Change Your Bookmarks

And now, a word from our moderators

Moderator: Moderators

Message
Author
User avatar
Tom
The Artist
Posts: 198
Joined: Thu Dec 16, 2004 10:37 pm
Location: Cinci, Ohio
Contact:

Change Your Bookmarks

#1 Post by Tom »

Edit: Alright, we're finally back on the home domain, now located on the private server.

I hope everything is working. There may be some problems I have to work out yet.
Image

FastChapter
The Inkwell Coyote
Posts: 9458
Joined: Wed Aug 09, 2006 9:28 pm

Re: Change Your Bookmarks

#2 Post by FastChapter »

Will the forums be getting moved as well, or do you plan to just update the link on the main page?

User avatar
Tom
The Artist
Posts: 198
Joined: Thu Dec 16, 2004 10:37 pm
Location: Cinci, Ohio
Contact:

Re: Change Your Bookmarks

#3 Post by Tom »

Once the domain is transferred, I may have to play a little musical chairs to keep the forums up. I'll try to transfer the forums to the domain once it's settled so there isn't as much down-time.
Image

User avatar
Raphael
Templar Inner Circle
Posts: 4811
Joined: Wed Apr 23, 2008 11:41 pm
Location: behind you, with a blade at your throat
Contact:

Re: Change Your Bookmarks

#4 Post by Raphael »

Well, hopefully it'll all end in success, good luck Tom.
Image

User avatar
Tygron
Notakitty!
Posts: 5768
Joined: Tue Dec 30, 2008 3:02 am
Location: The DJ Booth
Contact:

Re: Change Your Bookmarks

#5 Post by Tygron »

Good luck man, and i'll be sure to fix my bookmarks ASAP. (don't let that stop you though)
[Click the sig to check out my music]
Image
emmy wrote:It's not to prevent the suit from being stolen, but to prevent the fancy mofo in it from being stolen. :P

Harb
Grand Templar
Posts: 2256
Joined: Wed Jan 21, 2009 12:00 pm

Re: Change Your Bookmarks

#6 Post by Harb »

the redirecting after using the old url isn't working anymore, so it's time for a change of bookmarks.
[under construction]

User avatar
Tygron
Notakitty!
Posts: 5768
Joined: Tue Dec 30, 2008 3:02 am
Location: The DJ Booth
Contact:

Re: Change Your Bookmarks

#7 Post by Tygron »

Yeh I had to change my bookmark cause I procrastinated too much
[Click the sig to check out my music]
Image
emmy wrote:It's not to prevent the suit from being stolen, but to prevent the fancy mofo in it from being stolen. :P

Dlemon
Grand Templar
Posts: 1142
Joined: Sat Dec 20, 2008 2:36 pm
Location: Lost in the Internet....

Re: Change Your Bookmarks

#8 Post by Dlemon »

Well as soon as 2kinds.com switches to the private server we wont have to worry about virus problems as much, and the website should run faster. Good luck with the move and all, Tom. Maybe after the move is over you'll have more time to work on the book.
Image

LinKinds
Posts: 0
Joined: Thu Jul 09, 2009 3:50 am

Re: Change Your Bookmarks

#9 Post by LinKinds »

I hope this helps keep Tom focused on new comics rather than server related troubleshooting.

We've seen these same types of "attacks" from time to time and they always seem to use one of a handful of ways to modify the pages with the iframes or inject malicious .htaccess content. I will list the most common below, but there may be others.

1) dl() with mod_php

The http://php.net/manual/en/function.dl.php PHP dl() function allows PHP to load extensions such as Ioncube or Zend dynamically where needed instead of simply installing them globally where they will be loaded on mod_php startup. The code is designed to unload the extension after the process is complete, but certain versions of PHP had bugs which allowed malicious attackers to load the extension in a way where it would modify the processed PHP content of all accounts on a server with an iframe at random times. This is one of the rare occasions where it is a global bug rather than strictly a user level bug where only a single account is affected.

This was solved by disabling the dl() function, switching to phpsuexec (PHP as a CGI), or by using modules such as suhosin from http://www.hardened-php.net/.

This attack is rare because it relies on access to the server, vulnerable PHP/Apache versions, and slow administrator response.

2) Virus with FTP password.

The most common method we've seen used in cases like this is a virus simply infecting a workstation with access to the passwords, logging into cPanel/FTP/Webdav using passwords stored on the machine, and uploading modified pages. These viruses are more advanced than one would think and their authors try to take advantage of every method of infection possible.

I always suggest a scan with at least two different antivirus engines (Free examples at http://www.avast.com/ http://pack.google.com/ and http://housecall.trendmicro.com/), several malware scanners (Spy-bot from http://www.safer-networking.org/en/home/index.html Ad-aware from http://download.cnet.com/Ad-Aware-Anniv ... 45910.html or Malwarebytes from http://download.cnet.com/Malwarebytes-A ... 04572.html). The Google Pack from http://pack.google.com/ also offers Spyware Doctor Starter Edition which offers another scanner to use.

These measures might seem excessive, but we've seen client sites hacked repeatedly after changing passwords to 30+ characters on BSD based servers knowing the servers were 100% secure. After scanning with multiple tools the infection was finally found and removed from the client's workstation. The hacking stopped after that. :)

3) Vulnerabilities in installed software.

There are sometimes problems with the software installed onto a website which allows code injection into writable documents such as index pages.

This is easily prevented by keeping software such as phpBB up to date and checking for vulnerabilities in custom software on the site that may allow such injections. mod_security can help find and block these types of vulnerabilities.

--

Cleaning up after this type of hack can be bothersome. The easiest way is to upload a completely new backup of all site content before the hack took place. If that is not an option then scan the website contents with ClamAV (it detects a wide variety of different types of malware), run a grep for iframes and javascript to manually check for any additional nastiness, check .htaccess files for any injected content (this is more common than you think), and check crons for any injections that may allow for reinjection.

Note: It isn't common for the server itself to be rooted (hacked) when this occurs. This is most commonly an account level/user level problem rather than a global security breach on the entire server.

User avatar
specter
Templar GrandMaster
Posts: 865
Joined: Mon Mar 09, 2009 1:05 am
Location: TX

Re: Change Your Bookmarks

#10 Post by specter »

So, private server now, hu? Nice
...God, so many problems. Kudos to Tom for handling 'em all.

:? Interesting...LinKinds up there has no posts...right next to his post. another case of the lost posts it seems
Image

FastChapter
The Inkwell Coyote
Posts: 9458
Joined: Wed Aug 09, 2006 9:28 pm

Re: Change Your Bookmarks

#11 Post by FastChapter »

Looks like the server swap is finished, or at least a part of it is finished! :) Nice and fast, the way I like it. Thanks Tom!

Harb
Grand Templar
Posts: 2256
Joined: Wed Jan 21, 2009 12:00 pm

Re: Change Your Bookmarks

#12 Post by Harb »

...aaaaaand there we go again!

thanks, tom! it went smoother and quicker than i had presumed.

LinKinds
Posts: 0
Joined: Thu Jul 09, 2009 3:50 am

Re: Change Your Bookmarks

#13 Post by LinKinds »

I wouldn't be so sure that it is fully switched over yet.

It looks like the 2kinds.com domain has been switched over to a dedicated solution (bare metal or virtualized) at 1and1, but it doesn't look like the website is fully running on the new server yet.

http://whois.domaintools.com/2kinds.com vs. http://whois.domaintools.com/twokindscomic.com

I tried to visit the site once when twokindscomic.com was redirected to 2kinds.com on the new server, but it was so slow that it was virtually unusable. It looks like the new server isn't optimized to handle all the traffic the website gets or doesn't have enough resources to handle it.

User avatar
Raphael
Templar Inner Circle
Posts: 4811
Joined: Wed Apr 23, 2008 11:41 pm
Location: behind you, with a blade at your throat
Contact:

Re: Change Your Bookmarks

#14 Post by Raphael »

Could Tom or one of the mods check the forum coding or something for bugs? Extorio's virus protection system seems to be blocking him from entering the forum.
Image

User avatar
Chi-Yu
New Citizen
Posts: 43
Joined: Fri Mar 13, 2009 7:35 pm
Location: Germany
Fav. Twokinds Character: Natani

Re: Change Your Bookmarks

#15 Post by Chi-Yu »

"Dlemon: Well as soon as 2kinds.com switches to the private server [...] the website should run faster."

Something makes me think that something went wrong.

Post Reply