Originally posted by Ren
couldn’t someone just check a log with every IP that connected to the server and identify from which of them the attack came from, them track the thing to its origin and impale the hacker?
We’d need to have a log to work with, it’s not like the drive is usable once the worm is done with it.
there’s no such thing as a worm virus that just goes around the internet wiping out servers. if there was, it would be front page news. remember the splash code red made? it didn’t do any real damage, but it got so much press, my grandmother asked me about it. (of course, code red attacked windows servers, so the media made a big deal about it; they let the security flaws in apache webservers slip through the cracks, since joe public doesn’t know what it is…but even so, i would have heard about such a worm).
you don’t need to buy a ‘security package’. default web server configuration is secure enough, provided default passwords are changed.
“rackshack” should be providing a level of security that doesn’t allow someone without rights to be able to, uh, delete everything.
i’m guessing someone who has execute rights is trashing the server, or the host just plain sucks and has horrible security. but of course, nobody seems to know what the problem is, because knowledge of the problem is a “right”. perhaps if more people were in the know, a solution would have already been identified and the site wouldn’t be being restored for the third time.
the problem should be easily solved, by locking down rights. nobody should have execute access, and there should be a staging area for shrines on a different server, where people only have write access. if this isn’t the problem, and it is some hacker on the outside, your host sucks ass, and you should sue them.
web security isn’t a big deal, or a mystery that involves all kinds of money. it’s basic stuff, more account management than anything else.
I would donate, but then again, I don’t care what happens to this place. Ho hum.
Gee, arent you a little ray of sunshine?
I would donate, but my 27$ CAN say “Save me to buy books so you don’t flunk another semester in college!” (And yes, that’s ALL I have up to now, and still no job)
Originally posted by SweetCookiePie
I would donate, but then again, I don’t care what happens to this place. Ho hum.
Why are you even here then??
I’m getting a job soon…echoes everyone else I WOULD donate…just wait a little longer:P
Originally posted by Evangelion
Why are you even here then??
Actually, I can see what he/she is saying. If this site went down, he/she would probably find somewhere else to go- its not a permanent home- he/she doesn’t care. Okay? Not only that, SCP has just as much right as anyone else does to be here, considering that there are a LOT of thickheaded jerks here, and they are evenly split betweein liking RPGC and not giving a frack.
EDIT: But all that aside, I might be able to donate once I get my debit card.
Yeah true never thought of it that way…I tend to like the forums I post in though. Touche:thud:
Originally posted by LockeJV
[b]there’s no such thing as a worm virus that just goes around the internet wiping out servers. if there was, it would be front page news. remember the splash code red made? it didn’t do any real damage, but it got so much press, my grandmother asked me about it. (of course, code red attacked windows servers, so the media made a big deal about it; they let the security flaws in apache webservers slip through the cracks, since joe public doesn’t know what it is…but even so, i would have heard about such a worm).you don’t need to buy a ‘security package’. default web server configuration is secure enough, provided default passwords are changed.
“rackshack” should be providing a level of security that doesn’t allow someone without rights to be able to, uh, delete everything.
i’m guessing someone who has execute rights is trashing the server, or the host just plain sucks and has horrible security. but of course, nobody seems to know what the problem is, because knowledge of the problem is a “right”. perhaps if more people were in the know, a solution would have already been identified and the site wouldn’t be being restored for the third time.
the problem should be easily solved, by locking down rights. nobody should have execute access, and there should be a staging area for shrines on a different server, where people only have write access. if this isn’t the problem, and it is some hacker on the outside, your host sucks ass, and you should sue them.
web security isn’t a big deal, or a mystery that involves all kinds of money. it’s basic stuff, more account management than anything else. [/b]
There is a worm, which does harm certain setups of Linux: I guess Rackshack is stupid enough to run on that setup. Or so I recall. It was revealed as the only worm which could harm Linux, and had limited spreading. And that was long ago, too.
And quite often default setups aren’t secure: Mandrake, and a lot of other distributions should be the proof of that.
But a lot of what you said is true: Especially the part about tightening security.
And a last note: Has the webservices been proved as the blame?
Instead of looking for excuses not to donate by whining “I don’t have a credit card”, get a debit card with a visa on it so you can use it like a CC, or get a money order and ship it to Merlin since he handles the finances. Its not hard. I’ve heard the same crap so often its really starting to make me angry.
Gone for four days. And it happens again… 
Originally posted by Sinistral
Instead of looking for excuses not to donate by whining “I don’t have a credit card”, get a debit card with a visa on it so you can use it like a CC, or get a money order and ship it to Merlin since he handles the finances. Its not hard. I’ve heard the same crap so often its really starting to make me angry.
Yeah seriously don’t make excuses about not donating. You’re under NO obligation to donate and no’one will hold it against you if you don’t. If you do want to donate it’s quite easy to do unless your problem is a that you’re low on cash.
<img src=“http://www.rpgclassics.com/staff/tenchimaru/td.gif”> In which case, you get the satisfaction of knowing that you sold your body cheaply to help out RPGC. And then you get addicted to crack.
i dont know if this is it but. i was in florida 2 weeks ago and the front page headline was about a “hacking contest” were hackers took random sites and hacked them…maybe RPGC is a victim of that?
Originally posted by kdslfg
i dont know if this is it but. i was in florida 2 weeks ago and the front page headline was about a “hacking contest” were hackers took random sites and hacked them…maybe RPGC is a victim of that?
That pretty much turned into nothing: The contest’s webpage was hacked and they were hindred from calculating scores. And RPGClassics’ problems started before that.
Ive told merlin numerous times that I intend to send money, and I do. I just have to get a little bit together. Right now, I’ve got an RPGC Fund going, and I’ve got $15 in it. Merlin told me to mail it to his dorm or something (since he’s a wuss and doesnt wanna gimme his real address or something :d ) so when he starts up his school, I should have something nice and worthwhile to send him.
Man, a while ago I told a couple people that I worked at a website, they asked if I got paid and I said no. I didn’t have the heart to tell them about the donations.
anyways yes efforts had been made to boost security, but they had by and large failed due to either ignorance on our part, and unwillingness to tinker, or the lack of quality in the changes themselves. But anyway I’m in the process of calling in the heavy artillery, plus BN is back which is an incalculable bonus.
To all of you who say “Security is easy, anyone can do that!”: Remember that with enough time and CPU power, any site can be hacked. That includes the ultramegaübersecret behind-42-firewalls-and-routes-through-thirteen-networks servers that the military has. As long as a computer is connected to the Internet, it can be hacked, no matter where in the world it is or how many routers it got.
Security issues is a nightmare, pure and simple.
Well said! Besides, to paraphrase Dune, the attacker only needs to find one weak point in the defense. The defender needs to defend against everything.
