Bad news, new start...

[Wiz]

I am sorry to report that at 10.53 am today, someone logged into the administration section of the forum, removed and then killed our coffee shop. Everything that is done in the admin section is logged and so of course I went to see what had happened. Here's a jpg of the log.

At first sight, it looks like an accidental blunder by Jaws, however there are two problems with that, firstly, Jaws was asleep in bed at the time and secondly that isn't his IP address range (see below)

So basically someone has go a hold of Jaws' password, logged into the admin section and deleted the Coffee Shop forum. Having had a late night chat with John about it, the most likely explanation comes from his use of the public hospital computer when he was staying there with Mo. He didn't clear the cookies when he left it and so when someone else has used it, they have gone to the site, been automatically logged in as John and had "a little play" in the admin section resulting in the loss of our coffee shop forum. Regrettably, the way in which it has been deleted means that it cannot be retrieved :B

There are a couple of lessons to learn from this. One is that we will introduce a regular data back up schedule and the other is that we will not administer the site from public computers anymore. I know that doesn't help the current situation but I'm afraid that nothing will.

2003 will soon be upon us, time for a new beginning I think. I'm going to meet with John over the remainder of this break to discuss and implement a whole new structure to the forum that helps people find valuable information more easily. In the meantime, you all need to start doing some serious spouting so that we can start filling the pages with lots more b*ll*cks again.

Onward and upwards folks, ho hum...

 

[fat bert]

Additionally~~

For those who are NOT aware, the forum is setup to automatically save cookie user info for those who select "remember me" on their settings.

It is ONLY when you log off that cookies are deleted.

My recommendation to ANYONE that is accessing the forum from anything OTHER than their own PC, is to make sure that you log off after you've finished.

Recently Barmy Ben came to see me in my office......used one of my terminals to log in......posted the "hostages" message for a bit of fun...didn't log off. When I came to access the forum later, I was automatically logged in as Barmy Ben and easily managed to access his Private Messages! It was only when I logged off that his handle and password were removed.

Whilst a pain to have to log-in every time you access the forum, perhaps this is a small price to pay for "added security"?

Wiz, if cookies were disabled this would prevent this trauma happening again, surely?

 

[Wiz]

You have the option to turn off automatic login in your user profile. I guess that I could make it compulsory but a lot of people may find that a pain.

I think that yesterday's event was caused by a combination of some very bad luck and it is very unlikely to ever happen again. Backing up the forum is gonna help too but hey, this is a democracy, start a poll and I'll go with the majority...

 

[Quiney]

Surely

everyone with admin rights should have two log-ons.

One as themselves - Jaws, Bert etc for normal use.

When they are required to perform 'admin' functions then they use a different log-on and it is their responsibility to log-out and therefore clear the cookies.

 

[petrosc]

And

Everything like Log On-Off, by the admins, should be cleared through me.

I'll bo**ocks the forum then and only then.....:neenaw:

 

[XXscraper]

Post numbers

Is this why we all seem to have lost numbers of posts ie mine was about 300 and is now just 200ish? :B

 

[DB on CBR1100XX]

Wiz.................

...........I presume you'va already done this but:

Here's the id for the ip addresses mentioned in the logs........


____________________

whois -h whois.ripe.net 195.93.50.12


% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum: 195.93.0.0 - 195.93.63.255
netname: AOL-EU-1
descr: AOL Inc
country: US
admin-c: AOL5-RIPE
tech-c: AOL5-RIPE
status: ASSIGNED PA
mnt-by: AOL-EU-MNT
mnt-lower: AOL-EU-MNT
changed: domains@aol.net 20000220
changed: domains@aol.net 20000621
source: RIPE

route: 195.93.0.0/17
descr: AOL International Operations, Europe
origin: AS8292
mnt-by: MAINT-ANSUK
changed: tar@ans.net 19970519
changed: sirving@ans.net 19980720
source: RIPE

person: AOL NOC
address: America Online Inc.
address: 22080 Pacific Blvd
address: Sterling, VA 20166
address: USA
phone: +1 703 265 4670
e-mail: domains@aol.net
nic-hdl: AOL5-RIPE
mnt-by: AOL-EU-MNT
changed: domains@aol.net 20000621
source: RIPE

----------------------------------------

The above is the first one...........the second one and perhaps the more interesting below....................


__________________________

whois -h whois.arin.net 172.182.233.228


OrgName: America Online
OrgID: AOL

NetRange: 172.128.0.0 - 172.191.255.255
CIDR: 172.128.0.0/10
NetName: AOL-172BLK
NetHandle: NET-172-128-0-0-1
Parent: NET-172-0-0-0-0
NetType: Direct Allocation
NameServer: DAHA-01.NS.AOL.COM
NameServer: DAHA-02.NS.AOL.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-03-24
Updated: 2002-08-09

TechHandle: AOL-NOC-ARIN
TechName: America Online, Inc.
TechPhone: +1-703-265-4670
TechEmail: domains@aol.net

OrgAbuseHandle: AOL382-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-265-4670
OrgAbuseEmail: abuse@aol.net

OrgNOCHandle: AOL236-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-703-265-4670
OrgNOCEmail: noc@aol.net

OrgTechHandle: AOL-NOC-ARIN
OrgTechName: America Online, Inc.
OrgTechPhone: +1-703-265-4670
OrgTechEmail: domains@aol.net

_________________________-

Note the non portable bit. Could this mean these are static IP's rather than dynamic ones for the AOL subscriber in qustion ??? I think it may be worth a followup with AOL as you are the sysop. Apologies if I am teaching the sucking of eggs but sometimes the blindingly obvious can be overlooked in a crisis and I for one would like to nail the cretin who has trashed two years of history. Nobody died but ..........You know.............:B

 

[fat bert]

Thnx DB~~

Wiz has been on the case for some time now.

Time to move on?

 

[Wiz]

Dave, it's a good point and I had thought about it, but being faced with trying to get co-operation from AOL, possibly only to find out that the IP address leads back to a public computer and then even more likely to be told that it's our own fault anyway and we should be more careful, it hardly seemed worth the trouble.

Even if it did lead back to an individual, what would be the chances if doing anything about it? I for one am not going to sink thousands of pounds into trying to secure a prosecution. I think that Bert is right. I'll implement a backup routine and we'll move on.

For the record, It isn't two years of Banter 'cos we only moved here 8 months ago and if we are honest, how often do we look back more than 2, 3 or even 1 page? I think we should take this opportunity to structure the site so that we can find information more easily, shrug off the trauma and move on, there are too many other things to worry about in life.

 

[fat bert]

Time to move on~~

Nuff Said??

Good :beer: :beer: :beer:

This time tomorrow, we'll all be ready for the Annual End of Year Piss Up

so

who is going to be first to post in 2003?????????

 

[Cyclops]

Most likly

to be you Berty boy as you are the only person I know sad enough to be poised by a computer on the stroke of midnight.

 

[petrosc]

Yes

sitting there with a skewer up his harse.

Me and Lissie are building a kebab house (with parking facilities) and there will be loads of skewers about.

Be very careful how you treat your guests. Feed and water them well.........................:f :f

 

[fat bert]

To explain the last post from Kebab Man~~

What did he get for Xmas??????

A "Build it Yourself Kebab Takeaway Shop" Kit

Trouble was - he couldn't understand how it works so it took my daughter Libbie [aged 19 months] to explain it to him.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
..

 

[petrosc]

Libbie

She is a better builder than me and you put together!!!!!!!!!

The difference is: I admit it........

 

[ALonaBIRD]

certainly wont be me posting first in 2003


i fully intend being stuffed, drunk, stoned or any combination of the above :beer: :-: uke:

 

[Froggie]

It was a mistake

ok a mistake sorry

 

[Froggie]

Maibe

only when you know you done something wrongc7u8

 

[richard]

I remember it well.



R%$fan