Administrative Announcement - Use Email Address To Sign In

[DonRocks]

Just wanted to say I like the new graphics! (Now if only I had more time to post...)

Thanks! Now, if I can just get these Internal Server Errors to stop happening. I have a ticket in with our host, so hopefully this will be resolved within days if not hours. Everything was working perfectly earlier, and then ... they started happening again. I'm on it.

[dcs]

If I go directly to a foum, I can get in. If I try to go to http://www.donrockwell.com/ (which I have bookmarked), I get this:

Site Temporarily Unavailable

We apologize for the inconvenience. Please contact the webmaster/ tech support immediately to have them rectify this.

error id: "bad_httpd_conf"

It has been happening all day. I thought the entire site was down. I finally Google'd the site and went directly to a forum and was able to click the view new messages button, which worked fine. Weird.

[DonRocks]

This was occurring all last night and early this morning, and I got it resolved around 7 AM.

It's because we switched to a (virtual) private server, and the IP address has changed. I was online with customer support, and they got everything fixed in about 20 minutes, but I suspect people who haven't reset their bookmarks will continue to get this. Can you do this, then clear your cache and/or reset your browser, and let me know if you still have a problem?

Sorry , and thanks for pointing it out.

[dcs]

ETA - Maybe I'm imagining things, but the website seems to be running blazingly fast right now. With my gnat-like attention span, there is nothing more repelling than a slow connection. If I click on something, and nothing happens within two seconds, I've already begun thinking of ten other things. Hopefully, this is now a thing of the past on dr.com.

Still interminable.

[DonRocks]

Still interminable.

Can you write me, and let me know the symptoms? It has been running well for me.

[goodeats]

In the &$*% field - I am a bit upset the IP Buddy app is no longer "supported" or free. Now it costs $1.99 for the "new" IP Communities app. Arg. Surfing Safari from now on....

[DonRocks]

In the &$*% field - I am a bit upset the IP Buddy app is no longer "supported" or free. Now it costs $1.99 for the "new" IP Communities app. Arg. Surfing Safari from now on....

What's the IP Buddy app?

[goodeats]

What's the IP Buddy app?

Note again that this is no longer supported. Much like the HT grocery app. :-P

[DonRocks]

ktmoomau, it breaks my heart that you recently lost a long post that you typed; the good news being that this never has to happen again. This new version of Invision has an "autosave" in their editor that kicks in every few minutes of typing. For example, as I type this sentence, the "first occurrence" of autosave still has not kicked in, but as I

Okay. Right at that point where I typed "but as I," there was a little message, on the bottom-left hand corner of the screen where I'm typing, that said, "Last Auto-saved: 10:25 PM EDT." I then typed the following sentence:

"THERE. IT JUST KICKED IN. Now, I'm going to "x" out of this screen entirely, and leave the website without posting this, and see what happens when I return ..."

And then, I X'd out of the screen and left the website entirely. When I got back onto dr.com, I came back into this topic, started typing a new reply, and got an option (also in the bottom-left corner of the screen), "View Last Autosaved Content, 10/17/12 10:25 PM EDT" I clicked on it, and got a pop-up box with the first paragraph up above, and an option that said, "Restore?" I clicked on "Yes."

When I did that, my first paragraph showed up. However, I LOST the contents of the third paragraph, the one that starts "THERE. IT JUST KICKED IN." So whenever that message appears, whatever you've typed to that point is saved, and the only thing you lose is what you've typed afterwards. Since I've resumed typing this post, another autosave has occurred, at 10:30:13 PM EDT. Were I to "X" out again, I would have the option to recover everything that was typed until that time, but not afterwards.

However, a third message just now appeared that says "Last auto saved 10:32:14 PM EDT," so it appears that it is updated every two minutes (i suspect there's a setting I can change for this), so right now, the MOST you can lose is two minutes of typing. The system "remembers," for each user, which topic they were typing in, and what they were typing up until the point of the most recent auto-save.

Does this make sense? Try replying, and give it a try. The first auto-save should appear after two minutes. A fourth one appeared just now, at 10:34:13 PM EDT. So you'll never again have to lose a long post ... IF you make sure to recover your saved typing! This is a GREAT feature!

[ktmoomau]

That is exciting, I will remember this and look for it.

[DonRocks]

I've gotten two messages tonight about a potential malicious file when trying to sign onto donrockwell.com

1) kirite tried to sign in, and Norton blocked it as a "Malicious Cookie Website." That's all I know from kirite for now.

2) stockwatch just sent me this message (I hope you don't mind me cutting-and-pasting, but it's so much quicker):

"Logging in tonight using Chrome and Safari on my Mac and my Norton Antivirus is blocking an attack that hits my computer everytime I try to go to a page on donrockwell.com.

Norton says that is is coming from: "urbanitetestsrunning.ru/tonyallegedlyremoved.cgi?8 (198.23.128.71)

Attack Name: Web Attack: Malicious Cookie Website"

---

I'm going to report the problem to Invision right away as the highest priority. I know that anything that's ".ru" is from Russia and is *never* a good thing. We have plenty of Russian spam-bots, always trying to figure out a way in. Why? Who knows. They seem to get their jollies by doing it.

---

There are two common ways to approach situations like this: 1) cover them up while working behind the scenes, or 2) get every bit of information on the table while working on the problem. I give everyone here my word I will always do the latter. An open policy is paramount to credibility, and I strongly believe in full disclosure.

I'm on it, highest priority. If anyone else has any information, please chime in and treat this thread as a WiKi.

[DanielK]

I'm getting the message too.

Web Attack: Malicious Cookie Website

198.23.128.71

laptopshaken.ru/stagnantare.cgi?8

[porcupine]

Bad banner ad.

[DonRocks]

Bad banner ad.

Really? I have Invision and Dreamhost looking into this, but nobody has mentioned anything about a bad banner ad.

[dcs]

I cannot access the site at all with Internet Explorer. The site shows briefly and I get redirected to another page with the following error message:

Sorry, we couldn't find http://commadelimite...tlattice.cgi?8.

I am able to get in with Google Chrome.

[JuneBacon]

The Russians are coming !

[DonRocks]

Invision is on top of this, and I'm going to work with them closely until I'm satisfied that the website is virus-free. (Don't forget I have an M.S. in Computer Science, so I'm not entirely clueless and helpless.)

In theory, it's a tough call to publicize internal woes such as this, but my dream is to run a private company like it was a public property, and that's what I'm trying to do here. Other than the occasional "I'm going to exercise my freedom of speech" advocate who pecked at me, like a woodpecker, until I had nothing left but pecked-out bone, I have never regretted this model for running the community - and that's also why I refer to it as a community (which, in my mind, it is).

[porcupine]

Really? I have Invision and Dreamhost looking into this, but nobody has mentioned anything about a bad banner ad.

I showed your above post (561) to Steve when he was headed out to work and in a hurry:

"Read this."

"Huh. Does Don run ads?"

"Yes."

"Bad banner ad. Gotta go."

An educated guess from a man who knows an awful lot about the internet. When he gets home later I'll ask him to look into it a little more.

[DonRocks]

I showed your above post (561) to Steve when he was headed out to work and in a hurry:

"Read this."

"Huh. Does Don run ads?"

"Yes."

"Bad banner ad. Gotta go."

An educated guess from a man who knows an awful lot about the internet. When he gets home later I'll ask him to look into it a little more.

Thanks Elizabeth, and I'm passing this information on to the people working on the problem. Invision feels the problem is solved, but there are a couple of minor issues popping up here and there - I'll keep everyone posted.

[DonRocks]

Sometime in the next few days, perhaps this weekend, Invision is going to be refreshing everything to the newest version. I don't want to get too technical, but there are two different things here: the website, and the database. The "website" is what's infected, and that consists of all the Invision stuff. Imagine if this were day #1 in the existence of donrockwell.com - almost all of donrockwell.com would be "the website" because there would be no content. The "database" is the content - the posts, the profiles, the calendar entries, etc. Because we've been around for so long, the vast majority of our storage is taken up by the database (i.e., content) which is not infected.

So just like with every upgrade to the newest version (which contains stronger virus protection), there will be the invariable problems, annoying bugs, etc., but the virus will be cleansed. I have a feeling next week is going to be a rough week for me as administrator, but I'm not going to stress out about it because there isn't much else to do except go with the flow.

That's where things stand. Ping me here or privately with any questions or concerns, and prepare yourselves for a wonky few days.

Why don't people have anything better to do with their lives than to sit around in Russia and dream up ways to make people unhappy?

[DonRocks]

We've been working on things this weekend - Invision says there was a threat to the Calendar software which was exposed by Russian hackers.

I don't think this means people are going to walk into your front door and rob you at gunpoint; it merely means we've had over FIFTY bogus registration attempts in the past two days.

An upgrade was run today, so as of 5:45 PM, if anyone notices anything (Chrome, I think, has been diligent in picking this off, but please empty your Chrome cache and cookies), please let me know.

We not only "reloaded," but we also "upgraded" to the newest versions of everything, and, like with every upgrade we've ever run (if I recall), nothing has been instantly perfect. So I ask you to lower your expectations for the next week. I'm going to keep the chat with Gerry up and running for awhile because this hasn't been fair to him.

I'll keep this thread updated with the latest news as I know it. Please feel free to voice your concerns here as well.

[agm]

I don't think this means people are going to walk into your front door and rob you at gunpoint; it merely means we've had over FIFTY bogus registration attempts in the past two days.

You're lucky. I run a much smaller, lower profile, lower traffic forum. No advertising. I've had around 100 false registration attempts in the past 24 hours, mostly pointing back to Russia and Ukraine. That's about an average day now. It started more slowly, but in the past three years I've had over 75,000 false registration attempts.

[lperry]

Why would someone want to register a false identity?

[DonRocks]

Why would someone want to register a false identity?

Why would someone want to make a random obscene phone call? Because they're unhappy with their own lives, and get their jollies by trying to make others unhappy too. That's the only possible explanation I have. The "hackers'" mentality seems to be the "mountain-climbers'" mentality - "Because it's there." The world would be a better place if they'd all drop dead, as far as I'm concerned.

[Pat]

I'm under the impression that they're trying to get in so they can take over control of the site. Then they can use it as a spambot, to propagate viruses, or whatever they want.

[DonRocks]

Until this situation is resolved, I've disabled new registrations entirely.

If anyone wants to register, they may contact me privately, and I'll add them manually.

This protocol will remain in place until further notice.

[SeanMike]

As I mentioned by email, I'm still getting the block - I'll dump my cookies and cache (fortunately I just installed Chrome a few days ago) and see if it'll go away.

[DonRocks]

As I mentioned by email, I'm still getting the block - I'll dump my cookies and cache (fortunately I just installed Chrome a few days ago) and see if it'll go away.

Yep, and I've cut-and-pasted your email, and forwarded it to Invision.

[agm]

Why would someone want to register a false identity?

Before I shut them down on my board, they were used to post ads, some blatant, some disguised. Just another spam vector. I'm sure at some point there would have been attempts to distribute malware. There were also attempts to gain control of the board, but that was a different kind of attack, that didn't require a successful registration.

[DonRocks]

Before I shut them down on my board, they were used to post ads, some blatant, some disguised. Just another spam vector. I'm sure at some point there would have been attempts to distribute malware. There were also attempts to gain control of the board, but that was a different kind of attack, that didn't require a successful registration.

I appreciate you writing this - I've always wondered what would happen if they actually broke in through the front door.

Is anyone besides me not getting the "users" list when they view a thread? Likewise, the "views" count seems not to be incrementing whenever I view a post. I've reported this to Invision, and they've "elevated" the problem up to the next level, so they're taking it seriously (95% of all help requests are handled without being elevated).

As far as I can tell, there are no crises, and this is just going to be a week-long back-and-forth, with things being correctly restored at the end. That having been said, I don't know for sure only because there's no way for me to know.

[sheldman]

Is anyone besides me not getting the "users" list when they view a thread?

Assuming that I am understanding the question correctly - when I view this thread, and look down at the very bottom to see who is viewing the thread, I see that nobody is. ("0 user(s) are reading this topic.") In the past I have always seen my own name (and sometimes others') down there.

[B.A.R.]

You can't see me

[dcs]

Is anyone besides me not getting the "users" list when they view a thread? Likewise, the "views" count seems not to be incrementing whenever I view a post. I've reported this to Invision, and they've "elevated" the problem up to the next level, so they're taking it seriously (95% of all help requests are handled without being elevated).

This is what I see at the bottom of this thread:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

[goldenticket]

The users list seems to be working now - I see "1 members, 0 guests, 0 anonymous users" and my user name below that.

[DonRocks]

The users list seems to be working now - I see "1 members, 0 guests, 0 anonymous users" and my user name below that.

Yes, they just fixed it (still not sure what it was, but I got a note from them within the hour).

Please report other abnormalities, either here or via PM.

[SeanMike]

I still can't get in via Chrome, and even if I click on "Advanced" and then on "I accept the risk", it still blocks me.

[DonRocks]

I still can't get in via Chrome, and even if I click on "Advanced" and then on "I accept the risk", it still blocks me.

You're the last straggler that I'm aware of. Can you try clearing your browser's cookies? It should be fine now (you should have written me earlier)!

[DonRocks]

This website chews through an enormous amount of virtual memory (very costly), so I'm trying an experiment to force an upper-bound. I'm hopeful that things will still run efficiently (they've been running beautifully lately), but if things appear to be "sticking" or slow, please let me know. Thanks!

[dcs]

This website chews through an enormous amount of virtual memory (very costly), so I'm trying an experiment to force an upper-bound. I'm hopeful that things will still run efficiently (they've been running beautifully lately), but if things appear to be "sticking" or slow, please let me know. Thanks!

I got to 4 Mississippi after clicking on this post from the New Content page before it appeared. Do you consider that slow?

[DonRocks]

I got to 4 Mississippi after clicking on this post from the New Content page before it appeared. Do you consider that slow?

Yes. I want it to be instantaneous. Please keep the reports coming (and thanks).

[bookluvingbabe]

Six mississippi from the main page to the DC dining page. Nothing else has been slow though.

[DonRocks]

Six mississippi from the main page to the DC dining page. Nothing else has been slow though.

Hmm, my very first click ever (after installing the ceiling) was also four Mississippi, with nothing after that slow, even if I go hours between signing on. I wonder if this has something to do with the very first time a user clicks - maybe everyone (all 4000+) people were kept "poised" in virtual memory when they should have been on disk.

[Dr. Delicious]

Hey, i just noticed the like button .. a welcome addition, imho.

[DC Deb]

I keep getting "nopermission" when I hit the down arrow/preview button. Is anyone else getting this? I use Mozilla Firefox on a Windows PC.

[kirite]

I keep getting "nopermission" when I hit the down arrow/preview button. Is anyone else getting this? I use Mozilla Firefox on a Windows PC.

I still have to go to the permission site and sign in if I don't check DR.com every couple of hours. This has been going on for at least three months.

[DonRocks]

Hey, i just noticed the like button .. a welcome addition, imho.

Thank you! I like it very much, too - I think a lot of people do now that Facebook has made it part of the standard protocol.

One thing I won't implement is "User Reputations." This feature is also offered on Invision, enabling members to "rate" other members - I don't like it, in the same way I don't like the "Happy Birthday" thread. I think *all* members here are important (and everyone deserves a happy birthday!), and this is too much of a community (at least, in my eyes) to implement such a potentially divisive rating system. What do others think?

I keep getting "nopermission" when I hit the down arrow/preview button. Is anyone else getting this? I use Mozilla Firefox on a Windows PC.

I still have to go to the permission site and sign in if I don't check DR.com every couple of hours. This has been going on for at least three months.

I was unaware of this, and thank you both for pointing it out. I didn't even know what the "down arrow preview" button was until just now (it's the thing to the right of the post title, about an inch to the left of the "x Views" counter - it's not highlighted, so its not easy to see unless you're looking for it. It works fine for me, so I suspect there's a non-administrator permission setting that I need to set. I'll have a look right now. Please stay on me about this until I get it resolved.

kirite, I'm not sure what you're saying here. I think you're just being timed out due to inactivity, no? This is a standard security measure unless you're saying something different than what I'm reading.

I still recruit anyone who hasn't heard of the site. I'm like, DUDE, I am so funny and awesome, imagine if you could read my words ANY TIME I ACTUALLY POST THEM, which means don't follow my blog, because I'm very lazy. But I post on DR when it's not being blocked by Chrome (still is!) or being hellaciously slow at work (it's not the only site that does that at work so I blame our Bluecoat Proxy).

Mysteriously, it cleared up yesterday!

I'm glad it did. I still think it was something left over in your buffer or cache that perhaps got cleared out yesterday even though you may not have actively done anything.

---

And I have a related problem to SeanMike's - the advertisements are almost never showing up on my computer. I use a MacBook Pro with Safari Version 6.0. I was meeting with Rich Boone last night, and showed him the problem (Rich implemented these ads for me, and I will be forever grateful to him for doing so). He signed in on my laptop, and the problem still existed under his member name, so it's definitely "machine-specific," and has something to do with my laptop. Probably similar to SeanMike's issue, something is just not being flushed out, cleared, or reset - this, despite me reseting Safari on a regular basis.

Does anyone else have problems with the advertisements showing up blank? And, does anyone have any advice on how to Hard Empty my buffer, cache, cookies, or any other setting? All suggestions are welcome! The website actually looks better with the ads than without them (they lend color and life).

[bookluvingbabe]

Macbook Air, Safari 5.1.7 and no problems.

(This is why I wait to upgrade software...)

[DonRocks]

As much as I've been begging people to post lately, today, Monday, January 7th, I'd like people not to invest too much time in it because the website is undergoing maintenance. We were attacked by Russian spam-bots again, and the website was down for defensive reasons. There is a non-zero chance that whatever is written today WILL BE LOST in case we have to roll things back or overwrite certain files.

SO PLEASE, IF YOU POST TODAY, MAKE A BACK-UP COPY OF WHATEVER YOU WRITE, AND SAVE IT ON YOUR COMPUTER JUST IN CASE. I WILL ISSUE AN "ALL-CLEAR" NOTICE WHEN EVERYTHING HAS BEEN RE-TESTED AND CONFIRMED AS SPAM-FREE.

I just don't want you to lose any work. Thanks for your understanding! Don

Thank you to Jenn for getting the website back up so people can read it. Whenever it's down, I feel like one of my babies is sick.

[Ericandblueboy]

Can someone explain why anyone wants to attack this website? I'm just curious.

[chefgunshow]

It's Yelp. I knew those bastards were Russian.