Please Scroll Down to See Forums Below
D
DepressiveJuice
Guest
they said they would be up within a day. its been more than a day
tuc biscuit
New member
They realised I wasn't a member and never would be so they thought that there was no point carrying on.
tuc biscuit
New member
Bodhisattva said:
Darn tootin
gorilla_boy
New member
Mr. dB, please cut and paste the post. I don't wish to sign up for yet another board...
AAP said:
From SuperiorMuscle:
8-28-03
"Im sorry to all who usually spend time at Steroidology and couldnt because it was down today.
I do confess, this mess could have been avoided had I been backing up the database everyday. Although it wasnt something that I even knew about (those who know me know that I am far from a computer buff), I should have asked more questions in the beginning about stuff like that. I shouldnt put the onus on my webmaster to handle everything and for that I am sorry. I guess the only good thing is that this is a good lesson that I have learned and when the site is up on the new server, we will have the site backed up everyday by our host. Although it costs more money to do this, its well worth it. So now if something similar happens, like another attack, it wont matter because we will have a backed up database and we can just import it. The problem was that we got hacked, our last backed up database was from Aug 6th so I just said fuck it and instead of having them try and re-build the database which would have taken some time, I just told them to move us to the new server where we will import the database that we have saved.
I do want to thank The Bouncer and his staff for allowing this thread, which is a little O/T, to remain in this forum so that other members can be notified of what is going on. As soon as Floris wakes up (He is in the Netherlands so the time zones are very different), he will begin to move everything to the new server and we should be up and running shortly after that. I will send out another mass email, although I really hate spamming people like that, letting them know that Steroidology is back and ready to go. It would have been up today but our host had to order in the new server and the shipment ended up getting delayed a day for some reason.
Again, sorry about this and we are working hard to make sure this never happens again."
And from SculptedByIron:
8-31-03
"Sorry all. Been really hectic last couple days. Had to make up the time at work this weekend because I spent too much time on the computer from wednesday to friday. Anyways, I had to hire someone else to do the switch over to the new server since Floris could not do some things that were required with the new server. Unfortunately, I cant expect everyone to work weekends and the person we hired already had plans for this Labour day weekend. He tried to finish everything by Friday but just couldnt, there was way too much corruption of the database caused by the hack and he couldnt fix it all in time. We will be up shortly but unfortunately we have to wait. Of course now we are having to install serious, I mean serious security to the site and that takes some time too. We cannot let this happen again, ever. I know it sucks but we will not let this bring us down. Just have faith."
D
DepressiveJuice
Guest
manny78 said:
thats what im thinking. i dont know jack about computers but how long does it take to switch to a new server? something happend and he doesnt want us to know
Biggie -- ST
New member
There were just too many problems dropping the backups from all the sites that I own into the new databases on the new server (thats what I was told anyways, Im very inept when it comes to servers and all that other stuff). That and the person I had working on everything was gone all weekend.
Try not to listen to the drama queens and gossip mongers. They have nothing better to do.
Try not to listen to the drama queens and gossip mongers. They have nothing better to do.
gorilla_boy
New member
manny78 said:
Give me a fucking break...
This never happens at Elite
D
DepressiveJuice
Guest
gorilla_boy said:
Give me a fucking break...
This never happens at Elite
didnt that happen after he/she/they became mod(s)?
The Ranger
New member
Biggie is doing the best he can folks...It'll be back up and running soon enough...Give him time, and be patient.
Ranger
Ranger
gorilla_boy
New member
DepressiveJuice said:
I'm not sure. What I'm sure of is that Biggie is trying his damnedest to run that board on the up-and-up.
Cut the fucking guy some slack.
Biggie -- ST
New member
Forgive me but what Mod are we talking about? My brain is a little fried at the moment, its been a rough week with very little sleep.
E
EF Sam
Guest
I think we can stop with any rumors or board bashing at this point. I have posted on a thread in the Anabolic board about this site getting back up and running. We have respect for all other boards out there and will do what we can to let the members know that the site is back up. I do apologize for not stepping in here earlier, I did not see the thread until just now.
The one thing we do not want to do is get into rumors and gossip. That same action caused one of our mods here to be very damaged at their board and we do not want it to happen to anyone else.
So I want any talk about other boards that is negative to stop right here and now. Good work getting your site back up sir and we will allow the post to stay on our anabolic board to let your members know.
The one thing we do not want to do is get into rumors and gossip. That same action caused one of our mods here to be very damaged at their board and we do not want it to happen to anyone else.
So I want any talk about other boards that is negative to stop right here and now. Good work getting your site back up sir and we will allow the post to stay on our anabolic board to let your members know.
Biggie -- ST
New member
Its ok, Im a big boy, I can handle it.
For those who think that there is some type of sinistar connection between the site being down and its owners legal issues, they are right, I cant hide it anymore. Tx and I have officially been charged under section 6, sub section 2230 of the Internet Act for operating the fastest growing bodybuilding site in cyberspace.
We have been asked by our attorneys to not go into it any further at this time.
Guilty as charged.
For those who think that there is some type of sinistar connection between the site being down and its owners legal issues, they are right, I cant hide it anymore. Tx and I have officially been charged under section 6, sub section 2230 of the Internet Act for operating the fastest growing bodybuilding site in cyberspace.
We have been asked by our attorneys to not go into it any further at this time.
Guilty as charged.
E
EF Sam
Guest
Biggie -- ST said:
While I am sure you can handle it, that is not what we are about. With all honesty I didn't expect that type of response from you. I have said this before and I will repeat it here, our community should be one with no barriers. We should all work together to share knowledge, and support each other. Rumors and things of the such can really hurt people and their family's. We do not want to see that happen to you as it has happened to others recently.
Again, we are very happy to allow the posts about your board being up, but we will not allow the bashing of your board or any others. I would hope that our members will listen to my request and not do this. Thanks everyone!
Biggie -- ST
New member
EF Sam said:
With all due respect, it was one of your Mods that on this very thread decided to start the rumor mill so while you can tell me how you believe that our community should do this and that, remember, it all starts at home. Although no specific rumor was started, the crypticness of his posts led someone to believe that there was more to the 'story' then I was telling. Also posting that I was a liar. How are the members to listen to what you say when someone from your staff will not even listen to you?
Im sorry that you expected a different response from me but me posting that I can handle it doesnt really strike me as a kind of post that is negative in nature. I didnt think that bringing a little humor to the board was a bad thing and that it somehow showed that I am against the community having no barriers.
But anyways, I appreciate you letting posts about my board stay up.
E
EF Sam
Guest
Biggie -- ST said:
Understood. The thing that caught me about your response was that it was a promotion of your site, rather than a response to my posts. As I said above, I apologize that I did not catch this thread earlier.
Again, congratulations on your board returning. We had a hack attempt over the last week and we realize how hard it can be. Thankfully we had enough security in place that the hackers didn't get anywhere other than an attempt. Take care!
The thing that caught me about your response was that it was a promotion of your site, rather than a response to my posts.
Biggie -- ST
New member
EF Sam said:
Understood. The thing that caught me about your response was that it was a promotion of your site, rather than a response to my posts. As I said above, I apologize that I did not catch this thread earlier.
Again, congratulations on your board returning. We had a hack attempt over the last week and we realize how hard it can be. Thankfully we had enough security in place that the hackers didn't get anywhere other than an attempt. Take care!
The thing that caught me about your response was that it was a promotion of your site, rather than a response to my posts.
Well, sometimes hackers get in and sometimes they dont. If one is to think that they are have enough security that a hacker will never, ever get in, then they are mostly fooling themselves. No one really knows the ability of some hackers.
And about the promotion of my site, remember, it was meant to humor, not to promote. We as admins have mass emailing features to use for promotion. If you took it the wrong way, then you did. Some people see one thing and some people see the other.
Take care
E
EF Sam
Guest
Biggie -- ST said:
Very true on the hackers. We spend $4k a month on our host and hope that our security is up to speed, however anything can happen at anytime. We backup our database a few times a day and do everything possible for the security of our site and its members. That being said, we could be taken down at anytime and we realize that for sure.
If I read you wrong, I sincerely apologize. Thanks and take care.
NoDaddyNo
New member
EF Sam said:
$4K? At what rate? A month? A year?
Is EF still running RedHat Linux? One step would be to run FreeBSD - Linux is fun and all, but the occassional slip up occurs.
FreeBSD hasn't had any issues in ages.
EF has been good and closed off the bulk of the ports, which is smart - at least last I recall checking.
Last I looked (over a year ago if not more), EF (or rather VBulletin) allowed infinite login attempts, ignoring of course bandwith limitations.
The way the passwords work, they are hashed - I think via MD5 if memory serves. So I enter my pass on the client side, it gets passed in (clear text by the way). Then the server takes that and runs it through the hash and compares it to the stored hash - so the system (including admins and the like) never "know" what the password is - just the hash.
Now there is a seemingly huge dataspace available to the hash, but there is also a known issue (unless this has been resolved in the last year or so that I missed out on) where there are a relatively large number of collisions in that dataset.
So that means that it is technically feasible that I have a password of "munchyTits" and then I log in and type a password of "Ilovehotmansex" and it happens to share the same hash and I get in anyway - even with the wrong password.
The liklihood of this happening is obscenely rare though, so it doesn't matter too much for us as EF peeps.
But if someone then set up a program to brute force ever combination of hashes, there are two options. The long way - just create all the combinations of that long string with that character set - or the now shown shorter way - you run through combinations of words and characters into the hash.
That would most certainly get them in, and in less time due to the collisions that occur, so they might not get the right password, but it doesn't matter since they just need the hash.
Stopping that is easy by limiting the attempts at how many times you can get in - again it probably does this now (I hope it does) - but it certainly didn't in the past.
If the passwords fails N times, where N is very small - like 5 - then lock the account and an admin has to unlock it.
That way, it is incredibly unlikely for a brute force attack to function within the space of 5 attempts, but it should be plenty for someone that knows the password to make an error and then say "ahh fuck, I meant to have a 69 at the end of that" and then get in correctly.
I personally think sniffing is overrated. If I can control things on my end, I'm not worried about the colocated side of EF stuff - then again, I also have nothing of value being sent back and forth.
If I did, then I would be worried that my cookie has my password hash right in it.
There was a hole for a bit in IE and in VBulletin that could be combined to get passwords. You could put Javascript code into the IMG tag of VBulletin, that could then redirect a user to another page - on that page you could then strip out the elite cookie and get their username and password.
Then there is the page that is built into VBulletin to restore the admin passwords. Fortunately, EF seems to be smart enough to have htaccess enabled and also not keeping that file around where it is always accessible - either it is deleted as it should be, or renamed something else ideally not easily guessable.
But the fact of the matter is that no matter how hard you really try to lock down a site, you have the same old issues at hand that have always been at hand.
1) dumb users - in this case mods and possibly admins
2) human nature
Between those two, you can get easily guessed passwords (you can work around this by automatically generating them and not allowing the user to pick them), and then there is the fact that everyone will let their guard down to someone - and that someone can walk away with the world if they know what they are doing.
Blah blah blah.
Maybe Code will come in here and make this fun.
jnuts
New member
bdog527 said:
That is why people have to pay a lot of $$ for others to handle/stay on top of security. It's a continually changing target and if ya don't stay on top of it, ya get f*cked.
Kinda like all the dipshits in this world that can't keep an email virus from invading their machine.... or patching their machine so a script kiddie can easily exploit it.
jnuts said:
Yeah computers/internet and how they work doesn't really excite me too much. I wish it did though, seems like all my computer dork friends are doing pretty well despite the economy.
No worries, I'll be getting into the pharmacuetical industry after I graduate. People need their drugs.
D
DepressiveJuice
Guest
IrishMobBoss said:
lol theyre still down though. either something happend or they hired my companies IT guys to handle their new server(s)
D
David Schwimmer
Guest
NoDaddyNo said:
ENGLISH MUTHAFUCKA DO YOU SPEAK IT!?!
Biggie -- ST
New member
rjl296 said:
We are just fine tuning everything, thats all.
I would say that I was a little too excited and sent out the email to everyone a little premature. We'll be up shortly. And in 'IT' time, that could be in 30 mnutes to a couple hours.
thefantom1
New member
Biggie...good work... I know you put a lot of effort into this over the Labor day weekend...and Im sure things will be even better than before...
Scarlett33
New member
So glad it will be fixed soon. When things get slow here, I'm there.
NewBodySoon
New member
What is this site?
gorilla_boy
New member
On my way...
gorilla_boy
New member
I can't get on. Maybe I'm banned.
gorilla_girl
New member
gorilla_boy said:
You cant be banned from 'ology my sweet.. Ill protect you.
rubberducky
New member
Mr. dB said:
I was posting as recent as 9:00 this morning. Down again for me too.
