...life can be translucent

Menu

About the 'online casino' posts

hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Hello all,

I am truly sorry about the current inundation of 'authentication error' posts. I think they come from a combination of a) a malicious automated attack on the forum attempting to post ads and b) some kind of bug in the forum's response to such attacks, which means it turns the authentication error message into a post. And emails it out to you, of course.

There doesn't seem to be anything I can do via the Administration section to fix this, as the posts are bypassing the usual controls. (Ie they are generated without any user account being created.)

I have asked my web host for help - not that it's their fault or responsibility, but they are naturally helpful anyway. If they can't help within the next hour or so, I'll grit my teeth and pay the $80 to request help from the forum software support people.

If the rate of spam posts really goes up, I may also turn off email notification altogether - in which case I'd send out an email to all Friends to let you know what was going on.

In other words - I will get this fixed, but right now I have no clue how. If you know how to sort it out, please let me know ASAP! I would be very, very happy to pay you for your time.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Actually more panic at present. But watch this space...
 
C

candid

Guest
This may not be helpful but there are anti-bot programs for chat formats, such as Y!Tunnel, etc. I'd imagine there are anti-bot programs for message boards, as well. Not being a tech type, just a guess that this may be working similarly to a malware program, which plants into the server registry, opening the window to continuous invasions from the bot program or programmer.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Well, flump - the web host - say:

"You would need to upgrade/fix whatever vulnerability there is in the software you're using to prevent this. If you look through your log files you might be able to work out the request they're making to try and do this, and see their host or the query string and then block this using mod_rewrite with conditions - but really if they're exploiting something you need to fix the source."

Which is substantially Greek to me. Anyone?

(Have contacted the software people - asking if it's best to buy help with this version, or an upgrade to the new one. Of course this would happen at the weekend.)
 
dobro p

dobro p

visitor
Joined
May 19, 1972
Messages
3,223
Reaction score
209
What your host is telling you is that:

* They're not gonna help you.

* You need someone who understands/writes code (the 'mod_rewrite' thing) to solve the problem. The host's suggesting you might be able to block the incoming attack or that you might have to rewrite bits of your software. I think. lol

I know guys who live and move and have their being in computer sites who tremble at having to deal with some kinds of internet hacks.

Good luck with it.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Yes - I rather thought that was it
wink.gif
. I know there are some programmers in and out of the forum, and was hoping one might be inspired by this...

OK, I just don't actually have the cheek to email Ewald and beg for help so soon after he created that jaw-dropping search script.

Right now I wait for the software people to answer their email - which they may not do over weekends, if they've got any sense. If nil by tomorrow, I'll probably just pay for a 'legacy support ticket' in the hope that tech support there works faster than sales - though there is no guarantee they have a fix, of course.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Well, evidently what I've tried so far hasn't worked...

...sorry about that... (until this morning I thought it might have done)

Discus haven't replied to my message of last weekend - just sent another one.

Question for passing friendly Perl programmers:
another script I use here has a section to deny access from other domains: the script can only be run from a page on the onlineClarity domain. Can that section somehow be pasted into discus's message posting script(s) to block the bots, do you think?

For everyone else: if you can't post or if things suddenly go pear-shaped, email me to tell me that whatever I'm experimenting with is a bad idea. Thank you!
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Ah. Reply from Discus (looks like they did reply at the weekend but the email got lost).

To cut a long email short: we need an upgrade! That should banish the casino bots, and will also provide some useful extra features, like an automatic reminder system for lost passwords.

After receiving 55, line 3 about upgrading, I am asking Discus for a quote to do it for me
wink.gif
.

So - fix on the way.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Right - the upgrade is going ahead!

Tomorrow, afternoon or evening (for most users, depending where you are). There will be some downtime while they make the changeover, and Ewald's hexagram index will be unavailable for a couple of days longer, but then we should be all set.

I'll send out an email to everyone about this to ensure no-one misses it.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
They haven't done it. How extremely embarrassing. I'll email them to find out what's going on.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Ah, right. A lost email from them to me requesting information - without which, they couldn't go ahead. Hopefully they'll do the work today instead. Um, watch this space?
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Right - they've done it!

The main difference you'll notice will be the 'date/keyword search' all rolled into one. I'll burrow round the admin area soon and try to get the hang of what else is possible.

Ewald's hexagram search won't work for now, but he will fix it over the weekend.
Meanwhile if you find glitches, please let me know asap, so I can ask the nice man from Discus to fix it.
happy.gif
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
(Actually, Ewald's hexagram search still gives you good results - it just won't be indexing new posts until he tells it how.)

If you lose your password now, you can use the 'edit profile' link to recover it.

Hmmm - do you find these blue boxes above posts offputting?
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
testing email notification - please ignore
 
martin

martin

(deceased)
Joined
Oct 2, 1971
Messages
2,705
Reaction score
61
Congrats Hilary!
happy.gif

A fine job by Discus, smooth transition.
 
martin

martin

(deceased)
Joined
Oct 2, 1971
Messages
2,705
Reaction score
61
One imperfection: when I choose 'refresh' in my browser (IE) new posts aren't shown anymore, not on the search results page and probably also not on other pages (didn't check). I have to do a new search to see them.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Hopefully it's just a search result thing... let me have a look...

I haven't found anything to complain about yet. I get the impression that no-one else has noticed any difference. (Except the hopefully-continuing absence of our friend, O.Casino.)

(The way we're all labelled 'new members' in our profiles is sweet, in a way. But maybe I can get rid of that field.)
 
J

jeanystar

Guest
I kind of miss the "new messages" link.......unless I am doing something wrong.... when i search for new messages, the categories come up and I am told how many new messages there are,

But when I click on the category (eg Friends Area,) the whole thread comes up from the beginning, and there is no way of knowing who posted........you sort of have to go through the whole thread,rather than being able to click on the new posts by author.

also I noticed that when I am on netscape, not aol, if I click on a profile, I am not able to return to the page I was on. Netscape is a strange territory, though.

not complaining, just observing!
 
J

jeanystar

Guest
never mind that last part.......i can x out the profile page on netscape too and return to the former page.
 
martin

martin

(deceased)
Joined
Oct 2, 1971
Messages
2,705
Reaction score
61
Did you use Date/Keyword Search (under Utilities) Jeany?
Works like the old 'New Messages' here, when I choose 'Search by Date' next.
 
hilary

hilary

Administrator
Joined
Apr 8, 1970
Messages
19,275
Reaction score
3,513
Yes - looks like they've tidied keyword search and 'new messages' into one page.
 
martin

martin

(deceased)
Joined
Oct 2, 1971
Messages
2,705
Reaction score
61
The 'imperfection' that I mentioned earlier is apparently limited to the search results page.
When I post and someone responds I see his/her post when I refresh the page.
happy.gif
 
J

jeanystar

Guest
I figured it out, HiLary, sometimes it takes me a LOOOOONG time to figure out the obvious. thanks! J
I needed only to click on the little plus sign to the left of the category in order to see the new posts.
 
You must log in or register to reply here.

Clarity,
Office 17622,
PO Box 6945,
London.
W1A 6US
United Kingdom

Phone/ Voicemail:
+44 (0)20 3287 3053 (UK)
+1 (561) 459-4758 (US).

Top