Click Here!

Desiderius Price

Members
  • Posts

    3,733
  • Joined

  • Last visited

  • Days Won

    281

Posts posted by Desiderius Price

  1. 2 minutes ago, WillowDarkling said:

    Thank you for your understanding and continued patience. 

    I’m probably the least tech savvy of the staff, but what I can say is that the attack was a so-called SQL injection attack… @Desiderius Price please correct me if I got that wrong, it’s past my bedtime again… I really shouldn’t be moderating past my bedtime :kittensorry:

    You had it right, SQL Injection Attack.  The mitigation basically requires a website rewrite, therefore it’ll take time given Manta’s still needs to work her day job.

  2. 4 hours ago, BronxWench said:

    If I had any ability at all to help, I’d pitch in, but quite frankly, I’d probably make a bigger mess than whoever launched the injection attack.

    With software, it can be counter productive to toss more people at it (ie too many cooks in the kitchen).    Manta would suddenly become a manager, having to get them up to speed, coach, etc; that’d take her away from actually fixing the issue.  If we were already trained, worked well together, then yes, using us might make it go faster.  Better to step back and make sure she’s not too stressed out.

  3. 37 minutes ago, BronxWench said:

    I have to admit, I can’t seem to find my Control Panel either. I’m getting used to the new layout and features, but this one is eluding me as well.

    EDIT:

    Nevermind. I found it. @Krulos you need to click the little green rectangle icon that looks like a layout page, next to the archive where you want to add the story. Your Control Panel will open up when you do that. It was too damned obvious, and I was looking for something on my actual profile. :blush: 

    Thanks, figured I’d try it and needed the guidance.   Placement seems a bit on the cryptic side.

  4. 7 hours ago, Deadman said:

    I wouldn’t want to do anything that would cause a problem, but I also love the idea of being able to post stuff again. I can wait if you think it would help.

    Psst… suggest not pinging and interrupting the coder unless you’ve found a bug in the new stuff.  And even then, maybe have a single topic/thread to record them so she can deal with it one at a time?

  5. 4 minutes ago, Krulos said:

    What does “SQL Injection” mean and how does that even happen, pray tell? What even *is* that, come to think of it?

    Well, SQL is the code that databases understand.  Anyways, when in a rush or inexperienced or prototyping, the PHP website will take user input, directly make it part of the code that it sends to the database.  Now, SQL injection is a user crafting input that isn’t a simple thing like “erotica”, instead they make it funny so instead of a simple “get data” SQL statement, it becomes a “SQL do-this-other-thing” which can be to modify the database, get more than they’re supposed to, etc.  A solid fix is not make it part of the SQL, instead treating it as pure data, using the parameter-based SQL which avoids the injection issue.  – That’s me trying to make it simple.

    Here’s a web-comic about it.  https://xkcd.com/327/

     

  6. 1 hour ago, Krulos said:

    But how did the code get up messed up, pray tell? Do you have any idea what happened? Okay if you don’t, okay if you do. I am merely interested in the mechanics of the material and the machinery’s makeup, and how it got all messed up to begin with; as it is a real pain.

    Given the nature of the issue (SQL Injection), a fair chunk of the website’s PHP script SQL bindings have to be rewritten, parameterizing and seriously sanitizing all user input.   Typos will happen, part of the process, I’m afraid.