open

Science Fiction, Fantasy & Horror Forums

You are logged in as a guest. ( logon | register )

Random quote: "Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something." - Robert A. Heinlein
- (Added by: Administrator)


SQL attack on WWEnd
[Frozen]

Jump to page : 1
Now viewing page 1 [25 messages per page]		View previous thread :: View next thread
Frozen    Welcome to Worlds Without End! -> New Features & NewsMessage format
 
Administrator
Posted 2008-05-15 9:23 PM (#1361)
Subject: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas

all,

yesterday we had a "SQL injection attack" hit WWEnd.  the code reached into our database and corrupted a ton of files.  it affected just about everything on the site that's data driven which pretty much means... well, every. damn. thing.  (string of cursing here, please.)

the program dropped a java script into a bunch of data tables which broke all the novel graphic links and corrupted the novel synopses and excerpts, author bios, publisher histories and most everything in the resources section.  you may have noticed the effects...  it's hard to miss.  in all, some 4,000 files have been affected.  (i'm really just getting started on the cursing you know....)

as you might imagine we're all really cheesed about what's happened but we've got a plan to fix and prevent it from happening again.  we've already fixed the images issue but the data is going to require some jumping through hoops.  in fact we fixed the images only to be hit with a second attack after 20 minutes!  (insert more colorful expletives here!)

we'll be moving the site and databases over to new, load balanced, servers that are much faster and certainly more secure.  these are closer to state of the art than the antique we've been riding on.  once we've moved over we'll attempt to restore the data and hopefully be back up and running.  i expect a few hick ups but it should be accomplished by noon tomorrow.

thanks for your patience as we fix these issues.  i'll post here again when we're done.

- dave

mood:

 

Top of the page Bottom of the page
Administrator
Posted 2008-05-16 7:43 AM (#1362 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		so we got hit again last night and everything is back to being FUBAR. working on the fix now.

- dave
Top of the page Bottom of the page
whargoul
Posted 2008-05-17 1:05 AM (#1363 - in reply to #1362)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 75
25
Location: Dallas, TX		It's Fixed!

We lost some data, but it's not as bad as it could have been.

Live and learn...
Top of the page Bottom of the page
Administrator
Posted 2008-05-17 10:25 AM (#1364 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		so the site is back up and running now and we've moved to a secure server so it should not happen again. that's the good news.

the bad news is we lost a lot of data and have now begun the laborious process of finding and replacing the missing content. this is likely going to take some time.

you'll notice the errors as you surf around. truncated content is the most obvious effect. author bios that end mid sentence, missing excerpts where we once had them, missing descriptions in the conventions table etc. those are the problems we're aware of and working to fix. if you should find anything outside of wonky content please take a moment and let us know. post it here or in the Report Errors forum at the bottom of the forums list.

thanks for your patience.

- dave
Top of the page Bottom of the page
Administrator
Posted 2008-05-19 12:35 PM (#1365 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		ok, we spent the weekend trying to recover all the lost data and made some great headway. replaced around 200 novel synopses and excerpts that were new since the last backup. we'll continue to replace the lost content as we can but the bulk of it is back on the site.

also, the site and the data bases have been moved onto new state of the art, load balanced secure servers. that's right. servers with an "s". you should see some significant improvement in download speed now so take her for a spin.

the tech guys really came through for us. our thanks to them!

- dave
Top of the page Bottom of the page
Administrator
Posted 2008-05-24 8:48 AM (#1366 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		it looks like i spoke too soon. some douche-bag has really got it out for us. the whole site is fracked again. it's likely going to stay that way until the long weekend is over.

- dave
Top of the page Bottom of the page
Administrator
Posted 2008-05-28 11:49 AM (#1367 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		ok, the site is more or less back to normal..... again. we've got the data restored from last friday. this time we had a fresh backup so it was not as bad as before. we have taken more steps to secure everything but we're not done yet. at this point don't be surprised if it happens again. it's a new kind of attack that's not well documented so it may take some time to fix permanently.

thanks for your patience.

- dave
Top of the page Bottom of the page
Administrator
Posted 2008-06-03 3:11 PM (#1369 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		the good news: we made it through the weekend without any problems.

the bad news: it may be some time before i feel comfortable saying we're done with this issue.

i guess that's where these dill-weeds get their jollies. i hope this is the end of it.

- dave
Top of the page Bottom of the page
christopherw277
Posted 2008-06-06 1:59 PM (#1372 - in reply to #1369)
Subject: Re: SQL attack on WWEnd



Extreme Veteran

Posts: 312
100
Location: London, U.K.		That is really incredible!! Who would have the time and inclination to screw with a free site. Is there like blocking software stuff you can put in place to keep them out... pretty eloquent question given that I am indeed supposed to be in the technical industry.

I have noticed that some of the Pub pages look weird. I haven't seen any missing content yet but I haven't checked alot of them yet.

I'll start looking through the authors alphabetically... those pages would probably be more popular than the pub pages anyways!

- CW
Top of the page Bottom of the page
Administrator
Posted 2008-06-06 2:07 PM (#1373 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 4103
2000
Location: Dallas, Texas		hey dude! yeah it was a big drama. the theory is that it was an automated attack. not directed at us specifically but once we got hit it went into a database of vulnerable sites and then it just kept coming back and hitting us. i'm sure they're trying to hit us again but with no luck so far. we should be all secure now. it certainly feels like sombody's got it out for us tho.

i've been plowing through the novels fixing the data but i've not got to the authors or publishers yet. anything you can do to help us out would be huge. thanks!

- dave
Top of the page Bottom of the page
christopherw277
Posted 2008-06-07 2:35 AM (#1374 - in reply to #1373)
Subject: Re: SQL attack on WWEnd



Extreme Veteran

Posts: 312
100
Location: London, U.K.		Glad to help!

Hey I just tried updating the Alfred Bester page, which was empty except for his name... i made a buncha changes and filled in the bio, but when i hit submit, i got the url not found page... and then all my changes were gone! Am I doing something wrong?

Also... when I look at the author and pub pages now... there's a honkin' big white space in the middle of the page, and all the good stuff is crammed down to the lower left of the page. Why is that? Are you planning on putting something there? Just curious.

Hey, I'm off to the Antiquarian Book Fair here in London today, how tough is my life?

Take care all!

- CW
Top of the page Bottom of the page
christopherw277
Posted 2008-06-13 1:55 PM (#1381 - in reply to #1374)
Subject: Re: SQL attack on WWEnd



Extreme Veteran

Posts: 312
100
Location: London, U.K.		It's working now! Updated the first five authors... or the first four; author number 2 is blank, fyi...

Cheers,

- Chris
Top of the page Bottom of the page
icowrich
Posted 2008-06-24 10:43 PM (#1402 - in reply to #1361)
Subject: Re: SQL attack on WWEnd



Admin

Posts: 288
100
Location: Irving, TX		CW,

How was the book fair? Did you get any Jules Verne? Thanks for the content. That's awesome!

-Rico
Top of the page Bottom of the page
Jump to page : 1
Now viewing page 1 [25 messages per page]		Frozen
Jump to forum :
Search this forum
Printer friendly version
E-mail a link to this thread

(Delete all cookies set by this site)