moderators -

1
deb, mark and paul,

i notice a thread i started is missing - saturn in sagittarius..

mark mentioned to me that a thread had gone missing and he was at a complete loss as to what had happened to it..

i was wondering if the website format for skyscript is part or all of the problem? when i sign into skyscript, i get a message saying it is not safe to sign in to the site.. so, i am speculating that this might be some or all of the reason some threads have gone missing.. delete this thread when you deem it unrelated to the site.. thanks - james

2
Hi James

There's something very strange happening here. I have seen this now myself over the last couple of days where a post I've made on the horary forum has disappeared.

Earlier today I created a thread detailing this exact same issue and asking the skyscript community as a whole to comment on it - ironically this post has now disappeared, as has a couple of other threads or places where I've posted the link to that thread.

Something is amiss here, I'm going to get in touch with the server maintenance people and see what's going on.

EDIT

I just realised private messages are also disappearing as I had messaged Mark about this very issue earlier today and it's disappeared as well.
"The only true wisdom is in knowing you know nothing" - Socrates

https://heavenlysphere.com/

3
thanks paul,

here is what i get from firefox signing into skyscript -

https://support.mozilla.org/en-US/kb/in ... =inproduct

if that doesn't bring you to the page where the info is, i will copy and paste some of it here below

Insecure password warning in Firefox

Firefox will display a lock icon with red strike-through red strikethrough icon in the address bar when a login page you?re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

Fx52insecurePW

Note: When you start typing in your login information, the warning message can obscure the password entry box. You can press the Enter key after you type in your username (or click outside of the password area) to dismiss the warning.
What can I do if a login page is insecure?

If a login page for your favorite site is insecure, you can try and see if a secure version of the page exists by typing https:// before the url in the location bar. You can also try to contact the web administrator for the site and ask them to secure their connection.
Not recommended: You can also continue to log in to the website even if the connection is insecure, but do so at your own risk. If you do go this route, try to use a unique password or a password that you don?t also use for other important sites.
About insecure pages

Pages that need to transmit private information, such as credit cards, personal information and passwords, need to have a secure connection to help prevent attackers from stealing your information. (Tip: A secure connection will have "HTTPS" in the address bar, along with a green lock icon.)

Pages that don?t transmit any private information can have an unencrypted connection (HTTP). It is not advised to enter private information, such as passwords, on a web page that shows HTTP in the address bar. The information you enter can be stolen over this insecure connection.
Note for developers

For developers looking to learn more about this warning, please see this page. The page explains when and why Firefox shows this warning, and will also provide some details on how to fix the issue. For more information, see this blog post and this Site Compatibility document.


Share this article: http://mzl.la/1ZNx7IP

LOCKED OUT OF ACCOUNT

4
It's come to my attention that some people may be locked out of their account. This could be as a result of some test the server maintenance guy is doing or it could be as a result of whatever bigger problem we're having at the moment.

The problem should be remedied by resetting the password. You can reset your password here:
http://skyscript.co.uk/forums/profile.p ... ndpassword

Within a few minutes you should receive an email with a temporary new password which you can use to log back into the system. From there you should change your password to something more memorable which you can do from this link:
http://skyscript.co.uk/forums/profile.p ... ditprofile

If anybody does indeed have this problem, could you just let me know here on this thread so we can keep a record of it?

Thanks

Paul
Last edited by Paul on Tue Aug 29, 2017 10:02 pm, edited 1 time in total.
"The only true wisdom is in knowing you know nothing" - Socrates

https://heavenlysphere.com/

5
James

This seems like a fairly generic message - basically there are two main ways in which traffic is transmitted over the web; HTTP and HTTPS.

HTTP is hyper text transfer protocol and describes a series of protocols which takes place as information from a website is broken into manageable messages and encapsulated and sent through various stages until ultimately being sent across the wires of the internet through the world and finally making its way back up to your computer where you can read it and subsequently send similar messages back from your computer to the server - such as to make a post or log in and so on.

Now in reality HTTP, because it is relying on sending information across the networks of the world, is vulnerable to 'attack' where someone could intercept a message, such as you logging in, and use that to 'steal' your log in and log in as you. That's really not so terrible with a site like skyscript - it would not be worth anyone's time to actually do that.

It's another story if it was a commercial transaction such as inputting your credit card information - something never done on skyscript at all.

With that in mind, there is a secure HTTP protocol, HTTPS, in which the messages that are sent between you and the server are first 'scrambled' using a predetermined code that only your browser and the server know about, so anyone intercepting will get gobbledeegook.

Skyscript doesn't do financial transactions so it's just a HTTP site which should be totally fine. In theory someone could have intercepted an admin or a moderator password (like my password for example) and used it to maliciously remove threads for the sheer sport of it, however my PMs have also disappeared as well as several threads and replies all of which appear to be time driven - that is all the content on the forum after a certain date has disappeared.

This makes me believe this isn't a hack but instead for some reason the database reverted to a previous state - possibly due to a corruption on the database itself. Hopefully the server maintenance people will be able to investigate and get answers for us.
"The only true wisdom is in knowing you know nothing" - Socrates

https://heavenlysphere.com/

6
I haven't been locked out so far, but I've had to sign in again repeatedly (even after checking the box to stay logged in). It's not a big deal, and this post doesn't need a reply, just reporting for the record.

8
Hi All,

I'm so glad to be back in Skyscript Forum . . . I got my new password and was able to reregister myself. Thank you very much Paul for the instructions! :'



>>> This message is for you, pankjdubey. Thanks for your reply on my Horary topic "Did Skyscript send me reply emails?" (My three recent topics all disappeared from horary section including your reply below).
Posted: Tue Aug 29, 2017 5:45 am Post subject: Reply with quote


Or you could have first checked the profile section for enabling notifications for private messages, and another for notifications about posts .
Then you are within your rights to ask a Horary if someone from NSA or MI6 is deleting your emails before you read it (at a great expense to the exchequer) :wink:
I have an amusing story for you here: many years ago, I did some experiments by using different middle initials whenever I sent some mail order or sent for a subscription for some magazine, etc. So my name read as: Ms. Jane A. Doe or Ms. Jane B. Doe, etc. The reason behind this was trying to find out the source of the plentiful weekly junk mail I had been getting from various locations.

One day I received a jury duty notification from the city of San Francisco, California (US). I saw it was addressed to Jane G. Doe . . . that was the middle initial I used in order to subscribe to The National Geographic Magazine!

The common belief then was that the government went by your driver's license to pick candidates for jury duty. In spite of growing up and going to school in Los Angeles, I never managed to own a car or a driver's license (and never ever served on a jury duty until . . .) :shock:

Anyway later, I was with a bunch of artists at a workshop and told my story -- but one elderly female refused to believe that The National Geographic magazine was behind the jury duty listing. She kept saying "There's no way they are tied to the government!" Well, she was definitely a minority in our city.

10
Sabuminim

Moderators etc have no access to your PMs, the fact that PMs have also disappeared and everything seems to be gone after a certain date convinces me it's a database issue and not a hack.

Of course if it happens again we'll lose this thread too
"The only true wisdom is in knowing you know nothing" - Socrates

https://heavenlysphere.com/

11
So, Paul: I NEVER said that moderators (specifically) are deleting my PM's. But, it's good to know that one less source has been ruled out. James M thinks (as do I) that there are serious security issues going on with your site, and, if true, put a stop to it, asap.

I think that its true that you are running of out of space and something needs to be done to expand the database.

12
Sabuminim

Do you have any specific technical training or reason to suspect a hack? I'm curious why you believe it's a hack despite my explanations for the message James is seeing etc. - if the hack was of an admin or moderator password they couldn't read or delete your PMs anyway. So we can rule out a hack such as someone taking for example the password of a moderator etc.

The other hack it would require then would be a hack on the server itself - this is a possibility but of all the things a hacker could do (delete the entire site for example, edit any page they wanted etc.) it remains completely bizarre that their actions would be to go through the effort of taking a particular date in time and then writing up all the SQL to then delete all content in the database after that moment, with no real gain or reward for themselves. Putting aside how untrivial it is to hack the server to begin with, it's also a nice amount of work to write and perform those SQL statements on the database to delete not just forum threads, but also posts and PMs as well.

By far the simpler explanation is that a database corruption required a revert to a previous working state. Sometimes the simpler solution is the most likely.
"The only true wisdom is in knowing you know nothing" - Socrates

https://heavenlysphere.com/