# Thank you morrus!



## steeldragons

I'm sure the week was filled with one PITA after another.

Just wanted to shoot off a big ole well-deserved THANK YOU from myself and, I'm sure, others for all the time and work to get our favorite rpg site back up and running.

Thanks, also, to whomever else is helping/working.

--Steel Dragons


----------



## Jemal

Heartily Seconded!


----------



## Morrus

Thanks!
 [MENTION=52905]darjr[/MENTION] deserves most of the thanks.

I'm not prone to depression, but this week I saw my livelihood on the verge of dying, and stumbled (again) across the sheer petty nastiness of those who enjoyed and wanted that. It was an unpleasant experience. But we're back!

About £10,000 of code has been lost, and it's going to take a lot of work and money to replace all that; months, if not years.

I did nearly give up. But stubbornness prevented me! So here we are... again. Still here!


----------



## Mark CMG

Good show.  Chin up.  You've been a phoenix before and can do it again.


----------



## jonesy

£10,000 of code lost? Bloody hell. And there I was thinking it was good it was just someone hacking a website. I hope you can get past that.

Edit: and I don't mean just financially.


----------



## El Mahdi

deleted


----------



## WotC_Trevor

Kudos to Morrus, darjr and everyone else involved it getting the site back up and running again! You're all badasses and I have no doubt you can recover from this bit of unfortunate nastiness.


----------



## EricNoah

It was me. I was jealous.  My bad.


----------



## Artur Hawkwing

Let me add in my thanks and kudos for a job well done. I like the new look of things. As for the rest of it, your loyal subscriber/fan/membership base, I hope, will step up and offer it's collective assistance in whatever way it can. I'm not a code master or any of that rot, but if I can help out in any way, please let me know.


----------



## Morrus

EricNoah said:


> It was me. I was jealous.  My bad.



  Y'know, someone on Twitter told me that you would be "so proud" because EN World was "never up".  Classy, I thought.  I struggle to identify with the way some people think.  That was probably kinder than some comments I saw, though.


----------



## Janx

Morrus said:


> Thanks!
> [MENTION=52905]darjr[/MENTION] deserves most of the thanks.
> 
> I'm not prone to depression, but this week I saw my livelihood on the verge of dying, and stumbled (again) across the sheer petty nastiness of those who enjoyed and wanted that. It was an unpleasant experience. But we're back!
> 
> About £10,000 of code has been lost, and it's going to take a lot of work and money to replace all that; months, if not years.
> 
> I did nearly give up. But stubbornness prevented me! So here we are... again. Still here!




I was going to ask, if some kind of security audit could be performed.  Basically, get a third party to assess firewalls, etc.  Maybe not a fancy shop, but a friend of EN World who is versant in such.

I'm not volunteering anything, just that from my own experience of running IT, the original guy who set up our firewalls may have been certified in the firewall product he chose, but that doesn't mean he did everything the best way, or didn't have some accidental holes, or even chose what the industry considers a decent product.

Hypothetically, you guys need to make sure your firewall is locked down tight.  If you don't have control of that at the network infrastructure level, then at the server level.

If it took days to restore the server, recovery plans may need to be tightened up.  Nowadays, everybody is running on Virtual machines.  That makes it possible to create snapshots, or at least backup the 2 files that represent the server instance.  Retaining copies of those once a week would mean you can QUICKLY pop those files back into place, to get the server up and running.

these things won't guarantee safety, but they help make things easier.  There's no reason* you shouldn't have been able to snap an older copy of the server image back into place.  We'd have lost a few posts, but you'd be back in position, perhaps taking time to secure whatever brought the site down the first time, before bringing it online.
*well, except for not being configured and ready for it

I have no clue what actually happened.  I've been in the position of having the IP for my mail server spoofed by an external agency and being black listed by SpamHaus.  That means, the bad guy was outside my network and impossible for us to repair because there was nothing infected or invaded in my network.  The best we could do was change IP addresses.

My sympathies, and congratulations on bringing the system back up.

While the wound is still fresh, review what happened and check and improve your security and recovery process.  it will help reduce the damage that you suffered, not just in downtime.


----------



## Morrus

Janx said:


> I was going to ask, if some kind of security audit could be performed.  Basically, get a third party to assess firewalls, etc.



This is, of course, happening.  There are cost elements, of course, but I'm doing everything I can afford to do.  Even though Xmas is 3 weeks away, and Sharon's birthday is on Tuesday!


----------



## EricNoah

You can tell him that Eric Noah said he was a douchebag.


----------



## Roland55

Well!

It's back.  What a relief -- my boring daily life was beginning to get me down.

Why, I even signed up for Circus Maximus!!

I know ... hard to believe.

[Sorry to hear this was so hard for Morrus and his helpers.  I had no idea it was this bad.  Cyberwar on our very doorstep.]


----------



## Scott DeWar

EricNoah said:


> It was me. I was jealous.  My bad.



 your are SOOOOOOOO grounded!


----------



## Scott DeWar

Roland55 said:


> Well!
> 
> It's back.  What a relief -- my boring daily life was beginning to get me down.
> 
> Why, I even signed up for Circus Maximus!!
> 
> I know ... hard to believe.
> 
> [Sorry to hear this was so hard for Morrus and his helpers.  I had no idea it was this bad.  Cyberwar on our very doorstep.]




I am over there as insane jeenyus, my avi is wile e. coyote.

**and my thanks to [MENTION=1]Morrus[/MENTION], [MENTION=52905]darjr[/MENTION] and all others. I really wish I could help in some way, but I don't even know


----------



## Lwaxy

There is no denying that there is a lot of evil in the RPG community. It's pretty sad. i was so worried because this is the only RPG forum (other than for playing) I visit all the time. I'm glad it's back up, just wish my story hour data from my dead comp was already recovered so I could continue writing. But hey, that's so minor in comparison.


----------



## I'm A Banana

Hurrah for [MENTION=1]Morrus[/MENTION]! Hurrah for [MENTION=52905]darjr[/MENTION] . We will come back stronger than ever before! Hurrah!


----------



## Obryn

Welcome back!  I re-upped my sub; I've been meaning to do it anyway!

(And also, I'm hoping Zeitgeist 4e #5  comes out soon. )

-O


----------



## dd.stevenson

Morrus said:


> Thanks!
> @_*darjr*_ deserves most of the thanks.
> 
> I'm not prone to depression, but this week I saw my livelihood on the verge of dying, and stumbled (again) across the sheer petty nastiness of those who enjoyed and wanted that. It was an unpleasant experience. But we're back!
> 
> About £10,000 of code has been lost, and it's going to take a lot of work and money to replace all that; months, if not years.





I'm sorry you had to go through that.  Thanks for being awesome!

If it's any consolation, the forums seem to be loading faster than ever...


----------



## Thomas Blaine Seitz

Hmph...well one thing this did. With my facebook account, NF is back!


----------



## doghead

Sorry to hear about all that you have been through. Here's to hoping that the sailing is smoother from here.

On that note, is it possible to stack up a bunch of Quarterly subscriptions? My current one doesn't expire until February, so switching to monthly isn't going to achieve much in the short term. But if I can stack up a few Quarterly ones, or even if there was an annual subscription, it seems like a way to get some money to you now when it's most needed.

thotd


----------



## Mary_Crowell

I just came home from a gig discovered E.N.World is back. YAY! So happy you were able to bring back this community. I already have a 4 month silver subscription, but I would be delighted to donate via Paypal or some such. Since I haven't looked around much yet, I don't know. Is there a Paypal button here we could use to simply give donations for the board?


----------



## Mary_Crowell

Morrus said:


> This is, of course, happening.  There are cost elements, of course, but I'm doing everything I can afford to do.  Even though Xmas is 3 weeks away, and Sharon's birthday is on Tuesday!




Ok. I just bought an additional 4 month silver subscription, because that was the  way I saw to easily help monetarily. Given that you are having to rebuild so much, could you put a Paypal Donate button somewhere prominently on the board? Then the rest of us can point people to it via our other social media.


----------



## Dragonhelm

Welcome back! Glad to see EN World recovering. It's a shame that someone felt the need to spoil other peoples' fun.

And hey, I like the new look.


----------



## Jeff Carlsen

Glad to see everything up and running so soon.

There are a few blessings in disguise. The new software is slick, quick, and proper semantic HTML. I look forward to seeing what's possible with it.

I've always considered subscribing, and I probably will now. But to help out even more, perhaps there could be some one-time perk to help bolster site funds? Something like a one time electrum subscriber option that makes our posts stand out as being awesome supporters in this time of need.


----------



## Halivar

I was itching to read up on some D&D talk, so I went over RPG.net and got to maybe the first 5 articles before I switched back to hitting F5 on EnWorld every 5 minutes. Glad to have you back.


----------



## LightPhoenix

Morrus, I'm glad that you were willing to keep up the site, and grateful for the hard work you, darjr, and everyone else has done over the years.  I went ahead an picked up a Silver 4-month subscription for myself, despite having just three days ago moved across country (I should probably update my profile  ).  I'm not usually one to talk about my own charity, but I wanted to impart how much ENW means a lot to me.  Anyway, thanks for being awesome!


----------



## warcrown

Thank you Morrus and all the others! Did you atleast catch the hackers? They deserve to rot in the Abyss for disrupting this most sacred of sites.Are smilies disabled now? Dont seem to be working for me.


----------



## MichaelSomething

Huzzah!  Glad to have Enworld back!  I'm not the biggest Enworld fan but Morrus doesn't deserved this at all!


----------



## Jemal

Well on the upside, i've been considering subscribing for a while now, and this has definitely made the decision for me.
Just put the payment through paypal for a silver sub.  Wonder how long it takes.

Also I agree with what some of the others have said - A donation feature would be a good idea.  I'm not really interested in any of the 'silver' perks, just took it to throw a little extra money at you.


----------



## steeldragons

I'll just pipe in again to give specific thanks to [MENTION=52905]darjr[/MENTION] , as Mr. Morrus mentioned, and to add my voice to the idea of a donation button [so those of us who already have subscriptions] to help. Tis the season of giving and all. 

I'm sure I'm not the only one who could tuck a lil' something under the tree (not to mention a big ole helping of heavily brandied egg nog) for the Russ & Co.

Again, great work and chin up (and if you find the bastard throw the book at him...the biggest heaviest book you can find!)
Cheers.4
--SD


----------



## Roland55

Scott DeWar said:


> I am over there as insane jeenyus, my avi is wile e. coyote.
> 
> **and my thanks to [MENTION=1]Morrus[/MENTION], [MENTION=52905]darjr[/MENTION] and all others. I really wish I could help in some way, but I don't even know




I think my Imagination Factory has shut down.  I'm there as ... Roland55.


----------



## Roland55

Obryn said:


> Welcome back!  I re-upped my sub; I've been meaning to do it anyway!
> 
> (And also, I'm hoping Zeitgeist 4e #5  comes out soon. )
> 
> -O




Now there's a good point.  I had recently applied for a silver subscription ... is that gone now?  Should I re-up?

Just checked the system and it says I still have my silver subscription.  Good to know that didn't go wrong!


----------



## Leif

Yay!!!  Hooray!!!  Whee!!!


----------



## Zaukrie

Thank goodness the site is back. I don't usually use the word hate, but why would anyone hack and cripple this site? Why would that make anyone else happy? Mind boggling how our world works....And, put up a gift button.


----------



## freyar

Yes, thank you Morrus, darjr, and anyone else!


----------



## Lwaxy

What about a forum only subscription to use searches and the like, for those who have no need for the APs and stuff because others in the house already subscribed (or are mods)? My husband made the suggestion, he thinks for basic board functions $3 a month (I think that's what it was) is a bit much, but he'd pay half just for board functions and extra message storage.


----------



## Morrus

Lwaxy said:


> What about a forum only subscription to use searches and the like, for those who have no need for the APs and stuff because others in the house already subscribed (or are mods)? My husband made the suggestion, he thinks for basic board functions $3 a month (I think that's what it was) is a bit much, but he'd pay half just for board functions and extra message storage.



We had that until about 6 days ago.  In nearly 6 years, exactly 4 people bought it!  Needless to say, this makes your husband one of a very, very rare breed!


----------



## Lwaxy

Wow, wouldn't have thought.


----------



## Asmo

Time for an EnWorld kickstarter? 

Asmo


----------



## William Ronald

Thanks to Morrus and everyone who worked on restoring the site.


----------



## Blue

Asmo said:


> Time for an EnWorld kickstarter?




Seriously.  Lots of people looking to donate.  Though maybe indiegogo so it doesn't that the kickerstarter+amazon tax off the top.  Have a $10 level for "Name on the Wall of Defenders".  The various lost functionality can be stretch goals, and have polls for those who donate to determine what's the next up.

Morris & all - I'm glad you got through it!  Out of healing and down to a blunt dagger and half a suit of leather armor between them, the heroes return victorious.  Bloodied but wiser.  And with a strange new artifact labelled "Newest Code".


----------



## Alarian

I wouldn't bother with making it a Kickstarter or an Indigogo.  Do something like Board Game Geek.  They are running their yearly fundraiser right now on the top page of the website.  Keeps a running total so everyone can see how it's going.  At the end of the pledge, they award Geek Gold to everyone that pledged.  While Geek Gold does have some monetary value, it's more often used to bid on auctions or giving it to others when you see a post you like etc.  You could even do something like they are going and give out exp for everyone that pledges.  I.e. for every $10 (or $100 or whatever) everyone that pledges at least $10 (or whatever amount) gets 1 exp.  So if you raise $10,000 everyone that pledged would get x exp.  

If not exp, something else.  Nothing tangible, just something cool that improves as more and more people donate.


----------



## hbarsquared

I just want to donate.  I don't really want or need incentives, or more functionality, or perks, or my name up somewhere.  Just point me to a Donate button!

Any idea who the hackers were, or what happened?


----------



## Gulla

Lots of thanks from me as well. You even got the user DB up and running, which I find impressive.

Good work, and welcome back


----------



## Zustiur

Thanks Morrus, et al.


----------



## trancejeremy

I hope you consider keeping this current style as an option at least. I am one of those people who strongly prefers black text on a slightly off white background, so this is the most accessible ENWorld has ever been for me.


----------



## Libramarian

Thanks for all your hard work last week, [MENTION=1]Morrus[/MENTION] and [MENTION=52905]darjr[/MENTION] 



Obryn said:


> Welcome back!  I re-upped my sub; I've been meaning to do it anyway!
> 
> (And also, I'm hoping Zeitgeist 4e #5  comes out soon. )
> 
> -O




This was up for free download while the site was down. I haven't played the previous adventures but I dled it anyway. It looks interesting.


----------



## john112364

I would like to echo everyone else. I know you lost a lot and I know you have been putting in a lot of work to salvage what you can. I'm glad you didn't decide to just give up. I'm sure it crossed your mind a time or two. But I, and many others like the community and environment here. I know I haven't been posting a lot lately, but I always enjoy poking around the site even when I don't feel like posting. 

So thanks to Morrus, Darjr and everyone else who is helping to make ENworld the best gaming site on the Internet.


----------



## Quickleaf

I believe in ENWorld. 

I've been a subscriber for a while, but if you guys do an indiegogo or boardgame geek, or kickstarter thing, I am in!


----------



## Dice4Hire

Im a silver now for the first time. Good luck to all!!


----------



## steeldragons

Dice4Hire said:


> Im a silver now for the first time. Good luck to all!!




Me too! Upgraded a couple days ago.  Merry Christmas ENWorlders.


----------



## Storminator

Let me add my thanks and praise for your efforts Morrus. You've done a great job with all the trials and tribulations you've had to put up with.

I appreciate your efforts.

PS


----------



## Cergorach

Thanks Morrus and friends that have been hard at work at updating the website! I'm currently not in any position to support financially, but have time and IT knowledge, so if you need that let me know.

As for the ENworld 'hack', this isn't exactly shocking, according to the old website it was running vBullitin 3.8.5, which means that there were no updates done for almost 2.5 years. Which isn't smart. And while 3.8.6 and 3.8.7 didn't patch any security holes by themselves, 3.8.7 PL1 did address a security hole which was present in the whole 3.8.x series, not to mention PL2 and PL3 for 3.8.7. vBulletin 3.8 is also End of Life since 4 September 2012, so no more security patches since that date. That also means that there's been a known security hole for 2-17 months at ENworld.

Another option could be that the custom code had security holes in it and depending on how the custom code was implemented it could have made the rest of the code compromised as well. If the custom code was also not modular (thus core changes instead of plugins/modules/etc.) it could also explain why the site wasn't updated to the latest security patches.

The 10.000GBP worth of 'lost' code isn't exactly lost I suspect, I suspect that it's not compatible with vBulletin 4.x, which doesn't exactly makes it the fault of the hacker. It's part of the life cycle of software, something a lot of folks seem to forget, not just Morrus, but folks that run a lot bigger operations then Enworld (monetary wise). (Custom) software that runs on version x might not work on version x+1 and version x will not be supported to infinity. Which doesn't make the situation any less sucky of course.

I can't for the life of me find out what the life cycle for vBulletin 4.2 is (when it's End of Life), not to mention that vBulletin 5 (Connect) is already running in beta for a few months and is less then perfect (depending on who you talk to). So, if I might give some unsolicited advice, don't spend another 10.000GBP on custom code until you know how long vBullitin 4.2.x is supported with security updates. And if you spend any money on custom code, make sure it's modular enough so you can do security patches during the entire life cycle.


----------

