iSoaker.net :: Soaking the world!

Database fully restored. Backup was a couple weeks old though, anything that took place after the forum sections were organized needs to be redone.

Who ever hacked WWC is an idiot and can go to hell! Well I am glad it's back up and running again!

When was it hacked? Is this an old thing or are you talking about the spam? I made an account on WWc recently and posted a war report because someone re enabled registration.

Fear, the hack happened yesterday or maybe the day before. I'm not sure when it started, but it was giving SQL errors yesterday and the board was unaccessible.

Now if only you could find the one who did it... If he's able to hack the database, he probably took plenty of steps to cover up. I know next to nothing on this though, so I hope whatever he exploited gets fixed to prevent the same thing in the future. iSn and SSC have never had this problem in the past few years it seems. (just the occasional bot that gets through)

C-A_99 wrote:Now if only you could find the one who did it... If he's able to hack the database, he probably took plenty of steps to cover up. I know next to nothing on this though, so I hope whatever he exploited gets fixed to prevent the same thing in the future. iSn and SSC have never had this problem in the past few years it seems. (just the occasional bot that gets through)

Same here. Who in the world would want to hack a watergun message forum? I just don't understand. What is the point in that? Are phbb boards more susceptible to this than whatever Isoaker and SSC use?

marauder_4 wrote:Same here. Who in the world would want to hack a watergun message forum? I just don't understand. What is the point in that? Are phbb boards more susceptible to this than whatever Isoaker and SSC use?

Here's what I've always wanted to know: why WWc? It's not new, and it shouldn't be on spammers' and trollers' radars? Just the volume of anonymous and trolling members who've signed up starting several months into its tenure has been amazing.

I think phpBB itself has some pros and cons. Unlike, say, vBulletin (which is what SSC uses), phpBB is open source, which means anyone can read or modify the source code. This used to be a bad thing because crackers could easily find chinks in the armor, but I've read that for phpBB 3, they got third-party auditors to review every single line of source code for security purposes. So the core software is no longer the issue.

However, bugs always come up. They're fixed quickly for popular open-source software, but you need to bother to update it.

In addition, we haven't spent as much time tweaking these forums. I don't know about iSoaker.net (which uses phpBB), but SSC has several plugins and scripts to help deter crackers, among other things. That's something that comes with time and effort, but yeah, that obviously hasn't happened yet. I suppose another reason I don't want a reboot yet is that we want to be positive that it won't be necessary anymore – sounds like DX has it covered, though.

Who has the time to sit around all day cracking websites like this; and if you can do that why not hone your skills and get paid to do it to specific targets that have cultural/national value or something? I know the government hires anti hackers. I just don't see the point.

Several years ago someone hacked NerfHQ - they had a massive amount of data and no backups; they lost everything. A lot of people targeting sites like this are just kids thinking they're 1337 H4xx0r5.

PhpBB 3 seems much more secure than the old IPB version. Someone did an SQL injection on that one and got in as an admin. I really don't care as long as a recent backup exists and can be successfully imported. Once we get WWc ready for actual community use, maybe Ben or Silence could write some protective scripts. That's not my realm.

IMHO, this is the problem with moving from here to WWC. If it's getting hacked all the time, why do we go there? vBulletin is, from what I've seen, less prone to attack and iSoaker seems to be holding up well. I've never seen either of them attacked.

Hopefully the hacking problem at WWc will be fixed soon, particularly once Lewis (or another) patches up things. As for going there or not, it's a choice to be made by the membership. Considering the small size of the water warfare community, would make more sense to pool our resources for now. Only thing I do know if that I'll be scaling back iSoaker.net at the start of the off-season for my own reasons, primarily from just not having as much free time to properly maintain it the way I'd want to.

Getting some spammers at WWc...does this happen here at iSn? Either a CAPTCHA, a required field, or a custom question should help prevent these people or bots from registering. There's a required field implemented at SSC.

There were things like that at GAoM, but they did not transfer when the skin was. Custom fields take a couple min, I just haven't had time to make the fresh install yet. The problem with the old WWc is it's been sitting for so long that all kinds of crap finds it - the fresh install won't be open until we decide that WWc is officially open.

Lewis wrote:There were things like that at GAoM, but they did not transfer when the skin was. Custom fields take a couple min, I just haven't had time to make the fresh install yet. The problem with the old WWc is it's been sitting for so long that all kinds of crap finds it - the fresh install won't be open until we decide that WWc is officially open.

If a fresh install is what is planned for WWc, I'm always of the opinion the sooner the better. Whenever the install can be done, I'd say if WWc is to be started, it should be started rather than waiting, particularly since we're already in a lull and I fear as "off-season" tends to coincide with people having more work/school to do, that further reduces activity. Just a thought!

Having existing discussion greatly helps a forum run from what I've seen. So I'd be opposed to restarting fresh, but if it'll be much easier, go ahead.

I'm still not completely sure if we should go for WWc or SSC (see my posts in the relevant thread at SSC), but if we're going to start fresh with WWc I'd definitely lean towards SSC.

There be pros and cons to every choice. Fresh starts at WWc offer a new blank slate from which to build, but of course, it is also akin to re-inventing the wheel in another sense. In either scenario, I'll still be going ahead with changes to iSoaker.net. I leave it up to others to sort things out in this case.

There are two goals: a working forum and a working, central forum. If WWc isn't up to speed by the time iSoaker has to scale back, then we have to settle for only the first goal, which can satisfied by SSC. Are we committed to making sure WWc's forums are stable and updated? Even better, what can the rest of us do to get there, and what can we do now? I'm heading to college next week or later, others have work, Ben's probably heading back soon, iSoaker's obviously short of time, etc. Something has to happen now.

Hopefully WWc will work, but if it doesn't, my boards could be usable. I'd be willing to maintain and look after them.

The old board worked in HTML instead of BB code, thus all the old posts have been messed up.

I personally prefer HTML as it's more commonly used and more flexible, but perhaps most users find BB code easier?

C-A_99 wrote:The old board worked in HTML instead of BB code, thus all the old posts have been messed up.

I personally prefer HTML as it's more commonly used and more flexible, but perhaps most users find BB code easier?

BB code is typically used more as a safety feature since allowing HTML code can open up more vulnerabilities depending on what code is actually put into a post. I'd also prefer using HTML code, but there just be too many risks allowing users to use it on a forum, IMO.

Yeah, cross-site scripting is the main fear here. There are algorithms for whitelisting (and even better blacklisting) particular HTML tags, but you have to deal with lots of edge cases. Without writing a book, it's much simpler for the forum software to remove all angle brackets, etc. and then add in its own.

I'm a fan of neither HTML nor BBcode. HTML is more flexible, but BBcode is simpler because it adds a good amount of markup for you behind the scenes. Both are ugly and unsuitable for human editing.

Edit: Hey, I'm getting a network timeout error at WaterWarfare.com. Is the server up and running properly?