Progarchives.com has always (since 2002) relied on banners ads to cover web hosting fees and all.
Please consider supporting us by giving monthly PayPal donations and help keep PA fast-loading and ad-free forever.
/PAlogo_v2.gif "Progarchives.com Homepage") |
|
Post Reply 
|
Page 12> |
| Author | |
Sean Trane 
Special Collaborator 
Prog Folk Joined: April 29 2004 Location: Heart of Europe Status: Offline Points: 19618 |
 Topic: ProgGnosis website under attackPosted: June 30 2008 at 07:29 |
|
A fine site that most of us collabs have visited at least once, that's fallen under attack
We are not a business and we make no profit*. We are just dedicated fans of this music with other jobs, families and dem Over the past 9 years ProGGnosis has constructed the largest database of progressive rock & fusion music releases in the world. We have recently been the target of persistent SQL Injection attacks on our web site and database. Please be patient while we try to cope with these attacks. ands on our time. Our personal and work schedules are very heavy right now. Please do not give up on us. Check back here to see if we can survive. You can contact us at *Earnings from banners and Google ads earn less than 1/3rd the cost that we pay from our own pockets for web hosting services. After ProgArchives (limited damages because gaugfht quickly) and Gnosis2000 (had saved a complete back up so only a few days of rating got lost), it ProgGnosis's turn to get the anger from arseholes out to destroy prog sites....
Unfortunately it appears the site is much more severly hit (maybe they caughtthe virus much later than other sites), they've been down for 9 days now and admit they might not be able to survive....
Could we at least give them our support (at least morally) and, for those able to, financial. I believe Doug Silver's passion merits at least encouragements
Hugues "Sean Trane" Chantraine
Edited by Sean Trane - June 30 2008 at 07:33 |
|
|
let's just stay above the moral melee
prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
|
 |
|
|
MikeEnRegalia
Special Collaborator
Honorary Collaborator Joined: April 22 2005 Location: Sweden Status: Offline Points: 20522 |
Posted: June 30 2008 at 07:39 |
|
sql injection and cross site scripting are indeed serious threats to any database centered website with interactive features ... you're never completely safe from them. Let's hope they have a backup ...
|
|
|
|
|
Frippertron
Forum Senior Member 
Joined: October 09 2005 Location: England Status: Offline Points: 387 |
Posted: June 30 2008 at 07:53 |
|
Why do folk always spoil it for others by putting viruses on!
I for one enjoyed the site and hopes that Gnosis remains.
|
|
|
The Cheerful Insanity of Prog Rock
|
|
|
|
|
Blacksword
Prog Reviewer 
Joined: June 22 2004 Location: England Status: Offline Points: 16130 |
Posted: June 30 2008 at 08:21 |
|
ProgGnosis is a fine site. I hope they're able to resolve their problems.
I cant understand why anyone would want to invest the energy or the time attacking a music database. Whats the point? Is ProgArchives equally as exposed to these problems? I know were been attaked before, but do we have superior safeguards on our DB than ProgGnosis? |
|
|
|
|
Toaster Mantis
Forum Senior Member
Joined: April 12 2008 Location: Denmark Status: Offline Points: 5898 |
Posted: June 30 2008 at 08:24 |
|
I remember having a few problems with the forum software recently, gobbling up the occasional post I was trying to make.
|
|
|
"The past is not some static being, it is not a previous present, nor a present that has passed away; the past has its own dynamic being which is constantly renewed and renewing." - Claire Colebrook
|
|
|
|
|
Raff
Special Collaborator
Honorary Collaborator Joined: July 29 2005 Location: None Status: Offline Points: 24391 |
Posted: June 30 2008 at 08:28 |
|
I have often used ProgGnosis for research on new additions, and, while in the past I may have poked fun at their very inclusive policy, their role as a web resource for lovers of prog and other great music is ESSENTIAL. I'd like to help them in some way... They don't deserve to go down like that. |
|
|
|
|
Sean Trane
Special Collaborator
Prog Folk Joined: April 29 2004 Location: Heart of Europe Status: Offline Points: 19618 |
Posted: June 30 2008 at 08:47 |
Just a tad of further explanation: Doug Silver's ProgGnosis is not Gnosis2000 >>>
this one has been attacked twice in recent months Edited by Sean Trane - June 30 2008 at 08:48 |
|
|
let's just stay above the moral melee
prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
|
|
|
|
Tony R
Special Collaborator
Honorary Collaborator / Retired Admin Joined: July 16 2004 Location: UK Status: Offline Points: 11979 |
Posted: June 30 2008 at 09:15 |
|
The number of sites affected is in the hundreds of thousands..."
* http://isc.sans.org/diary.html?n&storyid=4294 http://www.spywareinfoforum.com/index.php?showtopic=116157&pid=637332&mode=threaded&start= |
|
|
|
|
DBSilver
Forum Newbie 
Joined: May 06 2004 Location: United States Status: Offline Points: 34 |
Posted: June 30 2008 at 09:52 |
|
From Doug Silver,
Thanks for the kind words.... I would like clear a few things up.. I had backed up the data on Thurs 19th evening and we were attacked after the backup - some 5 hours or so.... Though the attackers were able to dirty most columns in most tables, I took me only about 3 hours to compose code to clean it up. I put the data back up and we were attacked again within 4 hours. So I shut the site down... I am pretty sure that no one was attacking me or ProGGnosis personally. We are hardly a blip in the world of the internet. This was about business - shady business. Here is the basic senario. Someone writes a program which builds an electronic listing of all web links it can get from - say Google - that have .asp or .php in the url/link name. ASP is a sure indicator of IIS Web server using a database - PHP suggests the same for users or MySQL databases. Next they execute a program that goes to each of these pages on the list and hammers it with requests into it's text boxes. What is a text box? it is a box where the user enters something - like their logon name or the name of the item they want to search. This software is persistent - sending in repeated formed entries in an effort to break into the database itself and by reading the responses - and storing them into another electronic listing - they can run another program the begins the process of dirtying up the database. So what is the goal? Well - The SQL INjection basically adds to the database entries a javascript code that tries to get your browser to download a trojan. You can read some about the bad guys here: http://matchent.com/wpress/?q=node/320 Fortunately - I had previously composed programming code on my pages to prevent such things from ever getting onto the browser. Just before rendering the database result I test for tags that shouldn't be there. However I feel violated while I prevented the effect of the attack, that someone (automated program or not) still was able spill it's seed all over my database. I could have stayed on line and lived with these attacks since my publishing code to protected visitors - but I decided that the responsible thing to do was to prevent them from getting into the data in the first place. And here is the rub... I have been very very busy at work and a full plate at home of activities (I have two 16 year old kids). So time to research my attackers, learn more about sql injection and rewrite the site pages has been hard to come by. All of us who work hard to build content at proGGnosis are jonezin' because our hobby has been interrupted for so long. So thanks for your support and keep checking out the site - we will be back on line. Doug Silver |
|
|
Regards,
DBSilver www.ProGGnosis.com |
|
|
|
|
DBSilver
Forum Newbie
Joined: May 06 2004 Location: United States Status: Offline Points: 34 |
Posted: June 30 2008 at 09:56 |
|
Ghost Rider wrote:
>>and, while in the past I may have poked fun at their very inclusive policy,<< .....and the POT called the KETTLE black.  nothing personal - just couldn't resist.....Doug Silver www.ProGGnosis.com |
|
|
Regards,
DBSilver www.ProGGnosis.com |
|
|
|
|
Tony R
Special Collaborator
Honorary Collaborator / Retired Admin Joined: July 16 2004 Location: UK Status: Offline Points: 11979 |
Posted: June 30 2008 at 09:57 |
|
Does any ProgArchives member have specific skills in this area and can offer help, solutions etc?
|
|
|
|
|
fusionfreak
Forum Senior Member
Joined: August 23 2007 Location: France Status: Offline Points: 1317 |
Posted: June 30 2008 at 12:25 |
|
I don't have them unfortunately but I hope Proggnosis will soon be back in shape,it's a good and helpful
site responsible for some of my wisest finds.Thanks Doug.
|
|
|
I was born in the land of Mahavishnu,not so far from Kobaia.I'm looking for the world
of searchers with the help from crimson king |
|
|
|
|
Easy Livin
Special Collaborator
Honorary Collaborator / Retired Admin Joined: February 21 2004 Location: Scotland Status: Offline Points: 15585 |
Posted: June 30 2008 at 13:21 |
|
Good to hear things are under control. Good luck!!
|
|
|
|
|
The Rock
Forum Senior Member
Joined: June 30 2005 Location: Canada Status: Offline Points: 746 |
Posted: June 30 2008 at 21:41 |
|
Nice to see that Prggnosis will be back online. I did contribute to the site in the past and really like the all-inclusive nature of it!
 Nice to see members of the prog community supporting.
|
|
|
What's gonna come out of my mouth is gonna come out of my soul."Skip Prokop"
|
|
|
|
|
The Quiet One
Prog Reviewer
Joined: January 16 2008 Location: Argentina Status: Offline Points: 15745 |
Posted: June 30 2008 at 21:56 |
|
It's cool to see FRIENDSHIP between PROG SITES. That's really cool.
...Good Luck ProgGnosis! |
|
|
|
|
explodingjosh
Forum Senior Member
Joined: February 10 2007 Location: United States Status: Offline Points: 507 |
Posted: July 01 2008 at 01:29 |
|
I did it.
|
|
|
|
|
|
|
Atavachron
Special Collaborator
Honorary Collaborator Joined: September 30 2006 Location: Pearland Status: Offline Points: 64352 |
Posted: July 01 2008 at 01:52 |
|
terrible, one of the finest databases in the world
|
|
|
|
|
Drew
Forum Senior Member
Joined: June 20 2005 Location: California Status: Offline Points: 12600 |
Posted: July 01 2008 at 02:32 |
|
That sucks- I use to visit that site before I even heard of PA.
|
|
|
|
|
|
|
|
chopper
Special Collaborator
Honorary Collaborator Joined: July 13 2005 Location: Essex, UK Status: Offline Points: 19943 |
Posted: July 01 2008 at 07:41 |
That's what I don't get. I can see the point of financial fraud but why would anyone want to hack a music site when there's no possible benefit?
|
|
|
|
|
Sean Trane
Special Collaborator
Prog Folk Joined: April 29 2004 Location: Heart of Europe Status: Offline Points: 19618 |
Posted: July 07 2008 at 07:50 |
|
ProGGnosis is back |
|
|
let's just stay above the moral melee
prefer the sink to the gutter keep our sand-castle virtues content to be a doer as well as a thinker, prefer lifting our pen rather than un-sheath our sword |
|
|
|
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
ProgGnosis website under attack
Topic Options
Frippertron wrote: