Issues with your account? Bug us in the Discord!
Forums Upgraded
Random Chaos
Actually Carefully-selected Order in disguise
in Zocalo v2.0
I have upgraded the forums to vBulletin 5.0. Let me know if anything is broken. Styling will be done over the next few days.
Comments
[LIST=1]
[*][COLOR=#ff0000][B]CHANGE YOUR PASSWORD NOW![/B][/COLOR] The forums were compromised. I know that the spammer got into at least one admin account (don't know which). That means he probably compromised the encrypted password database, and probably has your password.
[*]The site has no content. Yes, that's right, nothing is on the website except for the index page and the forums. Everything else has to be scoured for attack vectors from the spammer. He hit everywhere, and it's going to take weeks for me to go through every file to make sure nothing malicious is sitting waiting to be executed.
[*]The new forums are slow. Nothing I can do - vBulletin is aware of the issue and they are working on it. I'll upgrade the forums regularly over the next several months until they speed up. Until then, we have to live with slow forums.
[/LIST]
How is changing my password going to help, I'm not an admin... I changed it anyway. The smileys are offline. Let me guess Mister Scott, next Tuesday?
Other than that, well done!! :-)
How is changing my password going to help, I'm not an admin... I changed it anyway. The smileys are offline. Let me guess Mister Scott, next Tuesday?
The forum is so slow, you don't want to edit your posts. I actually got an internal server error just trying to post this message.
Other than that, well done!! :-)
As for changing your password - the reason is that the spammer could use your account to post to our site - or even worse, if you use that same password on other sites, access them also.
Good job RC!
It is like being on a new ship and not everything is working. :D
If you really, really like the default skin, you can still choose it at the bottom.
As for quoting, no clue. We are running a BETA version of the forum software, so I expect some issues. But it was either that or upgrade to the latest 4.x version, then again in a couple months when 5.x came out. Twice the work, and I wouldn't have had time.
Patience will be required and as well as a lot of elbow grease. ;)
Spammer hit again. I've shut down every last mod and hosted site and reset our entire site. If he gets in now, he's coming in through the server, not our code, in which case we will have to look at leaving Dreamhost since they are virtually non-responsive to this kind of thing from what I've experienced in the past.
Well, that's what we get for using a beta!
[B]test[/B]
...Awww... :(
Note: At the very least, basic HTML is enabled in posts. Just a FYI. ;)
Also, fine, I'll get 1password. I'm tired of living in fear. Password databases cracked, Twitters hacked, SSNs stolen. Time to take a measure of control over the madness and actually use some of those security practices I tell everyone to do.
What I do know is that:
[LIST=1]
[*]Initial vector of the hack appears to be the Wiki.
[*]After that, the hacker got into our SSH accounts and our forum admin accounts.
[*]After cleaning up the entire main site and resetting all passwords and upgrading the forums and shutting down every other page on the main site, it seems he still had a way in, probably through a mod somewhere. So those are now down too.
[/LIST]
I'll hopefully be able to audit all the hosted mods over the next couple of weeks and bring some of them back up. As Sanfam said today, the internet can live without the mods for a couple weeks.
I am still working on skinning the forums. Right now the thread view, forum view, and forum list are pretty much passable. I still need to hit the user pages, the popup widgets, and a number of other isolated parts. And I still need to look into changing the post graphics to our nice B5 insignia :)
Overall, excluding the obvious bugs with the new software, I think we'll get used to it. It definitely is different.
Oh, and as some of you may have noticed, your Avatars have vanished. I'm not sure exactly where they went. Most of the avatars were preserved, but a few went pop. I tried rebuilding the avatar cache today, but it didn't help. They seem to just be gone.
So, here's the new procedure to EDIT a post. You select the text of your message and copy it before clicking on EDIT. Then you paste it into the blank text box and do your modifications and then save your message. Wow. That's streamlining at its best. :D
As for notifications...you mean you actually got them to stop??? I so far have not. I still get notifications on things I turned off :(
So...apparently vB is adding a user "showsignature" option. The template has it, but they forgot to actually add it to the database. So I just changed the template to make them always on.
.post-signature span[style*="font-size:8px"] {
font-size: 10px !important;
}
*grumble*
Why would they hard code the font sizes into their parser instead of defining them in CSS?