I apologize to everyone that I missed this. I am in the process of getting a house ready for sale (goes on the market today) and it's been kicking my ass ... it's the reason there have been few updates to the front page also. Anyhow, I know this thread made some people feel uneasy so let me explain: There is nothing to be concerned about. The board has <b>not</b> been hacked. None of your login information has been compromised in any way. However, a poster here <i>did</i> try to give you that impression. It's a very simple trick that gave him some raw data which he presented here in a way that made it look like he was monitoring your every move on the BBS. How? Well, everyone knows the "Currently Online" feature on the front page of the board. If you're online, it displays your name there. Neat feature. Well this poster wrote a script to hit the BBS several times a minute grabbing that information - who's online. He would insert that data in to some personal database which he could run simple queries on. SOOOO .... if the data showed you were NOT online at 11:25am, but WERE online at 11:26am, you could easily conclude that you logged in at <i>that</i> time. Make sense? So he could get login times, how long you were logged in, etc. and present patterns/reports from that. 1) It showed no respect for people's privacy here. 2) It's not his data. 3) It's terrible use of the board's bandwidth. I'm not happy about it, and the user has been banned. There is nothing to be concerned about, but if you are concerned you/we can do one of two things: 1) You can remove yourself personally from the list, making yourself "invisible" to it. Simply go to user control panel > Edit Options and select "Yes" on Invisible Mode? Many people already do this, and you'll notice they were not on the graph. 2) I can simply remove the "Currently Online" feature. I don't believe that is necessary at all, but we can if people don't want it. If you have questions, please feel free to post them. Thanks, Clutch
Clutch, Thats for all that info. Definitely makes me feel better knowing how someone can get all that info. I would like to see the "Whos Online" option stay though. I like being able to see who is online so I can look for people who's posts I like to read. BTW, I noticed the "Today's Bday" section is missing today. Is that just cause there is no bdays today or did you remove it to help with the server?
NOTICE: I am NOT defending this guys actions, I don't know enough about web pages to know how to do ANY of this stuff. I LOVE this website, so please DO NOT shoot the messenger. I emailed Shaghai and asked if he had data on me. He didn't answer that question but did send the following email to me: Hi Mulder, > > Clutch banned me without even any explaination. No more data > Did I really offend anyone? > > -- [name withheld] He did put his name at the end, but I won't post it because I understand how important privacy is on the web... then again I guess that explains why he got banned.
Thanks, Clutch, for explaining it. I kind of feel like the guy did not intend to do any harm, probably he just wanted to show that he is smart (I now fully understand, thanks to your explanation, how he got the data and I have to say it's simple, yet clever.). I guess he should not have done this, though, as it really sucks bandwidth....well, if you had banners on the pages, it would show advertisers a lot of impressions...the click-through rate would go down a lot at the same time, though.
I dont think anyone was offended by that info, I found it pretty neat to be honest and wanted to know my ranking so I was wondering why close down the thread and boot him? Just my curiosity but not a big deal. Thanks clutch for explaining how he did it though.
I hope we can keep the "Currently Online" feature. The info that this poster posted on me was totally wrong. I also noticed the info was wrong on several other posters as well. This is just from me being on this site at certain times and noticing when other poster log on. I have absolutely no clue about databases or anything like that. I knew this was a farce and was extremely suprised at people's responses. I have the utmost confidence/trust in Clutch from allowing ANY information about ANY poster being distributed around the internet. 'nuff said
Thanks for the post, Clutch. I like the "who's online" feature as well for the same reasons other people have already listed. Here's a stupid question. I tried to log on yesterday and it said the server was down for about 15 minutes. Was that because of this guy?
Thanks for the explaination Clutch. I also don't think that Shaghai meant any harm. I also don't think that the data he presented was that interesting and I'm not sure what the point was. Based on Shanghai's explanation, it seems like the "Currently Online" feature is not very fine grained. I think that he said that it considers you logged on as long as you have been active within the last hour. If this is the case, I don't think that his script would have to ping the site more than once per minute to get the type of data that he was reporting and one HTTP GET per minute is not much bandwidth. But I guess hitting sites using scripts is frowned upon. Just my $.02.
I think it was taken down because a couple of weeks ago there were some registered user names that showed up in the birthday list that were inappropriate.
Shanghai did explain to me in an email what he did and how he did not feel that he was using that much bandwidth. He asked me to post his "retort" to Clutch but I will not as it goes against the spirit of the user being banned. I use the word retort because when I read it, I felt the anger in the post and I will not throw more fire on this flame. It's not worth me getting banned over.
I'd rather see Currently Active Users list (which is currently unavailable) rather than the list of who's online... I think banning him was enough, I don't feel we need to remove this info from the BBS homepage. just my 2ยข
Question: When is someone is banned, can they just create a new account and come back? or are they gone forever? ala their IP adress is banned.
OHHH. Ya know what. I think I was responsible for that. I gave a shout out to someone who was banned. I meant nothing by it, but it was just a sarcastic little thing. My apologies.
considering very few people keep the same IP for any length of time, I doubt you can permanently ban based on IP. as long as you have a different email addy to register with, it shouldn't be a problem to re-register with a different nick.. but posting styles can be a dead giveaway, especially if you have certain things you always do that aren't exactly commonplace.
Thanks Clutch! It was a relief to hear your response. Please keep the log on feature I like to see if Windandsea has anything to post about YM. Please let Jeff know that he now has a realy great signature.