[Coco] Gallery and Forums

[David Roper]

I'd be happy to donate towards the upgrade version, if that's an easy 
way to fix the issue

Regards,
David

Roger Taylor wrote:
> Since I changed my password again, the Gallery is temporarily down 
> until I update it to know the new database password.
>
> THE FORUMS... I'm working hard to track down how these attacks are 
> being done, how new spammers are joining by bypassing the secure 
> signup process, and how to get rid of the trojans that are being 
> pushed to web browsers.  Signup requires manual verification by me, 
> which obviously doesn't apply to advanced spammers?  That is, until I 
> patch the system.  I'm coming across patches on the forum company's 
> site but it takes time to do the fixes.
>
> One odd thing is that the company, who owns the most popular forum 
> software, has come out with a pay-only version (2.0.0, I think), and 
> they have removed downloadable no-support versions, and some of the 
> links to certain security patches.  HmmmMMmmm.  What a great way to 
> push sales?  Could an employee or ex-employee know so much about the 
> system to do almost anything and to convince the public to move to 
> the latest costly version?  Probably not the case, but man it sure 
> does make you wonder.
>
> The server log is huge and without an IP of the spammer it is 
> impossible to find the HTTP requests made to perform these 
> attacks.  With the request information I can see about doing my own 
> patch.  I've removed the calendar feature since there was a known 
> issue there with MySQL injections.  I might also import our database 
> into OpenOffice.org for offline reviewing to see if something was 
> injected somehow that's causing some of these problems.  I don't see 
> how a hosting company can let anybody but ME have accidental access 
> to my databases, but we're talking about the Great WWW, 
> here.  Anything goes, and usually does.
>
> Members, Please CHANGE YOUR PASSWORD, which is a common thing to do 
> anyway.  Do not use dictionary-guessable names.  Bots will try common 
> passwords and combinations to enter through your account if they 
> can?  Somehow messages are being posted by unregistered spammers, and 
> I'm also trying to figure out how that is done so I can defeat it.
>
> If the forums go offline temporarily, it is because I've had enough 
> and will shut it down while I'm working.  I want to avoid renaming 
> the URLs because we'll lose our Google and other s.e. listing ranks, 
> but I may have to reinstall the forums under a new directory.
>
> An upgrade to the commercial version is $149 which I read to believe 
> doesn't have these spammer issues, but also includes tech support in 
> case it happens.  I want to avoid this upgrade if possible.
>
> I'm sorry that we're having these problems (challenges) but nobody is 
> immune to the havoc that spammers are causing on the free web, an 
> open domain for criminals and "I can sleep at night no matter who I 
> hurt" breed of "people".  I'm bothered by this entire issue, and I 
> want everyone to know that I'm trying in the time I have to cure the problem.
>
> Tomorrow I will be on the phone with my hosting company.  More soon.
>
>
>
>