Announcement

Collapse
No announcement yet.

Website Update and some bad news

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Website Update and some bad news

    The software we use to run this site, vBulletin, is the same software we've used for many years. In the last few months it seems to have become somewhat popular among hackers and numerous really severe vulnerabilities have been found in it. As one of the oldest communities online, we are easy to find. So when someone finds a vBulletin vulnerability, we are among the first hit. We are taking some steps, but it has been tough to do with volunteer time. We upgraded the web site today to the latest version of vBulletin because there's yet one more vulnerability out there and we were seeing it used against us.

    On August 11, we had a security breach and a hacker deleted all our files. The entire web site, gone in under a minute. Good news is, that's not enough to take the whole site down. We have lots of backups and we were back in 90 minutes. Bad news is, our most recent backups were from July 26. So attachments that were uploaded between July 26 and August 11 2020 are gone, unrecoverably. I'm sorry. Attachments are files on our server, whereas the text you read (posts like this one) are records stored in a database. The attack did not affect the database, which is why all the posts and stories are all exactly as you expect them to be. But the pictures were files and the files uploaded after July 26 are gone.

    There have been 2 high severity vulnerabilities lately. One in May and one just now. If we hadn't upgraded back when we did (beginning of April), this site would have been ruined by the attack in May. The old server and old software was not patched and couldn't be patched to protect against that vulnerability. Thanks to the upgrades and moving to a new server, it was an annoying week with some weird glitches in the web site, but otherwise it mostly worked and it wasn't ruined. This most recent vulnerability was very severe. Thanks to being up-to-date and having backups, it didn't hurt us too much. Again, the old site would have been ruined and there would likely be nothing we could do to recover. So, as bad as it was, it could have been much worse.

    I have high standards for how this web site should run. It should be faster. It should be more reliable. It shouldn't be wrecked every couple of months. I'm doing what I can. I console myself a bit by remembering what does work today that didn't work for a long time.

    Attachments like pictures didn't work at all for a really long time. Signing up for a new account used to be "send Jim a personal email and wait for him to create your account by hand." Now people sign up themselves, and Jim just has to approve/disapprove. Email didn't work for years. Now you get email messages if you are subscribed to a topic. Users couldn't upload their own avatars for a long time. They can now. The old site may or may not have had backups that could restore from an attack like this. We do, and we proved they work by using them.

    So I hope I can continue to earn your trust and keep it running better and better. I understand how important this site is to its members and I intend to keep improving things. I'm sorry we've lost some files and had some downtime.

    OldGrumpyDad

    P.s. computer security is super important and it's my area of expertise. If you want to see what I think you should do to keep yourself safe online, take a look at this thread.

    #2
    Thanks for all your hard work OGD!
    We will move forward.

    Comment


      #3
      Tough break. I know that what can be done, will be done.

      Comment


        #4
        thank you so much for standing for us!
        you are great!
        69yo male T12 complete since 1995
        NW NJ

        Comment


          #5
          Thank you so much for your diligence and hard work on behalf of this community.
          MS with cervical and thoracic cord lesions

          Comment


            #6
            Very grateful for all the hard work and dedication OGD & Oddity, y'all literally saved the site.

            Comment


              #7
              appreciate all you time.. sucks you have to deal with such crap.

              Comment


                #8
                From all the SCI-Nurses, we appreciate so much the work of Oddity and GrumpyOldDad in keeping our site functional and safe!

                (KLD)
                The SCI-Nurses are advanced practice nurses specializing in SCI/D care. They are available to answer questions, provide education, and make suggestions which you should always discuss with your physician/primary health care provider before implementing. Medical diagnosis is not provided, nor do the SCI-Nurses provide nursing or medical care through their responses on the CareCure forums.

                Comment


                  #9
                  i think your pretty darn great and smart

                  Comment


                    #10
                    thank you

                    Comment


                      #11
                      We appreciate so much the work of Oddity and GrumpyOldDad in keeping our site functional and safe! Thank you!
                      "Yesterday's History,Tomorrow's a Mystery"

                      Comment


                        #12
                        Thanks, folks. I appreciate the kind words.

                        Comment


                          #13
                          Getting the site back in 90 minutes is miraculous. Your's and Oddity's hard long work is paying off.
                          Thank you,
                          I have had periodic paralysis all my life. I lost my ability to walk in 2011 beginning with a spinal block, which was used for a hip fracture caused by periodic paralysis.

                          Comment


                            #14
                            Thank you guys very much for updating this site. I'm so grateful, I cannot express my gratitude, This site is a resource like no other.
                            Injured on July 8th 2017 at 28 years old.
                            Fractured C4 - C7, Incomplete.

                            Facebook Email

                            Comment

                            Working...
                            X