2012-02-21: Site going offline temporarily later today

[Darkdrium777]

Don't worry, I'm just giving feedback. I'm not expecting anything instantaneous. I understand this is a one man show.
But here's some idea for what you could do:



I removed the "What's New" and "Forum" bar and moved the search there because "What's New" is the same as "New Posts" and "Forum" is the same as the little house icon right below and the banner link. Essentially I find that thing is useless lol
I don't know if what I propose is at all possible though. I mean, changing the background color to black sure is, but reorganizing the search bar location...

[stin]

Wow!, this is totally different but I will get used to it. Eventually hopefully everything will be updated by Foxy due to his hardwork.

However, hopefully that will stave off potienally hackers from our website.

stevie

[Dark_Phantom_89]

Good to see the site back up and running. Great job to all involved.

I'm still familiarising myself with a lot of the new stuff. I'm very competent with VB Software, but I haven't used Version 4.1.10 before so I'm trying to figure out where everything is. I'm sure I'll get there in time!

[vincoof]

I'm unsure if I prefer the new or the old forum layout since I almost didn't use the WoZ forums for years.

However, if the hack came from the site hosting, how security is improved by updating the forums ? I mean, if the hacker used the site host to create a forum admin account with the old forums, if he hacks the site host again what prevents him to creating an admin account for the new forums ?

Anyway, kudos for your hard work on this Rob (as well as to anyone helping) and keep up the good work.

[infoxicated]

Ten years ago you were easier to please!

The initial hack came from the Dreamhost breach and, as far as I've been able to ascertain, the follow-up hacks came through shell scripts planted during the first hack. I say "hack", but, call me old school, I don't consider planting shell scripts when you have full FTP access particularly "hacky". It's more like they had the keys to the front door temporarily and whilst they were in there they unlocked the back door for future access. Hardly breaking and entering in the true "hacking a Gibson" sense!

The latest one came, I believe, through a Wordpress installation that I'd failed to update. I always keep my own WP installation up to date, but there's another site I run that hadn't got updated, so my fault really. The knowledge of what was on the same server as WipEoutZone meant that they could get in that way and then go after the site that would cause the most trouble. No sense in ruining a site run for a local voluntary group when you can wreak havoc for a busy online community, eh?

I wouldn't have minded a bit of a dialogue with the Tim Pernix guy, actually. Not that I believe his motives were particularly altruistic considering all the damage done from him screwing around with the vBulletin database. If it was just defacing the site with the intention of proving just how l33t he was and embarrassing the admin, then whatever floats your boat, but dicking with the database just caused a lot of pain and screwed over the community right as a new game was launching.

Still, I wouldn't have minded chatting to the guy just to see how the wind was blowing. Assuming everything's locked down now, he and his gang will be off finding new people to cause trouble for and WipEoutZone will be as insignificant to them as it was for the previous 11 years of its existence.

In the grand scheme of things, one security breach in 11 years isn't exactly a bad record and the fact we appeared to be victimised for a while is not something I take personally. I'm tired from the late nights spent trying to fix it and I have a bitch of a data bill from having to access the site whilst on holiday, but nobody got hurt and we're all still here. It's just another chapter in the history books of the site.

Updating the forums was something I've been meaning to get around to for two and a half years. We had a version 4 license and had been using version 3 the whole time because I couldn't be bothered with the hassle of the upgrade. When it got to the point where I wanted a completely clean install of the forums there was no sense in having a new install of version 3 again, so there you have it. There are things to fix, but in general it went quite smoothly.

Security is improved by being on the latest version of the forum, as v3 wasn't being actively improved anyway. It's also more secure by having none of the code for the main site being on the server any longer - it's all been deleted except for assets. I'll put it back once I'm content that it's clean and doesn't allow any cheap entry points for them.

Somewhat bizarrely this has been quite an educational experience for me as a web developer, so there are a couple of positive take-aways from the whole thing.

[blackwiggle]

Some information about Pernix, the rare ultra plus armour of Runscape.
http://runescape.wikia.com/wiki/Pernix_armour

One of the Moderators of the Runescape forum is called TIM

Do the Zone & Runescape use the same facilities?

[infoxicated]

I don't know, but one of the email addresses he used when he set up a forum admin account was admin@clawscape.org

Same deal, or just a scapegoat?

[UB3R~JKP]

Like the new skin. Breathes new life everywhere.

[blackwiggle]

I don't know, but one of the email addresses he used when he set up a forum admin account was admin@clawscape.org

Same deal, or just a scapegoat?

Don't know.
I got in a PSN message conversation with another gamer after playing a couple of rounds of UC3 online.
They asked what other online games I play......got on to talking about WO and the zone....talked about the site hacking, then out of nowhere this gamer suggested the Runescape connection.
I don't know if this gamer plays Runescape and has knowledge of other activities that they get up to?
I'd never heard of the game up until then.

After checking out some video footage of it in action it looks like a very rudimentary game, something only a diehard PC geek would play.
http://www.youtube.com/watch?v=mv2gSuyqijI

[vincoof]

Ten years ago you were easier to please!

oh noes ! Rob, you can't ! I know you're the admin here etc, but you just can't dig out this stuff ! Aww man... please gimme somewhere to hide...

Thanks for the (pretty detailed) clarification. The message shown by the hacker looked like he was a good samaritan which helped the Internet community by pointing out website flaws, but if he screwed up everything from the inside I guess he's just another jerk and by no means the hero he pretends to be. (Not that I believed he was a hero, but the message seemed fair in some way)

Whatsoever, cleaning up the (potentially unsafe) code and upgrading to the latest board version is always a good thing, and once again I'm glad you handled it so quickly. At least, this is something that didn't change in the last decade !

KUTGW

[infoxicated]

Thanks Vinny... you haven't said if it works okay in Netscape 6 this time, though - to be honest I haven't checked the site in anything except Chrome!

[vincoof]

haha you sound like a girlfriend. you never forget stupid things other people have done, do you ?

I'm pretty sure you can "browse" the site logs and already know I'm not using N6 anymore. You're so mean to remind many the good old things that existed over the Internet !

I'm currently working on a web plugin which will be deployed broadly and we test many, many browser/OS compatibility, so I guess I could test WoZ on a wide variety of browser/OS but... believe me or not, Netscape 6 is not on the list And worse... Netscape 4 isn't either ! One told me that the end of the world was near, and it's probably one more proof of it x_x

[Amaroq Dricaldari]

Will someone please tell me what the 'ranks' on this forum are, and how many posts you need for each rank?

[stin]

0-9 New Pilot
10-49 Vector Pilot
50-149 Venom Pilot
150-299 Rapier Pilot
300-599 Phantom Pilot
600-1499 Extreme Pilot
1500-2999 Zone Pilot
3000-4999 Veteran Pilot
5000-9999(?) Legendary Pilot
10000+ Purist

stevie