geekhack hacked again!?

[Charlie_Brown_MX]

i'm not sure of your history webwit, but on the off chance that it is productive to defend imav from your barbs, i would say that the issue is that imav is a nice but extremely busy guy who started a fun hobbyist website that got much larger much faster than anyone could have imagined. and yes, we have assembled a team now that is happy to support him in designing that fun hobbyist website for scale this time. if the gentle reader would like to join it, please feel free to pm me your credentials.

His tone may have been a little blunt, but the criticism was fair: not backing up offsite is just stupidity. I’m not a web developer or a site admin, but I certainly wouldn’t make the mistakes that were made with GH. The fact that the site got bigger faster than he expected doesn’t change that it was set up poorly from the start — and has had multiple instances of this sort of thing lately. It’s actually been enough to get the site blacklisted by my work’s proxy, because it had been spewing malware on several occasions.

[ripster]

Does anyone know how to get in contact with Demik from GH? I want to make sure he received the board that I sent to him.

He posts as Waar at OCN. PM him there.

http://www.overclock.net/u/114471/waar

[mkawa]

Does anyone know how to get in contact with Demik from GH? I want to make sure he received the board that I sent to him.

i've forwarded the message on to him

[mkawa]

i'm not sure of your history webwit, but on the off chance that it is productive to defend imav from your barbs, i would say that the issue is that imav is a nice but extremely busy guy who started a fun hobbyist website that got much larger much faster than anyone could have imagined. and yes, we have assembled a team now that is happy to support him in designing that fun hobbyist website for scale this time. if the gentle reader would like to join it, please feel free to pm me your credentials.

His tone may have been a little blunt, but the criticism was fair: not backing up offsite is just stupidity. I’m not a web developer or a site admin, but I certainly wouldn’t make the mistakes that were made with GH. The fact that the site got bigger faster than he expected doesn’t change that it was set up poorly from the start — and has had multiple instances of this sort of thing lately. It’s actually been enough to get the site blacklisted by my work’s proxy, because it had been spewing malware on several occasions.

yes, in a technical sense it is an absolutely fair and valid criticism. that said, imav works hard, has a full-time job and administered geekhack alone for a long time. both of these points are valid and fair assessments of the situation. i'll leave it at that.

from here, i think we should look to the future, and it looks quite bright!

http://www.youtube.com/watch?v=mznsEcZlM2I

[mkawa]

Does anyone know how to get in contact with Demik from GH? I want to make sure he received the board that I sent to him.

i've forwarded the message on to him

[10:21:39 AM] demik: i have no idea what he is talking about lol
[10:22:50 AM] demik: OH
[10:22:51 AM] demik: I DO
[10:22:55 AM] demik: yes i did
[10:23:01 AM] demik: the hhkb jp

lol

[ripster]

from here, i think we should look to the future, and it looks quite bright!

http://www.youtube.com/watch?v=mznsEcZlM2I

Well, if history is any indicator.....You might have rose colored glasses.



Shouldn't you be busy HTMLing or whatever you call it?

[MagicMeatball]

The 'ADD FOE' function makes this forum much more enjoyable.

[ripster]

FOE SHO!

[TexasFlood]

O ye of little faith (wonder if I'll have to eat that?)

NomNomNomNom, eating scripture quote, but this too shall pass...

[bhtooefr]

Wow.

You can keep saying that vB4 security holes are why Geekhack keeps getting owned, but... what about VWvortex?

The 22nd largest forum in the world according to Big Boards, and it runs vB4. You'd think it'd get owned left and right, especially with how arbitrary their moderation can get. (Big Boards hasn't updated to say that it's running vB, after they had to panic migrate to vB when their host pulled the plug on their zeroforum install.)

[ripster]

Damn, VWvortex is HUGE

VWVortex.com Statistics

Threads
5,567,023
Posts
73,401,653
Members
680,427
Active Members
46,807

I was just reading about the VAG rounded font last night.

[boost]

Wow.

You can keep saying that vB4 security holes are why Geekhack keeps getting owned, but... what about VWvortex?

The 22nd largest forum in the world according to Big Boards, and it runs vB4. You'd think it'd get owned left and right, especially with how arbitrary their moderation can get. (Big Boards hasn't updated to say that it's running vB, after they had to panic migrate to vB when their host pulled the plug on their zeroforum install.)

I'm on vwvortex

[rknize]

I think it's safe to say that anyone running a large, complex PHP-based web application is unlikely to survive a targeted attack by a skilled team that really wants to take it down. While previous cases were probably more script-kiddie-like, this was definitely not.

We saw it happen right in front of us. The focus was squarely on the vB4 DB. It's also likely that these other sites are doing their own hacking on the source.

[ripster]

Damn, I was able to delete KL AND Harrison and I don't know a lick of HTML.

My only regret is Harrison wasn't backed up properly.

Actually my only regret is KL WAS backed up properly.

[webwit]

I think it's safe to say that anyone running a large, complex PHP-based web application is unlikely to survive a targeted attack by a skilled team that really wants to take it down.

Flikr, facebook, wikipedia, VWvortex all use complex PHP and get more attacks.

[net2522]

^+1

[TexasFlood]

HTML doesn't kill users, PEOPLE kill users...

[rknize]

Alright, I guess I didn't word that very well. PHP can be done right. It's just so easy to do it wrong.

As far as FB and Flickr, their source isn't out there for all to see. That wasn't what I was getting at.

[mkawa]

Wow.

You can keep saying that vB4 security holes are why Geekhack keeps getting owned, but... what about VWvortex?

The 22nd largest forum in the world according to Big Boards, and it runs vB4. You'd think it'd get owned left and right, especially with how arbitrary their moderation can get. (Big Boards hasn't updated to say that it's running vB, after they had to panic migrate to vB when their host pulled the plug on their zeroforum install.)

the lead admin of the 30th-ish biggest forum in on the net (ct. big-boards) is a buddy of mine and he said quite forcefully that every single large forum "running vB" is running their own fork of vB with significant changes due to the uselessness of the official vB team.

regardless, this is a rathole. there is too much work to be done to spend much more time responding to people who have no interest in furthering geekhack. thanks for your criticisms folks, but unless you plan on putting forth an effort to be constructive, i have little interest in addressing them further.

[ripster]

Best of luck.

And once again SAVE THE RIPSTER FORUM PLEASE!

Lots of good info in there..........Plus 100's of wiki links will be broken if you nuke it.

[Soarer]

mkawa - do you know yet how the import to the new software will handle the missing attachments, or if it could be customized? Just thinking that if we could search for our posts with some tag, e.g. <missing attachment: filename>, it would help with repopulating.

[mkawa]

good question. rknize has been playing with it, so i don't know whether it will do it ootb, but regardless i suspect i can hack up the scripts (or a script) to do this. thanks for the suggestion! will definitely keep this in mind.

also, search should start working, so that will be nice

[ripster]

Search has always worked at DT.

Just saying.......................

[Soarer]

Even when VB search worked, it sucked harder than a black hole

TBH, I'm hoping for more than 'working'

[rknize]

vB search is awful at most forums I've been to. Some are better, but they are hacked AFAIK.

[ripster]

Typical Forum Moderator. Blame the SW, not how you use it.

BTW iMav USED to blame the HW. Like when Harrison was not backed up.

[mkawa]

yes, we may try to bring sphinx in if it seems pretty hassle-free.

[boost]

Even when VB search worked, it sucked harder than a black hole

TBH, I'm hoping for more than 'working'

Or like a dyson

[ripster]

Why is the site still up?

Seems irresponsible.

http://Www.geekhack.org

R00TW0RM

Expiration Date: 2012-08-18 00:47:23

Bad advertising if nothing else....

The Geekhack brand is turning into PhllipMorris.

Time to become Altria.com.

Or get one of the NEW suffixes.

Geek.Hack

[GH1391401]

PHP is fine. The comment above about doing security poorly is valid. You can have vulnerabilities at any level (physical, technical, process, human, etc). To believe that you are secure because you use X software package of Y version is just asking to be sploited. I would not compare someone's side project enthusiast web forum focused on human interface devices to other organizations that have robust infrastructure, ongoing development, and active security measures (human and automated) to name a few. To reference the quantity of moderators is also immaterial as they most likely only had administrative access at the application layer.

If anyone from GH want's help I can try and help out. Admittedly I am kind of a newb at server stuff but I am not a newb programmer and I have had some success on the 'open web'.