Announcement

Collapse
No announcement yet.

Forum issues after December 2019 update.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    Martin, is ther a spell checker on the forum. The reason I ask is thet my browser is set to correct spelling as I type. As you will see from the underlined (deliberate mistakes) sections in this it it obviously can't spill
    Peter

    Feel free to browse my
    Website : www.peterstockton-photography.co.uk
    Flickr: https://www.flickr.com/photos/the_original_st/

    Comment


      #77
      Originally posted by ST-EOS View Post
      Martin, is ther a spell checker on the forum. The reason I ask is thet my browser is set to correct spelling as I type. As you will see from the underlined (deliberate mistakes) sections in this it it obviously can't spill
      No spell checker as far as I know, and as far as vBulletin say - browser spell checkers can/should do a much better job than any one within the forum system. There would be too many variables I would imagine for a built in spell checker to take into account - such as user language. Your browser would normally be configured correctly to get the spelling correct. My Safari and Firefox both auto-corrects ok here although struggles at times with auto-correcting correct to something else.

      Comment


        #78
        Originally posted by MartinEOS View Post

        No spell checker as far as I know, and as far as vBulletin say - browser spell checkers can/should do a much better job than any one within the forum system. There would be too many variables I would imagine for a built in spell checker to take into account - such as user language. Your browser would normally be configured correctly to get the spelling correct. My Safari and Firefox both auto-corrects ok here although struggles at times with auto-correcting correct to something else.
        I wonder why my browsur isnt smell checken then
        Peter

        Feel free to browse my
        Website : www.peterstockton-photography.co.uk
        Flickr: https://www.flickr.com/photos/the_original_st/

        Comment


          #79
          It wouldn't flag smell as faulty - as its correctly spelt

          What browser are you using?

          Comment


            #80
            Originally posted by MartinEOS View Post
            It wouldn't flag smell as faulty - as its correctly spelt

            What browser are you using?
            Firefox, sorry Martin it seems I had lost a dictionary from my plug-ins in Firefox! All is now working, I can now miss spell and whilst it doesn't auto correct it does mark a miss spelling.
            Peter

            Feel free to browse my
            Website : www.peterstockton-photography.co.uk
            Flickr: https://www.flickr.com/photos/the_original_st/

            Comment


              #81
              Hi Martin, Ive just seen this error message (see image) , I'm not sure what it means but I thought you may like to know aboout it. I also noticed earlier this morning that the forum was off air?


              PS. Martin, this happened yesterday 26th January but for some reason my post failed to post!


              Peter

              Feel free to browse my
              Website : www.peterstockton-photography.co.uk
              Flickr: https://www.flickr.com/photos/the_original_st/

              Comment


                #82
                Originally posted by ST-EOS View Post
                Hi Martin, Ive just seen this error message (see image) , I'm not sure what it means but I thought you may like to know aboout it. I also noticed earlier this morning that the forum was off air?


                PS. Martin, this happened yesterday 26th January but for some reason my post failed to post!


                Hi Peter,

                I can't see the error - the file is just showing as a ? in a box. I suspect if it was yesterday morning it was due to a corrupt database cache table that couldn't be repaired by the forum automatically and when I tried to manually repair it, the server got a bit busy for an hour but then recovered. Sundays also seems a bad day for Spambots trying to attack the forum site, I've hopefully temporarily blocked most of India and China now which were the main culprits recently.

                Comment


                  #83
                  Sundays also seems a bad day for Spambots trying to attack the forum site, I've hopefully temporarily blocked most of India and China now which were the main culprits recently.
                  I don't understand any form of cyber terrorism, but the question I must ask is why?

                  We are just a friendly forum of like minded individuals that have a keen interest in photography. Why would they be interested in us? I could understand, but not condone their actions if they were having a go at MI5, MI6, or GCHQ, but we are a harmless bunch of hobbyists. What's the point?
                  Colin

                  Comment


                    #84
                    It's a bit like the why climb a mountain - because it's there

                    A lot of these bots don't care what the site is - they just try and find vulnerabilities / known exploits to get in, in many cases to then post lots of spam, in other cases to install malware and other things to capture data from users and in some cases to then attack other sites. They basically start at address 1, see what's there, then go to the next see what's there and keep going. Most of the time the address won't have anything associated with it - but other times it will respond with something like this forum. A bot will then start scanning and find what can be found - if it's of interest it may keep a copy - but in many cases they are there to try and sign up and then send messages / post in the forums / mass email (if possible) users with advertising spam - people responding to the advertising will then generate some revenue for the bot owners.

                    Initially there was little protection for spam bots - things got more difficult for them when they started to put systems in place which tried to identify genuine users from computers filling in forms. Initially things were fairly simple like how long does it take to fill in a registration form - a person would take time - fill in sections over a few seconds / minutes where a computer filling it with spam would do it rapidly. They then got wise to that so they would take time and be more human in appearance. They then used Googles CAPTCHA system which tried to identify a human from computer by getting the human to identify house numbers and things like that which is easy for a human but more difficult for a computer - but they learnt that over time they then went to CAPTCHA2 which got you to identify cats or dogs or cars or shop fronts from a group of photos - if you looked like a computer doing it it would keep asking until it was either satisfied you were a human. Some of these are now not much use as they can be got round.

                    Some of the bots are looking for specific things like versions of software which are know to have weak areas of protection. If you look at the access logs for this forum you will see hundreds of failed access attempts for various folders on the website - /wp-admin and similar (these are bots trying to find admin logins for WordPress (a common website system). These all singularly have little impact on the server - but if you get hundreds of them all at the same time each one uses a bit of the finite system resources.

                    Some of the bots are genuine like Google and Bing - they are searching the site to index it so they can display results in their search engines - but sometimes they misbehave and you get 20-30 sessions all going through the forums at the same time for the same search provider - and then to make things worse you get 4 or 5 different search bots doing the same thing at the same time. The good ones will normally follow rules you can define which tells them not to search certain areas and to scan but not intensively so overloading is not an issue. Many of the bad ones - don't bother following the rules they just look for all links and search everywhere, sometimes hundreds of systems searching all the contents at the same time. This can be used to advantage and be used to block them.

                    Data these days is big business - lots of people post things on social media and other places that a few years ago would probably have been kept in secure storage at home - or in a bank vault. In many cases it's not just the 1 off bit of info they are after, it's a combination over time which builds up a profile for a particular person. I always wonder if people realise what they are posting - especially on FaceBook and similar - over a year you often see Quizzes and other things which are tricking the users into giving their date of birth, Their pet name (a common security question) where they were born. Each bit of information on it's own is pretty much useless - but over a year they probably have enough information to pass security checks to change passwords or do other dodgy things.

                    There are times where attacks are triggered on either countries / companies / individuals where computers normally infected at some point in the past with a virus or malware will be remotely triggered to attack certain systems sending thousands of requests simultaneously - the computers under attack can't cope with the amount of requests and go offline. This is a Distributed Denial Of Service attack - DDOS they tend to happen more frequently when there are conflicts in the world, as 1 country then attacks another's systems causing some or many to go offline - If this forum goes offline - in the large scheme of things it doesn't really make a lot of difference to the world - but if the attack is on something more important then significant disruption can occur.

                    I remember several years ago mid 90's when I ran a computer network at a college we had some network management software which would investigate each computer / device on the network - identify it, see what it was, where it was, the amount of disc space, memory what it was running, what software it had on it and lots of other things it was there really to audit internal devices - it would check reasonably regularly and would flag changes such as memory amounts changing. When we first had it I set it going 1 weekend to do an audit of all the computers in the network about 250 at the time, I left it going over the weekend (it had a feature where it would shutdown the device after scanning) and when I went into work on the Monday morning I had run out of disc space from the data it had collected. The phone was also ringing pretty constantly - Unfortunately due to a configuration issue on the internet router my system had found "The Internet" and had started to audit lots of computers - it used to work by identifying network switches and routers - and ask them what devices they had connected and what other ones they knew about - and then it would keep finding them. I had phone calls from lots of IT departments from lots of companies who used the same ISP asking why I was probing their network. Unfortunately due to a configuration issue with our main internet router instead of blocking requests outside our network - it allowed then my software asked the Internet Service Providers router what networks could it see - and it saw lots. We used an entire month of internet bandwidth in a little over 12 hours - I guess these days that would have been more of an issue - as the connection at the time was only a fraction of the speed of current internet connection. Some attacks now will be caused by similar issues - mis configurations, accidental - typing in the wrong details.

                    Unfortunately these days running systems online will pretty much guarantee at some point you will be bothered by people / systems wishing to do harm. I used to run a system known as a honey trap at home - it advertised itself online an would "appear" to have several vulnerabilities although it was in fact pretty secure - but it used to let people or systems try and break into it - it would then report the addresses of the systems attacking it and they would then be blocked on other genuine systems. It was sometimes worrying how quickly it would be attacked after being plugged into the internet.

                    Comment


                      #85
                      Wow .............. every day is a school day.

                      Many thanks for such a comprehensive response Martin, I have learn't more from that one post than I previously knew over many years.
                      Colin

                      Comment


                        #86
                        Originally posted by colin C View Post

                        I don't understand any form of cyber terrorism, but the question I must ask is why?

                        We are just a friendly forum of like minded individuals that have a keen interest in photography. Why would they be interested in us? I could understand, but not condone their actions if they were having a go at MI5, MI6, or GCHQ, but we are a harmless bunch of hobbyists. What's the point?
                        Why is a good question to ask Colin, I share your thoughts on the purpose these recent disruptions to the forum. I have read Martins informative response to your question.
                        The denial of service attacks which previously required the forum to be taken off air for a period of time, from memory during December.

                        My personal concern regarding those attack’s is not around the content of posts on the forum being copied, but rather what “personal” information (if any) is stored by the magazine on the servers e.g. contact details, email addresses, card details Regarding the card details I’m thinking about purchases made via the EOS shop and/or subscription renewals etc. Hopefully there is robust security in place to protect any subscribers personal information stored online.
                        Peter

                        Feel free to browse my
                        Website : www.peterstockton-photography.co.uk
                        Flickr: https://www.flickr.com/photos/the_original_st/

                        Comment


                          #87
                          Its the world we live in I'm afraid - just grin and bare it.
                          Trev

                          Equipment - According to the wife more than a Camera Shop got

                          Flickr:
                          https://www.flickr.com/photos/trevb2639/

                          Comment


                            #88
                            Originally posted by ST-EOS View Post

                            Why is a good question to ask Colin, I share your thoughts on the purpose these recent disruptions to the forum. I have read Martins informative response to your question.
                            The denial of service attacks which previously required the forum to be taken off air for a period of time, from memory during December.

                            My personal concern regarding those attack’s is not around the content of posts on the forum being copied, but rather what “personal” information (if any) is stored by the magazine on the servers e.g. contact details, email addresses, card details Regarding the card details I’m thinking about purchases made via the EOS shop and/or subscription renewals etc. Hopefully there is robust security in place to protect any subscribers personal information stored online.
                            Hi Peter,

                            The forum is hosted completely separate to other EOS magazine sites, it shares the same server with the Training Academy and online training site but is in effect completely isolated in regard to data.

                            The attacks so far have just been inconvenient and annoying - no sign of any personal data compromise.

                            As with all online systems Login details for each site should be unique as lots of bots do try using username / password combinations stolen from other systems. There are some big names which got attacked and data stolen. In the photography area Adobe being the main one several years ago which at the time was the largest on record.

                            You can check if your email address has been used in a system where data has been stolen by visiting https://haveibeenpwned.com
                            Last edited by MartinEOS; 28-01-2020, 08:54. Reason: Added a bit more info

                            Comment


                              #89
                              Forgot to mention that the attacks which caused the site to go offline end of last year happened just before the UK General Election - bot activity always increases at times like this.

                              Tensions in the Middle East will also cause increase in some countries activity. If you look at the amount of pages visited since the start of the year you can see the Ukraine is 5th on the list they have been more active since their plane was shot down in Iran.

                              Screenshot 2020-01-28 at 09.04.28.png

                              Comment


                                #90
                                Well after a bit of checking the other day with the hosting company when the server died when I was doing some work on the forums it was discovered our dedicated web hosting server was getting a bit old and was significantly underpowered for the requirements of todays web sites.

                                Sorry for the delay in getting the site back up and working but we had to wait for a new server to be built and configured in the data centre and the data transferred over from the old server to the new one.

                                We are now on a much faster server - so hopefully Forum outages should be now sorted. The old server was struggling to write and read data to/from the hard drives quick enough when the forum was busy. The new specification of server is impressive (I wish my machine at home was as powerful) - its got 16 2.4GHz processor cores, 64GB of RAM and 1TB of RAID 10 Solid State Storage. The old server was a dual core 3GHz with 2GB RAM, and mirrored 160GB SCSI Server drives.

                                Comment

                                Working...
                                X