Author Topic: Bug Report Thread  (Read 366179 times)

Tengukami

  • Breaking news. Any season.
  • *
  • I said, with a posed look.
Re: Bug Report Thread
« Reply #390 on: March 05, 2018, 04:03:54 PM »
Snowball Challenges were dumb too.

Yes agreed. The only time something good ever came of it was when Apotheosis wrote up what is colloquially known as Douchebag In Gensokyo, and that could have easily been written without a Snowball Challenge being involved.
« Last Edit: March 05, 2018, 04:07:45 PM by Tengukami »

"Human history and growth are both linked closely to strife. Without conflict, humanity would have no impetus for growth. When humans are satisfied with their present condition, they may as well give up on life."

CrestedPeak9

  • Fangame Advocate
Re: Bug Report Thread
« Reply #391 on: March 06, 2018, 06:10:23 AM »
Oh, security certificate fixed. Thanks.
Lunatic 1cc: EoSD, PCB, IN, MoF, TD, DDC, LoLK, HSiFS, WBaWC

Hello Purvis

  • *
  • Hello Jerry
Re: Bug Report Thread
« Reply #392 on: March 06, 2018, 08:00:19 AM »
Heeeey it stopped doing the thing. Thanks, Tso!

helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #393 on: March 07, 2018, 12:53:42 AM »
Sorry for the downtime. I got a very fun email that Triela was being rude and harassing other poor server hosts as part of a DoS. Turns out, despite firewalling off the ports on memcached from day one, our server was briefly hijacked and proceeded to spew about 2TB of data out in the course of 10 hours today.

I've resecured the box and have immediately depreciated a few things. While it doesn't look like they actually got any significant access, the nature of the attack at least means they managed to have some sort of arbitrary code access through the web server process. They did not, however, seem to get anywhere past that.

I have immediately removed the long derelict frontpage, and the IRC web client is down for the time being pending redesign. I've also forcibly upgraded all of the MediaWiki instances (DMF, Help Me!). The conwiki I have not made any changes to, but if I see any suspect access I will be forced to migrate it to another platform, as it looks like MoinMoin is very dead :\

If there's any problems, please let me know. :3c
« Last Edit: March 07, 2018, 12:55:48 AM by helvetica »


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Re: Bug Report Thread
« Reply #394 on: March 07, 2018, 01:05:29 AM »
While it doesn't look like they actually got any significant access, the nature of the attack at least means they managed to have some sort of arbitrary code access through the web server process.
Wait... That's not significant?

MatsuriSakuragi

Re: Bug Report Thread
« Reply #395 on: March 07, 2018, 03:53:25 AM »
Sorry for the downtime. I got a very fun email that Triela was being rude and harassing other poor server hosts as part of a DoS. Turns out, despite firewalling off the ports on memcached from day one, our server was briefly hijacked and proceeded to spew about 2TB of data out in the course of 10 hours today.

I've resecured the box and have immediately depreciated a few things. While it doesn't look like they actually got any significant access, the nature of the attack at least means they managed to have some sort of arbitrary code access through the web server process. They did not, however, seem to get anywhere past that.

I have immediately removed the long derelict frontpage, and the IRC web client is down for the time being pending redesign. I've also forcibly upgraded all of the MediaWiki instances (DMF, Help Me!). The conwiki I have not made any changes to, but if I see any suspect access I will be forced to migrate it to another platform, as it looks like MoinMoin is very dead :\

If there's any problems, please let me know. :3c

Whoa there you are

Lebon14

  • 椛ちゃん、助けてぇぇぇぇぇ!
Re: Bug Report Thread
« Reply #396 on: March 07, 2018, 06:37:51 AM »
[...] our server was briefly hijacked and proceeded to spew about 2TB of data out in the course of 10 hours today.

[...] the nature of the attack at least means they managed to have some sort of arbitrary code access through the web server process. They did not, however, seem to get anywhere past that.

[...]

So, our emails and passwords are safe?

helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #397 on: March 07, 2018, 08:24:18 AM »
Wait... That's not significant?
I'm not quite convinced they even got that far actually. All the traffic came out over IPv6, if they had access why not both? While I did have proper firewall rules in place supposedly to block outside access to TCP/UDP 11211, I'm wondering if there was a flaw that allowed the attacker to bypass it.

At first I just assumed they had to have some sort of local shell to do what they did given the firewall rules, but there's been no evidence to support any sort of access was gained. It doesn't  add up. I've locked down possible avenues as a precaution, and I'll be heavily auditing access and traffic for the next few days regardless.
« Last Edit: March 07, 2018, 08:26:27 AM by helvetica »


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Re: Bug Report Thread
« Reply #398 on: March 07, 2018, 09:19:28 AM »
Sorry for the downtime. I got a very fun email that Triela was being rude and harassing other poor server hosts as part of a DoS. Turns out, despite firewalling off the ports on memcached from day one, our server was briefly hijacked and proceeded to spew about 2TB of data out in the course of 10 hours today.

I've resecured the box and have immediately depreciated a few things. While it doesn't look like they actually got any significant access, the nature of the attack at least means they managed to have some sort of arbitrary code access through the web server process. They did not, however, seem to get anywhere past that.

I have immediately removed the long derelict frontpage, and the IRC web client is down for the time being pending redesign. I've also forcibly upgraded all of the MediaWiki instances (DMF, Help Me!). The conwiki I have not made any changes to, but if I see any suspect access I will be forced to migrate it to another platform, as it looks like MoinMoin is very dead :\

If there's any problems, please let me know. :3c
Oof. Unsecured and hijacked memcached servers have been producing huge DDoSes for at least a week now, but a hijacked memcached server that was already firewalled is definitely a bigger concern.

Nice to see the home page redirect to the forum now.

Edit: Changed password just in case. Password managers make password changes trivial anyway.
« Last Edit: March 07, 2018, 09:22:54 AM by shockdude »
Playing Touhou since 18 March 2012. Playing video games since 19XX.
Normal 1CC: EoSD, PCB, IN, PoFV, MoF, SA, UFO, TD, DDC, HSiFS, CtC.
Extra 1CC: EoSD, PCB+Phantasm, IN, PoFV (K&S), MoF, SA, TD, HSiFS, CtC+Phantasm.
Hard 1CC: EoSD, PCB, IN, MoF, TD, CtC.
Lunatic 1CC: EoSD

helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #399 on: March 07, 2018, 09:40:08 AM »
Yeah I moved the php backend to memcached like... yeeeeears ago. I knew having a completely unsecured service with no authentication exposed to the internet was just asking for trouble. I might be a dummy but I'm pretty thorough when it comes to security xP

I've had firewall rules blocking all inbound traffic to TCP/UDP 11211 except from lo but I guess they managed to bypass that? It's either that, or they got a shell, did nothing except make local calls to the memcached service, but only to attack out on IPv6? Without leaving any evidence or backdoor or anything phoning home? That doesn't make any sense.

Whoa there you are
I'm always sort of here just always really hecking busy >∆< Poking me on Twitter/Discord/LINE gets my attention at least >>;
« Last Edit: March 07, 2018, 09:49:33 AM by helvetica »


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Kilgamayan

  • True
  • *
  • The Real Treasure Is You
    • Let's Play Super Marisa World
Re: Bug Report Thread
« Reply #400 on: March 07, 2018, 11:53:37 AM »
[22:40:12] <Drake> "guys i donwloaded esod but its not workan"
[22:40:21] <Drake> REPORTED
[22:40:25] <NaturallyOccurringChoja> PROBATED
[22:40:30] <Drake> ORGASM
[22:40:32] <NaturallyOccurringChoja> FUCK YEAH

[22:28:39] <Edible> Mafia would be a much easier game if we were playing "spot the asshole"

Neovereign

  • Greatest Fairy
  • Everything will be daijoubu... hopefully
Re: Bug Report Thread
« Reply #401 on: March 07, 2018, 05:18:30 PM »
The "mark all as read" error seems to be gone now.

Agent of the BSoD

  • Takeminakata Invocation
  • *
  • Never forget
Re: Bug Report Thread
« Reply #402 on: March 07, 2018, 07:05:33 PM »
Speaking of, I'm not having any problems with MotK now when I'm logged out.
I figured out how to play midi in games with a different device on Win7 ^^
TF2 Backpack
Embodiment of Scarlet Hair English Patch is almost completed.
^ I didn't forget about this. I don't know what you're talking about. >_>

helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #403 on: March 07, 2018, 07:21:14 PM »
Speaking of, I'm not having any problems with MotK now when I'm logged out.
The "mark all as read" error seems to be gone now.
Yeah I caught up on bug reports last night :3c


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Agent of the BSoD

  • Takeminakata Invocation
  • *
  • Never forget
Re: Bug Report Thread
« Reply #404 on: March 07, 2018, 07:36:07 PM »
Yeah I caught up on bug reports last night :3c
Awesome! Thanks, TSO!
I figured out how to play midi in games with a different device on Win7 ^^
TF2 Backpack
Embodiment of Scarlet Hair English Patch is almost completed.
^ I didn't forget about this. I don't know what you're talking about. >_>

Ghaleon

  • Long twintail-o-holic
Re: Bug Report Thread
« Reply #405 on: March 22, 2018, 07:50:35 AM »
whoah. I can log in and post and stuff on my pc, not just my phone. Is it fixed or is it  fluke?
« Last Edit: March 23, 2018, 02:08:57 AM by Ghaleon »

Drake

  • *
Re: Bug Report Thread
« Reply #406 on: March 22, 2018, 09:07:18 PM »
If you're still getting errors on your phone make sure you aren't just loading cached pages. It should be fixed now.

A Colorful Calculating Creative and Cuddly Crafty Callipygous Clever Commander
- original art by Aiけん | ウサホリ -

Ghaleon

  • Long twintail-o-holic
Re: Bug Report Thread
« Reply #407 on: March 23, 2018, 02:09:12 AM »
oops. I meant to say not JUST my phone.. editeded.

Branneg Xy

  • ^UP http://www.miyasuke.net/flash/yuyugohan.html ^
    • (FREE) LINKEDIN PROFILE
TOTAL RESOLUTION and CELEBRATION ( EASTER ) PARTY
« Reply #408 on: March 29, 2018, 02:26:13 PM »
[Sorry for the faulty syntax ]Once again for every  tasks among website-security-maintenance-optimization but also assistance-moderation-support work,thanks all MotK Staff but also Users for your efforts and results  : NOTHING to signal about " certification/dangerous /counterfeit/etc hangup(s) page or delay " WHATSOEVER (normal and cached;no additional issue or relapses) . DATE TO REPORT: 4TH on mobiles or desktops TO REPORT on my part  !       

 :)
(TO WHOEVER READS OR RECALLS) I AND MY FAMILY+RELATIVES WISH AN HAPPY HOLIEST EASTER TRIDUUM AND EASTER!  :)
« Last Edit: April 11, 2019, 01:10:22 PM by Branneg Xy »
^^^^ http://www.miyasuke.net/flash/yuyugohan.html  " 西行寺幽々子の強奪!!隣の晩御飯 " ->>>
" Yuyuko Saigyouji 's "Uslurpation" !! Dinner is Next ".
( Possibilities of ENGrish ) ^^^^ .

O4rfish

  • something seems fishy
  • paranoia 4 lyfe
    • Ask an Oarfish!
Re: Bug Report Thread
« Reply #409 on: April 15, 2018, 01:00:31 AM »
Oh yeah.  When the mark all as read bug was fixed, I forgot it existed. Thanks for fixing it!

I believe Branneg Xy's posts resemble the attempted English posts of an AI raised soley on a different language structure.  Probably Welsh.
[9:49:09] <Purvis> Generally not, but your mother may be an exception.

Drake

  • *
Re: Bug Report Thread
« Reply #410 on: April 15, 2018, 01:56:00 AM »
So this looks a lot like the attack done last month. Is this the case or was it something else?

A Colorful Calculating Creative and Cuddly Crafty Callipygous Clever Commander
- original art by Aiけん | ウサホリ -

Lebon14

  • 椛ちゃん、助けてぇぇぇぇぇ!
Re: Bug Report Thread
« Reply #411 on: April 15, 2018, 05:49:13 AM »

Agent of the BSoD

  • Takeminakata Invocation
  • *
  • Never forget
Re: Bug Report Thread
« Reply #412 on: April 22, 2018, 11:33:37 PM »
So uh, the being logged out problem is back. The very generic message that says "Database Error" "Please try again. If you come back to this error screen, report the error to an administrator." Same way as last time. Sometimes logging in can be difficult and navigating forums while not logged in makes it show up too.
I figured out how to play midi in games with a different device on Win7 ^^
TF2 Backpack
Embodiment of Scarlet Hair English Patch is almost completed.
^ I didn't forget about this. I don't know what you're talking about. >_>

Drake

  • *
Re: Bug Report Thread
« Reply #413 on: April 25, 2018, 12:08:29 AM »
Web server just died for no reason k cool

A Colorful Calculating Creative and Cuddly Crafty Callipygous Clever Commander
- original art by Aiけん | ウサホリ -

N-Forza

  • Information Superhighway Robbery
  • *
  • I said it was a steal, but not for whom
Re: Bug Report Thread
« Reply #414 on: April 25, 2018, 01:23:48 AM »
Something always seems to happen when a big doujin event is coming up and Reitaisai is in a week so it was inevitable.

N-Forza

  • Information Superhighway Robbery
  • *
  • I said it was a steal, but not for whom
Re: Bug Report Thread
« Reply #415 on: May 02, 2018, 02:11:19 AM »
Yep, another event, another outage. This is getting somewhat ridiculous. Is there any explanation for all of this?

Edible

  • One part the F?hrer, one part the Pope
  • *
  • It's the inevitable return, baby
Re: Bug Report Thread
« Reply #416 on: May 02, 2018, 02:20:05 AM »
Coincidence? :v

helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #417 on: May 02, 2018, 02:27:53 AM »
I hate PHP


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


helvetica

  • Arcade Maid
  • *
  • United Federation
Re: Bug Report Thread
« Reply #418 on: May 02, 2018, 02:55:27 AM »
Problem 1:
IPv6 is broken on SMF, found this out a long time ago. Ended up just disabling IPv6 on lighttpd at the time.
When server was reconfigured for nginx in front of lighttpd, IPv6 was reenabled (why did I do this?), although it wasn't actually working due to bad firewall rules.
Didn't realize this and ended up fixing IPv6 access for an unrelated project. IPv6 bug back.
Dropped AAAA record for www.shrinemaiden.org. People still connecting over IPv6. Disabled IPv6 listener on nginx for shrinemaiden.org entirely.

Problem 2:
SMF 2.0 is not compatible with PHP 7.2. Had put in an override to roll back to 7.1 last time this happened.
Override was helpfully overridden by Debian and PHP went back to 7.2. More unfun times.
Did not realize this until I checked the PHP version on a hunch.
Manually reconfigured lighttpd to launch PHP 7.1 instead of the system default PHP.

Problem 3:
Constantly running out of space, database was kinda bloated and wasn't sure why. Cleaned up some stuff but was still pretty tight on space.
Checked the event logs after fixing problem 2 and found this
[attach=2]
Cleared error log. Recovered 20GB of space (LOL)
[attach=1]


Twitter: @hipsterfont | Discord: helvetica#0573 | LINE: hipsterfont

He thought that on that same day he was to take the city of Priam, but he little knew what was in the mind of Jove, who had many another hard-fought fight in store alike for Danaans and Trojans."


Hello Purvis

  • *
  • Hello Jerry
Re: Bug Report Thread
« Reply #419 on: May 02, 2018, 07:39:04 PM »
That sounds like some bullshit. Thanks for the update, Font.