In 2002 I looked around to find a good, free, open-source content management system for my website. I settled on PostNuke, the software currently being used to produce and store the text you’re currently reading. At the time it had great reviews as an alternative to the popular PHP-Nuke, which had a reputation for glaring security holes.
Short Version: I tried to update the version of this software and the site passed out. No moves will be due in Odd Man In tonight, but the game will resume tomorrow.
Read on for the whole story.
Update: I added an apology to the kicked players. Read on for that, too.I installed PostNuke and liked it a lot. It wasn’t perfect, but it was fairly easy to customize once I got a hang of how the modules worked. Not everything worked like it was supposed to, but it was pretty good. I updated the version a few times, each of which was a huge pain in the ass. I’ve had problems at every upgrade, so I settled on the most popular version: 7.2.6. I didn’t really bother upgrading after that.
So, eventually I write this game called Odd Man In, as a PostNuke module so I wouldn’t have to worry as much about user authentication and security. Haha.
Yesterday I was handed the names and secret identities of 4 Odd Man In players, which should have all been kept a secret. I assumed they were sharing information outside of the game, which is against the rules. They denied it, but I kicked them out of the game anyway. Some said that there may be security holes that I haven’t patched, allowing someone to read the database and discover someone’s identity.
To be fair I did a google investigation to see if there were any known exploits that could do this. To my surprise, I was able to write a script in about 5 minutes that could retrieve anyone’s identity. Ugh.
This doesn’t mean the players kicked out weren’t cheating, but greatly calls into question whether the information obtained came from legitimate sources. Given the information I know now I definitely would not have kicked those players from the game and it reminds why I have been so hesitant to do so in the past. I apologize to them if they weren’t cheating.
To maintain the popularity and integrity of the game it’s my duty to make sure these security holes are plugged up, so I tried to upload the latest version of Postnuke and the site went down for about 8 hours. Doh!
No moves will be due tonight, but the next round should go as planned tomorrow night. In the mean time you might see some weird formatting things or broken links. Bear with me on those. New users might also have trouble accessing the message board.
Comments
6 responses to “Today’s Downtime”
Great job, Ben! Thanks.
Sounds like you had a fun day 😉
Hey Ben. Thanks for doing everything you can to make this an awesome game! I, for one, appreciate it.
I really appreciate the work you do for us, Ben. Thank you so very, very much!
From what I’ve heard Ben the hack had nothing to do with how people’s identities were found. You shouldn’t apologize to the chaters, they should apologize to you. If they’re allowed to keep playing I’m probably not going to play anymore since I don’t want to have anything to do with them.
I think Ben is pulling a Paris Hilton and trying to get some publicity.
J/K Ben, your website’s “Hot”
You’re doing a great job. Sorry to hear about the challenges you’ve had. I appreciate all the work you’re doing to make things run smoothly and fairly. Don’t worry too much. I would think everyone would be pretty understanding about it all. You had to make a decision based on the facts you had. Besides, it’s a game, and one that’s free to the players at that.