Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Welcome to BZPower!

Hi there, while we hope you enjoy browsing through the site, there's a lot more you can do if you register. The process is easy and you can use your Google, Facebook, or Twitter account to make it even faster. Some perks of joining include:
  • Create your own topics, participate in existing discussions, and vote in polls
  • Show off your creations, stories, art, music, and movies and play member and staff-run games
  • Enter contests to win free LEGO sets and other prizes, and vote to decide the winners
  • Participate in raffles, including exclusive raffles for new members, and win free LEGO sets
  • Send private messages to other members
  • Organize with other members to attend or send your MOCs to LEGO fan events all over the world
  • Much, much more!
Enjoy your visit!

Posted Image


Click to ToggleParticipate in our raffle!

Hi, Guest. Come take a look and participate in our raffle:

Chima 2014 Big Raffle
Chima 2014 New Member Raffle
Chima 2014 Little Raffle

Photo

BZPower Status


  • Please log in to reply
124 replies to this topic

#1 Offline Hapori Tohu

Hapori Tohu
  • None
  • Heart of BZPower

  • 931 posts
  •  

Posted Oct 30 2013 - 12:20 PM

It has taken us longer than we would have liked, but we're almost ready to bring the forums back online - you should be able to access them this evening. Unfortunately, due to a security vulnerability, a malicious individual gained access to and deleted BZPower's database. We have had to restore everything from our last backup, which is from August 23rd. That means everything, all topics, posts, blog entries, news stories, and members since that date are gone. If there's something in particular that you need, I suggest seeing if you can retrieve it from Google's cache. Also, if you bought a Premier Membership or joined BioniLUG during the past two months, please PM me so we can make sure it is reflected. The Administration apologizes for this inconvenience and will continue to work to avoid such things in the future.View the full article
  • 0

#2 Offline XONAR

XONAR
  • Premier Member
    BioniLUG Member
  • Premier Members
  • Swarm Scavenger

  • 696 posts
  •  

Posted Oct 30 2013 - 06:48 PM

Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. :P


  • 0

#3 Online Kopekemaster

Kopekemaster
  • Members
  • Exo-Armored Toa

  • 759 posts
  •  

Posted Oct 30 2013 - 06:58 PM

Even though it wasn't fun not being able to come on to BZPower, it was actually somewhat of a blessing in disguise because I learned how awesome the forums at BMP are. :)


Edited by Kopekemaster, Oct 30 2013 - 06:58 PM.

  • 0

ezgif-save.gif

My Writing Blog (Updated frequently)

My Bionicle/LEGO Blog (Now, updated frequently[ish] again)

BZPower Chronicles, my BZP comedy.

Species, my dystopian Bionicle story and its respective Review Topic.


#4 Online ~The 1st Shadow~

~The 1st Shadow~
  • Members
  • Descending into Protodermis

  • 1,079 posts
  •  

Posted Oct 30 2013 - 06:58 PM

Agreed with Trydeltix. More frequent back-ups would help a lot in these cases.

Fortunately, I don't think I lost that much. Re-updating my comics won't be a problem.

 

Posted Image


  • 0

t1scbanner.jpg

Credit to Shattered Mask Productions for the Avatar and signoff!


#5 Offline Your Evil Friend

Your Evil Friend
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Submerged!

  • 1,164 posts
  •   Outstanding BZPower Citizen

Posted Oct 30 2013 - 07:05 PM

Nice to be back . Didn't lose anything worth mentioning. Thanks to everyone who helped out.
  • 0

#6 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 07:08 PM

Well. Glad to see we have the forums back.

 

Hopefully our security will be fairly ironclad this time around.


  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#7 Offline XONAR

XONAR
  • Premier Member
    BioniLUG Member
  • Premier Members
  • Swarm Scavenger

  • 696 posts
  •  

Posted Oct 30 2013 - 07:09 PM

Even though it wasn't fun not being able to come on to BZPower, it was actually somewhat of a blessing in disguise because I learned how awesome the forums at BMP are. :)

 

Yay! :D The BMP forums are home to a small but pretty great community indeed. Glad to have you be a part of it. 


  • 0

#8 Offline Atton Rand

Atton Rand
  • Members
  • Lehvak-Kal Launched

  • 4,822 posts
  •  

Posted Oct 30 2013 - 07:18 PM

I must confess, I do feel a bit concerned about the security here. This is the second time I've been in an RPG that was partially destroyed by a malicious hacker; either something needs to be fixed, or someone out there really really hates this board.


  • 0

#9 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 07:21 PM

I must confess, I do feel a bit concerned about the security here. This is the second time I've been in an RPG that was partially destroyed by a malicious hacker; either something needs to be fixed, or someone out there really really hates this board.

 

Hacker troubles for BZP are nothing new. What we are seeing is the last breath of a dying remnant. In my view at least.


  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#10 Offline The BrickSmith

The BrickSmith
  • BioniLUG Member
  • Members
  • Inhabitant

  • 1 posts

Posted Oct 30 2013 - 07:23 PM

Yes I agree, BZP should have a better security system so hackers couldn't hack it and cache or back up all the information every week or month or so. I think this might help against things like this happening in the future. 


  • 0

#11 Offline Agnes Oblige

Agnes Oblige
  • Premier Member
  • Premier Members
  • The Storyteller

  • 4,329 posts
  •  

Posted Oct 30 2013 - 07:26 PM

Well. Glad to see we have the forums back.

 

Hopefully our security will be fairly ironclad this time around.

 

[color=#ff33ff;]Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly.[/color]

 

[color=#ff33ff;]BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. [/color]

 

[color=#ff33ff;]"Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense.[/color]


  • 0

Chapter 7

book_1_logo_super_small.jpg

 

With five more dead, Voltex prepares to hunt down the final traitor.


#12 Offline PeabodySam

PeabodySam
  • Premier Member
  • Premier Members
  • Mask of Light Unveiled

  • 5,043 posts
  •  

Posted Oct 30 2013 - 07:26 PM

I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous.  No, this has gotten beyond ridiculous.  BZP staff, I know you're trying your best, but your best clearly isn't good enough.  This is the third time that one individual has hacked this site, and that in itself is simply inexcusable.  There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. Even worse, this is the second time he's deleted a significant amount of content.  I know what you're thinking: "Compared to the ten years lost in the previous hack, two months ain't bad."  But, after the previous hack, I was drained of will and motivation to continue posting here, as though there was constantly a threat of, "Hey, if you post something, it's just going to be deleted the next time someone hacks the website."  Then, finally, I was feeling just a little bit of faith in the security of BZPower again in the past month.  I started posting in topics again, poking my head out of my shell a bit for the first time since the hack. And last Wednesday evening, just after I spent the good portion of an hour writing out a thoughtful in-depth post, you cannot believe my reaction to finding out that, once again, the site was hacked.  And by the same person as the previous two times.  And wouldn't you know?  Those posts signalling my re-emerging from my shell again?  Erased by the hacker.  That sliver of faith in security?  Erased as well. There should be no reason why a BZP member should be afraid to do anything on this site just because they're afraid that it might be deleted the next time this person says, "Oh, I feel like hacking BZP for fecal matter and giggles today!" This site has lost enough life as it is.  We already lost a ton of members from the end of BIONICLE and the 2011 forum update, we've lost the entire pre-2011 forums, and most other sites regard BZPower as little more than a mere shell of the grand site it once was.  If you don't want it to lose what little it has left, you have to do better. I'm sorry.  I know I'm being blunt with my honesty, but enough is enough. Do better.

Edited by PeabodySam, Oct 30 2013 - 07:35 PM.

  • 0

awebanner.png
Calcite Copter VS Cybernetic Rock Monster - The Coming of the Toa - Cursed Form - Dino Attack Headquarters - Five Years Too Many - Hate and Vengeance - Lost and Found and Lost Again - Majhost Gallery - Scene 24: Johnny Thunder Blows This Taco Stand - Vakama's Secret
"It's all right, children. Life is made up of meetings and partings. That is the way of it. I am sure that we shall never forget Tiny Tim, or this first parting that there was among us." - Bob Cratchit
qs25896.jpg
qs25896.jpg


#13 Offline Aurora the cat

Aurora the cat
  • Members
  • Soaring Champion

  • 488 posts

Posted Oct 30 2013 - 07:27 PM

The second time slip has happened.

 

 

OH GOD MY OLD POST COUNT!


  • 0

#14 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 07:31 PM

Off the top of my head...a donation drive?


Edited by Basilisk, Oct 30 2013 - 08:18 PM.

  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#15 Offline XONAR

XONAR
  • Premier Member
    BioniLUG Member
  • Premier Members
  • Swarm Scavenger

  • 696 posts
  •  

Posted Oct 30 2013 - 07:34 PM

 

I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you.
 
This is ridiculous.  No, this has gotten beyond ridiculous.  BZP staff, I know you're trying your best, but your best clearly isn't good enough.  This is the third time that one individual has hacked this site, and that in itself is simply inexcusable.  There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years.
 
Even worse, this is the second time he's deleted a significant amount of content.  I know what you're thinking: "Compared to the ten years lost in the previous hack, two months ain't bad."  But, after the previous hack, I was drained of will and motivation to continue posting here, as though there was constantly a threat of, "Hey, if you post something, it's just going to be deleted the next time someone hacks the website."  Then, finally, I was feeling just a little bit of faith in the security of BZPower again in the past month.  I started posting in topics again, poking my head out of my shell a bit for the first time since the hack.
 
And last Wednesday evening, just after I spent the good portion of an hour writing out a thoughtful in-depth post, you cannot believe my reaction to finding out that, once again, the site was hacked.  And by the same person as the previous two times.  And wouldn't you know?  Those posts signalling my re-emerging from my shell again?  Erased by the hacker.  That sliver of faith in security?  Erased as well. There should be no reason why a BZP member should be afraid to do anything on this site just because they're afraid that it might be deleted the next time this person says, "Oh, I feel like being hacking BZP for fecal matter and giggles today!"
 
This site has lost enough life as it is.  We already lost a ton of members from the end of BIONICLE and the 2011 forum update, we've lost the entire pre-2011 forums, and most other sites regard BZPower as little more than a mere shell of the grand site it once was.  If you don't want it to lose what little it has left, you have to do better.
 
I'm sorry.  I know I'm being blunt with my honesty, but enough is enough.
 
Do better.

 

 

I can't help but agree, and I have to say, I'm sure that most people feel this way as well. Fix the vulnerability in the newinc directory, and it will be a lot harder for people to hack in. Also, by God please update Apache, MySQL, and PHP! They are all so horribly outdated that it's not even funny. BZP's security will be much improved if you do these simple things!


Edited by XONAR, Oct 30 2013 - 08:26 PM.

  • 0

#16 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 07:35 PM

This is likely a pipe dream, but a donation drive for security improvements might yield results.


Edited by Basilisk, Oct 30 2013 - 08:18 PM.

  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#17 Offline Scanty Demon

Scanty Demon
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Lightning Voyager

  • 329 posts
  •   Outstanding BZPower Citizen

Posted Oct 30 2013 - 07:41 PM

Off the top of my head...a donation drive.

[color=#add8e6;]I agree, hopefully we can find someone to help the site who isn't too expensive but a donation drive would be a good idea.[/color]


Edited by Origami killer, Oct 30 2013 - 08:31 PM.

  • 0

psg6.jpg


#18 Offline Black Six

Black Six
  • BioniLUG Member
  • BZPower Administrators
  • Lego Ambassador

  • 11,902 posts
  •   BZP Staff

Posted Oct 30 2013 - 07:41 PM

Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. :P)

 

[color=#ff33ff;]Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly.[/color] [color=#ff33ff;]BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. [/color] [color=#ff33ff;]"Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense.[/color]

I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous.  No, this has gotten beyond ridiculous.  BZP staff, I know you're trying your best, but your best clearly isn't good enough.  This is the third time that one individual has hacked this site, and that in itself is simply inexcusable.  There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. I'm sorry.  I know I'm being blunt with my honesty, but enough is enough. Do better.

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

  • 0

#19 Offline XONAR

XONAR
  • Premier Member
    BioniLUG Member
  • Premier Members
  • Swarm Scavenger

  • 696 posts
  •  

Posted Oct 30 2013 - 07:43 PM

The person responsible apparently admitted to it in a Skype discussion. I'm not allowed to mention his name, but I'm sure you can guess who I'm talking about...


Edited by XONAR, Oct 30 2013 - 08:40 PM.

  • 0

#20 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 07:46 PM

True. The sad fact is, this is a fan site. We aren't exactly drowning in resources here, we're a small fish in a very very big ocean. Heck, we're a small fish that's more or less past it's prime on top of that. I come here to talk with old friends, some of the best I ever had. Whatever issues others may have had with this site are long gone and buried. To my knowledge, we're about the biggest remnant of the bionicle fandom on the net. Bionicle isn't even the focus any more. Why someone would wish to make trouble for people more or less hanging out together out of a sense of habit and goodwill, is quite beyond me.


Edited by Basilisk, Oct 30 2013 - 07:48 PM.

  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#21 Offline XONAR

XONAR
  • Premier Member
    BioniLUG Member
  • Premier Members
  • Swarm Scavenger

  • 696 posts
  •  

Posted Oct 30 2013 - 07:56 PM

 

Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. :P)

 

[color=#ff33ff;]Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly.[/color] [color=#ff33ff;]BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. [/color] [color=#ff33ff;]"Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense.[/color]

I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous.  No, this has gotten beyond ridiculous.  BZP staff, I know you're trying your best, but your best clearly isn't good enough.  This is the third time that one individual has hacked this site, and that in itself is simply inexcusable.  There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. I'm sorry.  I know I'm being blunt with my honesty, but enough is enough. Do better.

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

 

 

B6, I've PM'd you regarding the vulnerability. 


  • 0

#22 Offline Tahu Nuva 3.0

Tahu Nuva 3.0
  • Members
  • Pahrak-Kal Attacks!

  • 2,622 posts
  •  

Posted Oct 30 2013 - 07:59 PM

Just people with too much time on their hands messing with us. No matter what I will always be here on BZPower and will help contribute no matter if everything gets reset to 0


  • 0

Looking for a Bionicle Beanie. Black one with the symbol on it. The one I had since childhood was lost at sea (no joke). Please let me know if you have one. Will purchase/trade.


#23 Offline fishers64

fishers64
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Mask of Time Discovered

  • 4,272 posts
  •   Outstanding BZPower Citizen

Posted Oct 30 2013 - 08:00 PM

*surveys damage*

 

Well, I g-guess it's time for a new topic?

 

Yeah, it will be hard to patch up this one. All the stories and reviews I have backed up this time, but there's no way to patch up the data loss elsewhere, where I wasn't so diligent. I hope I will be able to comb through enough to redo the work on the Memoirs contest that was lost, to name the beginning of the restoration efforts. 

 

It's clear I can't trust this website anymore, which is sad. :( There's nothing else that can be said for it. Moving on. 


  • 0

#24 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,005 posts
  •   Outstanding BZPower Citizen

Posted Oct 30 2013 - 08:05 PM

Can I please be assured that measures have been taken to prevent this kind of thing in the future?

 

And you should also take offline backups more often. If it'd help, I could write a Python or shell-based script to back up server directories and databases that you could just run semi-frequently so you have backups available. It's rather quick to make one.

 

Also if I were you, I'd set [font="'courier new', courier, monospace;"]chmod 733 [/font][font="'courier new', courier, monospace;"]/home/bzpower/public_html[/font][font="'courier new', courier, monospace;"]/newinc[/font] or something, or at least put an index.html file in http://www.bzpower.com/newinc/ since that directory has some things in it that probably shouldn't be publicly visible.

 

Here's a backup script if you want:

#!/bin/sh #dirs to back up, change as necessarybackup_files="/home /etc /root /boot /opt /var" #backup destinationdest="/mnt/backup"day=$(date +%A)hostname=$(hostname -s)archive_file="$hostname-$day.tgz"echo "Backing up $backup_files to $dest/$archive_file"dateecho#make tar backupstar czf $dest/$archive_file $backup_filesechoecho "Backup finished"date# listing of files in $dest to check file sizesls -lh $dest

And here's a database backup script if you want to use/modify it: https://github.com/B...ntent-backup.sh


Edited by Meiko, Oct 30 2013 - 11:10 PM.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#25 Online Chro

Chro
  • Members
  • Stone Champion Nuva

  • 1,597 posts
  •  

Posted Oct 30 2013 - 08:14 PM

Thanks for getting the site back up.

Edited by Chro, Oct 31 2013 - 05:13 AM.

  • 0

CHRO IS LIKE A BEAUTIFUL PHOENIX
EXCEPT MORE PAINFUL

Brickshelf
 MOCpages
➠ flickr
YouTube


#26 Offline TNTOS

TNTOS
  • Premier Member
  • Premier Members
  • Ice Warrior Defeated

  • 2,934 posts
  •  

Posted Oct 30 2013 - 08:36 PM

I thankfully didn't lose much and am already reposting the things I did lose. So I'm going to be okay.

 

Wish the backup had been from a bit more recently, though. Would make reposting my stuff much easier.

 

-TNTOS-


  • 0

"If people only knew how hard I work to gain my mastery it wouldn't seem so wonderful at all." -Michelangelo

A Writerly Blog
The Tasty Library of Sugary Goodness
(BIONICLE: The Legend Reloaded (Repost))
(My Little BIONICLE: Friendship is Explosive Completed 01/05/14)
{The Shika Trilogy Omnibus Completed 03/31/14) (Review Topic)
(In the End Updated 04/14/14) (Review Topic)


#27 Offline Basilisk

Basilisk
  • Members
  • OTC RPG Judge

  • 1,160 posts
  •  

Posted Oct 30 2013 - 08:48 PM

I'll chime in to say I have complete faith in the BZP community. BZP came up a few hours ago and we're already at pre-hack activity levels. As a community, we bounce back fast.


Edited by Basilisk, Oct 30 2013 - 08:50 PM.

  • 0
"Shall this great kingdom, that has survived, whole and entire, the Danish depredations, the Scottish inroads, and the Norman conquest; that has stood the threatened invasion of the Spanish Armada, now fall prostrate before the House of Bourbon? Surely, my Lords, this nation is no longer what it was! Shall a people, that seventeen years ago was the terror of the world, now stoop so low as to tell its ancient inveterate enemy, take all we have, only give us peace? It is impossible! ...My Lords, any state is better than despair. Let us at least make one effort; and if we must fall, let us fall like men!"
 
-William Pitt the Elder, before suffering a fatal stroke on the floor of the House of Lords.

#28 Offline TakunuvaC01

TakunuvaC01
  • Members
  • Mask of Time Discovered

  • 4,192 posts
  •  

Posted Oct 30 2013 - 09:58 PM

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

I understand the basics behind how security works: namely, that it's always easier for someone to penetrate the system than it is for you to keep the system secure. To put it in terms of statistics, a black hat hacker / attacker only needs to be lucky once, but the site staff need to be lucky every time. It is always easier to break things than to keep them safe.So I understand that, of course, and I understand that you guys are hardly professional sysadmins doing this for a living, so I can sympathize with your position... but, with all due respect, none of that excuses things like:-Not keeping software up to date that runs the site-Having an automated system to make regular offline backupsFrom other comments in this thread, it sounds like you're not doing the former; from your own post, you don't have the latter.With an automated backup system, you would be able to spend those twenty hours a week doing other things (like keeping the site up to date?), because backups would be taken care of. Meiko already talked about this a bit, but let me add the following statement: you don't need to store years worth of backups if you don't have enough space, you just need to keep your backups isolated from the machine that the webserver is running on, so if the server gets penetrated the attacker does not have access to the backups. Automated, regular backups are more important than years worth of backups made irregularly over month-long intervals (assuming you can protect the automated ones).I'm sure you know this- after all, we recently suffered from the deletion of the old database precisely because there were no offsite backups. But I feel the need to say it anyway...Disclaimer: I'm a hobbyist programmer and university student. I rarely have time to work on any of my projects, so I completely understand the staff's position. I don't mean to lecture you guys on security, or try to take the moral high ground, or anything like that- other people have already done that in this thread. And I completely understand the impossible position that is maintaining the site against attack- people are going to be angry when something goes wrong, but it's unrealistic to expect that you can stop everything from going wrong.But I confess to being a little frustrated, perhaps even more so because I'm aware of some of the underlying technical issues- I don't expect perfect security but it honestly sounds like there are some fundamental things going wrong (if I believe all the comments in this thread, at least).Apologies if I've crossed a line. I'm grateful that the staff does keep BZP running- for fun, as you said- because I do still enjoy the site (after, what is it now, eight years?) but without new Bionicle content I now primarily see the site as a place to produce, showcase, and collaborate on content (RPGs, stories, etc- I'm not personally involved in art or other media or MOCs or anything like that, but all of that too), and whenever a significant amount of data is lost it means that content we worked on or showcased is (partly) lost, which is painful. Hence my frustration.

  • 0

Posted Image


#29 Offline DeeVee

DeeVee
  • Premier Member
    BioniLUG Member
  • Premier Blog Leaders
  • Senior Master Photographer

  • 5,206 posts
  •   BZP Staff

Posted Oct 30 2013 - 10:08 PM

Can I please be assured that measures have been taken to prevent this kind of thing in the future?

Because you guys don't think the administration spends hours upon hours trying to patch things? I mean, seriously

If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders?

 

Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response.


  • 0

spidermiles.jpg


#30 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,005 posts
  •   Outstanding BZPower Citizen

Posted Oct 30 2013 - 10:21 PM

 

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

I understand the basics behind how security works: namely, that it's always easier for someone to penetrate the system than it is for you to keep the system secure. To put it in terms of statistics, a black hat hacker / attacker only needs to be lucky once, but the site staff need to be lucky every time. It is always easier to break things than to keep them safe.So I understand that, of course, and I understand that you guys are hardly professional sysadmins doing this for a living, so I can sympathize with your position... but, with all due respect, none of that excuses things like:-Not keeping software up to date that runs the site-Having an automated system to make regular offline backupsFrom other comments in this thread, it sounds like you're not doing the former; from your own post, you don't have the latter.With an automated backup system, you would be able to spend those twenty hours a week doing other things (like keeping the site up to date?), because backups would be taken care of. Meiko already talked about this a bit, but let me add the following statement: you don't need to store years worth of backups if you don't have enough space, you just need to keep your backups isolated from the machine that the webserver is running on, so if the server gets penetrated the attacker does not have access to the backups. Automated, regular backups are more important than years worth of backups made irregularly over month-long intervals (assuming you can protect the automated ones).I'm sure you know this- after all, we recently suffered from the deletion of the old database precisely because there were no offsite backups. But I feel the need to say it anyway...Disclaimer: I'm a hobbyist programmer and university student. I rarely have time to work on any of my projects, so I completely understand the staff's position. I don't mean to lecture you guys on security, or try to take the moral high ground, or anything like that- other people have already done that in this thread. And I completely understand the impossible position that is maintaining the site against attack- people are going to be angry when something goes wrong, but it's unrealistic to expect that you can stop everything from going wrong.But I confess to being a little frustrated, perhaps even more so because I'm aware of some of the underlying technical issues- I don't expect perfect security but it honestly sounds like there are some fundamental things going wrong (if I believe all the comments in this thread, at least).Apologies if I've crossed a line. I'm grateful that the staff does keep BZP running- for fun, as you said- because I do still enjoy the site (after, what is it now, eight years?) but without new Bionicle content I now primarily see the site as a place to produce, showcase, and collaborate on content (RPGs, stories, etc- I'm not personally involved in art or other media or MOCs or anything like that, but all of that too), and whenever a significant amount of data is lost it means that content we worked on or showcased is (partly) lost, which is painful. Hence my frustration.

 

For the keeping things up to date, that's certainly a problem. Even the most minimal check of things using [font="'courier new', courier, monospace;"]curl[/font] through terminal shows that BZPower has out of date software running its server.

 

 

 

Can I please be assured that measures have been taken to prevent this kind of thing in the future?

Because you guys don't think the administration spends hours upon hours trying to patch things? I mean, seriously

If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders?

 

Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response.

 

I didn't say I didn't think that. I do the same thing as my hobby, in my spare time. On our team, when there's a security breach, we by no means take it for granted. We do what you do, we spend time patching it, but by no means do we let the same thing slip by 3 times in a year. I know it isn't as easy to do as it is to say, but there are precautions that could be done that haven't. Whether or not those precautions could prevent such an attack by hackers or not, it's a precaution to take either way. Keeping server software up to date is a key step to take in keeping the site secure. There's not a guarantee that anything will stop an attacker, but it's certainly a step that should have been taken by now in attempt to stop attackers.


  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#31 Offline Rhaegar Targaryen

Rhaegar Targaryen
  • Members
  • Kohrak-Kal Attacks!

  • 2,838 posts
  •  

Posted Oct 30 2013 - 10:24 PM

[color=rgb(0,0,128);]There goes the RPG forum history...again.[/color]


  • 0
709px Rob rhaegar winterfell (200x169)
 
"Rhaegar fought valiantly, Rhaegar fought nobly, Rhaegar fought honorably. And Rhaegar died."

 

BZPRPG 2013 Profiles

Tarotrix-Aryll Vudigg-Junyaus-Larikon Torchbearer-Jorruk YokinMons Shajs-Senavysh Angavur-Vulunos-Shivada-Sukot urn Voyuk

The Brotherhood of Ak'rei'an


#32 Online A Magus With Class

A Magus With Class
  • Members
  • Nuhvok-Kal Attacks!

  • 3,017 posts
  •  

Posted Oct 30 2013 - 10:46 PM

Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc.


  • 0

1322709438521.jpg


#33 Offline Lenny7092

Lenny7092
  • Members
  • Seeker

  • 244 posts
  •  

Posted Oct 30 2013 - 11:18 PM

Thank goodness that it's back!:) Hooray!:) Hopefully, this hacking problem won't happen again because it's annoying that the forums were shut down because of it.
  • 0
I like Lego, Bionicle, and Hero Factory!:)

#34 Offline Justin Bieber

Justin Bieber
  • Premier Member
  • Premier Members
  • Real Canadian Maple Syrup

  • 3,675 posts
  •  

Posted Oct 30 2013 - 11:56 PM

One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two.

 

So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.


  • 0

2013

 

 

 

 

 

 

 

<3


#35 Offline The Real Slim Shady

The Real Slim Shady
  • Premier Member
  • Premier Members
  • Low brass will rule the world

  • 253 posts
  •  

Posted Oct 31 2013 - 12:29 AM

Oh well, I don't notice anything wrong with my post count or member title, but it does suck that some of the older topics are gone.


  • 0
I like BZP so much, I named my Minecraft account Dimensioneer.

#36 Offline Aurora the cat

Aurora the cat
  • Members
  • Soaring Champion

  • 488 posts

Posted Oct 31 2013 - 12:32 AM

One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two.

 

So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.

Agreed.  With the necessary resources, anyone can recover from anything.


  • 0

#37 Offline Toa Smoke Monster

Toa Smoke Monster
  • Members
  • Gahlok-Kal Crushed

  • 4,645 posts
  •  

Posted Oct 31 2013 - 12:36 AM

One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two.

 

So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.

I couldn't agree with this more.


  • 0

Everyone is one choice away from being a bad guy in someone else's story.


#38 Offline xccj

xccj
  • Premier Member
    BioniLUG Member
  • Premier Reporters
  • Senior Staff Mask Maker

  • 6,376 posts
  •   BZP Reporter

Posted Oct 31 2013 - 03:32 AM

I don't see why people think we should update more frequently; we're not a bank or something with extremely sensitive information that needs to be constantly backed up.  Heck, I'm surprised it was just two months; I personally haven't backed up my own files in like six.

 

I'm also sad that BZP went down and we lost so much, but I'm glad it's back and I can interact with all my friends here.  Not like there was stuff on here that can't be rewritten.  (Although I guess it's not so good for RPGers.)

 

:music:


  • 0

b-bolin-02.jpg


#39 Offline CHTrilogy

CHTrilogy
  • Members
  • Defender of Mata Nui Defeated

  • 3,162 posts
  •  

Posted Oct 31 2013 - 05:14 AM

What, AGAIN?!?! This must be like what, the fifth time the site's been hacked! What makes BZP such an easy target?!?!


  • 0

~ CHTrilogy

whoa.png


#40 Offline Flamewing Studios

Flamewing Studios
  • Members
  • Toa

  • 171 posts

Posted Oct 31 2013 - 05:44 AM

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great.

 

Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters.

 

I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.


  • 0

:a: :r: :z: :a: :k: :i:

"Most quotes on the Internet are not genuine."

-Abraham Lincoln

I used to go by Arzaki.

My game

 





0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users