BZPower Status

[Black Six]

Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc.

Dimensioneer and I talk regularly. We don't have any comments regarding those topics other than that we feel the security vulnerability used in this instance has been patched.

[Makuta of Time]

So can I ask for my old name back. It was Punished Snake

[Sir Kohran]

Personally I'm not too troubled by this. We've seen much worse and recovered from it, as we will from this. It's like attacks and atrocities in the real world, we pick ourselves up, deal with the damage as best we can, and continue with our activities.

 

I understand the frustrations some are expressing about the site's vulnerability, particularly when it costs newer/more active members their posts and projects. But this place isn't a business or a government department with great financial resources at its disposal, and no-one is paid to run it or restore it. Let's be glad it's back at all, and hope the 'malicious individual' runs out of weak spots to exploit.

[Gatanui]

I don't see why people think we should update more frequently; we're not a bank or something with extremely sensitive information that needs to be constantly backed up. Heck, I'm surprised it was just two months; I personally haven't backed up my own files in like six.I'm also sad that BZP went down and we lost so much, but I'm glad it's back and I can interact with all my friends here. Not like there was stuff on here that can't be rewritten. (Although I guess it's not so good for RPGers.)

Sorry, but that you are sloppy in that regard is no excuse for it happening here. No offense, but regular backups are a must. Anything could happen from hacks, broken hardware to failed system updates.Okay, first of all, glad to see the forums are back online.Second, I'm quite surprised automatic backups don't seem to happen, and I agree with previous comments that that's a must, especially considering the situation. However, while there are some things that could be improved on the side of the administration, it's definitely wrong putting the blame for this incident on the admins.I suggest all the security experts here (that's not ironic at all, I mean it) sit together with the admins (not literally, but you get it) and discuss what could be done so this will hopefully not happen again.-Gata

[Van Hohenheim]

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

[PeabodySam]

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for.

If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders? Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response.

If I wasn't clear before, I'm not angry with the staff. Frustrated? Yes. But angry? No. I know and understand that this is an unpaid job that you guys, despite having little free time and much better things to do, are doing out of the goodness of your hearts. Anger, on the other hand, is reserved for the certain individual who has absolutely nothing better to do with his life than to hack a website about Danish plastic "for fecal matter and giggles".Nowhere did I say that I blame you for this or that I'm angry at you. If it wasn't for this individual, all would be fine.But rather than getting all defensive, you must understand that frustration is a natural reaction to these events. I know that all it takes is a small hole to render a dam useless, but there needs to be failsafes in place to prevent a devastating flood. My frustration stems from the fact that there aren't such failsafes, even though clearly you can see a number of other people in this topic offering suggestions. I don't pretend to know anything about backing up entire forums, but this needs to be a wake-up call.Don't act like we're ungrateful peasants who want nothing but sunshine and rainbows. This site has given me over nine years of happy memories. I'm grateful for what you do here... grateful that you have given us so much. But when the same person hacks this site for the third time, understand that our frustration is born from our love for this site and our anger with the hacker, and we feel the need to call to your attention that we need to see some improvements made for the sake of this site.We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better. Not to blame the BZP staff or be ungrateful for their work, but to call their attention to what can and needs to be done.And if a easier and more secure method of creating back-ups is what is needed, then it must be done.

[Meiko]

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

[bonesiii]

To everyone saying they're tempted to stop posting just because of hackers -- don't worry, the conversations we have usually die and stay dead anyways, and we still remember them. It really makes little difference if the record stays successfully or not, though that is obviously our goal. After all, don't yall have IM convos all the time and not necessarily save those? Of course, that doesn't apply to creative works, but that's why I always save mine.

 

Just stop giving the hackers that much mental power over you. Evict them from your head. Besides, the more activity we get, the more likely to be donations, and the more likely we could afford better solutions.

 

My two cents.

 

Anyways, awesome that we're back! Now go make S&T topics and stuff, yall.

[Sir Kohran]

 

 

Besides, the more activity we get, the more likely to be donations, and the more likely we could afford better solutions.

 

Correct me if I'm wrong, but the money from Premier Memberships is used to pay for the site's server, and unless there's really a lot of members signing up I can't see there being enough money left over to fund security enhancements on top of that.

[Gatanui]

If I wasn't clear before, I'm not angry with the staff. Frustrated? Yes. But angry? No. I know and understand that this is an unpaid job that you guys, despite having little free time and much better things to do, are doing out of the goodness of your hearts. Anger, on the other hand, is reserved for the certain individual who has absolutely nothing better to do with his life than to hack a website about Danish plastic "for fecal matter and giggles".Nowhere did I say that I blame you for this or that I'm angry at you. If it wasn't for this individual, all would be fine.But rather than getting all defensive, you must understand that frustration is a natural reaction to these events. I know that all it takes is a small hole to render a dam useless, but there needs to be failsafes in place to prevent a devastating flood. My frustration stems from the fact that there aren't such failsafes, even though clearly you can see a number of other people in this topic offering suggestions. I don't pretend to know anything about backing up entire forums, but this needs to be a wake-up call.Don't act like we're ungrateful peasants who want nothing but sunshine and rainbows. This site has given me over nine years of happy memories. I'm grateful for what you do here... grateful that you have given us so much. But when the same person hacks this site for the third time, understand that our frustration is born from our love for this site and our anger with the hacker, and we feel the need to call to your attention that we need to see some improvements made for the sake of this site.We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better. Not to blame the BZP staff or be ungrateful for their work, but to call their attention to what can and needs to be done.And if a easier and more secure method of creating back-ups is what is needed, then it must be done.

This post sums up my feelings pretty well. Good job.-Gata Edited October 31, 2013 by Gatanui

[Chro]

I quite agree with what has been said by TakanuvaC01 and Peabody. Thanks guys.

 

Now the forums are back online, and I find my epic is gone. Great.

Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters.

I'd recommend saving your epic somewhere else, not just the BZP topic.

[Black Six]

I understand you are all frustrated, so are we. We're working as hard as we can with limited time and resources. If you think what we're doing is not enough, I'm sorry. We do welcome suggestions, but just because you suggest something doesn't mean it's going to happen right away or ever.

We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better.

Freedom of speech prevents you from being censored by the government. As a privately owned and operated site, BZPower can limit your speech as much as we deem necessary - hence rules like no discussion of politics and religion. Obviously it's in our best interest to get feedback and ideas, but don't confuse that with a right.

[Van Hohenheim]

 

 

Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.

what about, instead of backing up every week and keeping it somewhere, why not just back up two weeks (this week and last week, for example) and delete the rest so that you can keep space but also have something to work with when the hacker attacks again? would that work?

[Toatapio Nuva]

I think blaming the admins and staff is unnecessary. It's not like they wanted this data loss to happen.

 

A more frequent back-up would be a good idea. Just remember that whatever precautions are taken, some hackers will know how to still break in.

 

I think this was handled much better than the 2009 and 2010 downtime periods. I give my thumbs up to the staff with this case.

[Constructelf]

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP. Edited October 31, 2013 by Crimson Superball

[Meiko]

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.And for those who feel I'm being blunt, I am in good faith. While I know it isn't entirely the admin team's fault, I'm frustrated that this has slipped by once again. In good faith, I've given suggestions to the staff to hopefully increase security and make data backups easier. While some of you know I'm not much of an active poster anymore, I get frustrated seeing the loss of other people's posts, since they're useful content, and in some cases, have been cited on other references such as Brickipedia. Losing this content, while I myself have not lost much, does affect me and my work, so for any who do, please don't take my comments as hostile or rude, because I do know how you have too been affected by this latest incident.

[Van Hohenheim]

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.

except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.

[fishers64]

^That is the adminstration's problem. If they want to hunt him down and throw him in jail, that's their business, not ours...

[Kopekemaster]

 

Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.

what about, instead of backing up every week and keeping it somewhere, why not just back up two weeks (this week and last week, for example) and delete the rest so that you can keep space but also have something to work with when the hacker attacks again? would that work?

 

 

This is something I was realizing. You don't need to make a full backup every time - you can just update your backup. In doing so, it will only retrieve the things that have changed since the last backup.

 

Anyways,

I understand both sides of this argument: I get why people are getting upset at the staff, but I think their "wrathful energyz" would be better directed at the attacker.

 

I suppose the biggest problem I see with this is for the RPG people.

 

But for people who are putting up stories and MOCs and such, you should really keep a backup on YOUR computer. Don't blame BZPower going down for the loss of your MOC or story.

[Meiko]

 

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.

except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.

Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

[Dual Cee]

Jups Glad to be back, sad the security is bad

 

Aaand My Premium's Gone....

Edited October 31, 2013 by Dual Matrix

[Van Hohenheim]

 

 

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.

except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.

Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

 

why not both?

[Meiko]

 

 

 

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.

except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.

Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

 

why not both?

 

Sure both can happen, but one needs to happen first, and security is more of a priority.

[TakunuvaC01]

 

Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc.

Dimensioneer and I talk regularly. We don't have any comments regarding those topics other than that we feel the security vulnerability used in this instance has been patched.

 

One thing often done after such incidents is to release a detailed post-mortem of how the attack happened, how it was noticed, what was compromised, what is being done to fix the issue, etc. (The Ubuntu one I linked impressed me for its honesty and thoroughness at the time).This sort of thing goes a long wait to maintaining faith in security after such an incident, and also helps to reassure users that the same thing cannot happen again.I would highly recommend this- being open and honest about what exactly happened can only be a good thing*.* Unless, of course, it would reveal details about the site that might allow an attack. But honestly, this would mean that whatever vulnerabilities used to gain access potentially haven't been patched, but you've said they have been. And in general, trusting security through obscurity is a really bad idea.

[TheSkeletonMan939]

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great.

 

Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters.

 

I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

 

Hint: Microsoft Word is your friend.

[Gatanui]

 

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great. Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters. I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

Hint: Microsoft Word is your friend.

 

Or OpenOffice and LibreOffice while we're at it. -Gata

[Underscore]

So...how do I get my proto back?

 

(apologies if this was answered before, I prefer not to sift through 2 pages of this)

[Velox]

One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two.

 

So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.

 

This is the greatest post here, extremely well-said. Definitely agreed.

 

So...how do I get my proto back?

 

(apologies if this was answered before, I prefer not to sift through 2 pages of this)

 

Just PM Black Six (with information about what the proto was for, etc.) and he can take care of it. =]

Edited October 31, 2013 by Velox

[bonesiii]

One thing often done after such incidents is to release a detailed post-mortem of how the attack happened, how it was noticed, what was compromised, what is being done to fix the issue, etc... Unless, of course, it would reveal details about the site that might allow an attack. But honestly, this would mean that whatever vulnerabilities used to gain access potentially haven't been patched...

Not exactly -- the latest vulnerability may be patched, but revealing exactly what was done to patch it will only make it easier to know what the fix does not affect. I don't see how we could give a "detailed" explanation of what is being done, that is "open" without including assessments of what is still vulnerable? To use a battlefield metaphor, that's a bit like mining a field, but then broadcasting exactly where every mine is. (Not the best analogy; I'm tired. ) We've put up a general warning sign; "this field is mined now" (that it's been fixed to the best of the administration's knowledge), and that should be enough.

 

And do not forget that we intentionally try to minimize the attention hackers get.

[Arzaki]

 

 

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great. Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters. I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

Hint: Microsoft Word is your friend.

Or OpenOffice and LibreOffice while we're at it. -Gata

 

My laptop doesn't have word processing yet. I was too lazy to install it. I guess this is nature's way of telling me I'm way too lazy.

[Akaku: Master of Flight]

Oh, well this is Interesting.

 

 

Yes yes, I left the site. Still have left it as far as I’m concerned, I've only stopped by briefly now because a good friend of mine who used to go here told me of the situation, and good ol' Ak can’t keep his mouth shut about things.

 

 

This is sad. the Admins can say what they want, but the whole 'don’t worry lads, we really fixed things this time!' thing is rather pathetic; If this sort of stuff couldn’t be handled way back when BZP was the Giant it once was with all the money flowing through and the attention dedicated to keep such a large site on its feet back in the day, I highly doubt things will be 'patched' for long now, especially with all these admins having moved on with their lives and not having nearly enough funds or time to 'fix' things like they did before; I'm sure this will keep happening again, and again, and again.. Until they finally either close and bury this battered casket of a forum, or they have nobody left to attend to this long, drawn out funeral.

 

 

Secondly, as many others seem to have stated in this topic, there really isn’t an excuse for the lack of backing up the files. I highly doubt the staff in charge don’t have the five minutes of free time able to contact the people needed to update their backups (whether it be a remote server, or themselves), it seems much more like laziness or forgetfulness to me, to be quite honest.

 

 

Another thing is that the whole 'oh, it’s just the internet, who cares if we lose all of our stuff' is rather absurd. The location of where a massive amount of information lost really doesn’t matter, it's the fact that so many things have been lost isn’t something that should just be brushed aside. Countless hours of work and hard effort had been put into here; Stories, discussions, arguments, and friendships, many with as much seriousness and meaning as they would have in person as they did here; as a more personal example, I met the love of my life on this forum, and nobody's going to convince me to think the first conversations I had with her years ago on this site that now no longer exist didn’t have any value; It's like losing a photograph, only that was taken in words, rather than a picture. and that's a whole lot of photographs, History, that we've lost, and it's more than a shame to see it go, and anybody who thinks nothing of it I find to be rather Ignorant, especially if only by chance it doesn’t affect them nearly as much as others.

 

[Chro]

This message was brought to you by:

Jibs.

that is all.

Thanks, Jibs.

My laptop doesn't have word processing yet. I was too lazy to install it. I guess this is nature's way of telling me I'm way too lazy.

Actually, I'd call it ########'s way, not nature's way...

Edited November 1, 2013 by Chro

[iPenguin]

I'm with Peabody Sam here. I love this site, and the administration is doing the best job that they can, but this is very frustrating.

[SonicBOOM XS]

This is life. We lose stuff. While I do agree the staff needs to be more punctual in backing the data up at regular intervals, it's not going to kill you. Unless it is. In which case you should probably prepare your funeral.

 

And honestly, just get over it. RPG lost the most out of all of us and to my knowledge they're taking this in stride better than any of the other forums are.

 

To all you who put sensitive documents such as epics or stories on BZP alone, my condolences. Let this be a lesson to back your stuff up elsewhere. This is what can wreck even companies: a lack of care and backups. You'd think after a history of data losses, people would be more careful about making BZP the only place they store their documents. As many backups as you can, people.

 

And don't even bring up trying to shut down the hacker. Even if you get him (EXTREMELY unlikely, in fact I'd say nigh impossible), there's a million more who can target this and shut BZP down harder than he/she ever could.

 

Those are just my 2 cents. Don't let the hacker smack you around like this. Man up and take life as it goes. Losing 2 month's worth of stuff isn't the end of the world. Unless if it is. In which case you should probably prepare your funeral.

[bonesiii]

This is sad. the Admins can say what they want, but the whole 'don’t worry lads, we really fixed things this time!' thing is rather pathetic

That's not what we're saying -- only that the vulnerabilities that we know of so far appear to be patched, according to the geeks that actually run this stuff. The Administration in fact said the opposite on page 1 here:

We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

Emphasis mine.

Secondly, as many others seem to have stated in this topic, there really isn’t an excuse for the lack of backing up the files.

It's not an excuse, it's reality, but B6 said we DO plan to do more frequent backups. Relax, man.

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes.

It sounds like you're trying to find some justification for why you don't post here, and seizing upon a strawman version of the administration to do it. But if you honestly don't feel like posting here anymore, you really don't need to justify it -- this is all just for fun anyways; it's totally optional. If you feel you want to post more here, then just do it, and don't let the hackers "live rent free in your head." Instead of trying to create conflict, try to give good advice, recognize when we are recognizing it, and don't beat dead horses.

 

I appreciate that you got something immeasurably greater than what this site is for (we're not a dating site -- we're just here to talk about Bionicle/LEGO with likeminded people), and I admit I wasn't talking about that when I said that the stuff we lose really doesn't matter much and it's in our memories (also, admittedly, I'm the one with a lousy memory, I'm not saying the loss even of the trivial stuff isn't bad). But I work hard writing my fanfic stories, and they mean a "lot" to me.... so I back them up myself -- how much more, if you value what you lost, should you not have backed them up instead of blaming us for not doing it [enough] for you?

 

I hope you take seriously what I'm saying here -- I'm not trying to pick on you or fight with you, and I agree it's sad that you lost what you did, but put the blame squarely on the shoulders of who actually attacked that data -- not us. Bottom line is obsessed, hateful people like that will do whatever it takes to overcome any defense, and take advantage of innocent mistakes on our part. The solution is to constructively think of ways to learn from those mistakes, not condescendingly pour salt in the wounds for our mistakes - and yes, we do make mistakes; we're only human.

 

Make sense?

Edited November 1, 2013 by bonesiii

[Makuta Luroka]

I, for one, am glad the site got back online as quickly as it did, and that we only lost two months of data, as opposed to ten years; and I am grateful that the administration is doing what they can to rectify the issue.

[Torran]

Ooh, Malignus voiced my thoughts before I got here. You must have a Suletu.

[Akaku: Master of Flight]

@ Bonesiii: First off, I'd like to just say that i appreciate your friendly and reasonable reply to my comment, especailly since my own was hardly what i'd call either, and i apologize for that. I'm not going to argue, but I will attempt to explain my actions and reasoning.

 

I guess I was just dissapointed that the backup measures hadn't been already implemented back after when the first loss of data occured, or at least weren't maintained/had loosened up after a while, or whatever may have happened to them... At least there cracking down on it now though, hopfully because of all this the future members of BZP wont have to go through more dataclysims...

 

Speaking of the whole security issue; I know it's easier to hack into things then some may first think (I dont myself, though i do have a friend of mine who is quite the IT-prankster when it comes to the online world..), but i generally thought that forums part of large reputable board companies would have pretty tough and up to date security supplied to them, but i guess thats more the fault of InvisionPower then anything...

 

I wouldnt exactly call this a Justification of why i left, as I'm well aware of the reasons why; I was uncomfortable and unhappy with the turn the community was taking at the time that i left, when alot of trolls and negative vibes were starting to pop up that were tolerated because they technicly weren't 'braking the rules'; Now, i'm not sure if that ever changed and this place is better now, but that was my reasoning at the time. Most of my friends moved on to the same place i did, so i never really came back and checked, only hearing the odd thing about the site from a few of my friends who still hung around. My post above was more the result of seeing what happened and simply jumping to some conclusions, which i do again apologize for.

 

As for backing stuff up.. I do of course have every one of my pictures that are on brickshelf stored in my computer, along with some ancient notepad files of code-filled topics i used to have, and even acouple half-written IC's for long gone RP's; I didnt know much about how computers and such worked back in the time in the first dataclysim, so i didnt know that forum information would be perminantly lost until after it happened, although admitedly that was before some of the lost information has as much value to me as it does now.

[bonesiii]

I was uncomfortable and unhappy with the turn the community was taking at the time that i left, when alot of trolls and negative vibes were starting to pop up that were tolerated because they technicly weren't 'braking the rules'; Now, i'm not sure if that ever changed and this place is better now, but that was my reasoning at the time.

Well, thanks for a reasonable reply, and I'm glad my attempt to do the same worked. For whatever it's worth, a lot of us have talked about how it seems there's a lot less of the older animosity and trolling in maybe the last year or so (I dunno exactly... but lately). Of course, that's probably more a symptom of lesser activity, but yeah, still pleasant IMO.

 

I do have to say that having been closely involved with the membership on at least story-based discussions and general site issues for a long time, I always felt that the bad vibes were kind of blown out of proportion by a few. The vast majority of us always got along, and certainly the staff worked a lot, often behind the scenes in ways you wouldn't necessarily notice, to try to resolve those issues, peacefully if possible.

 

Anywho, what's past is past... which I guess is my point about these hacking incidents too -- yes, we wish we hadn't made mistakes that were taken advantage of, but we can't time travel. Let's also keep in mind there's probably tons of preemptive security measures besides the obvious ones that HAVE worked and most of us wouldn't even notice, so might be taking them for granted. (Please note... I'm a bit of a geek but not at all an expert on how the site actually runs so my understanding may be way off, so take that with salt and stuff, but seems logical. )

 

which i do again apologize for.

Forgiven.

[Timelady Gallade]

Is it just me or has page 2 of COT disappeared...?