Second Life Forums Archive - SLExchange down?

blaze Spinnaker

1/2 Serious

Join date: 12 Aug 2004

Posts: 5,898

02-06-2005 01:22

Can't seem to access it..

_____________________

Taken from The last paragraph on pg. 16 of Cory Ondrejka's paper "Changing Realities: User Creation, Communication, and Innovation in Digital Worlds :

"User-created content takes the idea of leveraging player opinions a step further by allowing them to effectively prototype new ideas and features. Developers can then measure which new concepts most improve the products and incorporate them into the game in future patches."

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

02-06-2005 01:34

Looks down from where I am as well. By the way, does anybody know if Merwan is back in the fold now? Or is that just dragging on and on?

doug Donovan

U WANNA PIECE 'O' ME?!

Join date: 22 Apr 2004

Posts: 140

02-06-2005 03:40

crappy.

Roberta Dalek

Probably trouble

Join date: 21 Oct 2004

Posts: 1,174

02-06-2005 04:56

yes it's down. 502 error - Bad Gateway.

Whether this is a random outage or connected with the recent problems who knows?

Mina Firefly

Tattooist

Join date: 11 Aug 2004

Posts: 341

02-06-2005 06:04

i saw this coming aswell.

I heared something about problems between the two leaders.

FlipperPA Peregrine

Magically Delicious!

Join date: 14 Nov 2003

Posts: 3,703

02-06-2005 07:02

SLboutique.com is up and running.

We're also open for new accounts again.

http://www.SLboutique.com

I still wish the SLexchange partners the best of luck, but highly recommend they move away from the bloated PHP-nuke code base they're using, as it contains a ton of code they don't need, which will cause performance issues.

PHP-nuke has also been shown to have quite a few security flaws. See this:

http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00231.html

In this portion, an author shows how easily you can hack the server, and therefore, your data:

"You can actually insert any URL instead of "/etc/passwd" and have it
read. Depending on the server's configuration, this could be abused to
execute PHP code, probably, and from that, any UNIX shell command.

The author obviously doesn't care about security."

Regards,

-Flip

_____________________

Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!

Moopf Murray

Moopfmerising

Join date: 7 Jan 2004

Posts: 2,448

02-06-2005 07:18

From: FlipperPA Peregrine

SLboutique.com is up and running.

We're also open for new accounts again.

http://www.SLboutique.com

I still wish the SLexchange partners the best of luck, but highly recommend they move away from the bloated PHP-nuke code base they're using, as it contains a ton of code they don't need, which will cause performance issues.

PHP-nuke has also been shown to have quite a few security flaws. See this:

http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00231.html

In this portion, an author shows how easily you can hack the server, and therefore, your data:

"You can actually insert any URL instead of "/etc/passwd" and have it
read. Depending on the server's configuration, this could be abused to
execute PHP code, probably, and from that, any UNIX shell command.

The author obviously doesn't care about security."

Regards,

-Flip

You know Flipper, I'm sorry to say this, but using this thread to (a) further advertise your own system and (b) sow the ideas that there may be big security holes in slexchange.com, isn't very good. It feels just kinda tacky to be honest, after all you don't know what work has been done to their system from the php-nuke core at all. By the same token, I presume your system is written from scratch, in which case big security flaws may exist in there at present but you won't know until they're abused and you certainly haven't had enough time to say that your system is 100% secure, have you.

FlipperPA Peregrine

Magically Delicious!

Join date: 14 Nov 2003

Posts: 3,703

02-06-2005 07:27

I'm simply pointing out what information is out there that people may not be informed about. As I said, I do wish them the best of luck. It is true, I don't know if they have patched these flaws on their own; but hopefully the knowledge being out there will make ALL these systems more secure, which has to be a major concern. My system is based off a content management solution I've been coding for going on 7 or 8 years, which has been used in production by some major companies. So while nothing is 100% secure, this is not something that just cropped up over night. I also started planning this project last June, so its been in the works for quite some time.

For the record, any time a thread comes up about one of these services, replies from and about the other services are sure to surface. I don't have any problems with discussing the merit and shortcoming of any of these systems in the "General Forum". Several great ideas have come out of the discussion in the last SLboutique started thread, which included posts promoting SLexchange. Competition is healthy here, and will lead all these service to create a better product for the buyers and sellers using them.

I am sorry to anyone who felt I came across as tacky. That was not my intention. I truly was not trying to launch into a full "marketing blitz" or anything like that.

Regards,

-Flip

_____________________

Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!

Roberta Dalek

Probably trouble

Join date: 21 Oct 2004

Posts: 1,174

02-06-2005 08:11

Back up again...

http://www.slexchange.com/modules.php?name=Forums&file=viewtopic&t=267

billy Madison

www.SLAuctions.com

Join date: 6 Jun 2004

Posts: 2,175

02-06-2005 08:18

From: Moopf Murray

You know Flipper, I'm sorry to say this, but using this thread to (a) further advertise your own system and (b) sow the ideas that there may be big security holes in slexchange.com, isn't very good. It feels just kinda tacky to be honest, after all you don't know what work has been done to their system from the php-nuke core at all. By the same token, I presume your system is written from scratch, in which case big security flaws may exist in there at present but you won't know until they're abused and you certainly haven't had enough time to say that your system is 100% secure, have you.

agree, that was tacky and bad bussiness flipper. Im sure your excited and yall all know how i feel about slexchange but thats just plain distastefull!

_____________________

Prestige Fine men and womens clothing and jewelry, on SLExchange

Apotheus Silverman

I write code.

Join date: 17 Nov 2003

Posts: 416

02-06-2005 08:21

SLExchange.com is back up and running, and the downtime had nothing to do with any of the managerial issues that were mentioned.

A misconfiguration from last week did not surface until this morning's automatic maintenance job ran, which inconveniently shut the web server down. The problem is fixed now.

Also regarding security, I am quite aware of the numerous security holes in both PHPNuke and phpbb base packages. If the site were still vulnerable to these it would have been compromised many hundreds of times (yes, really) by now. An addon security package and extensive modifications by myself have removed all known security holes.

_____________________

Apotheus Silverman
Shop SL on the web - SLExchange.com

Visit Abbotts Aerodrome for gobs of flying fun.

FlipperPA Peregrine

Magically Delicious!

Join date: 14 Nov 2003

Posts: 3,703

02-06-2005 08:36

From: someone

agree, that was tacky and bad bussiness flipper. Im sure your excited and yall all know how i feel about slexchange but thats just plain distastefull!

Already apologized above. Things don't always come out on the forums the way they're supposed to sound.

From: someone

Also regarding security, I am quite aware of the numerous security holes in both PHPNuke and phpbb base packages. If the site were still vulnerable to these it would have been compromised many hundreds of times (yes, really) by now. An addon security package and extensive modifications by myself have removed all known security holes.

Fantastic. I've seen too many friends' sites get burned lately. Best of luck!

-Flip

_____________________

Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!

SLExchange down?
blaze Spinnaker 1/2 Serious Join date: 12 Aug 2004 Posts: 5,898	02-06-2005 01:22 Can't seem to access it.. _____________________ Taken from The last paragraph on pg. 16 of Cory Ondrejka's paper "Changing Realities: User Creation, Communication, and Innovation in Digital Worlds : "User-created content takes the idea of leveraging player opinions a step further by allowing them to effectively prototype new ideas and features. Developers can then measure which new concepts most improve the products and incorporate them into the game in future patches."
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	02-06-2005 01:34 Looks down from where I am as well. By the way, does anybody know if Merwan is back in the fold now? Or is that just dragging on and on?
doug Donovan U WANNA PIECE 'O' ME?! Join date: 22 Apr 2004 Posts: 140	02-06-2005 03:40 crappy.
Roberta Dalek Probably trouble Join date: 21 Oct 2004 Posts: 1,174	02-06-2005 04:56 yes it's down. 502 error - Bad Gateway. Whether this is a random outage or connected with the recent problems who knows?
Mina Firefly Tattooist Join date: 11 Aug 2004 Posts: 341	02-06-2005 06:04 i saw this coming aswell. I heared something about problems between the two leaders.
FlipperPA Peregrine Magically Delicious! Join date: 14 Nov 2003 Posts: 3,703	02-06-2005 07:02 SLboutique.com is up and running. We're also open for new accounts again. http://www.SLboutique.com I still wish the SLexchange partners the best of luck, but highly recommend they move away from the bloated PHP-nuke code base they're using, as it contains a ton of code they don't need, which will cause performance issues. PHP-nuke has also been shown to have quite a few security flaws. See this: http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00231.html In this portion, an author shows how easily you can hack the server, and therefore, your data: "You can actually insert any URL instead of "/etc/passwd" and have it read. Depending on the server's configuration, this could be abused to execute PHP code, probably, and from that, any UNIX shell command. The author obviously doesn't care about security." Regards, -Flip _____________________ Peregrine Salon: www.PeregrineSalon.com - my consulting company Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Moopf Murray Moopfmerising Join date: 7 Jan 2004 Posts: 2,448	02-06-2005 07:18 From: FlipperPA Peregrine SLboutique.com is up and running. We're also open for new accounts again. http://www.SLboutique.com I still wish the SLexchange partners the best of luck, but highly recommend they move away from the bloated PHP-nuke code base they're using, as it contains a ton of code they don't need, which will cause performance issues. PHP-nuke has also been shown to have quite a few security flaws. See this: http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00231.html In this portion, an author shows how easily you can hack the server, and therefore, your data: "You can actually insert any URL instead of "/etc/passwd" and have it read. Depending on the server's configuration, this could be abused to execute PHP code, probably, and from that, any UNIX shell command. The author obviously doesn't care about security." Regards, -Flip You know Flipper, I'm sorry to say this, but using this thread to (a) further advertise your own system and (b) sow the ideas that there may be big security holes in slexchange.com, isn't very good. It feels just kinda tacky to be honest, after all you don't know what work has been done to their system from the php-nuke core at all. By the same token, I presume your system is written from scratch, in which case big security flaws may exist in there at present but you won't know until they're abused and you certainly haven't had enough time to say that your system is 100% secure, have you.
FlipperPA Peregrine Magically Delicious! Join date: 14 Nov 2003 Posts: 3,703	02-06-2005 07:27 I'm simply pointing out what information is out there that people may not be informed about. As I said, I do wish them the best of luck. It is true, I don't know if they have patched these flaws on their own; but hopefully the knowledge being out there will make ALL these systems more secure, which has to be a major concern. My system is based off a content management solution I've been coding for going on 7 or 8 years, which has been used in production by some major companies. So while nothing is 100% secure, this is not something that just cropped up over night. I also started planning this project last June, so its been in the works for quite some time. For the record, any time a thread comes up about one of these services, replies from and about the other services are sure to surface. I don't have any problems with discussing the merit and shortcoming of any of these systems in the "General Forum". Several great ideas have come out of the discussion in the last SLboutique started thread, which included posts promoting SLexchange. Competition is healthy here, and will lead all these service to create a better product for the buyers and sellers using them. I am sorry to anyone who felt I came across as tacky. That was not my intention. I truly was not trying to launch into a full "marketing blitz" or anything like that. Regards, -Flip _____________________ Peregrine Salon: www.PeregrineSalon.com - my consulting company Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Roberta Dalek Probably trouble Join date: 21 Oct 2004 Posts: 1,174	02-06-2005 08:11 Back up again... http://www.slexchange.com/modules.php?name=Forums&file=viewtopic&t=267
billy Madison www.SLAuctions.com Join date: 6 Jun 2004 Posts: 2,175	02-06-2005 08:18 From: Moopf Murray You know Flipper, I'm sorry to say this, but using this thread to (a) further advertise your own system and (b) sow the ideas that there may be big security holes in slexchange.com, isn't very good. It feels just kinda tacky to be honest, after all you don't know what work has been done to their system from the php-nuke core at all. By the same token, I presume your system is written from scratch, in which case big security flaws may exist in there at present but you won't know until they're abused and you certainly haven't had enough time to say that your system is 100% secure, have you. agree, that was tacky and bad bussiness flipper. Im sure your excited and yall all know how i feel about slexchange but thats just plain distastefull! _____________________ Prestige Fine men and womens clothing and jewelry, on SLExchange
Apotheus Silverman I write code. Join date: 17 Nov 2003 Posts: 416	02-06-2005 08:21 SLExchange.com is back up and running, and the downtime had nothing to do with any of the managerial issues that were mentioned. A misconfiguration from last week did not surface until this morning's automatic maintenance job ran, which inconveniently shut the web server down. The problem is fixed now. Also regarding security, I am quite aware of the numerous security holes in both PHPNuke and phpbb base packages. If the site were still vulnerable to these it would have been compromised many hundreds of times (yes, really) by now. An addon security package and extensive modifications by myself have removed all known security holes. _____________________ Apotheus Silverman Shop SL on the web - SLExchange.com Visit Abbotts Aerodrome for gobs of flying fun.
FlipperPA Peregrine Magically Delicious! Join date: 14 Nov 2003 Posts: 3,703	02-06-2005 08:36 From: someone agree, that was tacky and bad bussiness flipper. Im sure your excited and yall all know how i feel about slexchange but thats just plain distastefull! Already apologized above. Things don't always come out on the forums the way they're supposed to sound. From: someone Also regarding security, I am quite aware of the numerous security holes in both PHPNuke and phpbb base packages. If the site were still vulnerable to these it would have been compromised many hundreds of times (yes, really) by now. An addon security package and extensive modifications by myself have removed all known security holes. Fantastic. I've seen too many friends' sites get burned lately. Best of luck! -Flip _____________________ Peregrine Salon: www.PeregrineSalon.com - my consulting company Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!

Welcome to the Second Life Forums Archive

SLExchange down?