ProgGnosis website under attack

We are not fully up..
I am still working on being able to add new artists, info, releases and reviews.
We are very much behind.....
However site listings and searches should be working.
please let me know via email if you find this is not true....

Regards,
Doug

Great news  Now hopefully the plague won't strike again...

Blacksword wrote: ProgGnosis is a fine site. I hope they're able to resolve their problems. I cant understand why anyone would want to invest the energy or the time attacking a music database. Whats the point? Is ProgArchives equally as exposed to these problems? I know were been attaked before, but do we have superior safeguards on our DB than ProgGnosis?

terrible, one of the finest databases in the world

It's cool to see FRIENDSHIP between PROG SITES. That's really cool.

...Good Luck ProgGnosis!

Good to hear things are under control. Good luck!!

Does any ProgArchives member have specific skills in this area and can offer help, solutions etc?

From Doug Silver,
Thanks for the kind words....
I would like clear a few things up..

I had backed up the data on Thurs 19th evening and we were attacked after the backup - some 5 hours or so....  Though the attackers were able to dirty most columns in most tables, I took me only about 3 hours to compose code to clean it up.

I put the data back up and we were attacked again within 4 hours.

So I shut the site down...

I am pretty sure that no one was attacking me or ProGGnosis personally.   We are hardly a blip in the world of the internet.  This was about business - shady business.  Here is the basic senario.  Someone writes a program which builds an electronic  listing of all web links it can get from - say Google - that have .asp or .php in the url/link name.

ASP is a sure indicator of IIS Web server using a database - PHP suggests the same for users or MySQL databases.

Next they execute a program that goes to each of these pages on the list and hammers it with requests into it's text boxes.   What is a text box? it is a box where the user enters something - like their logon name or the name of the item they want to search.

This software is persistent - sending in repeated formed entries in an effort to break into the database itself and by reading the responses - and storing them into another electronic listing - they can run another program the begins the process of dirtying up the database.

So what is the goal?   Well - The SQL INjection basically adds to the database entries a javascript code that tries to get your browser to download a trojan.
You can read some about the bad guys here:  http://matchent.com/wpress/?q=node/320

Fortunately - I had previously composed programming code on my pages to prevent such things from ever getting onto the browser.  Just before rendering the database result I test for tags that shouldn't be there.    However I feel violated while I prevented the effect of the attack, that someone (automated program or not) still was able spill it's seed all over my database. 

I could have stayed on line and lived with these attacks since my publishing code to protected visitors - but  I decided that the responsible thing to do was to prevent them from getting into the data in the first place.

And here is the rub...   I have been very very busy at work and a full plate at home of activities (I have two 16 year old kids).  So time to research my attackers, learn more about sql injection and rewrite the site pages has been hard to come by.  All of us who work hard to build content at proGGnosis are jonezin'  because  our hobby has been interrupted for so long. 

So thanks for your support and keep checking out the site - we will be back on line.

Doug Silver

Frippertron wrote: Why do folk always spoil it for others by putting viruses on!   I for one enjoyed the site and hopes that Gnosis remains.

Edited by Sean Trane - June 30 2008 at 08:48

I remember having a few problems with the forum software recently, gobbling up the occasional post I was trying to make.