I can't update my story.

[Guest mrkaboom]

My story cannot be updates still. I keep trying to update it but it won’t allow me.

Please help

[BronxWench]

Hi,

That would be because the archive is still in read-only mode while we make sure we aren’t going to be vulnerable to another injection attack like the one earlier this month. Fixing the issue is a very painstaking process, and takes time. We’ll let everyone know when the archive is fully functional again.

Thanks for your patience!

[Krulos]

Good to know why; because I have had true and real trouble logging in in the first place, and updating my “favorites list” here.

Don’t get me wrong; I’m grateful to know the *why* that is at the present moment. Tis just a tidbit frustrating, but I *do* also understand the *why* you have moved it to a read-only mode at the present moment.

However, you *might* be interested in the reality that some works in the favorites list do not read as stories, but are dead-ends- that might help you out with sorting things out, and they are valid works. It simply is that the links in the favorites setting in the individual’s accounts do not connect to the works in question, for whatever the reason that is.

[BronxWench]

I’m tagging @manta2g to let her know about the dead links.

[Krulos]

A hearty thanks, BronxWench; and it is not at all *all* in site links, but only some, the ones that particularly appear fully bolded have turned out to be broken as a sample.

I am most truly grateful for the elevating this issue to the proper individual; as that should help big time with the whole deal!

[manta2g]

Hi could you give me some examples of those broken links? I’ve seen a few submising to recomemended and current reading where the archive is set wrong and thus become broken.
I’m in the process of simplifying how it is done, much how recommended authors and added and removed now.
 

[Krulos]

Manta2g; if you go onto my profile as even a guest, and click on “Currently Reading” and go on down to works that have the links bolded (and some links disappeared completely from my profile to works that I know were there to begin with, and have been on that for years at that), but also any links with the works title bolded are dead links, yet the works are there- and I know they worked quite well before this whole current mess that’s been going on. Such as “I like you” by “Crashandburn320”’s handiwork.

[Krulos]

And I mean *fully* bolded; not only some of the writing on the issues of the work’s link to the story.

[Krulos]

And it is pretty random which ones have broken links on my profile and had been validly set up to begin with and which ones do have functional links right now these days.

[manta2g]

Found a typo in the code for current reading and a bad story title that was messing with output. Check it over now.

[Krulos]

Sounds to me as if it is generally working now, but it looks to me as if an awful lot of works have disappeared from the list of favorited works; not so much any individual’s pieces.

But how did the code get up messed up, pray tell? Do you have any idea what happened? Okay if you don’t, okay if you do. I am merely interested in the mechanics of the material and the machinery’s makeup, and how it got all messed up to begin with; as it is a real pain.

[manta2g]

I have two kittens, they do not leave my desk alone. If I forget to hide my keyboard, it leads to issues…. Typos being a minor thing compared to some stuff.

[Krulos]

Ah, real pain, but I do understand the cat on your profile; and as a member of the site, I must insist that it these events be corrected; as I know I’m far from the only one who’s been really problematized by this, such as an annoying inability to correct and/or update my favorites list, in any capacity at all… and I’m pretty darn sure I lost some favorites in the meantime- and justifiable ones at that.

[manta2g]

You’ll be able to add and remove from both soon enough. It will no longer be a manual process, much like with favourite authors it will be a simple click of a button.

[Krulos]

Great to know! Even though I’d finally managed relatively midway between when I set up my account in the past and now to get it right; this upgrade really ought to work out right!

Oh, and from one reasonably familiar with CNT individual to another; you *might* make a habit of locking your machine if you leave it; I have *some* experience myself with protecting a machine from sabateurs, as your cats seem to have developed a taste for being- based on what you said. You’d need a functional password to unlock it, or a pin-number, but it is doable.

[Desiderius Price]

1 hour ago, Krulos said:

But how did the code get up messed up, pray tell? Do you have any idea what happened? Okay if you don’t, okay if you do. I am merely interested in the mechanics of the material and the machinery’s makeup, and how it got all messed up to begin with; as it is a real pain.

Given the nature of the issue (SQL Injection), a fair chunk of the website’s PHP script SQL bindings have to be rewritten, parameterizing and seriously sanitizing all user input.   Typos will happen, part of the process, I’m afraid.

[Krulos]

What does “SQL Injection” mean and how does that even happen, pray tell? What even *is* that, come to think of it?

[Desiderius Price]

4 minutes ago, Krulos said:

What does “SQL Injection” mean and how does that even happen, pray tell? What even *is* that, come to think of it?

Well, SQL is the code that databases understand.  Anyways, when in a rush or inexperienced or prototyping, the PHP website will take user input, directly make it part of the code that it sends to the database.  Now, SQL injection is a user crafting input that isn’t a simple thing like “erotica”, instead they make it funny so instead of a simple “get data” SQL statement, it becomes a “SQL do-this-other-thing” which can be to modify the database, get more than they’re supposed to, etc.  A solid fix is not make it part of the SQL, instead treating it as pure data, using the parameter-based SQL which avoids the injection issue.  – That’s me trying to make it simple.

Here’s a web-comic about it.  https://xkcd.com/327/

 

[Krulos]

So, how Sir, would that have developed to become the problem, do you think?

Oh, and I did notice quite a while ago, that when I’d try to type in the name of this website, it’d direct me incorrectly, but that was going on for quite a while before this whole sequence of events at that… and why would this be coming up now, pray tell?

It’d have to be a pretty darn serious data breach to allow it to attach a bad link, for just *anybody* to cause it to do that that is.

[Desiderius Price]

Such a vulnerability would’ve existed since the PHP scripts were first written, and obviously became a problem once that scammy scammer decided to exploit it.  That’s as far as I’ll speculate about it.

[manta2g]

Fiction portal 1.0 was written in php 4, 2.0 was done in php5 and ported to php 7 for the forums with bare bones changes to retain functionality. Fiction portal 3.0 is being done in php 8(current). The biggest issue for 2.0 is that security functions in php 5 were depreciated in php 7.

The injection attack only affected the stories tables. Every thing else was untouched. We assumed the worst that they had managed to bypass login requirements. Thankfully that was not the case. The attack was done via the archive search engine which only queries the stories table.

If you are really worried reset your password, that will log you out everywhere and allow you to secure your account. 

Whom ever this hacker is they are not fond of AFF. While in read only mode there have been a few attempts to overwhelm the server and crash it. That slows down my progress 😞.

[Desiderius Price]

Long time coder myself, which is why I can sympathize/empathize with you Manta!  When I played around with PHP/SQL/Web, think it was PHP-4/5? – enough to give me an idea of what you’re up to.

[Krulos]

I also cannot access my control panel as a user; it said “Error 404” for whatever the reason that is when I clicked on it.

Actually it said “File not found”, for whatever the reason is.

Edited October 1, 2022 by Krulos

[manta2g]

url? The user control panel is now directly integrated in with your profile when logged in.

[BronxWench]

I have to admit, I can’t seem to find my Control Panel either. I’m getting used to the new layout and features, but this one is eluding me as well.

EDIT:

Nevermind. I found it. @Krulos you need to click the little green rectangle icon that looks like a layout page, next to the archive where you want to add the story. Your Control Panel will open up when you do that. It was too damned obvious, and I was looking for something on my actual profile.  

Edited October 1, 2022 by BronxWench