1. Are you a current member with account or password issues?

    Please visit following page for more information

    Dismiss Notice

24 Hour Response Time Forum Log Part 2 12AM-12AM Central time.

Discussion in 'MEMBER RULES, GUIDELINES & ANNOUNCEMENTS' started by JonSidneyB, Mar 7, 2013.

  1. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
    That may explain it. I emailed a group of Membahs and Kripto said it was working fine for him at the time.
     
  2. keith1234
    • In Omnia Paratus

    keith1234 Loaded Pockets

    Joined:
    Feb 5, 2010
    Messages:
    5,421
    Likes Received:
    18,947
    I was wondering if it's the way the connections are routed myself ( certain areas of the country or outside the US ) that is causing the problem, sort of like a logjam. I sometimes have the same sort of issue with one or 2 other sites I visit where you can get on the site but not load pages. Or you get a link broken error type thing. Other than that for me the forum has been pretty fast and no issues with posting.
     
  3. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    I should have mentioned this part.

    We are on a different server and things did have to propagate. I expected to get a lot of messages because of the propagation but didn't get any but I know it had to have affected some people.

    On the server compromise, what happened to us was relatively new and affected some pretty sophisticated servers users such as cPanel.

    Some digging had to be done to see what the person that got into the server was doing. It looks like the only thing he was interested in was turning the server into his spam server but we needed to be sure nothing else was going on. This was a pretty sophisticated compromise that experienced server users still don't have a handle on. Just reading about the issue took the better part of a day.

    97 pages on this one.

    http://www.webhostingtalk.com/showthread.php?t=1235797

    This is where cPanel was compromised.

    http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem

    http://forums.cpanel.net/f133/cpanel-inc-announces-additional-internal-security-enhancements-326702.html

    http://blog.solidshellsecurity.com/2013/02/18/0day-linuxcentos-sshd-spam-exploit-libkeyutils-so-1-9/


    It was taking way too long to confirm that everything was put back the way it was previously, we would have to fine each and everything they did. It was decided to go through the server and find all the things that we wanted to keep instead and move it to a different server. We were needing a more potent server anyway. Doing a check of the new server we don't find this rootkit. Even though the rootkit is not seen anymore the server is being monitored closely for activity not related to what I have running on the server. This exploit is not completely understood yet, the more this is studied the more it looks like this tries many different forms of entry. We have SSH locked down as that seems to be the most common method but looks like it is not the only one.

    We do catch dictionary attackers trying to get into the forum almost every day. This one didn't get in by that method. I think people would be shocked at how much screening and hours are spent to keep bad stuff out. The things that are done daily would not have caught this one. Additional security has been added just for this particular attack.

    I know that Dr Jekell and xbanker have caught several dictionary attackers, there are so many of those that we don't bother logging them or talking about them. I have caught possibly a thousand of them over the years. It is a tedious process but what is found happens so often we it does not warrant even mentioning. I know that almost none of these have a chance of being successful so some will wonder why we try and catch them before it gets started but I don't want to take the chance. Besides the process catches a lot of other things not related to forum security as well.

    We may very well still have problems but will need to be sorted as the come up.
     
    Last edited by JonSidneyB, Mar 13, 2013
    SAKplumber likes this.
  4. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    There are other things I plan on doing to get things to run faster forum wise. We are going to add elastic search with enhanced searched stacked on top of it to both get faster searches, better searches, and reduce the server load caused by searches. I am also looking at going to enterprise grade SSD drives (costly) to try and speed things even more.

    Since things seem to be running OK for the moment except for some momentary lags. I am going to try and do these things after I get caught up on some other things as the first one mentioned will be time consuming.
     
    Last edited by JonSidneyB, Mar 13, 2013
  5. CSM-101
    • GITD Manix 2XL Owner
    • In Omnia Paratus

    CSM-101 EDC Junkie!!!!!

    Joined:
    Sep 25, 2012
    Messages:
    2,730
    Likes Received:
    18,042
    You learn something new every day.

    It never ceases to amaze me how HARD people will work to scam/steal/cheat everything they can, with that much skill you would think they would get a real job and do something productive...

    Better stop here before I go off on a major rant... :rolleyes:
     
  6. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    Those with real jobs are often the one that are the sneakiest.

    The amount of dirt and misinformation on forums is staggering.

    I don't have the time but if I did I get if I spent a day digging I would find quite a few people that are being deceptive for their own gain.
     
  7. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
    Its Human nature:rolleyes:
     
  8. Mighty Max
    • In Omnia Paratus

    Mighty Max Loaded Pockets

    Joined:
    Oct 4, 2012
    Messages:
    3,463
    Likes Received:
    12,238
    Hi SAK, I am a Nigerian prince and you just inherited a boat load of money. First I need you to send me like all of your money so I can this money to you. Those big money sacks are expensive so I have to buy some to fit all your money.
     
    SAKplumber and SurvivePenna like this.
  9. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    Start as post #6 If I remember right I gave up digging after about an hour and was at a dozen different ID's. He was a moderator on one site and deliberately scammed his own members.

    https://forums.digitalpoint.com/threads/logo-design.1653532/#post-13369389
     
    SAKplumber likes this.
  10. Mighty Max
    • In Omnia Paratus

    Mighty Max Loaded Pockets

    Joined:
    Oct 4, 2012
    Messages:
    3,463
    Likes Received:
    12,238
  11. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    The number of people caught doing this kind of thing since the forum started is in the hundreds.
     
  12. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
  13. SurvivePenna
    • GITD Manix 2XL Owner
    • In Omnia Paratus

    SurvivePenna EDC Junkie!!!!!

    Joined:
    Aug 6, 2012
    Messages:
    3,389
    Likes Received:
    34,894
    Jon, I just found one....

    The username is : SAK Plumbah... [​IMG]

    He's using these forums to sell dancin' lessons !!!!!!!!!!!

    [​IMG]
     
    jph0200, Mighty Max and SAKplumber like this.
  14. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    The most serious things that used to get caught at the gate where the BST scammers and those that would do wholesale rip offs of the members.

    You will notice in the link above where he ripped off some people on a site he was moderating.
     
  15. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
    [​IMG][​IMG][​IMG]I'm your huckleberry;)[​IMG][​IMG][​IMG]
     
    jph0200 and SurvivePenna like this.
  16. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
    I jsut got home from work (11:06pm eastern) and the Forum was a little slow for a about 5 minutes(ago). Timed out twice and took a long time to load up a page or 3:) Seems okay now!
     
  17. Mighty Max
    • In Omnia Paratus

    Mighty Max Loaded Pockets

    Joined:
    Oct 4, 2012
    Messages:
    3,463
    Likes Received:
    12,238
    I had the same deal^^
     
  18. SAKplumber
    • In Omnia Paratus

    SAKplumber EDC Junkie!!!!!

    Joined:
    Nov 26, 2011
    Messages:
    29,783
    Likes Received:
    107,170
    Maybe it was just us:rolleyes: We were in convo together
     
  19. Mighty Max
    • In Omnia Paratus

    Mighty Max Loaded Pockets

    Joined:
    Oct 4, 2012
    Messages:
    3,463
    Likes Received:
    12,238
    The gods are conspiring against us :eek:
     
    SAKplumber likes this.
  20. JonSidneyB
    • Administrator

    JonSidneyB Uber Prepared
    Staff Member

    Joined:
    Mar 28, 2006
    Messages:
    21,161
    Likes Received:
    12,084
    Things running very slow. Here is what the host had to say.

    "It looks like a neighboring server was getting DoS'ed and that was affecting the switch that you are on. We believe we have it resolved. Can you let us know if things seem better now."
     
    SAKplumber likes this.