, I tried to do a Forum search in another broswer tab and both tabs seemed to hang, but both came back to life at the same time.

David Bailey
22nd-February-2012, 11:23 AM
It's still slow for me too :sad:

djtrev
22nd-February-2012, 01:05 PM
Log on is very slow.Hope it has nothing to do with the problem that DJ Mike referred to.

djtrev
22nd-February-2012, 09:51 PM
Franck.I think I got to the point of uploading some pictures but when I tried to process them I got an HTTP 500 error.

wongd
23rd-February-2012, 12:23 AM
I am getting a blank page when I view http://forum.cerocscotland.com/showthread.php?33-New-favs-latest-releases-discoveries

Gus
5th-March-2012, 08:21 PM
Hmmm ... I'm having problems trying to logon through my mobile. The software keeps on directing me to the App Store to buy their app .... which I don't want to do. when I cancel out of that recurring loop it kindly refuses me to log-on. Do you need to have their app now to log on through a mobile?

Tiggerbabe
6th-March-2012, 11:42 AM
I'm pretty sure the app is free and I must admit, I seldom log on to the forum using Safari, when I'm using my phone, but I still can do it.

I actually really like Forum Runner and it's very easy to use.

wongd
6th-March-2012, 08:22 PM
On android, it redirects you to the paid version of forum runner. You have to exit that and search the apps store for the free version of forum runner. For android it is https://play.google.com/store/apps/details?id=net.endoftime.android.forumrunner.free

DavidY
15th-March-2012, 09:32 AM
The Forum seems strangely reluctant to show me page 3 of the desktop/ laptop thread.

http://forum.cerocscotland.com/showthread.php?20690-New-computer-desktop-PC-laptop-or-Mac/page3

Clicking on the "Last" link or the "3" link (for page 3) take me to the URL above (which says page3) but I get the top of page 2. I can see there's a post from Franck by going to the "Show Printable Version" option but the normal option won't work. I'm using an oldish version of Firefox and a fully patched IE8, and they both have the same problem...

Franck
15th-March-2012, 12:43 PM
The Forum seems strangely reluctant to show me page 3 of the desktop/ laptop thread.

http://forum.cerocscotland.com/showthread.php?20690-New-computer-desktop-PC-laptop-or-Mac/page3

Clicking on the "Last" link or the "3" link (for page 3) take me to the URL above (which says page3) but I get the top of page 2. I can see there's a post from Franck by going to the "Show Printable Version" option but the normal option won't work. I'm using an oldish version of Firefox and a fully patched IE8, and they both have the same problem...
Yes, I had the same problem last night after posting... Philsmove appears to have fixed it with his post, so all is good now and you can read page 3 :wink:

I'm still having issues with the forum and the server, and seriously considering a move to a different service provider, possibly a Mac OS Server...

Lynn
15th-March-2012, 06:37 PM
I'm having problems with it hanging a lot... I can post, but then it seems to become unresponsive.

Double Trouble
15th-March-2012, 10:16 PM
Same as Lynn for me. Forums on the blink big time.

Franck
16th-March-2012, 01:26 AM
Thanks all for the reports and feedback, I'm still diagnosing issues and sadly it's taking time, having to re-install the forum seems to have broken many small things which are hard to trace.

I appreciate your patience in the meantime.