Page 1 of 2 12 LastLast
Results 1 to 20 of 38

Thread: Apologies for last few days of broken-ness

  1. #1
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Apologies for last few days of broken-ness

    Hi everyone,

    I wanted to apologise for the awful forum performance over the last few days.

    A combination of a Trojan hack on the server and issues with the backup / re-install has meant that the forum was slow, unpredictable and plain frustrating.

    I think most of the issues have now been resolved, but do let me know if you notice anything weird still.

    In the meantime, I hope we can continue some of the interesting discussions started recently, and add new ones to keep us informed, entertained and a strong community of dancers.

    Franck.
    Franck.

    There's an A.P.P. for that!

  2. #2
    Registered User
    Join Date
    Mar 2004
    Location
    Norfolk
    Posts
    1,324
    Rep Power
    11

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by Franck View Post

    A combination of a Trojan hack on the server and issues with the backup / re-install has meant that the forum was slow, unpredictable and plain frustrating.

    .
    It still is for me.

  3. #3
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by djtrev View Post
    It still is for me.
    Is the forum slow for you, or just unpredictable and broken?
    I'm happy to continue troubleshooting, so let me know symptoms you encounter.
    Franck.

    There's an A.P.P. for that!

  4. #4
    Registered User
    Join Date
    Mar 2004
    Location
    Norfolk
    Posts
    1,324
    Rep Power
    11
    I am finding it both slow and predictable to log on and also access unread posts

  5. #5
    Commercial Operator
    Join Date
    May 2003
    Location
    Northeastern Parts
    Posts
    5,221
    Rep Power
    14

    Re: Apologies for last few days of broken-ness

    I was trying to say that it all seems fine to me... but posting this comment has not been trouble-free.

  6. #6
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by straycat View Post
    I was trying to say that it all seems fine to me... but posting this comment has not been trouble-free.
    Thanks, I noticed that myself when replying earlier.

    Back to the drawing board
    Franck.

    There's an A.P.P. for that!

  7. #7
    Commercial Operator
    Join Date
    May 2003
    Location
    Northeastern Parts
    Posts
    5,221
    Rep Power
    14

    Re: Apologies for last few days of broken-ness

    To expand on the previous post - it seems fairly fast most of the time, with occasional serious slow-downs (they could be from my end though)

    When posting the last post, however, I clicked on 'Post Quick Reply', and got an unexpected dialog asking me if I wanted to leave the page, warning of unsaved data. I opted to stay put, then tried again with the same result. Opted to leave the page, and it appeared to do the post, but the post came up blank. I had to edit the post to put something into it. About to find out if this one has the same problem.

    [EDIT] Yep - very similar problem (it also tried to post the thing twice) - and it's taken it over five minutes to get to the point I can edit the post.
    Last edited by straycat; 14th-February-2012 at 05:51 PM.

  8. #8
    Commercial Operator
    Join Date
    May 2003
    Location
    Northeastern Parts
    Posts
    5,221
    Rep Power
    14

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by Franck View Post
    Thanks, I noticed that myself when replying earlier.

    Back to the drawing board
    Sorry

    [EDIT] On the plus side, the speed seems to have improved...
    Last edited by straycat; 14th-February-2012 at 05:54 PM.

  9. #9
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by straycat View Post
    Sorry

    [EDIT] On the plus side, the speed seems to have improved...
    No worries I quite like tinkering anyway!
    Franck.

    There's an A.P.P. for that!

  10. #10
    Registered User
    Join Date
    Mar 2004
    Location
    Norfolk
    Posts
    1,324
    Rep Power
    11

    Re: Apologies for last few days of broken-ness

    +1 to what Straycat said

  11. #11
    Registered User
    Join Date
    Jul 2008
    Posts
    336
    Rep Power
    8

    Re: Apologies for last few days of broken-ness

    Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?

  12. #12
    Commercial Operator
    Join Date
    May 2003
    Location
    Northeastern Parts
    Posts
    5,221
    Rep Power
    14

    Re: Apologies for last few days of broken-ness

    But you've surely not been using the same password on here as you do anywhere else?
    (hint - the answer should be 'no')

    Seriously though - I'd be astonished if the forum software didn't implement their password security properly, so you shouldn't have to worry. Although you might want to change that password on any systems that matter.
    Quote Originally Posted by DJ Mike View Post
    Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?

  13. #13
    Registered User
    Join Date
    Mar 2004
    Location
    Norfolk
    Posts
    1,324
    Rep Power
    11

    Re: Apologies for last few days of broken-ness

    AS you can see its definately not working for me

  14. #14
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by DJ Mike View Post
    Hold up - trojan? I've had to supply my login details in the past couple of days, so it would be appreciated if you could elaborate on what sort of trojan you've been dealing with?
    I don't believe any password was compromised. The server reported a potential trojan attack, and I dealt with it immediately, asking the server tech people to re-install the server software to be sure security wasn't compromised.

    As Straycat pointed out, vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security. If anything, I believe hackers were trying to get control of the server to use it as a spam engine or something similar.

    It is also good advice to use different passwords for different websites, especially trivial login details such as discussion fora.
    Franck.

    There's an A.P.P. for that!

  15. #15
    Registered User
    Join Date
    Mar 2010
    Location
    Nottingham
    Posts
    346
    Rep Power
    7

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by Franck View Post
    vbulletin is a very secure piece of software and all passwords are properly encrypted. So even if the server had been maliciously compromised, it would have no effect on your security.
    Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.

    In simple terms, change your password on any sites that have the same username/password combo as this one. As Franck and Straycat have suggested, re-using passwords is inherently insecure.

    I would be surprised though if anything were compromised - passwords tend to be leaked to people specifically targeting a site, and I don't think Ceroc's competitors are that desparate
    Last edited by cederic; 15th-February-2012 at 12:35 AM.

  16. #16
    Registered User
    Join Date
    Mar 2010
    Location
    Nottingham
    Posts
    346
    Rep Power
    7

    Re: Apologies for last few days of broken-ness

    (this post a victim of ongoing forum issues)

  17. #17
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by cederic View Post
    Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.

    In simple terms, change your password on any sites that have the same username/password combo as this one. As Franck and Straycat have suggested, re-using passwords is inherently insecure.

    I would be surprised though if anything were compromised - passwords tend to be leaked to people specifically targeting a site, and I don't think Ceroc's competitors are that desparate
    Well, yes, properly encrypted for the security level expected of a dance forum
    The server failure was more due to my attempts at protecting the server than from the hack itself. The IP address showed that somewhere in Jordan, someone was fishing for servers to hack, presumably to use for spam or for bragging rights.

    In any event the server passwords were immediately changed and the server software was re-installed.
    Franck.

    There's an A.P.P. for that!

  18. #18
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10

    Re: Apologies for last few days of broken-ness

    I think I have fixed the posting issue, so let me know if you're still experiencing glitches when replying to threads or browsing the forum...
    Franck.

    There's an A.P.P. for that!

  19. #19
    Omnipresent Administrator Franck's Avatar
    Join Date
    Jan 2002
    Location
    Glasgow
    Posts
    3,045
    Blog Entries
    2
    Rep Power
    10
    Trying to post from Forum Runner on my iPad now.
    Great way to keep up with the forum if you have an iPhone, iPad, android device, etc.
    Franck.

    There's an A.P.P. for that!

  20. #20
    Commercial Operator
    Join Date
    May 2003
    Location
    Northeastern Parts
    Posts
    5,221
    Rep Power
    14

    Re: Apologies for last few days of broken-ness

    Quote Originally Posted by cederic View Post
    Hmm. By properly encrypted you mean hashed using MD5, twice, after being salted with a three character string. So if someone has acquired the password file, a rainbow table is a viable attack. If they've acquired the config file containing the salt then a rainbow table is a very quick viable attack.
    See what you mean - I've just been doing a bit of searching, and I'm a little surprised that vBulletin doesn't have better password hashing. Although I presume the salt is randomly generated on a per-password basis (am I wrong about this? It would seem pointless to do it any other way)

    [EDIT] A little more searching suggests that it uses longer salts, and that they are properly generated (different for each password) although that's likely a config option.[/EDIT]

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. cerocscotland DNS broken?
    By jiveclone in forum Forum technical problems / Questions / Suggestions..
    Replies: 9
    Last Post: 12th-January-2010, 06:14 PM
  2. My e-mail has been broken the last few days.
    By johnthehappyguy in forum Chit Chat
    Replies: 2
    Last Post: 27th-November-2005, 10:55 PM
  3. Email to cerocscotland.com broken
    By Franck in forum Forum technical problems / Questions / Suggestions..
    Replies: 1
    Last Post: 9th-June-2004, 12:59 PM
  4. broken heart
    By tricky in forum Chit Chat
    Replies: 110
    Last Post: 1st-March-2004, 10:26 AM

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •