Current Server State
Posted: 25 Dec 2016 13:00
As you all know all ProMods sites had a bit of downtime due to some script kiddie causing some damage to the server. I was "hired" (not really hired, just volunteered due to the Christmas spirit from a technology community based here in NZ) to take a look for ScuL. I would just like to state some things:
1) The database and forum doesn't appear to have got stolen - We're doing further investigation of a server drive dump to fully confirm the logs of the day the server was compromised. All passwords are salted and stored in a non-human readable form regardless but it is recommended to change your password.
2) The server was locked down as soon as SkuL noticed (quite quickly) so the potential for any further damage was quite minimal. He asked for help to evaluate the extent of the damage and get things up and running as quickly as possible again in a secure way.
3) I'm hosting the site / blog off my own VM host for the community via a brand new, clean virtual machine whilst we work on finding a more permanent place.
I was pretty surprised with how big the community was and didn't at all know what I was walking in to - literally didn't know about ProMods (forgive me please) and how complex everything is to set up on a new server I am a Linux Systems Administrator by trade and the last game I've played was Watch_Dogs 2 so I am "the odd one out" here.
I'll be working with SkuL to help maintain server level stuff - I am more behind the scenes but you would have noticed a few things have changed.
1) SSL is everywhere now - there is no reason to not use it since LetsEncrypt offer free SSL certificates.
2) Things should be a bit faster - the current server is hosted in the US and does have beefier specs than what everything was hosted on before. For the technically inclined we're also using HTTP2.
I do apologies for the PHP errors displayed earlier today (turns out phpbb doesn't like PHP7) and the many bugs whilst we got everything up and running. I had to learn how things worked from scratch There are also some current (known) bugs like email delivery issues (working on this) and also some broken images since they were hosted off other domains not quite recovered yet but we wanted to get the main stuff up and running ASAP.
I am sure that ScuL will make a proper announcement shortly but more just wanted to introduce myself to the wider community - wish you all a Merry Christmas etc. Feel free to post anything you find broken on the site below and either myself or ScuL will take a look at them when we can. I am sorry, but it is indeed my Birthday today so I will be out celebrating with family but we'll try and get things sorted. Both myself and ScuL appreciate the patience that everyone has given us too whilst we sort out this mess.
Churs.
1) The database and forum doesn't appear to have got stolen - We're doing further investigation of a server drive dump to fully confirm the logs of the day the server was compromised. All passwords are salted and stored in a non-human readable form regardless but it is recommended to change your password.
2) The server was locked down as soon as SkuL noticed (quite quickly) so the potential for any further damage was quite minimal. He asked for help to evaluate the extent of the damage and get things up and running as quickly as possible again in a secure way.
3) I'm hosting the site / blog off my own VM host for the community via a brand new, clean virtual machine whilst we work on finding a more permanent place.
I was pretty surprised with how big the community was and didn't at all know what I was walking in to - literally didn't know about ProMods (forgive me please) and how complex everything is to set up on a new server I am a Linux Systems Administrator by trade and the last game I've played was Watch_Dogs 2 so I am "the odd one out" here.
I'll be working with SkuL to help maintain server level stuff - I am more behind the scenes but you would have noticed a few things have changed.
1) SSL is everywhere now - there is no reason to not use it since LetsEncrypt offer free SSL certificates.
2) Things should be a bit faster - the current server is hosted in the US and does have beefier specs than what everything was hosted on before. For the technically inclined we're also using HTTP2.
I do apologies for the PHP errors displayed earlier today (turns out phpbb doesn't like PHP7) and the many bugs whilst we got everything up and running. I had to learn how things worked from scratch There are also some current (known) bugs like email delivery issues (working on this) and also some broken images since they were hosted off other domains not quite recovered yet but we wanted to get the main stuff up and running ASAP.
I am sure that ScuL will make a proper announcement shortly but more just wanted to introduce myself to the wider community - wish you all a Merry Christmas etc. Feel free to post anything you find broken on the site below and either myself or ScuL will take a look at them when we can. I am sorry, but it is indeed my Birthday today so I will be out celebrating with family but we'll try and get things sorted. Both myself and ScuL appreciate the patience that everyone has given us too whilst we sort out this mess.
Churs.