Announcement

Collapse
No announcement yet.

Emergency Site Update

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Emergency Site Update

    Hi. I'm Ted, the guy running the server, if you don't recall from my occasional posts in the years past.

    I apologize for the trouble with the site overnight. Turns out that someone exploited a vulnerability in the vbulletin software to install a cryptcurrency mining application on the system (running only as the webserver user) while I was on a business trip to Atlanta and not as attentive as usual. I didn't spot it until last night. I cleaned up the mess and built preventative measures but didn't get time to update vbulletin. I missed one detail which i think was causing errors over night on the forum. My fault, my apologies.

    Here's a post from vbulletin about the Security Patch. https://forum.vbulletin.com/forum/vb...-5-3-and-5-5-4 Not very specific, but i believe this is related to the incident.

    As well as the cleanup, I made time this morning to update the vbulletin. We're on the current version now.

    Took me longer than expected to sort out the cause of upgrade issues because I was also wrestling with two pups who thought fighting through the office space was the best idea.


    Click image for larger version

Name:	dogs1.jpg
Views:	297
Size:	471.0 KB
ID:	184724
    Click image for larger version

Name:	dogs2.jpg
Views:	198
Size:	439.5 KB
ID:	184725Click image for larger version

Name:	dogs3.jpg
Views:	188
Size:	47.9 KB
ID:	184726Click image for larger version

Name:	dogs4.jpg
Views:	201
Size:	453.3 KB
ID:	184727


    (Dog pics let me test and fix up the attachments that weren't working after the update.)

    I think we're back to everything working. But if not, reply here and i'll troubleshoot whatever is still an issue.

    Oh, and regarding the "incident", none of your data or info was available to the guy with the crypto miner. All he could do was do things as the webserver. So he could not see into the config files that had info to talk to the database. He just started up his little program as the webserver and was earning himself probable a dime a day at our expense.

    Hopefully that's the last we see of him after the several fixes.

  • #2
    Looks like images on posts made before the update are not showing up. Such as the recent "Spark Plug Harness" post images. Gives a "Invalid File Specified" error.

    I'll work on why that's happening but it may have to wait until tonight. Time to focus on the tech tasks that earn me money. aka, my job.

    Comment


    • #3
      Originally posted by ted View Post
      Looks like images on posts made before the update are not showing up. Such as the recent "Spark Plug Harness" post images. Gives a "Invalid File Specified" error.

      I'll work on why that's happening but it may have to wait until tonight. Time to focus on the tech tasks that earn me money. aka, my job.
      Fixed that. It was a directory of images that wasn't moved over in the upgrade.

      Comment


      • #4
        Thank you Ted for everything you do to keep this site ticking along
        Scott
        CF-CLR Blog: http://c-fclr.blogspot.ca/

        Comment


        • #5
          Yes thank you Ted for maintaining this site. Facebook is great for some but I'll not support the founder and who knows how long what's there will be available.

          Gary
          N36007 1941 BF12-65 STC'd as BC12D-4-85

          Comment


          • #6
            Ted, We all appreciate what you do here to keep this site going. Believe me as president of a large EAA Chapter now going into my sixth year just that time tests one again and again on what can be thankless as volunteer work . Well done here TED !

            Comment


            • #7
              You're all very welcome.

              I'm happy to help a good cause. And a good past coworker, Bob O.

              Comment

              Working...
              X