Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Welcome to BZPower!

Hi there, while we hope you enjoy browsing through the site, there's a lot more you can do if you register. The process is easy and you can use your Google, Facebook, or Twitter account to make it even faster. Some perks of joining include:
  • Create your own topics, participate in existing discussions, and vote in polls
  • Show off your creations, stories, art, music, and movies and play member and staff-run games
  • Enter contests to win free LEGO sets and other prizes, and vote to decide the winners
  • Participate in raffles, including exclusive raffles for new members, and win free LEGO sets
  • Send private messages to other members
  • Organize with other members to attend or send your MOCs to LEGO fan events all over the world
  • Much, much more!
Enjoy your visit!

Posted Image


Click to ToggleParticipate in our raffle!

Hi, Guest. Come take a look and participate in our raffle:

Chima 2014 Big Raffle
Chima 2014 New Member Raffle
Chima 2014 Little Raffle

Photo

BZPower Status


  • Please log in to reply
124 replies to this topic

#41 Offline Black Six

Black Six
  • BioniLUG Member
  • BZPower Administrators
  • Lego Ambassador

  • 11,909 posts
  •   BZP Staff

Posted Oct 31 2013 - 05:55 AM

Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc.

Dimensioneer and I talk regularly. We don't have any comments regarding those topics other than that we feel the security vulnerability used in this instance has been patched.

  • 0

#42 Offline Shadow Flaredrick

Shadow Flaredrick
  • Members
  • Emerging Stone Champion

  • 1,498 posts
  •  

Posted Oct 31 2013 - 07:48 AM

So can I ask for my old name back. It was Punished Snake


  • 0

Bionicle Hitman VI: Final Hour Guns, Explosions, and hoards of countless enemies!


Join before registration closes at 4/23/14 5 p.m CDT!


BZPRPG Profiles

Flaredrick Seria - Potas -'Jet Fire' -'Razor'- 'Infector' - Reso 'Vo - Kasrar 'V- Ludvin va Betravo - Vallen Tor - Molvr Kalr


#43 Offline Sir Kohran

Sir Kohran
  • Members
  • Kohrak-Kal Attacks!

  • 2,863 posts
  •  

Posted Oct 31 2013 - 08:48 AM

Personally I'm not too troubled by this. We've seen much worse and recovered from it, as we will from this. It's like attacks and atrocities in the real world, we pick ourselves up, deal with the damage as best we can, and continue with our activities.

 

I understand the frustrations some are expressing about the site's vulnerability, particularly when it costs newer/more active members their posts and projects. But this place isn't a business or a government department with great financial resources at its disposal, and no-one is paid to run it or restore it. Let's be glad it's back at all, and hope the 'malicious individual' runs out of weak spots to exploit.


  • 0

#44 Offline Gatanui

Gatanui
  • Reporters
  • Senior News Finder

  • 10,839 posts
  •   BZP Reporter

Posted Oct 31 2013 - 08:54 AM

I don't see why people think we should update more frequently; we're not a bank or something with extremely sensitive information that needs to be constantly backed up. Heck, I'm surprised it was just two months; I personally haven't backed up my own files in like six.I'm also sad that BZP went down and we lost so much, but I'm glad it's back and I can interact with all my friends here. Not like there was stuff on here that can't be rewritten. (Although I guess it's not so good for RPGers.) :music:

[color=#990000;]Sorry, but that you are sloppy in that regard is no excuse for it happening here. No offense, but regular backups are a must. Anything could happen from hacks, broken hardware to failed system updates.Okay, first of all, glad to see the forums are back online.Second, I'm quite surprised automatic backups don't seem to happen, and I agree with previous comments that that's a must, especially considering the situation. However, while there are some things that could be improved on the side of the administration, it's definitely wrong putting the blame for this incident on the admins.I suggest all the security experts here (that's not ironic at all, I mean it) sit together with the admins (not literally, but you get it) and discuss what could be done so this will hopefully not happen again.[color=#000080;]-Gata Posted Image[/color][/color]

  • 0

Posted Image

Please don't use my avatar without permission, thanks ^_^


#45 Offline Sheogorath

Sheogorath
  • Members
  • Scavenger

  • 621 posts
  •  

Posted Oct 31 2013 - 09:25 AM

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP


  • 0

madness is the golden road to happiness


#46 Offline PeabodySam

PeabodySam
  • Premier Member
  • Premier Members
  • Mask of Light Unveiled

  • 5,043 posts
  •  

Posted Oct 31 2013 - 09:34 AM

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for.

If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders? Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response.

If I wasn't clear before, I'm not angry with the staff. Frustrated? Yes. But angry? No. I know and understand that this is an unpaid job that you guys, despite having little free time and much better things to do, are doing out of the goodness of your hearts. Anger, on the other hand, is reserved for the certain individual who has absolutely nothing better to do with his life than to hack a website about Danish plastic "for fecal matter and giggles".Nowhere did I say that I blame you for this or that I'm angry at you. If it wasn't for this individual, all would be fine.But rather than getting all defensive, you must understand that frustration is a natural reaction to these events. I know that all it takes is a small hole to render a dam useless, but there needs to be failsafes in place to prevent a devastating flood. My frustration stems from the fact that there aren't such failsafes, even though clearly you can see a number of other people in this topic offering suggestions. I don't pretend to know anything about backing up entire forums, but this needs to be a wake-up call.Don't act like we're ungrateful peasants who want nothing but sunshine and rainbows. This site has given me over nine years of happy memories. I'm grateful for what you do here... grateful that you have given us so much. But when the same person hacks this site for the third time, understand that our frustration is born from our love for this site and our anger with the hacker, and we feel the need to call to your attention that we need to see some improvements made for the sake of this site.We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better. Not to blame the BZP staff or be ungrateful for their work, but to call their attention to what can and needs to be done.And if a easier and more secure method of creating back-ups is what is needed, then it must be done.

  • 0

awebanner.png
Calcite Copter VS Cybernetic Rock Monster - The Coming of the Toa - Cursed Form - Dino Attack Headquarters - Five Years Too Many - Hate and Vengeance - Lost and Found and Lost Again - Majhost Gallery - Scene 24: Johnny Thunder Blows This Taco Stand - Vakama's Secret
"It's all right, children. Life is made up of meetings and partings. That is the way of it. I am sure that we shall never forget Tiny Tim, or this first parting that there was among us." - Bob Cratchit
qs25896.jpg
qs25896.jpg


#47 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,009 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 09:56 AM

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#48 Offline bonesiii

bonesiii
  • Premier Member
  • Premier Forum Leaders
  • Perpetual Master of Reference

  • 18,232 posts
  •   BZP Leader

Posted Oct 31 2013 - 10:17 AM

To everyone saying they're tempted to stop posting just because of hackers -- don't worry, the conversations we have usually die and stay dead anyways, and we still remember them. It really makes little difference if the record stays successfully or not, though that is obviously our goal. After all, don't yall have IM convos all the time and not necessarily save those? :P Of course, that doesn't apply to creative works, but that's why I always save mine. :)

 

Just stop giving the hackers that much mental power over you. Evict them from your head. ;) Besides, the more activity we get, the more likely to be donations, and the more likely we could afford better solutions.

 

My two cents.

 

Anyways, awesome that we're back! Now go make S&T topics and stuff, yall. :P


  • 0

#49 Offline Sir Kohran

Sir Kohran
  • Members
  • Kohrak-Kal Attacks!

  • 2,863 posts
  •  

Posted Oct 31 2013 - 10:28 AM

Besides, the more activity we get, the more likely to be donations, and the more likely we could afford better solutions.

 

Correct me if I'm wrong, but the money from Premier Memberships is used to pay for the site's server, and unless there's really a lot of members signing up I can't see there being enough money left over to fund security enhancements on top of that.


  • 0

#50 Offline Gatanui

Gatanui
  • Reporters
  • Senior News Finder

  • 10,839 posts
  •   BZP Reporter

Posted Oct 31 2013 - 11:08 AM

If I wasn't clear before, I'm not angry with the staff. Frustrated? Yes. But angry? No. I know and understand that this is an unpaid job that you guys, despite having little free time and much better things to do, are doing out of the goodness of your hearts. Anger, on the other hand, is reserved for the certain individual who has absolutely nothing better to do with his life than to hack a website about Danish plastic "for fecal matter and giggles".Nowhere did I say that I blame you for this or that I'm angry at you. If it wasn't for this individual, all would be fine.But rather than getting all defensive, you must understand that frustration is a natural reaction to these events. I know that all it takes is a small hole to render a dam useless, but there needs to be failsafes in place to prevent a devastating flood. My frustration stems from the fact that there aren't such failsafes, even though clearly you can see a number of other people in this topic offering suggestions. I don't pretend to know anything about backing up entire forums, but this needs to be a wake-up call.Don't act like we're ungrateful peasants who want nothing but sunshine and rainbows. This site has given me over nine years of happy memories. I'm grateful for what you do here... grateful that you have given us so much. But when the same person hacks this site for the third time, understand that our frustration is born from our love for this site and our anger with the hacker, and we feel the need to call to your attention that we need to see some improvements made for the sake of this site.We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better. Not to blame the BZP staff or be ungrateful for their work, but to call their attention to what can and needs to be done.And if a easier and more secure method of creating back-ups is what is needed, then it must be done.

[color=#990000;]This post sums up my feelings pretty well. Good job.[color=#000080;]-Gata Posted Image[/color][/color]

Edited by Gatanui, Oct 31 2013 - 11:12 AM.

  • 0

Posted Image

Please don't use my avatar without permission, thanks ^_^


#51 Offline Chro

Chro
  • Members
  • Emerging Mata Nuian Protector

  • 1,603 posts
  •  

Posted Oct 31 2013 - 11:20 AM

I quite agree with what has been said by TakanuvaC01 and Peabody. Thanks guys.

 

Now the forums are back online, and I find my epic is gone. Great.
Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters.
I'd recommend saving your epic somewhere else, not just the BZP topic. ;)

  • 0

CHRO IS LIKE A BEAUTIFUL PHOENIX
EXCEPT MORE PAINFUL

Brickshelf
 MOCpages
➠ flickr
YouTube


#52 Offline Black Six

Black Six
  • BioniLUG Member
  • BZPower Administrators
  • Lego Ambassador

  • 11,909 posts
  •   BZP Staff

Posted Oct 31 2013 - 11:29 AM

I understand you are all frustrated, so are we. We're working as hard as we can with limited time and resources. If you think what we're doing is not enough, I'm sorry. We do welcome suggestions, but just because you suggest something doesn't mean it's going to happen right away or ever.

We have freedom of speech. And we're using that freedom to declare that this site needs to be changed for the better.

Freedom of speech prevents you from being censored by the government. As a privately owned and operated site, BZPower can limit your speech as much as we deem necessary - hence rules like no discussion of politics and religion. Obviously it's in our best interest to get feedback and ideas, but don't confuse that with a right. :P

  • 0

#53 Offline Sheogorath

Sheogorath
  • Members
  • Scavenger

  • 621 posts
  •  

Posted Oct 31 2013 - 11:29 AM

[color=rgb(40,40,40);font-family:helvetica, arial, sans-serif;]Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.[/color]

what about, instead of backing up every week and keeping it somewhere, why not just back up two weeks (this week and last week, for example) and delete the rest so that you can keep space but also have something to work with when the hacker attacks again? would that work?


  • 0

madness is the golden road to happiness


#54 Offline Toatapio Nuva

Toatapio Nuva
  • Members
  • Master of Disintegration Unchained

  • 5,353 posts
  •  

Posted Oct 31 2013 - 12:01 PM

I think blaming the admins and staff is unnecessary. It's not like they wanted this data loss to happen.

 

A more frequent back-up would be a good idea. Just remember that whatever precautions are taken, some hackers will know how to still break in.

 

I think this was handled much better than the 2009 and 2010 downtime periods. I give my thumbs up to the staff with this case.


  • 0

Listen to Vakama, he knows what he's talking about.

vakama_loves_curry.jpg

My BZPRPG profiles - Kirgan, Viima, Jarkale, Tuli, Hile, Lai LaiSurina, Khervos, Teede


#55 Offline A Magus With Class

A Magus With Class
  • Members
  • Nuhvok-Kal Attacks!

  • 3,027 posts
  •  

Posted Oct 31 2013 - 12:12 PM

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

Edited by Crimson Superball, Oct 31 2013 - 12:15 PM.

  • 0

1322709438521.jpg


#56 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,009 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 12:37 PM

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.
The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.And for those who feel I'm being blunt, I am in good faith. While I know it isn't entirely the admin team's fault, I'm frustrated that this has slipped by once again. In good faith, I've given suggestions to the staff to hopefully increase security and make data backups easier. While some of you know I'm not much of an active poster anymore, I get frustrated seeing the loss of other people's posts, since they're useful content, and in some cases, have been cited on other references such as Brickipedia. Losing this content, while I myself have not lost much, does affect me and my work, so for any who do, please don't take my comments as hostile or rude, because I do know how you have too been affected by this latest incident.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#57 Offline Sheogorath

Sheogorath
  • Members
  • Scavenger

  • 621 posts
  •  

Posted Oct 31 2013 - 12:53 PM

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.

The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.

except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.


  • 0

madness is the golden road to happiness


#58 Offline fishers64

fishers64
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Collapsed

  • 4,316 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 01:00 PM

^That is the adminstration's problem. If they want to hunt him down and throw him in jail, that's their business, not ours...


  • 0

#59 Offline Kopekemaster

Kopekemaster
  • Members
  • Exo-Armored Toa

  • 773 posts
  •  

Posted Oct 31 2013 - 01:09 PM

 

[color=rgb(40,40,40);font-family:helvetica, arial, sans-serif;]Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.[/color]

what about, instead of backing up every week and keeping it somewhere, why not just back up two weeks (this week and last week, for example) and delete the rest so that you can keep space but also have something to work with when the hacker attacks again? would that work?

 

 

This is something I was realizing. You don't need to make a full backup every time - you can just update your backup. In doing so, it will only retrieve the things that have changed since the last backup. :)

 

Anyways,

I understand both sides of this argument: I get why people are getting upset at the staff, but I think their "wrathful energyz" would be better directed at the attacker. 

 

I suppose the biggest problem I see with this is for the RPG people.

 

But for people who are putting up stories and MOCs and such, you should really keep a backup on YOUR computer. Don't blame BZPower going down for the loss of your MOC or story.


  • 0

ezgif-save.gif

My Writing Blog (Updated frequently)

My Bionicle/LEGO Blog (Now, updated frequently[ish] again)

BZPower Chronicles, my BZP comedy.

Species, my dystopian Bionicle story and its respective Review Topic.


#60 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,009 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 01:12 PM

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.
The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.
except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.
Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#61 Offline Dual Matrix

Dual Matrix
  • Premier Member
  • Premier Outstanding BZP Citizens
  • Emerging Fluidic Master

  • 1,252 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 01:16 PM

Jups Glad to be back, sad the security is bad :)

 

Aaand My Premium's Gone....


Edited by Dual Matrix, Oct 31 2013 - 01:16 PM.

  • 0

Monster Contest Entries:

 

The Seige of Ga-Koro Minecraft Modification

 

(Download Available)

 

Massive


#62 Offline Sheogorath

Sheogorath
  • Members
  • Scavenger

  • 621 posts
  •  

Posted Oct 31 2013 - 01:20 PM

 

 

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.
The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.
except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.
Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

 

why not both?


  • 0

madness is the golden road to happiness


#63 Offline Meiko

Meiko
  • Premier Member
    BioniLUG Member
  • Premier Outstanding BZP Citizens
  • Nuhvok-Kal Attacks!

  • 3,009 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 01:44 PM

 

 

 

 

 

 

if this guy's "admitted to it on skype" can't you invoke the rules and get them imprisoned, as threatened in the rules? I've never used skype, or run a website seriously, but there's gotta be a way to track his IP

As easy as it is to check an IP address, it's even easier to mask one so that it traces to something different from what your IP really is.
Well, if this hacker is who I think it is, then he has made multiple infractions of internet law in the past right? Last time I checked, pulling off ###### like this was against US Federal Law. And we have his Twitter, his Tumblr, and his Skype. Couldn't we just report this to whatever department of the police handles black hats, or maybe hire a white hat to hunt the hacker down? The kid has probably made a mistake sometime in the past and revealed his true IP.
The only legal violations I can name that he's done is sabotage, which is a much more minor infraction than say thievery of financial information of users and fraud. It'd be more worthwhile to spend time working on increasing security and failsafes to prevent future data loss than to spend the time tracking down this one hacker.
except that the hacker will simply continue to hack until he's stopped. so far, he's hacked us 3 times in the past six months, regardless of security. as someone said above, it's easier to get lucky once that to get lucky every time. better to stop the attacks altogether then try to defend them with stuff he can bypass.
Yes, but even after stopping a single hacker, and being negligent to have spent the time working on security, you'd be leaving the same hole open in the security for more hackers in the future.

 

why not both?

 

Sure both can happen, but one needs to happen first, and security is more of a priority.


  • 0
--
Meiko
News reporter and database administrator at Brickset (profile)
Administrator at Brickipedia (profile)
Former administrator at BIONICLEsector01 (profile)
MediaWiki developer (profile)
 
DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability.

#64 Offline TakunuvaC01

TakunuvaC01
  • Members
  • Mask of Time Discovered

  • 4,192 posts
  •  

Posted Oct 31 2013 - 04:57 PM

Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc.

Dimensioneer and I talk regularly. We don't have any comments regarding those topics other than that we feel the security vulnerability used in this instance has been patched.

One thing often done after such incidents is to release a detailed post-mortem of how the attack happened, how it was noticed, what was compromised, what is being done to fix the issue, etc. (The Ubuntu one I linked impressed me for its honesty and thoroughness at the time).This sort of thing goes a long wait to maintaining faith in security after such an incident, and also helps to reassure users that the same thing cannot happen again.I would highly recommend this- being open and honest about what exactly happened can only be a good thing*.* Unless, of course, it would reveal details about the site that might allow an attack. But honestly, this would mean that whatever vulnerabilities used to gain access potentially haven't been patched, but you've said they have been. And in general, trusting security through obscurity is a really bad idea.

  • 0

Posted Image


#65 Offline TheSkeletonMan939

TheSkeletonMan939
  • Outstanding BZPower Citizens
  • Fluidic Master Nuva

  • 1,333 posts
  •   Outstanding BZPower Citizen

Posted Oct 31 2013 - 05:09 PM

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great.

 

Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters.

 

I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

 

Hint: Microsoft Word is your friend.


  • 0

Posted Image


TheSkeletonMan939's Soundtrack Emporium!

And thanks to Black Six for all those proto boosts he gave me over the years.


#66 Offline Gatanui

Gatanui
  • Reporters
  • Senior News Finder

  • 10,839 posts
  •   BZP Reporter

Posted Oct 31 2013 - 05:15 PM

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great. Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters. I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

 Hint: Microsoft Word is your friend.

[color=#990000;]Or OpenOffice and LibreOffice while we're at it. ;)[color=#000080;]-Gata Posted Image[/color][/color]

  • 0

Posted Image

Please don't use my avatar without permission, thanks ^_^


#67 Offline Underscore

Underscore
  • Members
  • Seeker

  • 235 posts
  •  

Posted Oct 31 2013 - 05:20 PM

So...how do I get my proto back?

 

(apologies if this was answered before, I prefer not to sift through 2 pages of this)


  • 0

"People will pay for what they want, but not for what they need." -Bill Watterson

 

"A life without risk is a life not lived." -Edward Irving Wortis

 

-7.gif10.gif6.gifLong live the April 1st Spinnies!


#68 Offline Velox

Velox
  • Premier Member
  • Premier Forum Assistants
  • Bibliophilic Littérateur & Senior Staff

  • 11,828 posts
  •   BZP Assistant

Posted Oct 31 2013 - 05:53 PM

One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two.

 

So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.

 

[font="'times new roman', times, serif;"][color=#000080;]This is the greatest post here, extremely well-said. Definitely agreed. [/color][/font]

 

So...how do I get my proto back?

 

(apologies if this was answered before, I prefer not to sift through 2 pages of this)

 

[font="'times new roman', times, serif;"][color=#000080;]Just PM Black Six (with information about what the proto was for, etc.) and he can take care of it. =][/color][/font]


Edited by Velox, Oct 31 2013 - 05:53 PM.

  • 0

"As a writer you ask yourself to dream while awake." ~ Aimee Bender


 winter.jpg

 

[ The Shadowy Verge :: Midnight Voltage :: The Ambage :: SSCC ]


#69 Offline bonesiii

bonesiii
  • Premier Member
  • Premier Forum Leaders
  • Perpetual Master of Reference

  • 18,232 posts
  •   BZP Leader

Posted Oct 31 2013 - 06:18 PM

One thing often done after such incidents is to release a detailed post-mortem of how the attack happened, how it was noticed, what was compromised, what is being done to fix the issue, etc... Unless, of course, it would reveal details about the site that might allow an attack. But honestly, this would mean that whatever vulnerabilities used to gain access potentially haven't been patched...

Not exactly -- the latest vulnerability may be patched, but revealing exactly what was done to patch it will only make it easier to know what the fix does not affect. I don't see how we could give a "detailed" explanation of what is being done, that is "open" without including assessments of what is still vulnerable? To use a battlefield metaphor, that's a bit like mining a field, but then broadcasting exactly where every mine is. (Not the best analogy; I'm tired. :P) We've put up a general warning sign; "this field is mined now" (that it's been fixed to the best of the administration's knowledge), and that should be enough.

 

And do not forget that we intentionally try to minimize the attention hackers get.


  • 0

#70 Offline Flamewing Studios

Flamewing Studios
  • Members
  • Toa

  • 193 posts

Posted Oct 31 2013 - 07:13 PM

 

 

Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great. Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters. I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice.

 Hint: Microsoft Word is your friend.
[color=#990000;]Or OpenOffice and LibreOffice while we're at it. ;)[color=#000080;]-Gata Posted Image[/color][/color]

 

My laptop doesn't have word processing yet. I was too lazy to install it. I guess this is nature's way of telling me I'm way too lazy.


  • 0

:a: :r: :z: :a: :k: :i:

"Most quotes on the Internet are not genuine."

-Abraham Lincoln

I used to go by Arzaki.

My game

 


#71 Offline Akaku: Master of Flight

Akaku: Master of Flight
  • Members
  • Pahrak-Kal Attacks!

  • 2,664 posts
  •  

Posted Oct 31 2013 - 07:41 PM

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;]Oh, well this is Interesting.[/color]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;]Yes yes, I left the site. Still have left it as far as I’m concerned, I've only stopped by briefly now because a good friend of mine who used to go here told me of the situation, and good ol' Ak can’t keep his mouth shut about things.[/color]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;][/color]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;]This is sad. the Admins can say what they want, but the whole 'don’t worry lads, we [font="Arial, 'sans-serif';"]really[/color] fixed things this time!' thing is rather pathetic; If this sort of stuff couldn’t be handled way back when BZP was the Giant it once was with all the money flowing through and the attention dedicated to keep such a large site on its feet back in the day, I highly doubt things will be 'patched' for long now, especially with all these admins having moved on with their lives and not having nearly enough funds or time to 'fix' things like they did before; I'm sure this will keep happening again, and again, and again.. Until they finally either close and bury this battered casket of a forum, or they have nobody left to attend to this long, drawn out funeral.[/color]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;][/font]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;]Secondly, as many others seem to have stated in this topic, there really isn’t an excuse for the lack of backing up the files. I highly doubt the staff in charge don’t have the five minutes of free time able to contact the people needed to update their backups (whether it be a remote server, or themselves), it seems much more like laziness or forgetfulness to me, to be quite honest.[/color]

[color=rgb(34,34,34);font-family:Arial, 'sans-serif';font-size:10.5pt;][/color]

Another thing is that the whole 'oh, it’s just the internet, who cares if we lose all of our stuff' is rather absurd. The location of where a massive amount of information lost really doesn’t matter, it's the fact that so many things have been lost isn’t something that should just be brushed aside. Countless hours of work and hard effort had been put into here; Stories, discussions, arguments, and friendships, many with as much seriousness and meaning as they would have in person as they did here; as a more personal example, I met the love of my life on this forum, and nobody's going to convince me to think the first conversations I had with her years ago on this site that now no longer exist didn’t have any value; It's like losing a photograph, only that was taken in words, rather than a picture. and that's a whole lot of photographs, History, that we've lost, and it's more than a shame to see it go, and anybody who thinks nothing of it I find to be rather Ignorant, especially if only by chance it doesn’t affect them nearly as much as others.[/color]


  • 0

This message was brought to you by:


Jibs.


that is all.


#72 Offline Chro

Chro
  • Members
  • Emerging Mata Nuian Protector

  • 1,603 posts
  •  

Posted Oct 31 2013 - 07:56 PM

[font="verdana, geneva, sans-serif;"][color=#008000;]This message was brought to you by[/color]:[/font]

[color=#000000;][font="'courier new', courier, monospace;"]Jibs.[/color][/font]

[font="verdana, geneva, sans-serif;"][color=#008000;]that is all.[/color][/font]

Thanks, Jibs.  

My laptop doesn't have word processing yet. I was too lazy to install it. I guess this is nature's way of telling me I'm way too lazy.

Actually, I'd call it ########'s way, not nature's way...


Edited by Chro, Oct 31 2013 - 07:57 PM.

  • 0

CHRO IS LIKE A BEAUTIFUL PHOENIX
EXCEPT MORE PAINFUL

Brickshelf
 MOCpages
➠ flickr
YouTube


#73 Offline iPenguin

iPenguin
  • Members
  • Tahnok-Kal Attacks!

  • 3,237 posts
  •  

Posted Oct 31 2013 - 08:02 PM

I'm with Peabody Sam here. I love this site, and the administration is doing the best job that they can, but this is very frustrating.


  • 0

20121021-frhgn7u158ujtpjk4wbhgp1ck.jpg

what

 


#74 Offline SonicBOOM XS

SonicBOOM XS
  • Members
  • Bionicle Writer of the Month

  • 1,967 posts
  •  

Posted Oct 31 2013 - 08:27 PM

This is life. We lose stuff. While I do agree the staff needs to be more punctual in backing the data up at regular intervals, it's not going to kill you. Unless it is. In which case you should probably prepare your funeral.

 

And honestly, just get over it. RPG lost the most out of all of us and to my knowledge they're taking this in stride better than any of the other forums are.

 

To all you who put sensitive documents such as epics or stories on BZP alone, my condolences. Let this be a lesson to back your stuff up elsewhere. This is what can wreck even companies: a lack of care and backups. You'd think after a history of data losses, people would be more careful about making BZP the only place they store their documents. As many backups as you can, people.

 

And don't even bring up trying to shut down the hacker. Even if you get him (EXTREMELY unlikely, in fact I'd say nigh impossible), there's a million more who can target this and shut BZP down harder than he/she ever could.

 

Those are just my 2 cents. Don't let the hacker smack you around like this. Man up and take life as it goes. Losing 2 month's worth of stuff isn't the end of the world. Unless if it is. In which case you should probably prepare your funeral.


  • 0

Undergoing Renovations...


#75 Offline bonesiii

bonesiii
  • Premier Member
  • Premier Forum Leaders
  • Perpetual Master of Reference

  • 18,232 posts
  •   BZP Leader

Posted Oct 31 2013 - 09:00 PM

[color=#222222;][font="Arial, 'sans-serif';"]This is sad. the Admins can say what they want, but the whole 'don’t worry lads, we [font="Arial, 'sans-serif';"]really[/color] fixed things this time!' thing is rather pathetic[/font][/font]

That's not what we're saying -- only that the vulnerabilities that we know of so far appear to be patched, according to the geeks that actually run this stuff. ;) The Administration in fact said the opposite on page 1 here: 

We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.

  Emphasis mine. 

[color=#222222;][font="Arial, 'sans-serif';"]Secondly, as many others seem to have stated in this topic, there really isn’t an excuse for the lack of backing up the files.[/color][/font]

 It's not an excuse, it's reality, but B6 said we DO plan to do more frequent backups. Relax, man. 

We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes.

 It sounds like you're trying to find some justification for why you don't post here, and seizing upon a strawman version of the administration to do it. But if you honestly don't feel like posting here anymore, you really don't need to justify it -- this is all just for fun anyways; it's totally optional. If you feel you want to post more here, then just do it, and don't let the hackers "live rent free in your head." :) Instead of trying to create conflict, try to give good advice, recognize when we are recognizing it, and don't beat dead horses. ;)

 

I appreciate that you got something immeasurably greater than what this site is for (we're not a dating site -- we're just here to talk about Bionicle/LEGO with likeminded people), and I admit I wasn't talking about that when I said that the stuff we lose really doesn't matter much and it's in our memories (also, admittedly, I'm the one with a lousy memory, I'm not saying the loss even of the trivial stuff isn't bad). But I work hard writing my fanfic stories, and they mean a "lot" to me.... so I back them up myself -- how much more, if you value what you lost, should you not have backed them up instead of blaming us for not doing it [enough] for you?

 

I hope you take seriously what I'm saying here -- I'm not trying to pick on you or fight with you, and I agree it's sad that you lost what you did, but put the blame squarely on the shoulders of who actually attacked that data -- not us. Bottom line is obsessed, hateful people like that will do whatever it takes to overcome any defense, and take advantage of innocent mistakes on our part. The solution is to constructively think of ways to learn from those mistakes, not condescendingly pour salt in the wounds for our mistakes - and yes, we do make mistakes; we're only human.

 

Make sense? :)


Edited by bonesiii, Oct 31 2013 - 09:15 PM.

  • 0

#76 Offline Makuta Luroka

Makuta Luroka
  • Members
  • Conqueror of the Swarm!

  • 726 posts
  •  

Posted Oct 31 2013 - 09:44 PM

I, for one, am glad the site got back online as quickly as it did, and that we only lost two months of data, as opposed to ten years; and I am grateful that the administration is doing what they can to rectify the issue.


  • 0

--:m::a::k::u::t::a: :l::u::r::m_o::k::a:

card_newmat.png

 

OOC: So now we get to fight in a burning magnetic cyberspace castle, above a tsunami filled with magnetic flying explosive sharks, where bricks and sharks are being magnetically flung around the room, two people are hugging/tickle-dancing, one person has had his chest explode, and the rules of time and space have completely forgotten that they are supposed to exist. This round is awesome.

 


#77 Offline Torran

Torran
  • Members
  • Scavenger

  • 605 posts
  •  

Posted Oct 31 2013 - 11:57 PM

Ooh, Malignus voiced my thoughts before I got here. You must have a Suletu.
  • 0

tumafest.jpg

 


#78 Offline Akaku: Master of Flight

Akaku: Master of Flight
  • Members
  • Pahrak-Kal Attacks!

  • 2,664 posts
  •  

Posted Nov 01 2013 - 01:19 AM

@ Bonesiii: First off, I'd like to just say that i appreciate your friendly and reasonable reply to my comment, especailly since my own was hardly what i'd call either, and i apologize for that. I'm not going to argue, but I will attempt to explain my actions and reasoning.

 

I guess I was just dissapointed that the backup measures hadn't been already implemented back after when the first loss of data occured, or at least weren't maintained/had loosened up after a while, or whatever may have happened to them... At least there cracking down on it now though, hopfully because of all this the future members of BZP wont have to go through more dataclysims...

 

Speaking of the whole security issue; I know it's easier to hack into things then some may first think (I dont myself, though i do have a friend of mine who is quite the IT-prankster when it comes to the online world..), but i generally thought that forums part of large reputable board companies would have pretty tough and up to date security supplied to them, but i guess thats more the fault of InvisionPower then anything...

 

I wouldnt exactly call this a Justification of why i left, as I'm well aware of the reasons why; I was uncomfortable and unhappy with the turn the community was taking at the time that i left, when alot of trolls and negative vibes were starting to pop up that were tolerated because they technicly weren't 'braking the rules'; Now, i'm not sure if that ever changed and this place is better now, but that was my reasoning at the time. Most of my friends moved on to the same place i did, so i never really came back and checked, only hearing the odd thing about the site from a few of my friends who still hung around. My post above was more the result of seeing what happened and simply jumping to some conclusions, which i do again apologize for. 

 

As for backing stuff up.. I do of course have every one of my pictures that are on brickshelf stored in my computer, along with some ancient notepad files of code-filled topics i used to have, and even acouple half-written IC's for long gone RP's; I didnt know much about how computers and such worked back in the time in the first dataclysim, so i didnt know that forum information would be perminantly lost until after it happened, although admitedly that was before some of the lost information has as much value to me as it does now.


  • 0

This message was brought to you by:


Jibs.


that is all.


#79 Offline bonesiii

bonesiii
  • Premier Member
  • Premier Forum Leaders
  • Perpetual Master of Reference

  • 18,232 posts
  •   BZP Leader

Posted Nov 01 2013 - 02:02 AM

I was uncomfortable and unhappy with the turn the community was taking at the time that i left, when alot of trolls and negative vibes were starting to pop up that were tolerated because they technicly weren't 'braking the rules'; Now, i'm not sure if that ever changed and this place is better now, but that was my reasoning at the time.

Well, thanks for a reasonable reply, and I'm glad my attempt to do the same worked. :) For whatever it's worth, a lot of us have talked about how it seems there's a lot less of the older animosity and trolling in maybe the last year or so (I dunno exactly... but lately). :) Of course, that's probably more a symptom of lesser activity, but yeah, still pleasant IMO. ^_^

 

I do have to say that having been closely involved with the membership on at least story-based discussions and general site issues for a long time, I always felt that the bad vibes were kind of blown out of proportion by a few. The vast majority of us always got along, and certainly the staff worked a lot, often behind the scenes in ways you wouldn't necessarily notice, to try to resolve those issues, peacefully if possible.

 

Anywho, what's past is past... which I guess is my point about these hacking incidents too -- yes, we wish we hadn't made mistakes that were taken advantage of, but we can't time travel. Let's also keep in mind there's probably tons of preemptive security measures besides the obvious ones that HAVE worked and most of us wouldn't even notice, so might be taking them for granted. :) (Please note... I'm a bit of a geek but not at all an expert on how the site actually runs so my understanding may be way off, so take that with salt and stuff, but seems logical. :))

 

which i do again apologize for.

Forgiven. ^_^


  • 0

#80 Online Timelady Gallade

Timelady Gallade
  • Members
  • Toa

  • 123 posts
  •  

Posted Nov 01 2013 - 03:18 AM

Is it just me or has page 2 of COT disappeared...?


  • 0

                       BJvKYW4.png

                                 

 P̴̡͘r̛̕a̵͟i̷͞s͢͠é̴̢̛̕ ̛͡t̴̶̨͞h͢҉̶e̢͟ ̸̢͢͠R͢é̷͏̶d̸͘͞ ̴͟͡͏͞a͞n̶̛̕̕҉d̶͠͞͞ ̶̡̧B̷̛l̀҉a҉̢́͟c̕͠k̢͠ ̶̸̡͟͢Ģ͞͝͏͝ó̕d̛͢͢͡͠.̧҉.̷̧̛͟͞.̀҉̴
̧̨̧̡

Minecraft username: furno5943

  3DS Friend code: 5043 2524 8032





0 user(s) are browsing this forum

0 members, 0 guests, 0 anonymous users