What Happened

[Svt4Him]

What happens if we lost 100,000 blessings? And thanks for the updates Paul. What happened to Lee?

 

[LittleLambofJesus]

Test to see if I can post....

 

[sweeticus]

There are still so many problems. Now this thread is showing a Page 9 but when I click it I go back to the top of Page 8. I can't get to Page 9.

 

[pgp_protector]

There are still so many problems. Now this thread is showing a Page 9 but when I click it I go back to the top of Page 8. I can't get to Page 9.

That happens at times when a user / account has been banned, or post have been deleted.

The forum page count software still count's the post, but the view post software doesn't show the deleted post. And we see the miscount in the post.

 

[nobdysfool]

The standard for upgrades in most large operations is to test the upgrades offline, with a copy of the database, to make sure it works, before going live with it. That obviously is not what is going on here.

Inevitably there will be bugs with upgrades. Anyone who uses any version of Windows knows that. The rule of Unintended Consequences always is a factor. Add in a hacker or hackers exploiting vulnerabilities which may have been opened up due to the upgrade just makes it worse. Testing should always be done offline for safety reasons. It also helps if those who test are familiar with the product (vbulletin). Just because an upgrade is available, doesn't mean that it must be implemented. The principle should always be "if it ain't broke, don't try to fix it."

Other boards use vbulletin, but they don't have all the heavy modifications that have been done to the code for this board. Those modifications are most likely the source of much of these problems. Bells and whistles are nice, but if they compromise safety and security, they should go. I'd rather have a safe, secure, stable site, than a buggy, insecure, glitchy site that looks nice, but crashes regularly, is down for long periods of time, is subject to unknown vulnerabilities, and isn't backed up daily or even every 12 hours, or more frequently. Dialing it back almost 2 weeks is not good, as can be seen from the number of complaints detailed just in this thread.

This isn't Facebook, it isn't MySpace, nor should it try to compete with them.

 

[probinson]

The standard for upgrades in most large operations is to test the upgrades offline, with a copy of the database, to make sure it works, before going live with it. That obviously is not what is going on here.

Inevitably there will be bugs with upgrades. Anyone who uses any version of Windows knows that. The rule of Unintended Consequences always is a factor. Add in a hacker or hackers exploiting vulnerabilities which may have been opened up due to the upgrade just makes it worse. Testing is always done offline for safety reasons. It also helps if those who test are familiar with the product (vbulletin). Just because an upgrade is available, doesn't mean that it must be implemented. The principle should always be "if it ain't broke, don't try to fix it."

Other boards use vbulletin, but they don't have all the heavy modifications that have been done to the code for this board. Those modifications are most likely the source of much of these problems. Bells and whistles are nice, but if they compromise safety and security, they should go. I'd rather have a safe, secure, stable site, than a buggy, insecure, glitchy site that looks nice, but crashes regularly, is down for long periods of time, is subject to unknown vulnerabilities, and isn't backed up daily or even every 12 hours or more frequently. Dialing it back almost 2 weeks is not good, as can be seen from the number of complaints detailed just in this thread.

This isn't Facebook, it isn't MySpace, nor should it try to compete with them.

Brilliant post sir! Excellent advice that I hope is heeded.

Working as a systems administrator myself, if I went to my boss and told him I lost 2 weeks worth of data because of an upgrade, I would be fired on the spot.

I always, ALWAYS do a test upgrade in the test environment, taking notes along the way as to what little problems I run into. Then, when I'm ready, I take the production system offline with a very good estimate of how long the system will be unavailable and what problems I will encounter along the way. I then make a FULL backup of everything, set it aside, and begin the upgrade. At a predetermined time (usually sometime Saturday evening) if there are huge glitches with the upgrade that I don't feel I will be able to work out, then I revert to the snapshot so that they system can be up and running Monday morning (with no data loss or loss of data integrity), and go back to the test environment and iron out the kinks, and try again the next weekend.

I am sympathetic to the hacker issue, as I've been hacked a few times myself, but I am rather disappointed in the disaster recovery plan (or lack thereof), and I hope the techies in charge will learn from this and institute a comprehensive upgrade and disaster recovery plan.

 

[nobdysfool]

Brilliant post sir! Excellent advice that I hope is heeded.

Working as a systems administrator myself, if I went to my boss and told him I lost 2 weeks worth of data because of an upgrade, I would be fired on the spot.

I always, ALWAYS do a test upgrade in the test environment, taking notes along the way as to what little problems I run into. Then, when I'm ready, I take the production system offline with a very good estimate of how long the system will be unavailable and what problems I will encounter along the way. I then make a FULL backup of everything, set it aside, and begin the upgrade. At a predetermined time (usually sometime Saturday evening) if there are huge glitches with the upgrade that I don't feel I will be able to work out, then I revert to the snapshot so that they system can be up and running Monday morning (with no data loss or loss of data integrity), and go back to the test environment and iron out the kinks, and try again the next weekend.

I am sympathetic to the hacker issue, as I've been hacked a few times myself, but I am rather disappointed in the disaster recovery plan (or lack thereof), and I hope the techies in charge will learn from this and institute a comprehensive upgrade and disaster recovery plan.

Thank you for your kind words. I aspire to be a systems administrator myself, and after having worked on rollouts for many large corporations, I have learned about all the planning and testing that is done before a major, or even minor rollout, goes live. I've also seen rollouts that were thought to be ready to go live go horribly wrong, and the entire project put on hold until the problems are solved.

You're right, if a system administrator lost 2 weeks of data due to a botched upgrade, he's toast as far as his job goes.

There's no doubt that a viable disaster recovery plan needs to be implemented ASAP, with much more frequent backups, and safeguards put in place to keep hackers from access to the actual system. A hardware firewall, a DMZ between the Servers and the ISP, something. For a board such as this, weekly backups are not enough. Daily or twice or thrice daily should be the minimum.

Hopefully someone is listening and learning. No insult to anyone in management or oversight is intended. For some of us who make our living from working with computers, what probinson and I are saying is just flat-out common sense. We're just trying to help by speaking of concrete solutions.

 

[sk8Joyful]

Just because an upgrade is available, doesn't mean that it must be implemented. The principle should always be "if it ain't broke, don't try to fix it."

Other boards use vbulletin, but they don't have all the heavy modifications that have been done to the code for this board. Those modifications are most likely the source of much of these problems. Bells and whistles are nice, but
if they compromise safety and security, they should go. I'd rather have a safe, secure, stable site, than a buggy, insecure, glitchy site that looks nice, but crashes regularly, is down for long periods of time, is subject to unknown vulnerabilities, and isn't backed up daily or even every 12 hours, or more frequently. Dialing it back almost 2 weeks is not good, as can be seen from the number of complaints detailed just in this thread..

Thank you for bringing all these points up, as someone working in the computer-field.

(re "computers": i know very little, & have admitted that); but have also before said that other V-bulletin forums which I continue a member of for years, except for small avators, & occasional small pictures, none have dollies, graphics, pictures, or games, reputations & blessings. And the benefit of that is that they rarely if ever, crash. Each of these forums continues functioning dependably & reliable, appreciated by all.

Which do you think would be more important to GOD in His ministry... of helping His children accept Salvation ,
accept emotional Wellbeing , & accept physical Health --- that CF stumbles thru one catastrophe after another, as it has for years; or that CF stays functioning dependably & reliable for any person interested.

Which choice do you think that GOD, our beloved Heavenly Father, favors in aiding Him in His work... Thank you!
.

 

[probinson]

There's nothing wrong with having fun features in your forum, and I don't think that's the problem. I run a forum that has almost 40 different mods installed, from Living Avatars, to picture galleries, to a member map, to automatic embedding of YouTube videos.... you get the idea.

I am preparing to do a major upgrade on my forum (SMF) from v1 to v2, which will be a very major upgrade for me. So the first thing I did was make a copy of the current state of the site. Then, I moved that copy into a test development environment on my personal computer and did the upgrade. I had TONS of problems and incompatibilities. So, I began working through them one at a time, so that when I pull the trigger on the upgrade, I will only be offline for a few hours, and I can feel fairly confident that the upgrade will go smoothly. But even if it doesn't, I will have a snapshot from the moment I took the site offline, so no data will be lost if I need to kill the upgrade and go back to the previous version.

My point is, a plan is what is missing here. Granted, I have only 100 members at my forum and less than 30,000 posts, but the principles are the same regardless of the size or quantity of the data.

 

[Angelwings_2009]

Sorry to hear that you had to go throught all of this and just want to say thanks for all of your hard work, we really appericate it.

 

[davedajobauk]

Further information in a vein

whilst moving from page to page in a thread
and also from one thread to another ...
I have been AGAIN...been redirected, to another site >>
KEVIN'S ONLINE EARNER > posting links, to Google ?

I did not 'click' on an AD nor, upon any VISIBLE link
but GE vanished and was replaced by this TOUTING page
======================

On 'another site'
I received a message
that two of my [named] friends had left messages for me
when I clicked on a link to those messages
I was redirected to Smiley Central
where, to see the messages, I had to download their stuff

I sent off an email to the apparent originator
only to receive this email this morning

=============================================



My Fun Cards Other Questions [Incident: 090412-000657]‏
From:

Smiley Central Customer Support (smileycentral@mailca.custhelp.com)

You may not know this sender.Mark as safe|Mark as junk
Sent:14 April 2009 23:01:13To: dave_dajobauk@hotmail.co.uk
.ExternalClass td.EC_header{;}.ExternalClass td.EC_text{padding-left:4px;padding-right:4px;}.
ExternalClass td.EC_label{;}.ExternalClass td.EC_data{;}
Recently you requested personal assistance from our on-line support center.
Below is a summary of your request and our response.

Thank you for allowing us to be of service to you.


SubjectMy Fun Cards Other Questions
Discussion Thread Response (M.S.M.)04/14/2009 11:01 AM
Thank you for writing.
Unfortunately, it looks as though you may have seen a misleading ad by one of our affiliates.
Though we do have arrangements with external companies to advertise our product,
we do not condone nor allow for such ads to be displayed.

In order to rectify this situation, we ask that you submit the following information:

- Use your mouse to 'right click' on the background of the message
- Select 'Copy Shortcut'
- Then use 'Control-V' or 'Paste' to paste the shortcut of the advertising message and reply to this message.

If you have received an email regarding our products, please include a full copy of the email
that you were sent so we can look into this further.

If the ad that you are seeing is a Flash-based ad, click on the ad itself
and then copy and paste the address that is found on the address bar of your browser.

We appreciate your patience with this matter, and regret any inconvenience you experienced.
Customer (System Generated)04/12/2009 09:10 AM

I dont wish to instal MyFunCards
I dont wish to publish details of my PC setup

My reason for this communication is
to receive messages from /
information, concerning 'known-friends'

May I please have access to these announced 'details'

Thank you


Received From: dave
Browser: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
MSDigitalLocker; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0;
.NET CLR 3.0.04506.648; MSN Optimized;GB; .NET CLR 3.5.21022;
.NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; HbTools 4.8.4;
.NET CLR 2.0.50727; MSN Optimized;GB)
IPAddress: 92.26.192.245
Email Address: dave_dajobauk@hotmail.co.uk
Time: Sun Apr 12 09:08:39 EDT 2009
Other Values:
Description=unable to retrieve announced MESSAGES,
client=,
ISP=Local ISP,
ptnrP=,
Connection=Other/Not Sure,
ptnrPID=,

=================================================



I cannot provide these details,
for reason, I didnt wish to continue the connection
and clicked my back-button
I am not concerned regarding my IP address, as-shown
as it is one that is generated / provided, by my ISP
and is a part of my firewall

Plainly...
Hackers are spoofing, the communications of other sites

Bearing in mind, that 'Smiley Central'
also uploads MyWebSearch to your computer
please be cautioned that you can do-without the mess
that MyWebSearch can cause in your computer
and it will not LEAVE
even, after you have uninstalled it via, Add/Remove Programs
[required files are missing it says]

I WAS, able, to manually-remove EVERYTHING except
[2] two, shell.32 and shell.x86, files [decapitated the beast]

If anyone would like to know HOW I DID THIS... please PM me

If, anyone can explain to me... how ? these redirects
can occur to me here in CF... please let me know

All, that I can add to my explanation of my own experience
is; that these redirects occur with my mouse cursor
in the bottom right of the screen
and when my pointer is using the side scrollbar
[at or near the bottom] and only between
10.30am and 3.30pm approx [Local Time] ???

Thank you


dave

 

[newtaste]

Was Christian Guitars, the sister forum to CF, also affected?

 

[tanzanos]

Murphy reigns supreme! Seriously now folks; webhacking and all the other types of internet related crimes are sad to say; a part of our lives. I like the bells and whistles that CF offers. I also believe that removing them is not necessarily a solution. We can have our cake and eat it too; it all depends on the competency of the programmer.

 

[WalksWithChrist]

Paul,

One concern that hasn't been brought up...and this isn't a slam on you.

Just consider how much detail you've posted on how you spotted the threat and what you did to stop it and fix the damage.
For us, it's wonderful to know all that information.

BUT CONSIDER THIS!!

If the hacker is reading this thread (and they probably have/are) I feel like you may have given them a lot of info on how to do the job better next time.

Suggestion:
Tell us in no specific detail that "the problem has been identified and we think we have mostly got everything worked out."
Something like that!!

 

[LovesToWrite]

Just wanted to say...to everyone who thinks everything is just fine, that no, it's not.

I'm writing from my husband's account at the moment because mine is still so messed up, including the Paypal situation. My SS renewal was hacked and now I'm listed here as a Credit Card thief on every post I make. My husband thinks that may happen on this post as well, since it's the same i.p. address. I hope not, but won't be surprised.

I hope this personal stuff is fixed soon. I know that it's being worked on, but no, it's not all over yet.

 

[LovesToWrite]

I'm very glad my husband was wrong....I'm going to use his account for now.

 

[pgp_protector]

Just wanted to say...to everyone who thinks everything is just fine, that no, it's not.

I'm writing from my husband's account at the moment because mine is still so messed up, including the Paypal situation. My SS renewal was hacked and now I'm listed here as a Credit Card thief on every post I make. My husband thinks that may happen on this post as well, since it's the same i.p. address. I hope not, but won't be surprised.

I hope this personal stuff is fixed soon. I know that it's being worked on, but no, it's not all over yet.

??? How does the site list you as a Credit Card Thief ???
And shouldn't a Mod / Admin fix this asap ?

 

[LovesToRead]

??? How does the site list you as a Credit Card Thief ???
And shouldn't a Mod / Admin fix this asap ?

It was in my siggy. On every post!!!

But fortunately I was smart enough to marry a computer guy who figured out my siggy must have been changed/hacked. I was able to go to my user CP and delete the information.

 

[LovesToRead]

Oh and I did write to Paul about it too, so yes, I am concerned about the Admin knowing about this.

Thanks, pgp.

btw, I lost my ASA buddy tshirt and my prolife ribbons from my siggy too.

 

[pgp_protector]

It was in my siggy. On every post!!!

But fortunately I was smart enough to marry a computer guy who figured out my siggy must have been changed/hacked. I was able to go to my user CP and delete the information.

Ahh It was almost sounding like it was a Board hack doing that
Glad it was just the siggy & that you could fix it.

Oh and I did write to Paul about it too, so yes, I am concerned about the Admin knowing about this.

Thanks, pgp.

btw, I lost my ASA buddy tshirt and my prolife ribbons from my siggy too.

The ASA Buddy TShirts are still at this thread.
http://www.christianforums.com/t6732227/