Thoughts Media.com

 


Windows Phone Thoughts

Loading feed...

Digital Home Thoughts

Loading feed...

Apple Thoughts

Loading feed...




Go Back   Thoughts Media Forums > Thoughts Media Status Updates

Reply
 
Thread Tools Display Modes
  #1  
Old 04-09-2008, 04:51 PM
Jason Dunn
Executive Editor
Jason Dunn's Avatar
Join Date: Aug 2006
Posts: 29,160
Default We're Back...And Here's Our Tale of Woe

After what is, I believe, the longest down-time in the history of these sites, we're back and live. Such a long window of down-time deserves an explanation more detailed than a haiku (did anyone notice the first version of the haiku wasn't actually a proper haiku? And this is from the guy who just got back from Japan!), but this explanation has to reach back a few years to make complete sense.<br /><br />We've been running on the same main machine for web and database serving for several years - a dual Xeon box from ev1 (we also had a second box for email and image serving). Long story short(er), it was largely unmanaged - I got help for specific problems when I needed it, but by and large it was completely left alone for almost four years. Yeah, that's very bad news from a security standpoint. I'm NOT a server guy, so I think I buried my head in the sand and hoped for the best. Not a good plan, right? Part of the problem was that the OS was old and what we really needed was to move to a new box with a new OS - but I didn't want to do that until all the sites were on vBulletin and I knew how much hardware I needed (phpBB is much more resource intensive than vBulletin is). Getting from phpBB to vBulletin took, literally, almost two years of development work - we had to develop a new CMS from scratch, something flexible and powerful enough to be used for years to come.<br /><br />Somehow, miraculously, over the years we never had major problems on our main server (likely because it had no control panel software to hack) - until December of last year. A few days after my <a href="http://www.jasondunn.com/the-world-is-a-darker-place-today-644" target="_blank">dear friend Crystal passed away</a>, and during the weekend when I was preparing for her funeral (I was doing some video/photos stuff for it), our secondary server (email/images) got hacked via Cpanel. So while grieving her loss I was also dealing with having huge email problems and worrying about losing data. Over the next couple of days, Jorj was moving that server to a virtual machine on our main server. Incredibly, as if the universe itself was punishing me, the morning of the funeral day <strong>our other server got hacked</strong> and our install of phpBB was breached several times. No data was lost, but we had spammers and virus/spyware distributors trying to hijack our forums. We fought them off, and closed the holes as best we could. I can't explain how grateful I am to <a href="http://www.jorj.org" target="_blank">Jorj</a> and <a href="http://www.janak.net" target="_blank">Janak</a> for their help - Jorj in particular spent a great deal of time working on the server in between celebrating Christmas with his family (and this is all volunteered time). His selflessness was/is awe-inspiring. <MORE /><br /><br />The problem with being hacked is that once it happens, you're never entirely sure what they left behind to hack you later with - the best recourse of action is to &quot;burn the box&quot;, meaning to abandon the OS and start fresh. This is why I was never able to explain our holiday 2007 down-time to all of you - you never want to say &quot;Oh, we were hacked&quot; unless you're sure you're ready to withstand another attack - and we weren't. We needed a new server anyway, so we did an emergency move from our old server (which now contained two servers) to our new server purchased from The Planet. Because it happened so fast, and because we were still planning on migrating Pocket PC Thoughts to vBulletin, we didn't want to set up phpBB on the new server - so we ran our two previously hacked servers each inside a virtual machine (VM) on the new server.<br /><br />Things seemed to be OK for a while, and we successfully migrated Pocket PC Thoughts to vBulletin - all still on the same unstable and wobbly VM. We migrated our email/image server to a fresh VM, and were making preparations to do the same with our main web/database server now that we were 100% on vBulletin. I asked the team to work on it while I was in Japan, and we'd move soon when I got back. I returned home on Friday the 4th, and the morning of Saturday the 5th I upgraded vBulletin to the latest version that had just come out that day or perhaps a day earlier. Things were going fine - or so I thought.<br /><br />The next day, Sunday night the 6th of April, I was driving home with my wife from a family dinner, and Jon Westfall called my mobile phone: &quot;We've been hacked - bad.&quot; So I rushed home and saw that our vBulletin forums had been hacked. It turns out that our install of vBulletin had been hacked prior to moving Pocket PC Thoughts over - and we didn't know it because the hacker chose to wait. A scramble ensued, the almost-haiku went up, and the team of Janak, Jorj, Darius, Fabrizio and myself struggled to figure out what happened and how to fix it. The hack was deep and wide - and specifically targeted at our vBulletin database. We initiated an emergency move over to a fresh VM on the new server Monday morning, but the concerns over what happened to our vBulletin database remained. For a litany of reasons we didn't have a very recent database backup, so we had to take the slow and painful steps of seeking out every possible place the hacker could have gotten into. With some great help from <a href="http://www.SEOvB.com" target="_blank">David from SEOvB.com</a>, last night we managed to get things fixed up - though we lost our Pocket PC Thoughts forum template (style) and the developer I paid to create it didn't have a copy of his work...<sigh>.<br /><br />So here we are. We're on two fresh VM installs, managed by Jorj, and one some fast hardware: a Quad-Core 2.13 GHz Kentsfield Xeon 3210 CPU, 8 GB of RAM, and some decently fast 500 GB hard drives (though we might need to upgrade these later). Now that we've jettisoned phpBB, and our old VM, things around here should be faster - though Jorj did want me to point out that because we're essentially starting over with this new VM, performance tuning will need to be done before we're really optimized. But it sure seems faster to me already!<br /><br />There's a lot of work left to be done, but that's the story as to why we've been down since Sunday night. I'm much more confident now in the server we have, and the people managing it (instead of yours truly), so I believe we're going to have great uptime from now on. The Pocket PC Thoughts migration happened in a rush, so there are things that still need fixing there, including launching some subscriber features. Stay tuned, and thank you for your support - it's been a rough three months, but I believe the worst is behind us now and it's going to be a great remainder of the year for the Thoughts Media communities...<br /><br />Sincerely,<br />Jason Dunn<br />Thoughts Media Inc.</sigh>
__________________
Want to contact me personally? Use this. Want to read my personal blog? Check it out. Want to follow me on Twitter? Here you go.
 
Reply With Quote
  #2  
Old 04-09-2008, 04:59 PM
RobrechtV
Pupil
Join Date: Jun 2005
Posts: 31

Glad you're back online! :-)
 
Reply With Quote
  #3  
Old 04-09-2008, 05:02 PM
Jorj Bauer
Server Shogun
Join Date: Jul 2002
Posts: 89

Quote:
Originally Posted by Jason Dunn View Post
After what is, I believe, the longest down-time in the history of these sites, we're back and live ... Jorj in particular spent a great deal of time working on the server ...
Aww, shucks. (blush)

Seriously, I'm glad to keep a great resource like this running. Jason, it's in my best interest to keep you going -- where else am I going to get all this great news?? It's like having my own private news team!

On the other hand, my wife would probably suggest a "donations to the wife of the guy that's always busy" site. So go take a look at her very awesome christmas baking website, make yourself the recipies that keep my waistline expanding, and think of her.
__________________
-- Jorj Bauer
[DejaVu Software, Inc.]
[PhotoBlog]
 
Reply With Quote
  #4  
Old 04-09-2008, 05:18 PM
nosaturn
Pupil
Join Date: Oct 2003
Posts: 15
Send a message via MSN to nosaturn
Thumbs up good to see you back Jason

I'm very happy to have Thoughts back. after all these years, I got scared when I couldn't see ya'll!

-Brian Haley
__________________
-Brian
 
Reply With Quote
  #5  
Old 04-09-2008, 05:32 PM
Happyman
Neophyte
Join Date: Jul 2005
Posts: 7

I'm glad for your come back. This site one of the world on my data information update.
 
Reply With Quote
  #6  
Old 04-09-2008, 05:49 PM
jaxim
Ponderer
jaxim's Avatar
Join Date: May 2007
Posts: 87

I'm so glad to see both the Digital Home & Zune Thoughts websites back up!!
:-)
 
Reply With Quote
  #7  
Old 04-09-2008, 06:03 PM
stevew
Theorist
stevew's Avatar
Join Date: Aug 2006
Posts: 281

I've been coming to this site daily since the beginning and I got kind of an empty feeling inside when it was gone.
 
Reply With Quote
  #8  
Old 04-09-2008, 06:04 PM
asif2020
Pupil
Join Date: Nov 2007
Posts: 14

Regardless of the issue, I'm glad it was resolved. Good to have you back!
 
Reply With Quote
  #9  
Old 04-09-2008, 06:05 PM
paschott
Intellectual
paschott's Avatar
Join Date: Jan 2008
Posts: 211

I feel for you with the mess that's been going on, but am glad that you're back up and running. Shame you can't easily track down the hacker(s) and initiate some form of justice there, but I realize that's much easier said than done.

Hope that this is the last of it and looking forward to the future of the sites.

-Pete
 
Reply With Quote
  #10  
Old 04-09-2008, 06:13 PM
JonnoB
Mystic
JonnoB's Avatar
Join Date: Jul 2003
Posts: 1,768
Send a message via AIM to JonnoB Send a message via MSN to JonnoB Send a message via Yahoo to JonnoB

My heart skipped a couple of beats with the anxiety of PPCThoughts withdrawals. Thanks to all who helped Jason and this site get back on its virtual legs.
__________________
Jonathan (JonnoB)
"All that is necessary for the triumph of evil is that good men do nothing." -Edmund Burke
 
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 12:13 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright Thoughts Media Inc. 2009