BigCloset TopShelf
TopShelf TG Fiction in the BigCloset!
The Hatbox
Checks can be made out & sent to:
Joyce Melton
1001 Third St.
Space 80
Calimesa, CA 92320
USA
Note: $6000 is the operating, maintenance and upgrade budget. Amounts received in excess of the $6000 will be applied to long term debt accrued over the last 19 years.
If you prefer, you can donate through Patreon:
Become a Patron!
Thank you!
Comments
Aware
The appropriate people are aware as the problem was due to a hack attack and I'm sure they are in the process of fixing the problem.
Piper's sandbox
All things considered, it is likely that the previous outage was also caused by hacking... we just hadn't seen any evidence of it being anything other than just a glitch in an old forums database until I happened to catch things in the act while working on the ocPortal site. Old forums get finicky after a while and need some extra TLC to keep things running smoothly and we'd thought it was just that cause our outages. But with the hit on the test site and subsequent attacks on both E.E.'s forum at his web comic site and this outage with the unexpected google login panel... we are looking at hacking as a potential source now.
However, any way you look at it; the problem is in Piper's sandbox when it's an attack on either the main story site or forums... because the crystal hall domain runs on one of their servers. So we need to rally all the cheerleaders around Piper (or at the very least keep her in Mountain Dew and Pizza - assuming Piper is sustained by the same nutrients as most other computer peoples :p ) while she works to both fix problems AND lock things down to prevent future abuses/attacks.
Not just Piper's, everybodies
First off, I am not apportioning blame but responsibility. Everybody involved can play their part, it's not just about securing the server but the software too, checking for security updates or configuration issues with FUD and the like.
I have a few sites dotted around the internet, some are left alone because its really no big issue if anything happens, but others I check for updates (less often than I should) and do my best to make sure they don't compromise my or any one else's sites/servers.
Hugs
Cat
-
You can't choose your relatives but you can choose your family.
Given the targets
Report it to the FBI as a suspected Hate Crime.
Hah. The FBI isn't
Hah. The FBI isn't interested in any sort of cybercrime unless there's a politician pushing them.
For a small example, in the past, they've refused to investigate those extortionware infections that tell people that they have to call 'technical support' and pay $300 to remove the 'infections' found on their computer.
1) It's interstate crime. That's Federal, not local.
2) There's a clear trail to follow - a functional phone number.
3) The same infection hits hundreds if not thousands a day.
4) They use TeamViewer (and similar) to connect to your system - easy to get records from there.
Their response? They don't investigate unless you can prove that there's at least $5,000 in damages. (I had a couple of customers that did try to get them to investigate) Any one computer is de-facto less than $5,000 in damages to them.
Oh, yeah - if you back trace them, and take down their systems? Then they'll call the FBI to investigate _you_, as you just cost them tens of thousands of dollars in blackmail and extortion.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
Damn!
So if you make sure your theft is classified as "Federal" and "Not Local", and also keep each victim's loss under $5,000 you can get away with it indefinitely?
How Stupid!(the government that is)
>i<
if it is a cracker
if it is a cracker it could be someone that has a hate on for fudforum script.
look into the history of the term hacker, it was an INCOMPETENT reporter that saddled the label hacker onto criminals, the original "hackers" label was the nickname of the M.I.T. model railway club. ( they earned it but constantly rewiring the model railway control systems to try to improve efficiency. the reporter overheard a conversation and falsely labeled criminal activity on computers as hacking, likely because of the press' label of a hack meaning incompetent, he couldn't see any decent use of the label.)
and fyi, Bill Gates, Steve Jobs, Google creators, Facebook creators, Twitter creators are all hackers, by the TRUE definition of the term.
Stupidity is a capital offense. A summary not indictable.
If you leave Bill Gates off
If you leave Bill Gates off of that list, you're right. (I've known people who worked with him in the IBM days. He didn't have the right mindset to be a hacker - which is why Microsoft managed to become as big as it is now, while fighting, cheating, and abusing well enough to battle off IBM and the other goliaths in the office/technology industry)
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
And what about Stevie boy...
whining and crying to the courts, suing everyone on the planet who built a GUI into their product and used a Mouse as a pointer for patent infringement? Spoiled little boys all of them.
I don't know that we can
I don't know that we can point at Jobs about the lawsuits. Keep in mind that Apple even tossed him out for years - and that was during the GUI lawsuit wars. He came back in because they'd made a lot of bad decisions, and turned the company back around. I just wonder why Woz wasn't more involved in the company.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
For what it's worth, I tried
For what it's worth, I tried several things that I could do as an ordinary user. For example disabling javascript didn't affect that [censored] redirect. So it isn't a javascript hack.
I checked the source code to page I was getting redirected from (ctrl-u in most browsers). Didn't find the old "hide a refresh in a meta tag" trick (or a couple others). That's not 100 % because there are tricks where the source code you get when you load the page isn't the code on the server, but...
So after a bit of research on the web, it would seem that all the rest of the tricks require messing with things like the .htaccess file or even the Apache server (or whatever the site uses instead)
At this point that means somebody has *way* too much access to the site. and is at least a little sneaky. Also that fixing it is going to require a lot of messy, painstaking checking of things.
Mind you, I'm far from an expert on a lot of this, but as a "talented amateur", this is what I've come up with.
Regardless, we've got rats in the woodwork and need an exterminator.
Brooke brooke at shadowgard dot com
http://brooke.shadowgard.com/
Girls will be boys, and boys will be girls
It's a mixed up, muddled up, shook up world
"Lola", the Kinks