I want to thank each and everyone that wrote to me yesterday expressing their condolences and outrage at what happened. I really do
appreciate it.
With that said, I'm pleased to announce that the new site is back up and running. You'll have to excuse the construction dust,
there's no content yet, but we are open to accept new users. I'm going to recreate the Forums, because , as Ryan pointed out once,
he didn't see them 'taking' off, though I personally like the idea of the forums, it gives you better access to the messages and it
allows you to watch what you want to watch and be notified of new messages, if you choose, without having to wade through the latest
flame war. But that's just me. Having been around mailing lists since 1994 and having run forums elsewhere for quite some time,
I'm not saying your experience with a forum would be better or worse, I'm just saying it would be linear. Plus, forums don't allow
spam attacks. You know. Where someone joins with a fake address (Or worse yet, makes an instant email address at Yahoo or one of the
other Web based sites) and instantly spams an ad for a way for you to get a particular body part to enhance and enlarge (For either
females or males!). I think mailing lists are wonderful but they lend themselves to the problems we've seen recently.
The Letterbox Clue database was not damaged and will be restored as soon as I can convert it to the new software.
The security flaw in the original software does not exist in the new software that's been installed and, as amazing as it seems,
someone is still probing to see if that bug exists, along with attempted Syn Attacks and DoS (Denial of Service) attacks. It's
actually pretty funny, once you think about it. The IP address of the person originating those recent attacks as well as the one
that did get through has been reported. Ah well, fool me once, shame on you, fool me twice, shame on you.
So, we're back, bigger and better, faster and stronger, than before. (Sounds like the six million dollar Man, eh? (grin))
Come by, take a look, be a part of a community.
------------------------------------------------------------------------------------------
Steve of Team Rayvenhaus
World of Letterboxing Community - Carpe Arcanum Arca!
"A world of difference awaits.........."
http://www.lbworld.org
------------------------------------------------------------------------------------------
It is impossible to make anything foolproof because fools are so ingenious.
------------------------------------------------------------------------------------------
From a sad heart revisited........
3 messages in this thread |
Started on 2004-05-16
From a sad heart revisited........
From: Rayvenhaus (rayvenhaus@myndworx.com) |
Date: 2004-05-16 09:00:10 UTC-07:00
Re: From a sad heart revisited........
From: rscarpen (RiskyNil@pocketmail.com) |
Date: 2004-05-16 17:14:00 UTC
> I'm going to recreate the Forums, because , as Ryan pointed out
> once, he didn't see them 'taking' off
You know, that's almost insulting. I love forums and hate Yahoo
Groups, but that post insinuates the complete opposite. I was just
stating a fact that these groups are so entrenched in letterboxing
lore, it's unlikely your forums will ever get off the ground. Which
still stands, by the way. But whatever. Doesn't matter to me.
> Plus, forums don't allow spam attacks.
If the public can post, there is always the chance of a spam
attack. What makes you think that forums are immune?
> and, as amazing as it seems, someone is still probing to see if
> that bug exists, along with attempted Syn Attacks and DoS (Denial
> of Service) attacks.
You're surprised? =) Every system on the face of the planet
probably suffers from hackers. If it's attached to the Internet,
there will always be someone, somewhere who wants to hack in. You
might be able to put a fake "This house is guarded by XYZ Security
system" on your lawn to fool a few people, but there's a lot of
smart people out there who won't fall for something so trivial and
will try hacking in using exactly the methods you tell them won't
work.
-- Ryan
> once, he didn't see them 'taking' off
You know, that's almost insulting. I love forums and hate Yahoo
Groups, but that post insinuates the complete opposite. I was just
stating a fact that these groups are so entrenched in letterboxing
lore, it's unlikely your forums will ever get off the ground. Which
still stands, by the way. But whatever. Doesn't matter to me.
> Plus, forums don't allow spam attacks.
If the public can post, there is always the chance of a spam
attack. What makes you think that forums are immune?
> and, as amazing as it seems, someone is still probing to see if
> that bug exists, along with attempted Syn Attacks and DoS (Denial
> of Service) attacks.
You're surprised? =) Every system on the face of the planet
probably suffers from hackers. If it's attached to the Internet,
there will always be someone, somewhere who wants to hack in. You
might be able to put a fake "This house is guarded by XYZ Security
system" on your lawn to fool a few people, but there's a lot of
smart people out there who won't fall for something so trivial and
will try hacking in using exactly the methods you tell them won't
work.
-- Ryan
Re: [LbNA] Re: From a sad heart revisited........
From: Rayvenhaus (rayvenhaus@myndworx.com) |
Date: 2004-05-16 10:59:15 UTC-07:00
> > I'm going to recreate the Forums, because , as Ryan pointed out
> > once, he didn't see them 'taking' off
>
> You know, that's almost insulting. I love forums and hate Yahoo
> Groups, but that post insinuates the complete opposite. I was just
> stating a fact that these groups are so entrenched in letterboxing
> lore, it's unlikely your forums will ever get off the ground. Which
> still stands, by the way. But whatever. Doesn't matter to me.
>
No, it's not even close to almost insulting, it's way off. Sorry if you've not yet had your coffee this morning, but please don't
read into my words Rayn. I'm not trying to insult you at all, and I really don't want to waste the time to try and insult you, I
have much better things to do. And, to be specific, I was making a direct quote. You sepcifically said that you didn't see the
Forums taking off at all. You said it, I quoted it. And it's not to blame you at all or even insult you. I've got better thigns to
do with my time than try and get your goat Ryan. Please stop taking my words as a slap in your face or anything else. I was simply
statting that, as you pointed out, since they hadn't taken off, then I could restart them without fear of losing everything. I'll
pull some of the stuff out of the database and recreate them, but over all, I'm just going to restart the Forums. Sorry if it came
out any other way, I'm sure you can understand the stress I'm under right now.
> > Plus, forums don't allow spam attacks.
>
> If the public can post, there is always the chance of a spam
> attack. What makes you think that forums are immune?
>
Becuase you just answered your own question. I beleive them to be more immune from the Spam Attacks that mailing lists suffer from
becuase of the nature of the Forum, VS the nature of the Mailing list. And becuase, as any good administrator that's been doning
this for quite some time, the public can NOT post to the forums. Standard procedure, at least for any forum I've ever run. So,
that's why I said that. But thank you for questioning it Ryan.
> > and, as amazing as it seems, someone is still probing to see if
> > that bug exists, along with attempted Syn Attacks and DoS (Denial
> > of Service) attacks.
>
> You're surprised? =) Every system on the face of the planet
> probably suffers from hackers. If it's attached to the Internet,
> there will always be someone, somewhere who wants to hack in. You
> might be able to put a fake "This house is guarded by XYZ Security
> system" on your lawn to fool a few people, but there's a lot of
> smart people out there who won't fall for something so trivial and
> will try hacking in using exactly the methods you tell them won't
> work.
>
> -- Ryan
No, actually I'm surprised that we think so differently, or, better yet, that you've decided to read what I say differently than
it's intended. I was not expressing surprise over the fact that my server was still being probed from the very same IP address that
instigated the original attack. In that aspect, I can see why my words didn't not come across as I intended them, however, I really
don't need you tell me that every system on the Internet is vulnerable to attacks or probing. This is my career, remember? Before
working at Intel, I was a GreyHat for Siegeworks out of California. System security and prevention was my bread an butter. And
yet, even as good as I thought I was, I still got hacked. So, I'm not at all surprised that it happened or is still happening, but
that it's the same person. And, frankly, who that person is. But, that's of no nevermind.
To answer your first letter, asking how it happened, I'll say this much... They used a Union Jack SQL Insertion to get past a bug in
the SQL routines of the software that I was using. And, since the version I used was vulnerable and the next release that fixed it
had yet to come out, unless you paid for it, I got hacked. And it's mainly my fault, I never took the time to secure it myself, had
to many other pressing things to take care of. You know, once I get Around To It. ;)
Steve
> > once, he didn't see them 'taking' off
>
> You know, that's almost insulting. I love forums and hate Yahoo
> Groups, but that post insinuates the complete opposite. I was just
> stating a fact that these groups are so entrenched in letterboxing
> lore, it's unlikely your forums will ever get off the ground. Which
> still stands, by the way. But whatever. Doesn't matter to me.
>
No, it's not even close to almost insulting, it's way off. Sorry if you've not yet had your coffee this morning, but please don't
read into my words Rayn. I'm not trying to insult you at all, and I really don't want to waste the time to try and insult you, I
have much better things to do. And, to be specific, I was making a direct quote. You sepcifically said that you didn't see the
Forums taking off at all. You said it, I quoted it. And it's not to blame you at all or even insult you. I've got better thigns to
do with my time than try and get your goat Ryan. Please stop taking my words as a slap in your face or anything else. I was simply
statting that, as you pointed out, since they hadn't taken off, then I could restart them without fear of losing everything. I'll
pull some of the stuff out of the database and recreate them, but over all, I'm just going to restart the Forums. Sorry if it came
out any other way, I'm sure you can understand the stress I'm under right now.
> > Plus, forums don't allow spam attacks.
>
> If the public can post, there is always the chance of a spam
> attack. What makes you think that forums are immune?
>
Becuase you just answered your own question. I beleive them to be more immune from the Spam Attacks that mailing lists suffer from
becuase of the nature of the Forum, VS the nature of the Mailing list. And becuase, as any good administrator that's been doning
this for quite some time, the public can NOT post to the forums. Standard procedure, at least for any forum I've ever run. So,
that's why I said that. But thank you for questioning it Ryan.
> > and, as amazing as it seems, someone is still probing to see if
> > that bug exists, along with attempted Syn Attacks and DoS (Denial
> > of Service) attacks.
>
> You're surprised? =) Every system on the face of the planet
> probably suffers from hackers. If it's attached to the Internet,
> there will always be someone, somewhere who wants to hack in. You
> might be able to put a fake "This house is guarded by XYZ Security
> system" on your lawn to fool a few people, but there's a lot of
> smart people out there who won't fall for something so trivial and
> will try hacking in using exactly the methods you tell them won't
> work.
>
> -- Ryan
No, actually I'm surprised that we think so differently, or, better yet, that you've decided to read what I say differently than
it's intended. I was not expressing surprise over the fact that my server was still being probed from the very same IP address that
instigated the original attack. In that aspect, I can see why my words didn't not come across as I intended them, however, I really
don't need you tell me that every system on the Internet is vulnerable to attacks or probing. This is my career, remember? Before
working at Intel, I was a GreyHat for Siegeworks out of California. System security and prevention was my bread an butter. And
yet, even as good as I thought I was, I still got hacked. So, I'm not at all surprised that it happened or is still happening, but
that it's the same person. And, frankly, who that person is. But, that's of no nevermind.
To answer your first letter, asking how it happened, I'll say this much... They used a Union Jack SQL Insertion to get past a bug in
the SQL routines of the software that I was using. And, since the version I used was vulnerable and the next release that fixed it
had yet to come out, unless you paid for it, I got hacked. And it's mainly my fault, I never took the time to secure it myself, had
to many other pressing things to take care of. You know, once I get Around To It. ;)
Steve