A major security flaw was discovered in the site yesterday thanks to a script child with a bit too much time on his or her hands (9/13/2006). This required the entire site to be taken off line for a security audit.

I'm still working on the framework for the main site (don't worry---no data has been lost either here in the forums nor in the main site) and hope to get that back up over the weekend. The forums were the priority and they have been secured. There are still a number of images missing and those will hopefully be restored as time permits. If you notice any outstanding non-cosmetic issues, please post them here so they may be attended to.

Thanks for your understanding and patience.

:applaudth :applaudth :applaudth :applaudth :applaudth

Groeten,Miriam

Thank you, Mariam. It has been a harrowing 24 hours for me on this end.

You may want to reload your avatar. Once I get more functional on this end, I'll work on the cosmetic issues and get everything back up to full functional "normal". There were backups of everything and I know where the hole was (now I do, heh) but I needed to go through a bunch of files to make sure there weren't any back doors, trojans, etc. left behind and it was a PITA.

I'm considering if a change is in order for the main framework of the site as that is where we were hit so that is delaying that part coming back on line while that is explored.

Betsy,
Congrats on getting this back up so quick. I've always been in awe of how you keep this site going. Is this what you do for a living?

Jim Costich

This is just a spare time thing for the most part. I didn't know how to build a site until the idea for BLO came along.

All told, we were down about 24 hours only because I was being especially cautious (+I was at Loretta's home when I found about about the problem and didn't have any passwords nor access to the stuff I needed to get us back online until I returned home the next day).

I should have the rest of the site back up by tomorrow. I'm grateful to my internet friends Chip and Kate who offered good information on rebounding and where to look for the security hole. It won't have full functionality as the part that had the vulnerability won't be replaced for now.

Betsy

For getting BLO's forums back online,

As I offered a long tine ago when I complimented you on your BLO theme. I'm a disabled, and now often bed ridden, professional web designer (or developer for the ego heavy types), I just like the sound of designer better. So, if you need any help with just like offline HTML or anything for the redesign of B.L.O.'s home page I'd love to help out. I know, of course XHTML/HTML, CSS, & JavaScript. As well as PHP 5 and less, MySQL 5 and less (though I'm still learning it's stored procedure stuff), Perl, tcsh - bash & sh shell scripting. So if you want, need, or would like some help getting things going again I'd love to help, and like I said with being bed ridden I have time to help out, no prob.. Though I can only use one arm, because of my Generalized Dystonia, I'm not like super fast... but I still type about 150 wpm free type. If I'm like typing from a document though, just like forget it. My head shakes a lot and with just one hand I have to be honest and just let you know how I can and can't help. That is of course if you want it... I'm kinda personally attached to <A Href='http://dystonia-dreams.org/'>Dystonia D.R.E.A.M.S.</A>, which I run to support others and myself who suffer from Generalized Dystonia, so there's like no hard feelings if you want to kinda keep on it yourself. Otherwise here is a handicapped girl very interested in helping out.

Ummm...in reality, I just haven't had the time to do it. I thought I would on the weekend but it didn't work out that way. If I don't foresee the time in the next few days, I'll let you know and let you loose with it. For now, I just need to reload mambo and remove the security flaw but I wouldn't mind moving away from that framework---I haven't been super happy with it. Peter sent me a list of possible cms' but I'm not sure if he spent any time reading about them or not.

I've never been a fan of Mambo either,

It's much to cumbersome, and the code has become very bloated over time. That's like totally the problem with a lot of CSM's. They try to do everything, so nothing ever works exactly right, but never mind. Thanks ton for letting me help out, ^_^, I'm so glad I'll be able contribute, being bed ridden makes me feel like I don't have a lot to offer, so I'm so glad I can do something good.

Well, I have NO idea of what you are all talking about...to any great degree, but I do know that when I use the 'normal' http address, i do not get the web site... I get the blank screen with the alternate address.

It's ok, I don't mind if you are still working on it, but, the conversation below/above, seems to suggest that others are able to access the site via 'normal' channels. Is there something I need to do to make this happen, or are the issues still in play? Just want to know.

Regardless, ALL your efforts are TRULY appreciated!!! Please know this!
Take Care, and Good Luck!

Just mark the forums in your bookmarks would be the best. Guests leave on Friday but then I work that day too in the city so it may not be until Saturday unless I get a big load of insomnia.

How are things progressing?
Since the main site went down, even the forums seem in danger of becoming a ghost town :(
I volunteer to help, if you need help, for what I'm able. I may not be a way 'leet web developer, though I do have some general programming experience.

How's the site coming?