Discuss Scratch
- NoxSpooth
- Scratcher
1000+ posts
LOOK AT THIS NOW
Dang it, I'm afraid we're gonna have to turn off the old archives, folks.
It's taking too much time - and it's a bad security problem. Any old web stack - but especially a PHP web stack - needs constant updating and maintenance to protect it from newly discoverd security holes. We just don't have the bandwidth to manage ye olde archives, keep ‘em secure, and do all the zillion other things we do.
Take your screenshots now, folks! We’ll have to hold a funeral for ye olde forums tomorrow.
Well, I guess we have no choice then…
Goodbye, Old Forums. :C
Last edited by NoxSpooth (Sept. 13, 2013 00:42:28)
- DadOfMrLog
- Scratcher
1000+ posts
LOOK AT THIS NOW
Dang it, I'm afraid we're gonna have to turn off the old archives, folks.
It's taking too much time - and it's a bad security problem. Any old web stack - but especially a PHP web stack - needs constant updating and maintenance to protect it from newly discoverd security holes…
Here's a trick… can you put the appropriate database files onto a read-only mounted volume, or have the permissions for the database files set read-only for the process that tries to write to them?
That way even though the holes may be there in the php to send the commands to write to the database, when it tries it just fails…
I haven't looked at what software you're using, and what it does, so it's possible/likely that even just reading an item still causes it to try to make some change (a counter of views, etc?) , and so it might still spew an error and not end up even giving back any of the desired page (though it might also give back enough?)
But still, even if it does fail completely, you may find just tracking down and disabling the part that makes such a change (or just making it ignore an error in writing) could be enough to keep it just serving the archive with no write capability…?
Just a thought…
Last edited by DadOfMrLog (Sept. 13, 2013 00:59:22)
Alternate account: TheLogFather –– HowTos and useful custom blocks (see studio). Examples below…
- String manipulation - - - X to power of Y - - - Clone point to clone - Detect New Scratcher - Speed tests studio -
- cheeseeater
- Scratcher
1000+ posts
LOOK AT THIS NOW
I am not sure this is on topic, but this user called BridgettV was signed in on the archives! When I searched on the 2.0 site I only found this project, that had Bridgett and a V in the title!
EDIT: Just looked now, and the user is gone!
EDIT: Just looked now, and the user is gone!
Last edited by cheeseeater (Sept. 13, 2013 06:51:04)
- NoxSpooth
- Scratcher
1000+ posts
LOOK AT THIS NOW
this project, that had Bridgett and a V in the title!It's V.S., I am not sure this is on topic, but this user called BridgettV was signed in on the archives! When I searched on the 2.0 site I only found versus, not just V.
Last edited by NoxSpooth (Sept. 13, 2013 08:49:12)
- jji7skyline
- Scratcher
1000+ posts
LOOK AT THIS NOW
DadOfMrLog is right, just change the permissions for all the files to read only. It's a simple fix.
EDIT: There might be something like that for SQL databases as well.
EDIT: There might be something like that for SQL databases as well.
Last edited by jji7skyline (Sept. 13, 2013 09:07:53)
- joletole
- Scratcher
100+ posts
LOOK AT THIS NOW
*CRIES* NOOOOOO! I loved the old forums! Dang it, I'm afraid we're gonna have to turn off the old archives, folks.
It's taking too much time - and it's a bad security problem. Any old web stack - but especially a PHP web stack - needs constant updating and maintenance to protect it from newly discoverd security holes. We just don't have the bandwidth to manage ye olde archives, keep ‘em secure, and do all the zillion other things we do.
Take your screenshots now, folks! We’ll have to hold a funeral for ye olde forums tomorrow.
SDS Curator
Have a question? Ask me on my profile! I will be happy to answer them.
-What is an SDS curator? | How do I become an SDS curator? | Where can I get to your profile?-
Have a question? Ask me on my profile! I will be happy to answer them.
-What is an SDS curator? | How do I become an SDS curator? | Where can I get to your profile?-
- sportsdude6
- Scratcher
100+ posts
LOOK AT THIS NOW
Dang it, I'm afraid we're gonna have to turn off the old archives, folks.
It's taking too much time - and it's a bad security problem. Any old web stack - but especially a PHP web stack - needs constant updating and maintenance to protect it from newly discoverd security holes. We just don't have the bandwidth to manage ye olde archives, keep ‘em secure, and do all the zillion other things we do.
Take your screenshots now, folks! We’ll have to hold a funeral for ye olde forums tomorrow.
Well, I guess we have no choice then…
Goodbye, Old Forums. :C
- sportsdude6
- Scratcher
100+ posts
LOOK AT THIS NOW
The newest joiner is EduardoJo. Click for more info.
- jvvg
- Scratcher
1000+ posts
LOOK AT THIS NOW
WAIT PADDLE LOOK AT THISI told Lightnin about it, and he said he fixed the glitch. The archive will still be closed down later on, but he's giving me time to download everything as HTML.
http://archive.scratch.mit.edu/forums/viewtopic.php?id=117853
Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year
- CAA14
- Scratcher
500+ posts
LOOK AT THIS NOW
Oh, okay. Thank you sir.Ah…. Well, I am just wondering, and i am sure there's a good answer and i am just ignorant, but why is it a problem if a program can get in a post a stupid topic on a no longer used thread? Posting inappropriate stuff? Dang it, I'm afraid we're gonna have to turn off the old archives, folks.
It's taking too much time - and it's a bad security problem. Any old web stack - but especially a PHP web stack - needs constant updating and maintenance to protect it from newly discoverd security holes. We just don't have the bandwidth to manage ye olde archives, keep ‘em secure, and do all the zillion other things we do.
Take your screenshots now, folks! We’ll have to hold a funeral for ye olde forums tomorrow.
SEO spam. They make money because their spam is on an EDU site, and it increases their page rank in google searches. We aren't cool with that.
This is not the only exploit against old unpatched PHPs either.
- RedRocker227
- Scratcher
100+ posts
LOOK AT THIS NOW
could you not just delete post.php?
i hate my username
- jvvg
- Scratcher
1000+ posts
LOOK AT THIS NOW
The main problem file was register.php, and I told Lightnin about it, so he deleted it and said he will keep it up for enough time for me to make an archive in the form of read-only HTML pages. could you not just delete post.php?
Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year
- RedRocker227
- Scratcher
100+ posts
LOOK AT THIS NOW
will you be publishing the archive?The main problem file was register.php, and I told Lightnin about it, so he deleted it and said he will keep it up for enough time for me to make an archive in the form of read-only HTML pages. could you not just delete post.php?
i hate my username