Hapori Tohu Posted October 30, 2013 Share Posted October 30, 2013 It has taken us longer than we would have liked, but we're almost ready to bring the forums back online - you should be able to access them this evening. Unfortunately, due to a security vulnerability, a malicious individual gained access to and deleted BZPower's database. We have had to restore everything from our last backup, which is from August 23rd. That means everything, all topics, posts, blog entries, news stories, and members since that date are gone. If there's something in particular that you need, I suggest seeing if you can retrieve it from Google's cache. Also, if you bought a Premier Membership or joined BioniLUG during the past two months, please PM me so we can make sure it is reflected. The Administration apologizes for this inconvenience and will continue to work to avoid such things in the future.View the full article Quote News Forums Q&A Link to comment Share on other sites More sharing options...
Art Vandelay Posted October 30, 2013 Share Posted October 30, 2013 Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. ) Quote Link to comment Share on other sites More sharing options...
Kopekemaster Posted October 30, 2013 Share Posted October 30, 2013 (edited) Even though it wasn't fun not being able to come on to BZPower, it was actually somewhat of a blessing in disguise because I learned how awesome the forums at BMP are. Edited October 30, 2013 by Kopekemaster Quote My Writing Blog (more writing coming soon!) My Bionicle/LEGO Blog (defunct) Hyfudiar on Spotify (noise/drone/experimental music) Link to comment Share on other sites More sharing options...
The 1st Shadow Posted October 30, 2013 Share Posted October 30, 2013 Agreed with Trydeltix. More frequent back-ups would help a lot in these cases.Fortunately, I don't think I lost that much. Re-updating my comics won't be a problem. Quote ~Your friendly, neighborhood Shadow ~Credit for Avatar and Banner goes to NickonAquaMagna~ Link to comment Share on other sites More sharing options...
CeeCee Posted October 31, 2013 Share Posted October 31, 2013 Nice to be back . Didn't lose anything worth mentioning. Thanks to everyone who helped out. Quote Signature Guidelines: Avatar and signature total file size may not exceed 250 KB! Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 Well. Glad to see we have the forums back. Hopefully our security will be fairly ironclad this time around. Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
Art Vandelay Posted October 31, 2013 Share Posted October 31, 2013 Even though it wasn't fun not being able to come on to BZPower, it was actually somewhat of a blessing in disguise because I learned how awesome the forums at BMP are. Yay! The BMP forums are home to a small but pretty great community indeed. Glad to have you be a part of it. Quote Link to comment Share on other sites More sharing options...
Atton Rand Posted October 31, 2013 Share Posted October 31, 2013 I must confess, I do feel a bit concerned about the security here. This is the second time I've been in an RPG that was partially destroyed by a malicious hacker; either something needs to be fixed, or someone out there really really hates this board. Quote Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 I must confess, I do feel a bit concerned about the security here. This is the second time I've been in an RPG that was partially destroyed by a malicious hacker; either something needs to be fixed, or someone out there really really hates this board. Hacker troubles for BZP are nothing new. What we are seeing is the last breath of a dying remnant. In my view at least. Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
Mask Of Speed Posted October 31, 2013 Share Posted October 31, 2013 Yes I agree, BZP should have a better security system so hackers couldn't hack it and cache or back up all the information every week or month or so. I think this might help against things like this happening in the future. Quote For the BEST BIONICLE reviews, podcasts, and more, Check out: http://youtube.com/thethreevirtues [flash=250,100]http://www.brickshelf.com/gallery/sprxtrerme/BANNERS/thornax.swf Link to comment Share on other sites More sharing options...
Voltex Posted October 31, 2013 Share Posted October 31, 2013 Well. Glad to see we have the forums back. Hopefully our security will be fairly ironclad this time around. Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly. BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. "Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense. Quote JOIN AETHERGARDE Link to comment Share on other sites More sharing options...
PeabodySam Posted October 31, 2013 Share Posted October 31, 2013 (edited) I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous. No, this has gotten beyond ridiculous. BZP staff, I know you're trying your best, but your best clearly isn't good enough. This is the third time that one individual has hacked this site, and that in itself is simply inexcusable. There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. Even worse, this is the second time he's deleted a significant amount of content. I know what you're thinking: "Compared to the ten years lost in the previous hack, two months ain't bad." But, after the previous hack, I was drained of will and motivation to continue posting here, as though there was constantly a threat of, "Hey, if you post something, it's just going to be deleted the next time someone hacks the website." Then, finally, I was feeling just a little bit of faith in the security of BZPower again in the past month. I started posting in topics again, poking my head out of my shell a bit for the first time since the hack. And last Wednesday evening, just after I spent the good portion of an hour writing out a thoughtful in-depth post, you cannot believe my reaction to finding out that, once again, the site was hacked. And by the same person as the previous two times. And wouldn't you know? Those posts signalling my re-emerging from my shell again? Erased by the hacker. That sliver of faith in security? Erased as well. There should be no reason why a BZP member should be afraid to do anything on this site just because they're afraid that it might be deleted the next time this person says, "Oh, I feel like hacking BZP for fecal matter and giggles today!" This site has lost enough life as it is. We already lost a ton of members from the end of BIONICLE and the 2011 forum update, we've lost the entire pre-2011 forums, and most other sites regard BZPower as little more than a mere shell of the grand site it once was. If you don't want it to lose what little it has left, you have to do better. I'm sorry. I know I'm being blunt with my honesty, but enough is enough. Do better. Edited October 31, 2013 by PeabodySam Quote Armed with a Tail - Birth of a Legend - Calcite Copter VS Cybernetic Rock Monster - The Coming of the Toa - Cursed Form - Dino Attack Headquarters - Five Years Too Many - Gresh - Gladiator of Jungle - Hate and Vengeance - Lost and Found and Lost Again - Roodaka the Merciful - Scene 24: Johnny Thunder Blows This Taco Stand - Tearing Through Dimensional Portals - The Search for the Mask of Light - Wake One... - Vakama's Secret "It's all right, children. Life is made up of meetings and partings. That is the way of it. I am sure that we shall never forget Tiny Tim, or this first parting that there was among us." - Bob Cratchit Link to comment Share on other sites More sharing options...
Aurora the cat Posted October 31, 2013 Share Posted October 31, 2013 The second time slip has happened. OH GOD MY OLD POST COUNT! Quote -Insert deep message to prove I am alive here- Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 (edited) Off the top of my head...a donation drive? Edited October 31, 2013 by Basilisk Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
Art Vandelay Posted October 31, 2013 Share Posted October 31, 2013 (edited) I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous. No, this has gotten beyond ridiculous. BZP staff, I know you're trying your best, but your best clearly isn't good enough. This is the third time that one individual has hacked this site, and that in itself is simply inexcusable. There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. Even worse, this is the second time he's deleted a significant amount of content. I know what you're thinking: "Compared to the ten years lost in the previous hack, two months ain't bad." But, after the previous hack, I was drained of will and motivation to continue posting here, as though there was constantly a threat of, "Hey, if you post something, it's just going to be deleted the next time someone hacks the website." Then, finally, I was feeling just a little bit of faith in the security of BZPower again in the past month. I started posting in topics again, poking my head out of my shell a bit for the first time since the hack. And last Wednesday evening, just after I spent the good portion of an hour writing out a thoughtful in-depth post, you cannot believe my reaction to finding out that, once again, the site was hacked. And by the same person as the previous two times. And wouldn't you know? Those posts signalling my re-emerging from my shell again? Erased by the hacker. That sliver of faith in security? Erased as well. There should be no reason why a BZP member should be afraid to do anything on this site just because they're afraid that it might be deleted the next time this person says, "Oh, I feel like being hacking BZP for fecal matter and giggles today!" This site has lost enough life as it is. We already lost a ton of members from the end of BIONICLE and the 2011 forum update, we've lost the entire pre-2011 forums, and most other sites regard BZPower as little more than a mere shell of the grand site it once was. If you don't want it to lose what little it has left, you have to do better. I'm sorry. I know I'm being blunt with my honesty, but enough is enough. Do better. I can't help but agree, and I have to say, I'm sure that most people feel this way as well. Fix the vulnerability in the newinc directory, and it will be a lot harder for people to hack in. Also, by God please update Apache, MySQL, and PHP! They are all so horribly outdated that it's not even funny. BZP's security will be much improved if you do these simple things! Edited October 31, 2013 by XONAR Quote Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 (edited) This is likely a pipe dream, but a donation drive for security improvements might yield results. Edited October 31, 2013 by Basilisk Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
Scanty Demon Posted October 31, 2013 Share Posted October 31, 2013 (edited) Off the top of my head...a donation drive.I agree, hopefully we can find someone to help the site who isn't too expensive but a donation drive would be a good idea. Edited October 31, 2013 by Origami killer Quote Link to comment Share on other sites More sharing options...
Black Six Posted October 31, 2013 Share Posted October 31, 2013 Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. ) Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly. BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. "Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense.I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous. No, this has gotten beyond ridiculous. BZP staff, I know you're trying your best, but your best clearly isn't good enough. This is the third time that one individual has hacked this site, and that in itself is simply inexcusable. There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. I'm sorry. I know I'm being blunt with my honesty, but enough is enough. Do better.We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry. Quote Bio of a BZP Admin Link to comment Share on other sites More sharing options...
Art Vandelay Posted October 31, 2013 Share Posted October 31, 2013 (edited) The person responsible apparently admitted to it in a Skype discussion. I'm not allowed to mention his name, but I'm sure you can guess who I'm talking about... Edited October 31, 2013 by XONAR Quote Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 (edited) True. The sad fact is, this is a fan site. We aren't exactly drowning in resources here, we're a small fish in a very very big ocean. Heck, we're a small fish that's more or less past it's prime on top of that. I come here to talk with old friends, some of the best I ever had. Whatever issues others may have had with this site are long gone and buried. To my knowledge, we're about the biggest remnant of the bionicle fandom on the net. Bionicle isn't even the focus any more. Why someone would wish to make trouble for people more or less hanging out together out of a sense of habit and goodwill, is quite beyond me. Edited October 31, 2013 by Basilisk Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
Art Vandelay Posted October 31, 2013 Share Posted October 31, 2013 Just wondering, why is the last backup of BZP from August 23??? I hope now that this data loss has happened, you guys will learn to make backups at least every week. I understand how much data there is to backup, but seriously, this kind of data loss is not good, and since the security vulnerability in the newinc directory has seemingly not been fixed yet, the person who hacked it can do it again easily. In any case, I'm glad to see the forums back up, and I appreciate you guys working to get them up as fast as you can. (Please do try to prevent this from happening again though. ) Haha, yeah right. Security should have been ironclad a long time ago... and after incidents like the Dataclysm in 2009 and the Archive Loss this year, I'm disappointed to discover that forum backups aren't even monthly. BZPower is going to be hacked again, and it will lose more data, and the cycle will just repeat itself over and over again. "Disappointed" is perhaps putting it a bit lightly, actually. I'm appalled that the last forum backup was from August. It just doesn't make any sense.I'm sorry, but right now, I have to be frank, blunt, and brutally honest with you. This is ridiculous. No, this has gotten beyond ridiculous. BZP staff, I know you're trying your best, but your best clearly isn't good enough. This is the third time that one individual has hacked this site, and that in itself is simply inexcusable. There should be no reason why one insignificant person can do that to a site that had previously been going strong for ten years. I'm sorry. I know I'm being blunt with my honesty, but enough is enough. Do better.We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry. B6, I've PM'd you regarding the vulnerability. Quote Link to comment Share on other sites More sharing options...
MrSciFiGuy Posted October 31, 2013 Share Posted October 31, 2013 Just people with too much time on their hands messing with us. No matter what I will always be here on BZPower and will help contribute no matter if everything gets reset to 0 Quote Bionicle: ANP aims to create narrated versions of all the Bionicle books, with voice actors for each character, and music taken from various media to enhance the story. Check here if you're interested in voicing a character, and here for the chapters that've already been released!Formerly: Tahu Nuva 3.0Looking for a Bionicle Beanie. Black one with the symbol on it. Contact me if you are willing to sell Link to comment Share on other sites More sharing options...
fishers64 Posted October 31, 2013 Share Posted October 31, 2013 *surveys damage* Well, I g-guess it's time for a new topic? Yeah, it will be hard to patch up this one. All the stories and reviews I have backed up this time, but there's no way to patch up the data loss elsewhere, where I wasn't so diligent. I hope I will be able to comb through enough to redo the work on the Memoirs contest that was lost, to name the beginning of the restoration efforts. It's clear I can't trust this website anymore, which is sad. There's nothing else that can be said for it. Moving on. Quote Hero Factory RPG | Bionicle Mafia XXIX: Storyline & Theories Link to comment Share on other sites More sharing options...
Meiko Posted October 31, 2013 Share Posted October 31, 2013 (edited) Can I please be assured that measures have been taken to prevent this kind of thing in the future? And you should also take offline backups more often. If it'd help, I could write a Python or shell-based script to back up server directories and databases that you could just run semi-frequently so you have backups available. It's rather quick to make one. Also if I were you, I'd set chmod 733 /home/bzpower/public_html/newinc or something, or at least put an index.html file in http://www.bzpower.com/newinc/ since that directory has some things in it that probably shouldn't be publicly visible. Here's a backup script if you want:#!/bin/sh #dirs to back up, change as necessarybackup_files="/home /etc /root /boot /opt /var" #backup destinationdest="/mnt/backup"day=$(date +%A)hostname=$(hostname -s)archive_file="$hostname-$day.tgz"echo "Backing up $backup_files to $dest/$archive_file"dateecho#make tar backupstar czf $dest/$archive_file $backup_filesechoecho "Backup finished"date# listing of files in $dest to check file sizesls -lh $destAnd here's a database backup script if you want to use/modify it: https://github.com/Brickimedia/generalscripts/blob/master/content-backup.sh Edited October 31, 2013 by Meiko Quote -- Meiko - @georgebarnick LUG Ambassador and administrator at Brickipedia News reporter and database administrator at Brickset Administrator at BIONICLEsector01 DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability. Link to comment Share on other sites More sharing options...
Chro Posted October 31, 2013 Share Posted October 31, 2013 (edited) Thanks for getting the site back up. Edited October 31, 2013 by Chro Quote save not only their lives but their spirits Link to comment Share on other sites More sharing options...
TNTOS Posted October 31, 2013 Share Posted October 31, 2013 I thankfully didn't lose much and am already reposting the things I did lose. So I'm going to be okay. Wish the backup had been from a bit more recently, though. Would make reposting my stuff much easier. -TNTOS- Quote "It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat." - Theodore RooseveltA Writerly BlogThe Tasty Library of Sugary Goodness(My Little BIONICLE: Friendship is Explosive Completed 01/05/14){The Shika Trilogy Omnibus Completed 03/31/14) (Review Topic)(In the End Completed 09/01/14) (Review Topic)The Biological Chronicle: (2001) (2002) (2003) (2004) (2005) (2006) (2007) (2008) (2009) (2010) Link to comment Share on other sites More sharing options...
Havelock Vetinari Posted October 31, 2013 Share Posted October 31, 2013 (edited) I'll chime in to say I have complete faith in the BZP community. BZP came up a few hours ago and we're already at pre-hack activity levels. As a community, we bounce back fast. Edited October 31, 2013 by Basilisk Quote I believe you find life such a problem because you think there are the good people and the bad people. You are wrong, of course. There are, always and only, the bad people, but some of them are on opposite sides. Link to comment Share on other sites More sharing options...
TakunuvaC01 Posted October 31, 2013 Share Posted October 31, 2013 We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.I understand the basics behind how security works: namely, that it's always easier for someone to penetrate the system than it is for you to keep the system secure. To put it in terms of statistics, a black hat hacker / attacker only needs to be lucky once, but the site staff need to be lucky every time. It is always easier to break things than to keep them safe.So I understand that, of course, and I understand that you guys are hardly professional sysadmins doing this for a living, so I can sympathize with your position... but, with all due respect, none of that excuses things like:-Not keeping software up to date that runs the site-Having an automated system to make regular offline backupsFrom other comments in this thread, it sounds like you're not doing the former; from your own post, you don't have the latter.With an automated backup system, you would be able to spend those twenty hours a week doing other things (like keeping the site up to date?), because backups would be taken care of. Meiko already talked about this a bit, but let me add the following statement: you don't need to store years worth of backups if you don't have enough space, you just need to keep your backups isolated from the machine that the webserver is running on, so if the server gets penetrated the attacker does not have access to the backups. Automated, regular backups are more important than years worth of backups made irregularly over month-long intervals (assuming you can protect the automated ones).I'm sure you know this- after all, we recently suffered from the deletion of the old database precisely because there were no offsite backups. But I feel the need to say it anyway...Disclaimer: I'm a hobbyist programmer and university student. I rarely have time to work on any of my projects, so I completely understand the staff's position. I don't mean to lecture you guys on security, or try to take the moral high ground, or anything like that- other people have already done that in this thread. And I completely understand the impossible position that is maintaining the site against attack- people are going to be angry when something goes wrong, but it's unrealistic to expect that you can stop everything from going wrong.But I confess to being a little frustrated, perhaps even more so because I'm aware of some of the underlying technical issues- I don't expect perfect security but it honestly sounds like there are some fundamental things going wrong (if I believe all the comments in this thread, at least).Apologies if I've crossed a line. I'm grateful that the staff does keep BZP running- for fun, as you said- because I do still enjoy the site (after, what is it now, eight years?) but without new Bionicle content I now primarily see the site as a place to produce, showcase, and collaborate on content (RPGs, stories, etc- I'm not personally involved in art or other media or MOCs or anything like that, but all of that too), and whenever a significant amount of data is lost it means that content we worked on or showcased is (partly) lost, which is painful. Hence my frustration. Quote Link to comment Share on other sites More sharing options...
dviddy Posted October 31, 2013 Share Posted October 31, 2013 Can I please be assured that measures have been taken to prevent this kind of thing in the future?Because you guys don't think the administration spends hours upon hours trying to patch things? I mean, seriously? If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders? Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response. Quote Link to comment Share on other sites More sharing options...
Meiko Posted October 31, 2013 Share Posted October 31, 2013 We are fans who are running a fan site. We do this out of the goodness of our hearts because we enjoy it. We have jobs and real lives that take up a majority of our time. I know that I at least probably dedicate at least twenty hours a week to doing stuff for BZP - that's a part time job I don't get paid for. I simply don't have time to handle making a backup every week, making sure it works, and paying for storage, whether it's offsite or local. Even though we recently restarted things, our database is still several gigabytes large. Yes you can buy terabyte hard drives pretty cheap, but gigabytes multiplied by fifty-two weeks in a year is a lot of space.Do we intend to do more frequent backups? Yes. I'm not sure what you're talking about XONAR, but as far as I'm aware the security hole has been patched. If you know of something else, please PM me so we can discuss it.We do try, and we spend a lot of time. But for every piece of security we try to add, all it takes is one hole for someone to find to mess things up. We do the best we can. If that's not enough for you, I'm sorry.I understand the basics behind how security works: namely, that it's always easier for someone to penetrate the system than it is for you to keep the system secure. To put it in terms of statistics, a black hat hacker / attacker only needs to be lucky once, but the site staff need to be lucky every time. It is always easier to break things than to keep them safe.So I understand that, of course, and I understand that you guys are hardly professional sysadmins doing this for a living, so I can sympathize with your position... but, with all due respect, none of that excuses things like:-Not keeping software up to date that runs the site-Having an automated system to make regular offline backupsFrom other comments in this thread, it sounds like you're not doing the former; from your own post, you don't have the latter.With an automated backup system, you would be able to spend those twenty hours a week doing other things (like keeping the site up to date?), because backups would be taken care of. Meiko already talked about this a bit, but let me add the following statement: you don't need to store years worth of backups if you don't have enough space, you just need to keep your backups isolated from the machine that the webserver is running on, so if the server gets penetrated the attacker does not have access to the backups. Automated, regular backups are more important than years worth of backups made irregularly over month-long intervals (assuming you can protect the automated ones).I'm sure you know this- after all, we recently suffered from the deletion of the old database precisely because there were no offsite backups. But I feel the need to say it anyway...Disclaimer: I'm a hobbyist programmer and university student. I rarely have time to work on any of my projects, so I completely understand the staff's position. I don't mean to lecture you guys on security, or try to take the moral high ground, or anything like that- other people have already done that in this thread. And I completely understand the impossible position that is maintaining the site against attack- people are going to be angry when something goes wrong, but it's unrealistic to expect that you can stop everything from going wrong.But I confess to being a little frustrated, perhaps even more so because I'm aware of some of the underlying technical issues- I don't expect perfect security but it honestly sounds like there are some fundamental things going wrong (if I believe all the comments in this thread, at least).Apologies if I've crossed a line. I'm grateful that the staff does keep BZP running- for fun, as you said- because I do still enjoy the site (after, what is it now, eight years?) but without new Bionicle content I now primarily see the site as a place to produce, showcase, and collaborate on content (RPGs, stories, etc- I'm not personally involved in art or other media or MOCs or anything like that, but all of that too), and whenever a significant amount of data is lost it means that content we worked on or showcased is (partly) lost, which is painful. Hence my frustration. For the keeping things up to date, that's certainly a problem. Even the most minimal check of things using curl through terminal shows that BZPower has out of date software running its server. Can I please be assured that measures have been taken to prevent this kind of thing in the future?Because you guys don't think the administration spends hours upon hours trying to patch things? I mean, seriously? If it was super easy to fix everything, don't you think it would have been done? Like goodness, I don't mean to sound hostile, but like Andrew said, no one here gets paid for this. Like, you guys think we don't care about the site? The place where we've all invested so much time, some of us more than a decade (which is more than half your life, I'd like to add). The majority of my best friends in the world came from this site, and it's really frustrating and disheartening to see someone attack our community, for one, and then you make it worse by laying the blame for someone else's crimes on our shoulders? Not okay. Sorry if you haven't gotten a sunshine and rainbows "everything is happy now" response. I didn't say I didn't think that. I do the same thing as my hobby, in my spare time. On our team, when there's a security breach, we by no means take it for granted. We do what you do, we spend time patching it, but by no means do we let the same thing slip by 3 times in a year. I know it isn't as easy to do as it is to say, but there are precautions that could be done that haven't. Whether or not those precautions could prevent such an attack by hackers or not, it's a precaution to take either way. Keeping server software up to date is a key step to take in keeping the site secure. There's not a guarantee that anything will stop an attacker, but it's certainly a step that should have been taken by now in attempt to stop attackers. Quote -- Meiko - @georgebarnick LUG Ambassador and administrator at Brickipedia News reporter and database administrator at Brickset Administrator at BIONICLEsector01 DISCLAIMER: All opinions and contributions made under this account are based solely on my own personal thoughts and opinions, and in no way represent any of the above groups/entities. If you have any concerns or inquiries about the contributions made under this account, please contact me individually and I will address them with you to the best of my ability. Link to comment Share on other sites More sharing options...
Mr. House Posted October 31, 2013 Share Posted October 31, 2013 There goes the RPG forum history...again. Quote I occasionally return to BZP for a nostalgic trip back. Hit me up on discord if you need anything. BZPRPG Characters that I will possibly revive, Mons-Shajs-Tarotrix-Aryll Vudigg-Jorruk Yokin-Senavysh Angavur Link to comment Share on other sites More sharing options...
Constructelf Posted October 31, 2013 Share Posted October 31, 2013 Does Dimensioneer have anything to say about this? Like say, identity of hacker, nature of issue, etc etc. Quote Link to comment Share on other sites More sharing options...
Lenny7092 Posted October 31, 2013 Share Posted October 31, 2013 Thank goodness that it's back! Hooray! Hopefully, this hacking problem won't happen again because it's annoying that the forums were shut down because of it. Quote I like Lego, Bionicle, and Hero Factory! Link to comment Share on other sites More sharing options...
Eyru Posted October 31, 2013 Share Posted October 31, 2013 One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two. So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be. Quote BRPG Forum Rules • BZPRPG Starter Topic • Q&A Compendium • SK:A Profiles Link to comment Share on other sites More sharing options...
Great Being Velika Posted October 31, 2013 Share Posted October 31, 2013 Oh well, I don't notice anything wrong with my post count or member title, but it does suck that some of the older topics are gone. Quote I like BZP so much, I named my Minecraft account Dimensioneer. Link to comment Share on other sites More sharing options...
Aurora the cat Posted October 31, 2013 Share Posted October 31, 2013 One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two. So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.Agreed. With the necessary resources, anyone can recover from anything. Quote -Insert deep message to prove I am alive here- Link to comment Share on other sites More sharing options...
Toa Smoke Monster Posted October 31, 2013 Share Posted October 31, 2013 One of the best things we can do at a time like this is support our administration, because they really doing the best they can. I can understand people are upset, but let's be frank for a moment: this is just a site. Posts are just posts. There's really no reason to get angry at the staff, because the damage done is not terribly important, for one, and they're doing the best they can, for two. So let's all take a deep breath. Go for a walk. Clear our heads. Because if you're getting angry at the staff instead of the malicious individual who caused the downtime, then you've got your priorities mixed up. Let's take this opportunity to band together as a community, because it's the community (not the posts) that makes BZPower a great place to be.I couldn't agree with this more. Quote Everyone is one choice away from being the bad guy in another person's story. Link to comment Share on other sites More sharing options...
xccj Posted October 31, 2013 Share Posted October 31, 2013 I don't see why people think we should update more frequently; we're not a bank or something with extremely sensitive information that needs to be constantly backed up. Heck, I'm surprised it was just two months; I personally haven't backed up my own files in like six. I'm also sad that BZP went down and we lost so much, but I'm glad it's back and I can interact with all my friends here. Not like there was stuff on here that can't be rewritten. (Although I guess it's not so good for RPGers.) Quote My BZPower Stories Dark Core--Kulagi's Kanoka--A Shadow's Contrivance--Mystery on Keli-Nui--BZ-Koro: To Bring Back Bionicle Link to comment Share on other sites More sharing options...
CHTrilogy Posted October 31, 2013 Share Posted October 31, 2013 What, AGAIN?!?! This must be like what, the fifth time the site's been hacked! What makes BZP such an easy target?!?! Quote ~ CHTrilogy Link to comment Share on other sites More sharing options...
Arzaki Posted October 31, 2013 Share Posted October 31, 2013 Well, great. Just a few days ago I decided to work on my epic again, and I find out there was a security breach. Now the forums are back online, and I find my epic is gone. Great. Well, I suppose I should be glad I hardly did anything on it. I suppose it shouldn't take too long to re-write 4 chapters. I was going to lash out at the admins and stuff, but after reading the posts here, I've calmed down a bit, and I understand it wasn't really your fault. Of course, backups monthly or even weekly would be nice. Quote I got Monster Hunter World on PS4, add me at bmrjw2 if you want Also I play FFXIV, my main is Anastasia Willow on Exodus but I've got characters on every NA datacenter. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.