I’m guessing this is the right place to post this. If not, sorry; please move to GQ or wherever.
The most recent PC Mag security newsletter included a link to a story about the hacking of the White Wolf site. They say it’s probably due to flaws in the PHPBB software they used. There’s also a thread about it on the RPG Forum (that link is in the story linked above)
Now if I understand correctly, that’s not at all the same as vBulletin, although it is reasonably clear that different software packages that do the same basic thing normally have rather similar structures, even if the implementations differ. Further, I don’t imagine that there’s any money to be extorted by cracking this site. However, I’m curious about this stuff. I guess I’m more curious because another site I was active in for a bit also uses vBulletin, and they were trashed by a cracker just over a year ago.
First, we’re safe here, right? Second, how does security work on this kinda stuff?
vBulletin is pretty secure, but the SDMB is usually a few versions behind with upgrades. The SDMB uses version 3.0.7; the most recent version is 3.5.2. Jelsoft is very diligent about upgrading when even a very minor security issue arises - which really isn’t that often. Change happens on the SDMD at what sometimes seems like a glacial pace, so I wouldn’t expect an upgrade for several months. There are some security risks with 3.0.7, but it’s not as bad as what you would see with the most recent version of phpBB.
My question: how often does the administration here make backups of the SDMB MySQL database? The lack of good backups was partly responsible for the Winter of Our Missed Content in 2001. I’m guesstimating the size of the SDMB database is about 2.2 gigs. There’s a lot to back up, but still, I hope precautions have been mae to prevent another outage where tens of thousands of posts are lost.
I based my guesstimate on the size of the database for my vBulletin message board, and the number of posts it has, with the posts being about the same length as those on the SDMB. I goofed because I usually download a compressed version of the database. With about 250,000 posts, it’s 83 megs compressed, and 290 megs uncompressed. I didn’t account for the larger userbase on the SDMB, either. I recalculated my guesstimate for the SDMB, and got 7.9 gigs. Not that far off, but still a challenge for even the mightiest of hamsters.
Anyways, how do you back up such a large database? How often are backups made? At one time, the board was shut down for an hour or so in the early AM; I think it was for backups and maintenance. Now it seems like the SDMB is up 24/7 – excluding times when the hamsters are slacking off – and I’ve only seen it shut down for upgrades.
My understanding is that it’s backed up automatically in some sort of fashion and that is why we have no need of downtime these days, it’s happening as a regular part of doing business.
My apologies: I have “disappeared” a post that contained useful information.
It was posted by a returning guest, who was trying to violate our rules (and common courtesy) by continuing to return as a guest rather than fork over the $14.95. Consequently, that jerk was banned and all his posts were disappeared. In this case, that might cause some annoyance, since he had offered some reasonable comments. Please don’t be annoyed at me, be annoyed at him.
The main way we can regulate such jerks is by letting them know that their efforts are all wasted. However or whatever they post, it will vanish. With any luck, that will encourage them to either pay up, or to go away and not dark on our door again.
You are mistaken, CK Dexter Haven. I have never posted to this site before I registered with this username. If you think I’m someone else, you have my email address, and I’m sure that we can resolve the issue. If you disappeared my posts because you (or someone in management, anyway) doesn’t like them, then that would be a different matter.
And just as an aside, though it does involve the message board software, the list of moderator email addresses, so helpfully provided to me by tubadiva, does not function for Guests, or for the Banned.
My deep and sincere apologies, This Sentence. We have been pestered for some time by a repeat sock, who has appeared under many many names. There were a number of circumstances that led us to believe you were his latest incarnation, and we decided to nip him in the bud. This jerk has caused us lots of work in the past, and we are rather quick to act when we detect what might be his spoor. Your emails and Soul Frost attesting for you have led us to believe that we were wrong. We (as moderator group) and I (personally) do apologize for the case of mistaken identity.
All your posts have been restored, I think, or are in process. It’s faster to disappear a post than to restore it.
A couple of points in general:
We are only human, and when overwhelming circumstantial evidence points in the direction of sock-puppetry, we tend to move on it.
When we do have sock-puppets, trolls, and other lower forms of life appearing, we cause all their posts to “disappear.” The reason for this is to thwart them, so they’ll go away. They come to the board to disrupt and and get attention. We hope that they’ll tire of the game, when they see that their posts are soon vanished and they get little/no attention. This has been our policy for a long time, even though it’s sometimes inconvenient to others. Sometimes, even trolls post something worthwhile, but we don’t want to sort it out. If they’re not here legitimately, all their posts go.
Nothing is irreversible. Well, almost nothing. In a case like this, where we have erred, all posts can be brought back from the abyss.
So, again, our apologies. We hope that you now understand the situation, and will forgive and forget and we’ll move along. I think you have worthwhile contributions to make (I did say that, even when I thought you were the Beast) and would be glad to see you remain.
Thank you, C K Dexter Haven, Tuba Diva, SkipMagic, and everyone else who moved to resolve this. It has been pointed out to me that I brought much of the doubt upon myself, so I understand your positions, and, as far as I’m concerned, it’s water under the bridge.