Results 1 to 15 of 15

Thread: It's back!

  1. #1
    IHF Member
    Join Date
    Feb 2010
    Location
    Winterthur, Switzerland
    Posts
    464

    It's back!

    Just wanted to say that I am very happy that my favourite forum is back again! Many thanks to everyone working on getting it back!

  2. #2
    IHF Member
    Join Date
    Apr 2011
    Location
    Nottingham
    Posts
    268
    I'm not sure that I have anything to add but I would definitely like to agree with this. Thank you to all who have helped.

  3. #3
    IHF Member Viperdan's Avatar
    Join Date
    May 2008
    Location
    Newcastle, UK
    Posts
    1,173
    Yep, Graham is the main man to thank for that...

    Did we find out who was responsible? I kept myself updated via Facebook, but all I read was that it happened to multiple forums.


  4. #4
    IHF Staff Graham's Avatar
    Join Date
    Apr 2004
    Location
    Bristol, UK
    Posts
    4,245
    Thanks all. It was a security vulnerability that a hacker found and made a very widespread attack on all vBulletin forums. Unfortunately, it was a vulnerability that vBulletin had previously been unaware of.

    Changes have been made to protect us from this attack again. Once the forum has stabilised over the next few weeks, further changes will be made to tighten everything down further. Will create a bit more work for us when we need to do system upgrades, but will help ensure we don't fall victim to any other security vulnerabilities that vBulletin haven't found, yet.

    Graham.
    "It's very hard to talk quantum using a language originally designed to tell other monkeys where the ripe fruit is."
    ---
    "Night Watch", Terry Pratchett

  5. #5
    IHF Member Bennison's Avatar
    Join Date
    May 2006
    Location
    Hagestad, Sweden
    Posts
    3,183
    I too just want to say thanks for all the work that you put down to keep the site running.
    Cum bibam cervisiam gaudeo.

  6. #6
    Banned
    Join Date
    Apr 2013
    Location
    Vrnjačka Banja
    Posts
    85
    Maybe 10-15 or even more days before this site is shut down, there were everyday aproximalty 200 users in every moment on site. It was very strange becouse there were just max 100-120 users before that for years....So i cant belive that administrators of site didnt find that that is a very strange especially if just 2-3 users is log on of 200 users....It was obvious that someone come to damage site
    Sorry, but next time be more carefull...

  7. #7
    Banned
    Join Date
    Apr 2013
    Location
    Vrnjačka Banja
    Posts
    85
    As i see, at this moment once again there is about 200 users on site with just one registered forum member. It is too much for the average attendance for this site. I am afraid of atacking once again....Please check it very carefully...

  8. #8
    IHF Member Viperdan's Avatar
    Join Date
    May 2008
    Location
    Newcastle, UK
    Posts
    1,173
    Quote Originally Posted by badoo lover View Post
    As i see, at this moment once again there is about 200 users on site with just one registered forum member. It is too much for the average attendance for this site. I am afraid of atacking once again....Please check it very carefully...
    Badoo Lover...

    If you go on to the homepage, and scroll to the bottom, it tells you members and guests online. Currently, I'm the only user logged in, with 154 guests.

    The guests can either be people who have not yet registered/logged in and are just browsing the forum, or robots / spiders which are used by search engines to index pages.

    they are safe and not a problem.


  9. #9
    IHF Staff Graham's Avatar
    Join Date
    Apr 2004
    Location
    Bristol, UK
    Posts
    4,245
    Quote Originally Posted by badoo lover View Post
    Maybe 10-15 or even more days before this site is shut down, there were everyday aproximalty 200 users in every moment on site. It was very strange becouse there were just max 100-120 users before that for years....So i cant belive that administrators of site didnt find that that is a very strange especially if just 2-3 users is log on of 200 users....It was obvious that someone come to damage site
    Sorry, but next time be more carefull...
    Sorry, I didn't see this when it was first posted but feel I have to respond.

    First, we have 6736 registered users on this site of which 340 have visited the board within the last 100 days. Given that our userbase is spread across all 24 timezones and the fact that the period you mention is from before the hockey season started, it was not unusual for us to only have 2-3 registered users online at any time.

    We pretty much run with a constant 100+ unregistered users looking at the site. If you click on the "xxx users online" link you can see a break down of who they are. It's typically a 50/50 split between unregistered users viewing the forum (we have a policy of not making this site private and registration is only required to post) and spiders from search engines (particularly Google, Bing and Baibu).

    If you look at our record for most ever users online, it was 792 and happened three years before we were attacked.

    None of the things you mention were in any way unusual and were in no way an indication of the particular attack that we fell victim to.

    Unregistered users are not an issue as they can't make any changes to the forum. Only registered users can and this was the source of our problem. A security vulnerability was found in the vBulletin software that allowed someone to register themselves as an administrator on the forum. That is the only way that the forum can be attacked and this particular security vulnerability has been patched by the software vendor and installed onto our forum. In addition to that, I have created my own database hack that alerts me whenever an admin account is created. This is not something that the vBulletin software provides, unfortunately.

    We can't promise we'll not be victim to another attack as we are obviously, to a large extent, at the mercy of our software vendor and the hacking community. However, both we and our software vendor (one of the largest in the world in this particular area) take security very seriously. When vBulletin find a problem, they quickly release a patch and we install it as quickly as we possibly can. When they released a new patch last week it was installed on this forum within 6 hours. In addition, we follow all vBulletin security recommendations and I have added a few of my own to tighten security further.

    I assure you, we are very, very careful when it comes to security.

    Graham.
    Last edited by Graham; 14-10-2013 at 10:37.
    "It's very hard to talk quantum using a language originally designed to tell other monkeys where the ripe fruit is."
    ---
    "Night Watch", Terry Pratchett

  10. #10
    Banned
    Join Date
    Apr 2013
    Location
    Vrnjačka Banja
    Posts
    85
    Quote Originally Posted by Viperdan View Post
    Badoo Lover...

    If you go on to the homepage, and scroll to the bottom, it tells you members and guests online. Currently, I'm the only user logged in, with 154 guests.

    The guests can either be people who have not yet registered/logged in and are just browsing the forum, or robots / spiders which are used by search engines to index pages. they are safe and not a problem.
    What is purpose of them?

    Why you dont block them?

  11. #11
    IHF Member Viperdan's Avatar
    Join Date
    May 2008
    Location
    Newcastle, UK
    Posts
    1,173
    Quote Originally Posted by badoo lover View Post
    What is purpose of them?

    Why you dont block them?
    They index pages on search engines, i.e. the "Google Bot" will will search through this entire forum and index pages. I created a thread for the EIHL.. So if searched "EIHL forum" in Google, more than likely that thread will be there.

    Why do you think this website is so big, Graham / Karsten (Karsten is no longer an admin here) would have done quite a bit of SEO.

    The next time you create a thread, just copy the title and paste it in Google. It is more or less instantly indexed, that's thanks to the bots.

    It isnt as simple as that, but you get the idea.


  12. #12
    IHF Member Viperdan's Avatar
    Join Date
    May 2008
    Location
    Newcastle, UK
    Posts
    1,173
    If robots / spiders were blocked then nothing would appear in search engines.


  13. #13
    Banned
    Join Date
    Apr 2013
    Location
    Vrnjačka Banja
    Posts
    85
    Ok, I understand now...
    But is it possible, that spiders dont show up like they are users on forum. I suppose that that can arange, becouse i would really want to know what is the real average attendance on this forum from real members or just visitors wihout that spiders...
    It is not real to have 200-250 visitors if half of them are just spiders....

  14. #14
    IHF Staff Graham's Avatar
    Join Date
    Apr 2004
    Location
    Bristol, UK
    Posts
    4,245
    Quote Originally Posted by badoo lover View Post
    What is purpose of them?

    Why you dont block them?
    As Viperdan said, they ensure that we are present in search engine results.

    - Type "international ice hockey" into Google. We are the 15th website returned.
    - Type "international ice hockey forum" into Google. We are the first website returned.
    - Type "khl forum" into Google. We are the ninth website returned.
    - Type "eihl forum" into Google. We are the fourth website returned.

    If we ban search engine spiders, we won't appear at all. And I'd imagine that over 90% of our users found us through a search engine. So, if we ban search engine spiders, we'd be as well shutting the forum down.

    You seem to be obsessing about unregistered users. These do not cause us any problems as they can only interact with the forum in a read-only mode. The only issue that an unregistered user can cause us is a Denial of Service attack. But, they can do that whether or not we allow them to access our website or not.

    This attack was created by a hacker who discovered a bug in the vBulletin software that allowed the creation of a registered user with admin privileges. You're looking in completely the wrong place for the source of the problem we experienced.

    Graham.
    "It's very hard to talk quantum using a language originally designed to tell other monkeys where the ripe fruit is."
    ---
    "Night Watch", Terry Pratchett

  15. #15
    IHF Staff Graham's Avatar
    Join Date
    Apr 2004
    Location
    Bristol, UK
    Posts
    4,245
    Quote Originally Posted by badoo lover View Post
    Ok, I understand now...
    But is it possible, that spiders dont show up like they are users on forum. I suppose that that can arange, becouse i would really want to know what is the real average attendance on this forum from real members or just visitors wihout that spiders...
    It is not real to have 200-250 visitors if half of them are just spiders....
    For what purpose?

    There are hacks you can install that tries to recognise spiders. But, they typically cause problems every time you have to upgrade the forum software. We do have some hacks/plug-ins installed that provide genuine benefit to the forum. I see little value in this one, so it is not one that I am considering installing.

    Graham.
    "It's very hard to talk quantum using a language originally designed to tell other monkeys where the ripe fruit is."
    ---
    "Night Watch", Terry Pratchett

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •