Java-Gaming.org    
Featured games (81)
games approved by the League of Dukes
Games in Showcase (483)
Games in Android Showcase (110)
games submitted by our members
Games in WIP (550)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: 1 [2] 3
  ignore  |  Print  
  A successful attack on SMF  (Read 16610 times)
0 Members and 1 Guest are viewing this topic.
Online kappa
« League of Dukes »

JGO Kernel


Medals: 76
Projects: 15


★★★★★


« Reply #30 - Posted 2011-01-17 22:03:11 »

yay, JGO is back Smiley
Offline teletubo
« League of Dukes »

JGO Ninja


Medals: 48
Projects: 4
Exp: 8 years



« Reply #31 - Posted 2011-01-17 22:13:21 »

well quicker than expected I suppose !


btw thanks Riven and good luck again ...

Offline appel

JGO Wizard


Medals: 50
Projects: 4


I always win!


« Reply #32 - Posted 2011-01-17 22:20:37 »

gj riven, i hope it's secure now.

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #33 - Posted 2011-01-17 22:22:26 »

This is a stripped down version of JGO:

1. There are no banhammers
2. There are no moderators
3. There are no admins (I have to run a script on the server to make myself an admin)
4. There are no uploads (attachments/avatars)
5. There is no custom theme
6. There is no wiki
7. There is no anti-spam activation page (expect quite a bit of spam in the next few... days?)

I'll take it slowly from here...

It was quite an expensive weekend Smiley

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline DzzD
« Reply #34 - Posted 2011-01-17 22:37:32 »

yay, JGO is back Smiley
Smiley cool

Offline aazimon
« Reply #35 - Posted 2011-01-17 23:17:08 »

Thanks for all you do, Riven.
I'll glad it's back up.
Offline Mike

JGO Ninja


Medals: 71
Projects: 1
Exp: 6 years


Java guru wanabee


« Reply #36 - Posted 2011-01-17 23:18:32 »

Thanks a ton for putting it up so quickly Riven, it was really weird to see not see JGO anymore when I clicked on the link a few times a day...

My current game, Minecraft meets Farmville and goes online Smiley
State of Fortune | Discussion thread @ JGO
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #37 - Posted 2011-01-17 23:20:39 »

99% of the time I was simply waiting... waiting for the ISP (until 10AM today), waiting for my dayjob to end (until 5PM), having delightful dinner at my parents' (until 8PM), waiting for the train (until 9:30PM), waiting for the mysqldump upload (until 9:45PM)... waiting for the import in the database... then, finally... messing around in the admin-interface!

Okay, I admit I spend a lot of time locking down the server (firewall, config files), before restoring JGO.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline Alan_W

JGO Knight


Medals: 8
Projects: 3


Java tames rock!


« Reply #38 - Posted 2011-01-17 23:58:51 »

Thanks Riven for getting the forum back online.

Time flies like a bird. Fruit flies like a banana.
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #39 - Posted 2011-01-18 00:06:19 »

Syntax highlighting and custom activation page back in (will look better with a logo).

1  
2  
3  
4  
5  
6  
7  
public class HelloServer
{
   public static void main(String[] args)
   {
       new ServerSocket(80);
   }
}

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline CommanderKeith
« Reply #40 - Posted 2011-01-18 00:55:13 »

Phew! Glad all's well again.

Hooray for Riven and long live JGO

Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #41 - Posted 2011-01-18 01:09:05 »

Before anybody gets freaked out, to prevent the hacker from (still) being logged in under my account, I changed the serial in the cookie so that all sessions were killed. (a few sessions survived the server transfer!)

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline SimonH
« Reply #42 - Posted 2011-01-18 01:16:06 »

JGO is back! Riven, U R A STAR!

edit:Yay plus! I got my siggy back! Whoop!

People make games and games make people
Offline SwampChicken
« Reply #43 - Posted 2011-01-18 01:18:11 »

I send my thanks to all those who helped get my fave site back up. And I curse thee script-kiddy scum who have nothing better to do than screw with people's sites.
Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 11
Exp: 10 years


Game Engineer


« Reply #44 - Posted 2011-01-18 01:59:03 »

Syntax highlighting and custom activation page back in (will look better with a logo).

1  
2  
3  
4  
5  
6  
7  
public class HelloServer
{
   public static void main(String[] args)
   {
       new ServerSocket(80);
   }
}

Are you expected to run that code and see what it gives you? I honestly find that too difficult otherwise - I would have no idea how to solve that in my head, especially given I have no idea what the hashCode() function will return without running it.

Won't that keep quite a few noobs out? I guess maybe that's not an issue?

Anyway, awesome congrats on getting it back up and thanks again.

See my work:
OTC Software
Offline kaffiene
« Reply #45 - Posted 2011-01-18 04:00:28 »

Riven - you rock!  Thanks for all the work, bro, I know this isn't fun for you.  The community really appreciates it though.   Smiley
Offline Nate

JGO Kernel


Medals: 145
Projects: 4
Exp: 14 years


Esoteric Software


« Reply #46 - Posted 2011-01-18 04:08:30 »

Won't that keep quite a few noobs out?
Sounds good to me! Smiley

Ahhhg! I lost one appreciation point! I demand a recount!

Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #47 - Posted 2011-01-18 06:37:47 »

Syntax highlighting and custom activation page back in (will look better with a logo).

1  
2  
3  
4  
5  
6  
7  
public class HelloServer
{
   public static void main(String[] args)
   {
       new ServerSocket(80);
   }
}

Are you expected to run that code and see what it gives you? I honestly find that too difficult otherwise - I would have no idea how to solve that in my head, especially given I have no idea what the hashCode() function will return without running it.

As if you could have calculated the result of the loop in your head. I don't get it. There is a question, there is an answer. Who cares how you solve it.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline zammbi

JGO Coder


Medals: 4



« Reply #48 - Posted 2011-01-18 07:28:18 »

I know you were worried about SMF 2 being a RC but its been in RC for about 2 years. From the comments I've read on the forum its stable. It might remove these security worries. It seems the 1.X versions are not being worked on any more.

Though are we still using "1.1.12"... which is from February 10, 2007.

Anyway glad the forums are back up.

Current project - Rename and Sort
Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #49 - Posted 2011-01-18 07:40:44 »

SMF 1.1.12 is from Nov 2010

http://www.simplemachines.org/community/index.php?topic=407256.0

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline cylab

JGO Ninja


Medals: 43



« Reply #50 - Posted 2011-01-18 09:13:41 »

Syntax highlighting and custom activation page back in (will look better with a logo).
Are you expected to run that code and see what it gives you? I honestly find that too difficult otherwise - I would have no idea how to solve that in my head, especially given I have no idea what the hashCode() function will return without running it.

As if you could have calculated the result of the loop in your head. I don't get it. There is a question, there is an answer. Who cares how you solve it.

I ran the code and the result made me smile Wink
Would be cool to have E=mc^2 in there...

Mathias - I Know What [you] Did Last Summer!
Online kappa
« League of Dukes »

JGO Kernel


Medals: 76
Projects: 15


★★★★★


« Reply #51 - Posted 2011-01-18 09:39:47 »


Exactly, if you aren't able to answer that question, then you aren't yet ready to enter the java games arena and should probably read some getting started guides for java Smiley
Offline cylab

JGO Ninja


Medals: 43



« Reply #52 - Posted 2011-01-18 09:42:38 »

But it would be cool to give some more hints, so that at least the noobs that cannot code but are able to think and comprehend are able to join.

Mathias - I Know What [you] Did Last Summer!
Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #53 - Posted 2011-01-18 10:06:53 »

As I noted just before the outage, spammers are still managing to register. It seems that there are actually three certainties in life: death, taxes and spammers.

Huge props to Riven for his efforts. It sounds like this attack was a shuddering nightmare for your server, so to have the forum back up so soon deserves more than an appreciate++. Thankyou.

Does a more secure forum package exist? From reading the #lwjgl logs it sounds like SMF is a gaping orifice of fail on the security front, and our installation in particular is thoroughly compromised. If it's going to be a ball-ache to fix up then I wouldn't be opposed to a fresh start: stick the current forum into a read-only archive, everyone re-registers and carries on as before.
It's happened before IIRC, when we moved to YABB.
Offline halfwitgoat

Junior Member


Projects: 2



« Reply #54 - Posted 2011-01-18 10:09:37 »

Thanks for all the good work, Riven.

If we need a private server, I'd be happy to donate.

Offline Riven
« League of Dukes »

JGO Overlord


Medals: 781
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #55 - Posted 2011-01-18 10:17:24 »

As I noted just before the outage, spammers are still managing to register. It seems that there are actually three certainties in life: death, taxes and spammers.

Huge props to Riven for his efforts. It sounds like this attack was a shuddering nightmare for your server, so to have the forum back up so soon deserves more than an appreciate++. Thankyou.

Does a more secure forum package exist? From reading the #lwjgl logs it sounds like SMF is a gaping orifice of fail on the security front, and our installation in particular is thoroughly compromised. If it's going to be a ball-ache to fix up then I wouldn't be opposed to a fresh start: stick the current forum into a read-only archive, everyone re-registers and carries on as before.
It's happened before IIRC, when we moved to YABB.

Well, the databasedump was not infected. Whatever naughty stuff is in the database, it won't make it through to the visitor, because SMF does proper escaping of values in the database. I made a fresh install of SMF, on a fresh server. I have no reason to assume 'our installation is thoroughly compromised' ... it was, I hope.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Offline zammbi

JGO Coder


Medals: 4



« Reply #56 - Posted 2011-01-18 10:21:58 »

Woops. Got confused with 1.1.12 with 1.1.2.

Current project - Rename and Sort
Offline Matzon

JGO Knight


Medals: 19
Projects: 1


I'm gonna wring your pants!


« Reply #57 - Posted 2011-01-18 10:38:09 »

Disable profile viewing for non-registered users - thats the primary use of signature spamming

Offline ryanm

Senior Member


Projects: 1
Exp: 15 years


Used to be bleb


« Reply #58 - Posted 2011-01-18 11:33:15 »

As I noted just before the outage, spammers are still managing to register. It seems that there are actually three certainties in life: death, taxes and spammers.

Huge props to Riven for his efforts. It sounds like this attack was a shuddering nightmare for your server, so to have the forum back up so soon deserves more than an appreciate++. Thankyou.

Does a more secure forum package exist? From reading the #lwjgl logs it sounds like SMF is a gaping orifice of fail on the security front, and our installation in particular is thoroughly compromised. If it's going to be a ball-ache to fix up then I wouldn't be opposed to a fresh start: stick the current forum into a read-only archive, everyone re-registers and carries on as before.
It's happened before IIRC, when we moved to YABB.

Well, the databasedump was not infected. Whatever naughty stuff is in the database, it won't make it through to the visitor, because SMF does proper escaping of values in the database. I made a fresh install of SMF, on a fresh server. I have no reason to assume 'our installation is thoroughly compromised' ... it was, I hope.
Good news!
Offline appel

JGO Wizard


Medals: 50
Projects: 4


I always win!


« Reply #59 - Posted 2011-01-18 14:08:56 »

What about user passwords?

Check out the 4K competition @ www.java4k.com
Check out GAMADU (my own site) @ http://gamadu.com/
Pages: 1 [2] 3
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

CopyableCougar4 (15 views)
2014-08-22 19:31:30

atombrot (28 views)
2014-08-19 09:29:53

Tekkerue (25 views)
2014-08-16 06:45:27

Tekkerue (23 views)
2014-08-16 06:22:17

Tekkerue (15 views)
2014-08-16 06:20:21

Tekkerue (22 views)
2014-08-16 06:12:11

Rayexar (61 views)
2014-08-11 02:49:23

BurntPizza (39 views)
2014-08-09 21:09:32

BurntPizza (31 views)
2014-08-08 02:01:56

Norakomi (38 views)
2014-08-06 19:49:38
List of Learning Resources
by Longor1996
2014-08-16 10:40:00

List of Learning Resources
by SilverTiger
2014-08-05 19:33:27

Resources for WIP games
by CogWheelz
2014-08-01 16:20:17

Resources for WIP games
by CogWheelz
2014-08-01 16:19:50

List of Learning Resources
by SilverTiger
2014-07-31 16:29:50

List of Learning Resources
by SilverTiger
2014-07-31 16:26:06

List of Learning Resources
by SilverTiger
2014-07-31 11:54:12

HotSpot Options
by dleskov
2014-07-08 01:59:08
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!