CADTutor open for business

Using Firefox 3.6.13 and AVG 9.0.872 I get the error message, as shown in the picture below, and I am unable to access the CADTutor forums.

Strangely, all seems well when I use Internet Explorer 8.0.6001.18702 as this is how I am posting this message

Wish we could give them a taste of their own medicine.

Count me in on that one. Looks like it's going to be a long night...

JavaScript is evil, I only turned it on for a couple of minutes to edit a post.

Just to expand on this for anyone that doesn't know, JavaScript is the primary way that virus's are spread (including all the bad stuff that's been happening here) Turning off JavaScript will pretty much ensure you'll never get infected while surfing, but unfortunately most sites make heavy use of JavaScript for gimmicky stuff that supposedly improves the experience on the website. For example, you can navigate, read, and post at CadTutor with JavaScript completely disabled, but stuff like smileys, text formatting, attachments, and quoting doesn't work because the forum software uses JS for those functions, That's not to say that those features can't be implemented without JS, but that's the direction everyone is going. IE used to be the browser known to be vulnerable, however I think FireFox is actually more vulnerable out of the box because a standard installation doesn't provide any JavaScript blocking. If you use FireFox, I highly recommend using the NoScript addon (just Google "NoScript" if you're interested) Incidentally, popups are JavaScript, so when JS is off, you'll never see a popup, even if you disable all your other popup blockers.

Yes, that is right. All the current exploits are using javascript, so turning it off will avoid these problems.

However, I do need a permanent solution and that's what I'm working towards.

Yeah, it's a lot easier to block JS on the client side (browser). I don't envy the position you're in. Have you reported the attacks? I don't know anything about running a website or securing a server, but something like this seems like a place to start getting the attacks shut down. http://www.justice.gov/criminal/cybercrime/reporting.htm

Well, after a whole lot more work, the forum is back online. As far as we can tell, things ought to be back to normal but if there's one thing I've learned over that past couple of weeks, it's that one can never be 100% certain of anything as far as website security is concerned.

Whatever happens, rest assured that CADTutor has a future - it's just that we're going through a rocky period at the moment.

Thank you all for your continuing support.

Whatever happens, rest assured that CADTutor has a future - it's just that we're going through a rocky period at the moment.

 

Thank you all for your continuing support.

You can be sure of that.

Thx for getting it back online:thumbsup:.

SB

well done for getting on top of it again David.

Well, after a whole lot more work, the forum is back online. As far as we can tell, things ought to be back to normal but if there's one thing I've learned over that past couple of weeks, it's that one can never be 100% certain of anything as far as website security is concerned.

 

Whatever happens, rest assured that CADTutor has a future - it's just that we're going through a rocky period at the moment.

 

Thank you all for your continuing support.

Thank you for creating and maintaining the BEST CAD related site and forum, as well as one of the best ran and maintained forums of any nature on the internet.

If you need any help, you know there are numerous members on here willing to pitch in.

Thank you for creating and maintaining the BEST CAD related site and forum, as well as one of the best ran and maintained forums of any nature on the internet.

 

If you need any help, you know there are numerous members on here willing to pitch in.

Ditto that for me.

Thanks David!

You're correct about no website being 100% secure. There's no such thing as 100% security in anything. Take an analogy of a door with a lock: As long as some key can open that lock, it would not be impossible to make an "impersonation" of that key. The key can only be made more difficult to copy, but never impossible - otherwise it cannot be manufactured in the 1st place.

Same goes for a website. You can make it totally secure by disallowing any form of access, but wouldn't that obviate the purpose of a website? Unfortunately, you cannot cater for any and all possibilities - there can always be some nitwit which stumbles upon a loop-hole which no-one thought of before. So AFAICT "security" is an ongoing process, rather than a fix at any one time.

I'm sorry to say, you'll probably not see this as the last time you need to do some fixes. I know, my company's website also has numerous similar hacking attempts periodically. I wish we didn't need to check up on these so much: it takes a hell of a lot of productive time away from our "real" work. If I could find one of these "hackers" I swear I'd wring his neck!

...

I blame Hollywood for romanticizing "hacking" ... turning it into something "cool". Being a programmer, I know that hacking is actually a very "stupid" thing. It doesn't take a genius to be a hacker, these non-humans merely need to be persistent (and I've seen donkeys being extremely persistent). ... Sorry, that's probably an insult to donkeys - hope I don't get kicked!

I think the difficulty for me has been that CADTutor started as a hobby and has remained a hobby but clearly that has to change. This incident has made me realise that in order to keep this place going with ever-increasing traffic and members, I have to get a lot more serious about it and it needs to be more than just a hobby. It's clear that many people depend on this site and the community has become an important aspect of many lives and I therefore have a responsibility to make sure it keeps going. I'm doing some thinking at the moment... (in a good way).

I think the difficulty for me has been that CADTutor started as a hobby and has remained a hobby but clearly that has to change. This incident has made me realise that in order to keep this place going with ever-increasing traffic and members, I have to get a lot more serious about it and it needs to be more than just a hobby. It's clear that many people depend on this site and the community has become an important aspect of many lives and I therefore have a responsibility to make sure it keeps going. I'm doing some thinking at the moment... (in a good way).

Anything we can do to help David?

I think the difficulty for me has been that CADTutor started as a hobby and has remained a hobby but clearly that has to change. This incident has made me realise that in order to keep this place going with ever-increasing traffic and members, I have to get a lot more serious about it and it needs to be more than just a hobby. It's clear that many people depend on this site and the community has become an important aspect of many lives and I therefore have a responsibility to make sure it keeps going. I'm doing some thinking at the moment... (in a good way).

And yet, you have outperformed the corporate sponsored forums in many ways. Maybe you could run a tutorial for how to properly run a successful forum.

I agree with many others in that your efforts far surpass anything that I have seen elsewhere. I commend your dedication in running the best autocad site on the net!

I think the difficulty for me has been that CADTutor started as a hobby and has remained a hobby but clearly that has to change. This incident has made me realise that in order to keep this place going with ever-increasing traffic and members, I have to get a lot more serious about it and it needs to be more than just a hobby. It's clear that many people depend on this site and the community has become an important aspect of many lives and I therefore have a responsibility to make sure it keeps going. I'm doing some thinking at the moment... (in a good way).

Glad the site is back up!!

I don't know if it is related to the changes CadTutor has undergone to make the site more secure but when I visit the forums I'm now missing the message header bar that displays when a post was posted as well as the link to the individual post for referencing other posts. See picture below. Anyone else having this issue?

UPDATE: I know I should have checked multiple browsers and I should have posted what browser I was having the issue with before I posted so my apologies. Anyways, the issue I describe is with IE7. Also the forum displays correctly in Firefox 3.6.13.

I don't know if it is related to the changes CadTutor has undergone to make the site more secure but when I visit the forums I'm now missing the message header bar that displays when a post was posted as well as the link to the individual post for referencing other posts. See picture below. Anyone else having this issue?

Yes, the issue is discussed here: http://www.cadtutor.net/forum/showthread.php?56691

Looks as though this was introduced in the new version of vBulletin.

Google Crome again reports about the danger when you try to go to cadtutor

Just did a search to help someone here using Google and one of the "hits" listed a link to CADTutor and right below it were the words This site may harm your computer.

The time now on the east coast of the U.S. is 7:02 a.m.