- BC Clan Shoutbox

Author Topic: ATTN Please Read: Regarding Hacking attempt issue.  (Read 7686 times)

Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
ATTN Please Read: Regarding Hacking attempt issue.
« on: October 09, 2011, 07:19:08 pm »
Alright so here's the deal. Apparently this "hacking attempt" issue was more of an issue than we realized. The IT team does not have the time available to address the issue as it currently stands. Our website is incredibly out of date and most of it was hand written. It would take probably 2-3 weeks of full days to get the site up to date and address all the issues.


So in order to correct the issue we have the following options avaiable. Please read the options bellow and pick the one in the pole that you want to do. Each one has benefits and issues so please choose carefully.


Option 1: Strip out the SMF-Joomla bridge and attempt to replace it with one that works correctly. This may or may not solve the issue and it has a high probability of making the site unstable and unrepairable.


Option 2: Strip out the bridge and the forums and start install a new one from scratch. We should be able to migrate the users/posts/settings over so the only thing we would loose is the plugins and modifications made. This has the highest probability of success and we would work as hard as possible to restore the modifications that you guys find important. I.E. Chatbox, calendars, promotion system, forum skin, ajax editing of posts, the reply editor... If you guys want this to happen please let us know what modifications you would like restored first. I believe we could have the site live while we are working on it so the only issues the site may be slightly unstable while we are working on it.


Option 3: Remove the smf bridge and unwrap the forums. This means you would need to go to another link in order to go to the forums and it would require logging into multiple pages. This may or may not work, but it's an idea. This may break the chatbox permanently, so take note.


Option 4: Strip the bridge out and reinstall the forums but do not reinstall the bridge.


I have no idea how long this process would take and i can not guarantee the success of the work but i think we need to finally make a decision and address this problem. I do not know how long this process could take but if all went extremely well I say it could be completed in two weeks.


If anyone has any other ideas please let me know. If any of the other IT people have any ideas on the situation please COMMUNICATE these to me.



Offline Infantryman

  • Fish on!
  • BC Admin
  • BC Regular
  • Posts: 11668
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #1 on: October 09, 2011, 09:07:08 pm »
How about option 5? Leave it alone until it affects me.
“Help a man when he's in trouble and he will remember when he's in trouble again.”

Offline Sly04

  • BC Regular
  • Posts: 68
    • View Profile
    • «RL»
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #2 on: October 10, 2011, 12:02:32 am »
better safe than sorry

Online ATL

  • BC Leaders
  • BC Regular
  • Posts: 4655
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #3 on: October 10, 2011, 05:32:27 am »
I really like having the chat box.  Knome imo, anything your willing to try is acceptable.  I'm pretty sure everyone who currently uses the forums, fully realizes that it's just a matter of time before we are unable to provide what we have in the past.  Thank you for your willingness to give something a try.  I tried several things with Domino the other night, changing passwords, email address, new accounts etc. to no avail. So for them anything would be better than nothing because at the moment that's what a few have is nothing.  Thanks again.  If there's anything I can do to help let me know.


Offline Angel PK

  • BC Regular
  • Posts: 9493
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #4 on: October 11, 2011, 12:14:01 am »
Option 5: Try and boot the forums into OSX Knome.  :googly:

Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #5 on: October 14, 2011, 04:10:22 pm »
Alright, i'll start working on option number 2. It's going to take some work before the changeover is done. I'm going to make sure the website is running and a new bridge is working in a test environment before the move. It'll be pretty obvious when it happens.

So the first part is to start researching what we can accomplish with the upgrade. If anyone would like to help they can help by figuring out if it would be practical to move from joomla 1.5 to joomla 1.7. Or if we should not bother with joomla and just upgrade the bridge and the forums. To that extent we also need to decide what bridge we can use and find documentation on the install process.

Any help would be much appreciated.

Offline Caboose

  • BC Members
  • BC Regular
  • Posts: 839
  • Thread Lurker
    • View Profile
    • My Website
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #6 on: October 15, 2011, 07:17:16 pm »
Option 5. VBulletin

You could keep Joomla as the CMS, but I'd recommend ordering the one with the CMS and Forums combined. It's a lot more secure and permissions are pretty easy to set up. If we get the combo, I can help set it up since I've worked with a VB forum in the past. It's $469 for the Publishing and Mobile Suite (meaning those using Android, iOS, Blackberry, etc... could access easily). Here's what's included and you don't have to pay the next year unless you want updates for that year.

Quote
Features For Package ($469 Each License):
  • Indefinite software license
  • Includes Forums, Blogs, and CMS modules
  • Free updates for this version
  • Discounts for next version upgrades
  • Free forum and ticket support
  • Total value: $694
« Last Edit: October 15, 2011, 07:27:56 pm by Caboose »


Offline Hambone

  • I'll remove my shirt AND BLIND YOU ALL!!
  • BC Regular
  • Posts: 8370
  • Baseball is the greatest thing on Earth...
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #7 on: October 15, 2011, 07:29:41 pm »
Why don't we try the option that doesn't cost anything first. We don't have a lot as far as donations are concerned, now that we are less active.

Offline Caboose

  • BC Members
  • BC Regular
  • Posts: 839
  • Thread Lurker
    • View Profile
    • My Website
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #8 on: October 16, 2011, 02:53:00 pm »
This would be a free option for Joomla: http://www.jfusion.org/

Note... the recent version is still in Beta and I'd recommend using something different then this until a stable release is out.

Truthfully I'd say we all pitch in for VBulletin. And think about it this way, it's not like the gameservers where you have to pay for them every month. This would be something that you pay for once a year unless you wanted updates for the next year. VB is way more secure and easy to set up. Hell I could get a server running in a matter of minutes. We could then transfer over the theme we use for this site with some modifications.

1 time VB purchase (closed source) > numerous SMF (open source) bugs / hacks. I'll do the smart move and take VB.


Offline Hambone

  • I'll remove my shirt AND BLIND YOU ALL!!
  • BC Regular
  • Posts: 8370
  • Baseball is the greatest thing on Earth...
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #9 on: October 16, 2011, 07:33:10 pm »
Truthfully I'd say we all pitch in for VBulletin.
Again, I imagine paying for something new, rather than trying to fix the old, would be difficult given the activity of the majority of members.

Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #10 on: October 16, 2011, 10:29:37 pm »
vBulletin is NOT happening, i say the best thing so far is using the current bridge and using jfusion to do the authentication and login modification. That seems to be where the bridge we are using fails.

I'm also playing around with the possibility that the issue has nothing to do with the bridge and has to do with our modification of the theme templates for smf.

Offline Caboose

  • BC Members
  • BC Regular
  • Posts: 839
  • Thread Lurker
    • View Profile
    • My Website
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #11 on: October 17, 2011, 04:49:20 pm »
vBulletin is NOT happening, i say the best thing so far is using the current bridge and using jfusion to do the authentication and login modification. That seems to be where the bridge we are using fails.

I'm also playing around with the possibility that the issue has nothing to do with the bridge and has to do with our modification of the theme templates for smf.

It's either Jfusion or the current bridge. You can't really have both.


Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #12 on: October 17, 2011, 10:19:44 pm »
Not really. Jfusion handles session syncing only.  The current bridge handles everything else. It's not hard to strip out the session syncing part.  As far as I can tell of the structure from a quick glance once a user is logged in all the user content on the joomla side is presented to the user through their joomla session.

Offline Caboose

  • BC Members
  • BC Regular
  • Posts: 839
  • Thread Lurker
    • View Profile
    • My Website
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #13 on: October 17, 2011, 11:26:09 pm »
Not really. Jfusion handles session syncing only.  The current bridge handles everything else. It's not hard to strip out the session syncing part.  As far as I can tell of the structure from a quick glance once a user is logged in all the user content on the joomla side is presented to the user through their joomla session.

Read This:

Quote
How does JFusion work?

JFusion does its magic with the use of  its JFusion user and authentication plugins. These plugins allow the  complete customisation of the Joomla login behaviour without any core  hacks to Joomla. When multiple softwares are integrated there needs to  be one "master" software that controls all user management actions. When  a user logs in to Joomla, JFusion will validate the user based on the  user details in the master software. If a user is succesfully  authenticated, JFusion will automatically create or update the user in  all of the slave softwares.

Bi-directional User Sync:

JFusion can import users into Joomla as well as export users from Joomla into external softwares.

Dual Login:

JFusion will also create sessions for  all softwares, in order for users to be logged into all softwares at  once. This allows users to switch between softwares without having to  login again. Please note that your softwares must run on the same domain  or subdomain in order for this to work.

Visual Intergration:

Another important aspect is that you  want these softwares to look like they are running inside Joomla itself.  We have a couple of options on how to achieve this: 1) direct link with  template modifications of the external software, 2) the use of an  iframe wrapper and 3) frameless visual integration that grabs the output  of the external software and displays it inside your Joomla template.  Which option you chose depends on how big your site is and how good you  are in modifying html/css templates. For more information visit our  documentation section.

Read the part in red. It works better with Jfusion. Also if you start mixing the bridges and if you strip out session stripping, you'll just break jfusion. It's like running two anti-viruses at the same time.
« Last Edit: July 23, 2017, 09:00:12 pm by Caboose »


Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #14 on: October 18, 2011, 12:13:50 am »
Our current bridge was modified by Crossfire (basically rewritten) It does a lot more than the previous one did and a few behind the scenes things. I didn't see the part where jfusion does wrapping though, i'll have to look into that a bit further. What i'm really concerned about is not breaking the chat box, which may prove more difficult than first imagined. I'll try and see if i can set up a test site with jfusion and give it a go. I don't recall exactly why we turned away from jfusion when we were first selecting a bridge but i do remember that we decided against it.

Offline Knome

  • The f-it-all guy
  • BC Leaders
  • BC Regular
  • Posts: 2845
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #15 on: October 18, 2011, 12:50:56 am »
Alright this is going to sound really crazy but can someone please get someone who is having issues logging in to give it a try? I just found a retardedly stupid mistake in the bridge. It was using the god damn sandbox site for session syncing, i honestly don't know how the hell its been working this far.


Unfortunately its really hard to fix a problem when i can't replicate it myself.

Offline Hambone

  • I'll remove my shirt AND BLIND YOU ALL!!
  • BC Regular
  • Posts: 8370
  • Baseball is the greatest thing on Earth...
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #16 on: October 18, 2011, 02:16:03 am »
I'll contact Snow and Ghostly via Facebook.


Offline Ghostly Knight

  • I put on my robe and wizard hat.
  • BC Members
  • BC Regular
  • Posts: 3635
  • Huge Wang, and a god among men
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #17 on: October 18, 2011, 03:50:02 am »
That worked.

The sexy man himself is back.
Neckface - "You're a sex fiend and a sexual deviant."

Offline Monkeypox

  • Padman Buddy (Knack 1/pbc)
  • BC Regular
  • Posts: 3087
    • View Profile
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #18 on: October 18, 2011, 06:17:03 am »
Unyon was also having a problem.. I'll see if I can contact him to try too... and Domino also.
Thanks, Drizz!
[21:53:11] *chan* MG_PK [ec,IA,PRB]©: How can you say no to teh sex?
[22:39:59] *chan* MG_PK [ec,IA,PRB]©: HOW CAN YOU SAY NO TO TEH SEX, MUST I REPEAT MYSELF?

Offline Abzstrak

  • BC Regular
  • Posts: 14474
    • View Profile
    • The ßÇ Clan
Re: ATTN Please Read: Regarding Hacking attempt issue.
« Reply #19 on: October 18, 2011, 06:40:30 am »
nice job Knome, I think you fixed it
--Abzstrak