ProgGnosis website under attack
Printed From: Progarchives.com
Category: Progressive Music Lounges
Forum Name: Prog News, Press Releases
Forum Description: Submit press releases, news , new releases, prog music news and other interesting things happening in the world of progressive music (featured in home and artist page)
URL: http://www.progarchives.com/forum/forum_posts.asp?TID=49822
Printed Date: February 11 2025 at 21:59
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com
Topic: ProgGnosis website under attack
Posted By: Sean Trane
Subject: ProgGnosis website under attack
Date Posted: June 30 2008 at 07:29
|
A fine site that most of us collabs have visited at least once, that's fallen under attack
http://www.proggnosis.com/ - http://www.proggnosis.com/
We are not a business and we make no profit*. We are just dedicated fans of this music with other jobs, families and dem Over the past 9 years ProGGnosis has constructed the largest database of progressive rock & fusion music releases in the world. We have recently been the target of persistent SQL Injection attacks on our web site and database. Please be patient while we try to cope with these attacks. ands on our time. Our personal and work schedules are very heavy right now. Please do not give up on us. Check back here to see if we can survive. You can contact us at *Earnings from banners and Google ads earn less than 1/3rd the cost that we pay from our own pockets for web hosting services. After ProgArchives (limited damages because gaugfht quickly) and Gnosis2000 (had saved a complete back up so only a few days of rating got lost), it ProgGnosis's turn to get the anger from arseholes out to destroy prog sites....
Unfortunately it appears the site is much more severly hit (maybe they caughtthe virus much later than other sites), they've been down for 9 days now and admit they might not be able to survive....
Could we at least give them our support (at least morally) and, for those able to, financial. I believe Doug Silver's passion merits at least encouragements
Hugues "Sean Trane" Chantraine
------------- let's just stay above the moral melee prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
Replies:
Posted By: MikeEnRegalia
Date Posted: June 30 2008 at 07:39
sql injection and cross site scripting are indeed serious threats to any database centered website with interactive features ... you're never completely safe from them. Let's hope they have a backup ... 
------------- https://awesomeprog.com/release-polls/pa/aotm-2025-1/vote" rel="nofollow - 2025 Monthly Release Poll Listened to: 
|
Posted By: Frippertron
Date Posted: June 30 2008 at 07:53
|
Why do folk always spoil it for others by putting viruses on!
I for one enjoyed the site and hopes that Gnosis remains. ------------- The Cheerful Insanity of Prog Rock |
Posted By: Blacksword
Date Posted: June 30 2008 at 08:21
|
ProgGnosis is a fine site. I hope they're able to resolve their problems.
I cant understand why anyone would want to invest the energy or the time attacking a music database. Whats the point? Is ProgArchives equally as exposed to these problems? I know were been attaked before, but do we have superior safeguards on our DB than ProgGnosis? |
Posted By: Toaster Mantis
Date Posted: June 30 2008 at 08:24
I remember having a few problems with the forum software recently, gobbling up the occasional post I was trying to make. 
------------- "The past is not some static being, it is not a previous present, nor a present that has passed away; the past has its own dynamic being which is constantly renewed and renewing." - Claire Colebrook |
Posted By: Raff
Date Posted: June 30 2008 at 08:28
|
I have often used ProgGnosis for research on new additions, and, while in the past I may have poked fun at their very inclusive policy, their role as a web resource for lovers of prog and other great music is ESSENTIAL. I'd like to help them in some way... They don't deserve to go down like that. |
Posted By: Sean Trane
Date Posted: June 30 2008 at 08:47
Just a tad of further explanation: Doug Silver's ProgGnosis is not Gnosis2000 >>>
http://www.gnosis2000.net/ - http://www.gnosis2000.net/
this one has been attacked twice in recent months ------------- let's just stay above the moral melee prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
Frippertron wrote:Posted By: Tony R
Date Posted: June 30 2008 at 09:15
|
The number of sites affected is in the hundreds of thousands..." * http://isc.sans.org/diary.html?n&storyid=4294 - http://isc.sans.org/diary.html?n&storyid=4294 http://www.spywareinfoforum.com/index.php?showtopic=116157&pid=637332&mode=threaded&start= - http://www.spywareinfoforum.com/index.php?showtopic=116157&pid=637332&mode=threaded&start= |
Posted By: DBSilver
Date Posted: June 30 2008 at 09:52
|
From Doug Silver, Thanks for the kind words.... I would like clear a few things up.. I had backed up the data on Thurs 19th evening and we were attacked after the backup - some 5 hours or so.... Though the attackers were able to dirty most columns in most tables, I took me only about 3 hours to compose code to clean it up. I put the data back up and we were attacked again within 4 hours. So I shut the site down... I am pretty sure that no one was attacking me or ProGGnosis personally. We are hardly a blip in the world of the internet. This was about business - shady business. Here is the basic senario. Someone writes a program which builds an electronic listing of all web links it can get from - say Google - that have .asp or .php in the url/link name. ASP is a sure indicator of IIS Web server using a database - PHP suggests the same for users or MySQL databases. Next they execute a program that goes to each of these pages on the list and hammers it with requests into it's text boxes. What is a text box? it is a box where the user enters something - like their logon name or the name of the item they want to search. This software is persistent - sending in repeated formed entries in an effort to break into the database itself and by reading the responses - and storing them into another electronic listing - they can run another program the begins the process of dirtying up the database. So what is the goal? Well - The SQL INjection basically adds to the database entries a javascript code that tries to get your browser to download a trojan. You can read some about the bad guys here: http://matchent.com/wpress/?q=node/320 Fortunately - I had previously composed programming code on my pages to prevent such things from ever getting onto the browser. Just before rendering the database result I test for tags that shouldn't be there. However I feel violated while I prevented the effect of the attack, that someone (automated program or not) still was able spill it's seed all over my database. I could have stayed on line and lived with these attacks since my publishing code to protected visitors - but I decided that the responsible thing to do was to prevent them from getting into the data in the first place. And here is the rub... I have been very very busy at work and a full plate at home of activities (I have two 16 year old kids). So time to research my attackers, learn more about sql injection and rewrite the site pages has been hard to come by. All of us who work hard to build content at proGGnosis are jonezin' because our hobby has been interrupted for so long. So thanks for your support and keep checking out the site - we will be back on line. Doug Silver ------------- Regards, DBSilver www.ProGGnosis.com |
Posted By: DBSilver
Date Posted: June 30 2008 at 09:56
|
Ghost Rider wrote: >>and, while in the past I may have poked fun at their very inclusive policy,<< .....and the POT called the KETTLE black.  nothing personal - just couldn't resist.....Doug Silver www.ProGGnosis.com ------------- Regards, DBSilver www.ProGGnosis.com |
Posted By: Tony R
Date Posted: June 30 2008 at 09:57
|
Does any ProgArchives member have specific skills in this area and can offer help, solutions etc? |
Posted By: fusionfreak
Date Posted: June 30 2008 at 12:25
|
I don't have them unfortunately but I hope Proggnosis will soon be back in shape,it's a good and helpful
site responsible for some of my wisest finds.Thanks Doug. ------------- I was born in the land of Mahavishnu,not so far from Kobaia.I'm looking for the world of searchers with the help from crimson king |
Posted By: Easy Livin
Date Posted: June 30 2008 at 13:21
| Good to hear things are under control. Good luck!! |
Posted By: The Rock
Date Posted: June 30 2008 at 21:41
|
Nice to see that Prggnosis will be back online. I did contribute to the site in the past and really like the all-inclusive nature of it!
 Nice to see members of the prog community supporting. ------------- What's gonna come out of my mouth is gonna come out of my soul."Skip Prokop" |
Posted By: The Quiet One
Date Posted: June 30 2008 at 21:56
|
It's cool to see FRIENDSHIP between PROG SITES. That's really cool.
...Good Luck ProgGnosis! |
Posted By: explodingjosh
Date Posted: July 01 2008 at 01:29
|
I did it.
------------- 
|
Posted By: Atavachron
Date Posted: July 01 2008 at 01:52
| terrible, one of the finest databases in the world |
Posted By: Drew
Date Posted: July 01 2008 at 02:32
|
That sucks- I use to visit that site before I even heard of PA.
------------- |
Posted By: chopper
Date Posted: July 01 2008 at 07:41
That's what I don't get. I can see the point of financial fraud but why would anyone want to hack a music site when there's no possible benefit?
|
Posted By: Sean Trane
Date Posted: July 07 2008 at 07:50
|
ProGGnosis is back ------------- let's just stay above the moral melee prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
Posted By: jimmy_row
Date Posted: July 07 2008 at 11:28
|
Great news Now hopefully the plague won't strike again...
|
Posted By: The Rock
Date Posted: July 08 2008 at 18:08
 ------------- What's gonna come out of my mouth is gonna come out of my soul."Skip Prokop" |
Posted By: DBSilver
Date Posted: July 09 2008 at 14:25
|
We are not fully up.. I am still working on being able to add new artists, info, releases and reviews. We are very much behind..... However site listings and searches should be working. please let me know via email if you find this is not true.... Regards, Doug ------------- Regards, DBSilver www.ProGGnosis.com |
Posted By: M@X
Date Posted: July 10 2008 at 22:22
|
Good luck DBSilver with the site ! It seems like it's a Worm-Virus , the SQL-Injections attacks comes from anywhere in the world and multiples times/day. I had to fix security wholes and add a ISAPI Filters in IIS to prevent IIS to handle long url query and eat my CPU. If you need help or tips, contact me [email protected] PS: I am still working on this issues, working on it since December 2007 ;-( It's a daily task now ... ------------- Prog On ! |