sunrise089 Wrote:It sounds to me like the "security loophole" is being really overstated.

Overstated???

This is like if you owned a bar, and there was a guy who frequently came and conned people out of hundreds of dollars in your bar, and you didn't do anything about it. All the regulars know his game and don't fall for it, sure. How could that possibly make this OK? I can't believe you tried to use your personal experience of not being affected as an argument.

Yeah, I was trying to upload an avatar as well, tried jpg, png, and gif. All were 96 x 96 and pretty small file size. So appears avatar uploading is just broken?

sunrise089 Wrote:It sounds to me like the "security loophole" is being really overstated. Visiting this site every day, from home, work, and mobile devices, I've never been impacted by this "security loophole" to any degree whatsoever.

This attitude is exactly one of the reasons why cyber crime grows exponentially every year.

To give you a RL example: If the lock on your front door is broken and I tell you "I believe your security concerns are overstated, the lock has been broken for 3 months and nobody has stolen anything" would you feel safe again?

Just because until now the only thing that has happened is the google redirect (and broken avatar upload function) does not mean it stays that way. It's more of a "we are lucky the bad guys don't care at the moment" than "the forum is safe and patched" (it's not).
Unfortunately, most people only tend to care about these things once they lose either some files/login data or some money through stolen credit card details...

From memory I think the issue is the current admins dont have full access to everything, and hence need to wait to get that

Jkaen Wrote:From memory I think the issue is the current admins dont have full access to everything, and hence need to wait to get that

On October 14th, KoP postet this:

KingOfPain Wrote:Okay, I can log on to the server again. May see fixes in the near future.

Just to clear up any confusion on these issues:

* Yes, I am a site administrator.

* No, I do not have any idea how to fix the various issues plaguing Realms Beyond. I'm a historian, not a web designer or programmer.

* Yes, we do need those who run the forum hosting to fix these issues as soon as possible. But again, I have no idea how to do that, so please don't come asking me for advice.

Sullla Wrote:* Yes, we do need those who run the forum hosting to fix these issues as soon as possible.

Is this forum not hosted by a professional webhoster? And isn't there someone in the admin team who is responsible for the technical side of this forum and has the necessary knowledge and access to the filesystem?

If manpower is the issue, maybe it would be worthwhile to consider if you could recruit an additional forum member as some sort of "tech-admin". Maybe that way technical problems could be fixed more quickly.

I could probably help you guys upgrade to the latest vBulletin. Most of the upgrading should be pretty much automated.

Maybe you guys can even change the color scheme so it doesn't look like a moss ridden cave.

Gustaran Wrote:If manpower is the issue, maybe it would be worthwhile to consider if you could recruit an additional forum member as some sort of "tech-admin". Maybe that way technical problems could be fixed more quickly.

I fully agree. I've only been on these forums for about two years now, but it is still not clear to me who handles the technical side of the site.

I don't want to offend anyone here, but Griselda hasn't been on the site for over two months now, and KingofPain seems to have some serious health issues, so I fully understand if he doesn't have the time or the strength to address the technical issues of the site.

Look, the site was down for almost two days this week, with no explanation whatsoever, and I think I'm not the only one being pissed off about this.

I say it's time we expand the administrator team with one or more persons able to address these technical issues.

Yeah, this seems pretty urgent. I'm worried that I'm going to log onto RB after one of these mysterious day-long outages only to find that someone has inserted hostile code into the website which affects everybody, not just people arriving from google (an issue which itself is shameful that nobody fixed months ago).