The Flat Earth Society
The Flat Earth Society => Suggestions & Concerns => Technical Support => Topic started by: Particle Person on October 27, 2017, 07:28:18 PM
-
Came here to check on the status of the merger discussion, hit https://theflatearthsociety.org/home/ first and noticed that it looked somewhat different.
(https://imgur.com/XxwOBJO.jpg)
-
That's the Indonesian branch of the Flat Earth Society.
-
Monday, I will be hiring a consultant from Sword and Shield to look over our security and analyze this attack. You can look them over here, and see what you think: http://www.swordshield.com
-
Are you really sure it takes the expertise of a third party enterprise infosec company to secure a forum homepage? Sure, they'll help you as long as you give them money, but I can't help wondering if this is a little excessive.
-
I'm sure it is excessive. They have worked well for me in the past, and I'd like to see what kind of trail exists if any. I know several folks there on a personal level. This is clearly one person who is repeatedly performing the attack. There is certainly a pattern on when it happens; I'll leave it up to our users to think about this.
If the issue is we'll have too much security, then so be it.
-
There is certainly a pattern on when it happens; I'll leave it up to our users to think about this.
What is the pattern? I mean, I understand that you are implicitly blaming SexWarrior (or maybe tfes.org as a whole), but is there actually a pattern to these issues which indicates any particular person is to blame?
-
I'm seeing a lot of 502: Bad Gateway errors when trying to load any page on the domain, probably once every 5 page updates or so.
-
If the issue is we'll have too much security, then so be it.
I don't know what you've done, but I think you've just reached the point of too much security. Apparently my "password security has been upgraded" so hard that my usual password is no longer valid, just moments after I last posted.
(https://i.imgur.com/4H5VE8g.png)
(https://i.imgur.com/U32NUqy.png)
When the site is not throwing incomprehensible errors at me, it simply asserts that my password is incorrect. Can I have my account back, or should I get used to being Pete?
As an aside, now that the implication has been made: I welcome the idea of getting someone who actually knows what they're doing involved. I look forward to your acknowledgement that I had nothing to do with this, or your desperate attempt at denying there was any implication in the first place!
-
There is certainly a pattern on when it happens; I'll leave it up to our users to think about this.
What is the pattern? I mean, I understand that you are implicitly blaming SexWarrior (or maybe tfes.org as a whole), but is there actually a pattern to these issues which indicates any particular person is to blame?
I am doing no such thing. Please don't put words in my mouth.
If the issue is we'll have too much security, then so be it.
I don't know what you've done, but I think you've just reached the point of too much security. Apparently my "password security has been upgraded" so hard that my usual password is no longer valid, just moments after I last posted.
(https://i.imgur.com/4H5VE8g.png)
(https://i.imgur.com/U32NUqy.png)
When the site is not throwing incomprehensible errors at me, it simply asserts that my password is incorrect. Can I have my account back, or should I get used to being Pete?
As an aside, now that the implication has been made: I welcome the idea of getting someone who actually knows what they're doing involved. I look forward to your acknowledgement that I had nothing to do with this, or your desperate attempt at denying there was any implication in the first place!
I don't know man. Have you tried resetting your password?
-
I don't know man. Have you tried resetting your password?
Yes. It was rather fruitless.
So, simple question, simple answer: will you give me my account back, or is it permanently "upgraded"? No need for idle chit-chat, we both know you don't like it.
-
Why was it fruitless? I can reset your password for you to your registered email, if you'd like.
-
Are any other users experiencing this '2 secure 2 login' issue?
-
Why was it fruitless? I can reset your password for you to your registered email, if you'd like.
I received no e-mail, which leads me to suspect that the address may have also been upgraded.
-
There is certainly a pattern on when it happens; I'll leave it up to our users to think about this.
What is the pattern? I mean, I understand that you are implicitly blaming SexWarrior (or maybe tfes.org as a whole), but is there actually a pattern to these issues which indicates any particular person is to blame?
I am doing no such thing. Please don't put words in my mouth.
Apologies if I misinterpreted your meaning. Can you tell us about the pattern you mentioned?
-
Why was it fruitless? I can reset your password for you to your registered email, if you'd like.
I received no e-mail, which leads me to suspect that the address may have also been upgraded.
If it was, it surely wasn't by me. It looks like PP account has his email set to e@e.com. Does this ring any bells?
-
If it was, it surely wasn't by me. It looks like PP account has his email set to e@e.com. Does this ring any bells?
It does not. My account was linked to a largely unused, but still active address just a few days before it got "upgraded".
-
Odd, I seem to remember that being your address when I looked at your profile last week.
-
Odd, I seem to remember that being your address when I looked at your profile last week.
That would be consistent with me changing it a few days ago.
-
Are you suggesting that the hackers attacked specifically your account and nobody else to revert your email to the same address it was a few days ago?
I don't know man. Seems oddly specific.
-
Are you suggesting that the hackers attacked specifically your account and nobody else to revert your email to the same address it was a few days ago?
No. To quote myself: "I don't know what you've done".
But we also know that "the hackers" mysteriously reverted some other things, the version of the software of this forum being one that you've named. So, even if this is "the hackers" and not you, your question seems spurious.
So, what will it be, John? Am I settling in as Pete, or will you bring my account back from the dead?
-
I'm happy to help you regain access to your account. I didn't touch anything, and your attitude in this matter when it seems you just forgot your password is puzzling.
-
I'm going to set the email to your account to an email of Parisfals. This way I know you aren't just some random person trying to gain access to PPs account. Is this acceptable to you?
-
I'm happy to help you regain access to your account.
Awesome stuff.
I didn't touch anything, and your attitude in this matter when it seems you just forgot your password is puzzling.
There are a few reasons why I doubt that it was a simple case of a forgotten password:
- I was already logged in when I lost access. My login cookies got invalidated on all browsers. My memory can be funky, but not funky enough to log me out of a powered-off laptop.
- As you might have noticed in one of my screenshots, I let Chrome manage my passwords.
- If it was a simple case of me forgetting my password, what does the "password security upgraded" message mean? Surely it would just be a case of the password being incorrect.
Regarding your involvement, the only reason I suspected you was your cryptic message regarding degraded performance and yourself dealing with "issues" (https://www.theflatearthsociety.org/forum/index.php?topic=72572.msg1977017). It seemed reasonable that you did, in fact, touch something since you announced you would be touching things.
I'm going to set the email to your account to an email of Parisfals. This way I know you aren't just some random person trying to gain access to PPs account. Is this acceptable to you?
Fine by me. I'll just run it by Parsifal before confirming.
-
Fine by me. I'll just run it by Parsifal before confirming.
Confirmed.
-
I'd have to look at the source to see what that message refers to. At any rate, I certainly didn't change your email address. As far as it not being a lost password, I believe you, and I'll add this to the list of things I'll discuss Monday.
I'll update your email in a few minutes. I'm currently in the middle of something else.
-
Is there anybody else who has had their email reverted to one from a week ago?
-
Whenever Parisfal gets a chance, tell him to drop by and give me an email he hasn't used for an account here.
-
I believe he's PM'd you now
-
It looks like somebody already changed the email to sw@tfes.org
Does this make any sense to you?
-
It looks like somebody already changed the email to sw@tfes.org
Does this make any sense to you?
That's the e-mail for the account I'm posting from right now, and the e-mail I was expecting to be set for PizzaPlanet to begin with. Unless you accidentally looked at the wrong account, this is very strange.
-
Nevermind, I see.
-
Was on wrong profile fixing now.
-
Email updated.
-
I'm back baby!!!
-
Wonderful! Sorry for the slight inconvenience. Still baffles me how your email would have been reverted to a week prior. I'm open to your guys opinions on what could have happened.
-
I'm more confused by the sudden invalidation of the password. The e-mail change could potentially be me getting something wrong and merely thinking that I've changed it. I don't think I did, but it's at least a possible scenario.
The password thing is weird. I was logged in, happily posting away, then suddenly "password security has been upgraded" and I couldn't log back in. If you didn't change anything at the time, then something is clearly amiss.
-
Wonderful! Sorry for the slight inconvenience. Still baffles me how your email would have been reverted to a week prior. I'm open to your guys opinions on what could have happened.
How did you deal with the hacking? To me, the reversion to SMF 2.0.6 combined with PizzaPlanet's e-mail address seems like an old backup got restored.
-
I, for one, hope that John can trace this back to the Indonesians who perpetrated this crime and prosecute them to the fullest extent of the law, if they have law in Indonesia.
-
This is clearly one person who is repeatedly performing the attack.
Probably Pizza Planet, he has history.
-
I, for one, hope that John can trace this back to the Indonesians who perpetrated this crime and prosecute them to the fullest extent of the law, if they have law in Indonesia.
They don't have law in Indonesia, which is why the government allows "protected" forest and orang utan habitat to be chopped down to make palm oil plantations.
-
They don't have law in Indonesia
I was not aware that Indonesia is in a perpetual state of anarchy. Has anyone told the Indonesian government? They probably need to be informed of this.
-
They don't have law in Indonesia
I was not aware that Indonesia is in a perpetual state of anarchy. Has anyone told the Indonesian government? They probably need to be informed of this.
Like Central/South American countries, Indonesia runs on bribes. You can do anything you like as long as you slip the right people a hefty brown envelope. Hence the government allowing mass destruction of areas that they have earmarked as wildlife reservations.
-
Like Central/South American countries, Indonesia runs on bribes. You can do anything you like as long as you slip the right people a hefty brown envelope. Hence the government allowing mass destruction of areas that they have earmarked as wildlife reservations.
If that's your standard for not having law, then I suppose laws don't actually exist anywhere in the world.
-
Like Central/South American countries, Indonesia runs on bribes. You can do anything you like as long as you slip the right people a hefty brown envelope. Hence the government allowing mass destruction of areas that they have earmarked as wildlife reservations.
If that's your standard for not having law, then I suppose laws don't actually exist anywhere in the world.
It's a sliding scale though, with places like Colombia at one end, and places like Sweden at the other. There's a rough correlation between corruption and third worldness.
-
It's a sliding scale though, with places like Colombia at one end, and places like Sweden at the other. There's a rough correlation between corruption and third worldness.
There's a very distinct difference between saying "Indonesia is more corrupt than many other countries on Earth" and "Indonesia has no laws". One is a very possible truth, the other is a hilarious claim that no sane individual would conclude to be correct. It was bad enough for Jroa to imply that Indonesia is in anarchy, but you coming by to say "yeah, Indonesia is basically an ancap paradise" really adds to the entertainment value of this thread.
-
Everyone else understood what they were saying.
-
Everyone else understood what they were saying.
You mean you guessed what they meant based on context, which wouldn't be necessary had they displayed the intelligence not to say something like "Indonesia has no laws" in the first place.
-
Everyone else understood what they were saying.
Yep.
But Rushy is right at home here, in the land of hysterical semantics. The lifeblood of all FE arguments. It doesn't matter how much is implicit, it's only the exact written words that matter to him. ::)
-
Ok, so the reason it reverted to 2.0.6 was a botched upgrade to 2.0.14 that appeared to go through due to the override version being set as it had thought it installed properly. Should be all good now. In the future, it should be easy to avoid this.