Great. I got a call from the provider of the server on which ogre3d.org runs today saying that the server had been compromised, and that they were going to have to resinstall it. Seems that an unpatched flaw in a Joomla! component allowed a backdoor to be created which was spamming.
My fault – I should have patched Joomla! more often. But, I’m busy. What’s annoying is that even though I can 100% guarantee that the compromise could not have extended beyond a certain defined scope, since SELinux prevents that at the kernel level, the host has insisted on taking a tough line on this – their unshakeable policy says that a completely fresh reinstall is required, and it has to be done today. I can understand that, but I see now it’s been pointless for me to use SELinux in this case then. They’ll charge me extra for the reinstall too 
The only benefit is that at least while I’m doing it I can hop onto RHEL 5 which will mean MediaWiki can be upgraded at last.
This is going to cause some major downtime on ogre3d.org, firstly for the physical reinstall, and secondly for the time it takes me to get the ton of application software reinstalled. First priority will go to getting the forums running again, obviously. I’ll have to decide what to put on the main site page – it’ll be a placeholder at first. It’s very likely to be a few days before everything is completely back to normal again.
Don’t expect me to be doing much except getting that sorted out for a little while. I’m expecting to be stressed. Once I’ve fought these particular fires and got things on an even keel again, I’m considering moving host again since clearly the ‘premium’ support that I pay for is actually a pretty blunt instrument (you can say you told me so now).
Update: ogre3d.org is offline as of now for reconstruction. Subversion and downloads are still available on Sourceforge, once the server has basic functionality back I’ll put up a placeholder letting people know what’s going on.
February 2nd, 2009 at 2:23 pm
So spamers aren’t just parasites, they are also taking your time AND money. Specially to someone from the community (you)
That pisses me off.
February 2nd, 2009 at 4:10 pm
That just sucks. I wish you that the reinstall will go well at least. PHP coders seem never to learn
February 2nd, 2009 at 4:10 pm
give ur time but dont get stressed. You certainly don want another health problem. Things will be restored. Though this is such a problem. You definetly should think of another host. I thought the good ones are cheaper as they do more buisness.
February 2nd, 2009 at 4:38 pm
Hosting in the US is cheaper than the UK, but I prefer having the server legally close to me. We’ve had cheap hosts before and outgrown them, three times.
With hosts you do get what you pay for – cheaper hosts have more sites to deal with, so support is worse in the event of a problem. With previous hosts, the server always seemed to go down when I was away and no-one monitored it. Uptime has been a lot better since moving to this host since they monitor it and investigate quickly, perform full backups for me etc. And, I can talk to a real engineer on the phone, not some call centre.
But it’s expensive and the support isn’t quite as detailed as I’d like – basically they will do app-specific support, but only things that are supported by RHEL. In practice, we have to stray outside this too much so we’re on our own in too many places. So, I may look for something cheaper, but I sure as hell won’t go for cheap & dirty.
That’s for another time though, immediate concern is getting things back up.
February 2nd, 2009 at 5:19 pm
Ugh, that sucks man. Hope you’re able to get that taken care of as painlessly as *possible*. Good luck.
February 2nd, 2009 at 6:39 pm
Wow, that is the worst new. If there is any thing I can do to help – e-mail me and I will do it to save you time.
I was just about to post on the multi-screen patch and saw your e-mail.
Here is a screen shot of the multi-screen layout – at least you will be able to look at something that will put a smile on your face:
http://assafogre3dforumfiles3.googlepages.com/multi1.jpg
http://assafogre3dforumfiles3.googlepages.com/multi2.jpg
February 2nd, 2009 at 7:43 pm
Yeah don’t get stressed
SVN and Ogre3D downloads are working so it’s not such a big deal.
Server problems affect even big enterprises with big budgets and it’s own server farm.
True users of OGRE will be patients.
Those who are not probably don’t even understand well the phylosphy behind Ogre in the first place.
Just for you to know, your Torus Knot webpage seems down too. Don’t forget to check that out.
Cheers
Dark Sylinc
February 2nd, 2009 at 8:59 pm
Good idea with wordpress replacing joomla. Managing wordpress is easy, and the news section is like a blog anyway. These few static pages are just as easy to set up and there are lots of gallery plugins for wordpress available.
February 2nd, 2009 at 9:21 pm
Steve, I don’t understand your post in the least and don’t need too. But if you expect to be stressed you will be. Expect to be positive and productive and for things to go to plan
Lecture over.
February 2nd, 2009 at 11:38 pm
@Assaf: thanks, nice pics.
Sods law says that what can go wrong, will go wrong – like having these sorts of problems on the very day that the datacentre is understaffed.
@Dark: yes, I know the TKS site is down too, it’s on the same server, hence why I’m keen to get them both back up. That will be faster to restore because it’s simpler, if only I could get into the reinstalled server right now (grr). I could have switched the DNS over to another server temporarily, but the time lag of doing that (and returning it) and given how close I thought I was to getting a placeholder going, I haven’t done it. If I could just get someone to walk into the datacentre and fix the sshd problem, I could probably be back up at a basic level in about 30 minutes. My only guess is that they’re understaffed because of all the travel disruption in the UK right now.
@Roz: I appreciate the thought, but after 15 years doing this I’ve learned the one constant is that things never go to plan. In life Im an optimist, but I’m also a realist when it comes to technical things
February 3rd, 2009 at 4:59 am
That sucks Steve. I do a little adminning on the side, although you appear to better at it then I, and I know how hard it can be to get everything setup just perfectly.
Good luck getting the new site up.
February 3rd, 2009 at 9:08 am
sorry to hear that! I hope software reinstall will not take too much time
February 3rd, 2009 at 9:45 am
I recommend CMS Made Simple, even though I use ModX.
It’s lean and quite capable.
This really sucks.
February 3rd, 2009 at 10:08 am
That sucks. It seems this sort of thing happens all the time now, I guess because almost everyone is using CMS software (joomla, wordpress, drupal). I used to use drupal, but I found that wordpress had much less painful upgrades. Especially with 2.7, it’s basically all automated, which makes it much easier to keep on top of things.
February 10th, 2009 at 4:35 pm
[...] and I have a hundred and one things to catch up on this week after last week’s unplanned diversions, so bear with me if I’ve missed things in the forum or am otherwise slow to respond. There [...]
February 11th, 2009 at 12:19 am
Black-hat spammers are parasites. Ogre is one of the good guys making decent software. Anyone targetting a project like Ogre must be a total jerk with no life. I wish you the best of luck getting the new site back up, and look forward to another year of great Ogre advances.
February 15th, 2009 at 6:19 pm
[...] web software up to date is a pain, but failure to do it can result in significant ramifications. Some bits of software are easier to keep up to date than others, but one thing I never like doing [...]