Login

KKLoco · 04-28-2024, 06:08 PM

I’ve mentioned this on ATS multiple times.

I don’t mean to be a party pooper - but there is no way in hell ATS is going down from a lack of paying for the domain name.

ATS will still be there June 1st. However, it will go down at any given time due to a lack of backend maintenance.

There is extreme HIGH VALUE in the domain abovetopsecret.com.

As a similar business owner myself, if you succeed- your domain is everything. You NEVER forfeit that for nothing.

**TSK** · 04-28-2024, 06:48 PM

(04-28-2024, 04:29 PM)LogicalGraffiti Wrote: I seldom make predictions but in this case, I'll just say that I don't think ATS will die due to technical reasons. That is, I think the renewals for the site domain and server are very likely on autopilot. Owner apathy will be what kills it in the end once our dedicated mods stop keeping the content safe. I see a repeat of October '23 coming. I'm spending more time here lately.

I'm inclined to agree. Last year it was renewed a week before expiration. I also agree that ATS is a sitting dick for any hacker or script kiddie to come through and wreck the place. The software ATS is based off of was abandoned and there hasn't been a security update for over 15 years. Maybe longer. That's a lot of time to search for exploits.

**argentus** · 04-28-2024, 07:28 PM

This reminds me of the approach to 21 DEC 2012. There were serious rituals held around the world, the most memorable (to me) those that were held at Chichen Itza and Tecal. Those were the days, when we could cackle among ourselves that OF COURSE the world was going to continue............. but............ almost everyone I knew tucked in a little bit, stocked up a little bit, bought a bit more ammo. Hell, no point in being caught short.

This isn't, of course, nearly as dire, but it feels much the same to me. Possible end of an era. Remember Nibiru? I I didn't believe in it, but loved tracking it.

Well, tip a glass when the time comes, whether ATS melts down or not. I think the fork has already been stuck in it, regardless of whether the site stays up. We know who the 'forker' is and how we became the 'forkees'. Very glad to have a comfortable place here to stretch out and feel warm. Sun shining every day at DI. Little rain now and then, just like [insert deity of choice] intended. Selah.

SideEyeEverything · This post was last modified 04-29-2024, 08:33 AM by SideEyeEverything.

Off topic, but man I had the biggest teen love for the singer of Europe.

LogicalGraffiti · 04-29-2024, 09:36 AM

(04-28-2024, 06:48 PM)TSK Wrote: I'm inclined to agree. Last year it was renewed a week before expiration. I also agree that ATS is a sitting dick for any hacker or script kiddie to come through and wreck the place. The software ATS is based off of was abandoned and there hasn't been a security update for over 15 years. Maybe longer. That's a lot of time to search for exploits.

In a thread during last October's disaster, there was a bit of revelation of the software running ATS. It was disclosed that the code running the site was written in-house as opposed to buying commercial software or use an open source package. The benefit of that is a hacker or script kiddie can't simply use known exploits (i.e., something like WordPress or bbs apps) to try and break in. Sure, there are many ways to attack a website without knowing how it's built but as long as ATS has been around, it hasn't been compromised too badly. In fact, do we know what happened in October? Was it a code bug that corrupted the database, a malicious actor on the inside or an attack from the outside?

By the way, I'm not arguing that ATS isn't a sitting duck. Just offering another viewpoint.

**ArMaP** · 04-29-2024, 07:43 PM

(04-29-2024, 09:36 AM)LogicalGraffiti Wrote: In a thread during last October's disaster, there was a bit of revelation of the software running ATS. It was disclosed that the code running the site was written in-house as opposed to buying commercial software or use an open source package. The benefit of that is a hacker or script kiddie can't simply use known exploits (i.e., something like WordPress or bbs apps) to try and break in.

ATS's code is based on a known forum software, and although it was highly customised by SO, some parts are still largely based on that old code. It was on those parts that I found a few exploitable bugs. Those are not enough to allow someone to get direct access to the database (at least as far as I looked into them) but they are good enough to create some chaos.

Also, being mostly new code is only as good as the code is, bad code is easily exploited.

Quote:In fact, do we know what happened in October? Was it a code bug that corrupted the database, a malicious actor on the inside or an attack from the outside?

My initial opinion, reinforced by what I read about what happened, is that someone tried to use a code flaw to get access to the database. One way of trying things like that can, if not carefully done, change all records on a specific database table.
In this case, what I think happened, was that someone tried to use that flaw to change the administrator's password and recovery email address, but while doing so they really changed all passwords and recovery emails to the same new password and recovery email, so everyone's password was changed and nobody could log in unless they knew the new password, that was the same for everyone. Trying a recovery email would not work because the email would be sent to the new recovery email address.

As nobody is updating the code the flaw is still there (along with all the others we don't know about) for someone to exploit, so it's possible that this will happen again.

Nerb · 04-29-2024, 08:11 PM

(04-28-2024, 07:28 PM)argentus Wrote: Sun shining every day at DI. Little rain now and then, just like [insert deity of choice] intended. Selah.

Amen..

TheSkepticOverlord · 04-30-2024, 10:25 AM

(04-29-2024, 07:43 PM)ArMaP Wrote: My initial opinion, reinforced by what I read about what happened, is that someone tried to use a code flaw to get access to the database. One way of trying things like that can, if not carefully done, change all records on a specific database table.

If that's possible, then it's likely that my global SQL-injection prevention script was disabled or altered. It was a simple method of limiting all post/get variables character length to only what was needed (along with trapping common injection commands). If a command was detected, or the variable exceeded a set length, then the script exited.

**DontTreadOnMe** · 04-30-2024, 03:31 PM

(04-25-2024, 06:21 PM)Nerb Wrote: People are going to be posting like crazy over there more and more right up until the last moment.

It's almost a manic frenzy at this point.
Rolleyes

Nerb · This post was last modified 04-30-2024, 07:15 PM by Nerb.

(04-30-2024, 03:31 PM)DontTreadOnMe Wrote: It's almost a manic frenzy at this point.

You never signed up for this crazy stuff did you?

Wouldn' it be nice to put your feet up for a while and be just a spectator and a poster.

Have a breath of fresh air.....here's to you on holiday in la la land...

[Image: 1tohEDr.png]