Author Topic: Status, Plans, and Questions...  (Read 53214 times)

0 Members and 1 Guest are viewing this topic.

Xepher

  • Techsmith
  • Administrator
  • *****
  • Posts: 4,325
  • Illegitimis non carborundum!
    • View Profile
    • Xepher.net
Status, Plans, and Questions...
« on: February 12, 2006, 02:24:05 am »
As you've hopefully seen in other announcements, Xepher.net was hacked again last night. After much investigation, it looks quite likely that there was a backdoor left in place after the last hack, and they just used that to get back in again, despite any security enhancements I made in the interim. The problem here is that, while I think I've found and removed all backdoors and such, there's no way to be positive without a complete system wipe and reinstall. Now, if the machine was sitting here in my room, no problem. I'd take it offline for maybe 8 hours and do it. But it's in Chicago, and I'm in Steamboat. Between shipping both ways and the time to sort and test things, it'd probably mean a week of Xepher.net being completely offline. Also, it would cost me a couple hundred dollars in shipping, and I'd really hate my life because it would eat all my free time when I'm not at work.

Here's my current line of thinking. I think the hacker(s) weren't out to destroy the system, but just spread their viruses and such for other purposes. As such, I believe the damage they've actually done is rather limited, as evidence by everything still running and me still having control of the machine. Now, as I said, I can't "trust" the system, but if it's doing what it need to do... that is, serving your websites up properly, well, I think that's good enough... for now. I'm not going to pull and wipe the system just yet. I'll leave it running for a few more months until I have the time and money to redo it properly. What I ask though, is that since it's possible there's still a hacker with access to things, is that everyone make sure to keep backups of your own data as often as you feel is needed. I do keep system-wide backups, but I'm hesitent to run one of those because all I'd be doing is backing up possibly infected files. If the system is totally taken down, then I will possibly be restoring that backup as an emergency measure. But since it will be a couple months old, many of ya'll could lose newer data if you don't have your own backups. Please realize, I'm talking from paranoia here. This is a worst case scenario. I really don't think the hackers are trying to destroy things, just sneakly spread their worm. As such, I don't anticipate any major disaster, but I'd rather everyone was prepared, just in case.

Now, for future plans... I'm moving back to Texas in a few months. My current plan has me taking over some investment (rental) property, and if that goes well, I'll be getting enough income that I won't have to have a full time job just to get by. That will leave me more time to get Xepher.net sorted out properly. What I want to do is build a new server. The current one (Orca) is now several years in service... the drives have 30,000 hours of power-on time. That's 3.5 years at 24/7 and is definitely "mature" and not at all bad lifetime for something built from spare parts in a college dorm. For a new server, I want to actually drop some real cash on it, build with all new parts. I want a much faster server, with MUCH more storage in a raid array this time 'round. Currently, I'm aiming for about an athlon 64 3200+ with something close to a terabyte of storage. If I do that, I plan to seriously redesign the software side of things as well. The current server setup is pretty much as secure as I can make it while still giving everyone the amount of resources/freedom that I do. I thought it was going to be enough, and it was for several years while we were still small enough to be below the radar. It fended off thousands of "drive by" hacking attempts. The one that finally got through looks to be a concerted effort over many days (possibly weeks or months) by a very determined hacker or group. The new server... I plan to run virtual machines this time around. I'm going to have a master/host that's the actual operating system, but below/inside that I will run virtual machines with a completely seperate OS and everything, and those will run all the actual services. What this gives me is the option to actually wipe and rebuild those virtual machines by remote (using the host system.) So if/when another hacker does get though, I can build a second virtual machine, and switch services over to that one, then go back and wipe the infected machine out completely and rebuild it. I hate having to think this paranoid, but it seems to have become neccessary. The truth is that, no matter how good I design a system to be secure, I'm still at the mercy of the software I use. That means that, even if my design is perfect, a bug in something like the mail server could get the whole machine compromised, which is exactly what happend this last time.

While I'm rebuilding things, I'm going to revamp the hosting side of stuff as well. I'm going to try and implement "Phase 3" as I originally called it. For those wondering, that was the idea that was basically limited (non-machine) accounts specifically for comic hosting. It'd be a lot like keenspace... no applications, everyone gets in, but you can't really do much with it OTHER than host a comic. I also plan to add in some of the things I've been meaning to for a while. Mostly convinence things, like a web-based file manager, and some sort of statistics gathering that's a lot more detailed (and interactive) than the current stats system.

Now, I'd like to hear from ya'll on this, what you think. First off, just any general opinions on what I've mentioned. I have a couple of more specific questions though.

1. Do you think waiting to rebuild the system is a good enough option? Does it worry you undully that the server might be compromised in the meantime?


2. When I rebuild, I'm going to try and resecure things even more than now, but I don't want limit the useability too much. How many non-essential services here do you actually use? To clarify, here's the list of things people can or do use here. Please let me know which ones you actually use, which ones you'd like to use (or might in the future,) or ones I forgot or that you'd like to see

Webserver (essential)
SSH (essential... at least for me, shell/command line access)
SCP (secure file upload, used instead of FTP)
FTP (unsecure file upload... I may be getting rid of this anyway)
Email (username@xepher.net)
Webmail
IMAP (email access protocol)
IMAPS (secure version of above)
POP3 (email access protocol)
POP3S (secure version of above)
SMTP (Outgoing mail server)
Email forwarding
Spam filtering
Wildcard email (anything@username.xepher.net goes to your account here.)
Wildcard filtering (possible future addon... would let mail for address1@username.xepher.net get sorted into a different folder than address2@username.xepher.net. Would require use of email access that supports folders, either IMAP or Webmail.)
MySQL (Used for a lot of forums and similar software)
SQLite (similar to MySQL, but much lighter weight and more secure... used by this forum)
PHPMyAdmin (Web-based interface to for MySQL access/editing.)
HTTPS (Secure webserver)
Cron (process scheduling... run programs at certain time)
Virtual Domains (using a domain you purchased, EX: www.missmab.com rather than missmab.xepher.net)
PHP (scripting... used by lots of webscripts/forums/etc, including the XN newsbox)
Other CGI (Perl, python, and other CGI scripts)
Statistics ( http://xepher.net/stats/ and in the future, more advanced stuff)
Web-based file manger/upload (possible addon in the future)


3. Do you think I should prioritze security, or ease of use / convience, and to what degree? For example, would losing FTP and having only SCP be worth the added security? (WinSCP is just as easy as FTP for direct access, but a lot of editors (like dreamweaver) only support FTP for their builtin file upload.) On the other end, would having to do everything via web-interfaces be too restrictive? That is, having to upload and manage everything in a web-app, with no access to shell, FTP, or other such things. (This is the extreme option, but I believe it would've been secure enough to prevent the most recent hacking attempts, as they all relied on shell access.)


4. What other features or services would you like to see added?


5. How do you feel about the quality of service? By this, I mean how fast the server responds, how well it runs scripts, general performance stuff. This is not to rate MY service as an admin... which has been seriously neglectful when it comes to things like reviewing applications. I apologize for that, but what I'm considering is trying to find a new hosting service for the new server. I notice a decent amount of packet loss and wildly varying ping times with the current one. (On the other hand, it's REALLY affordable, and you get what you pay for.)


6. I want ideas here. I have a couple problems I'm trying to solve. First off, I want Xepher.net to grow, and I want to do so with quality, not just by becoming another geocities. Secondly, I'd like to find a way to get some small income for this thing. I'm looking at investing about a thousand bucks in a new server, and hosting is still costing another hundred a month. If I move to a better host, it could be even more. Right now, the only real income is from donations, and 90% of that is from DMFA ( http://missmab.com ) Still, it's been just over three years since I put the server in chicago and I've spent about 3800 bucks out of pocket for this, not counting hardware costs. I don't intend to forgo the free hosting, but I'm thinking options along the lines of maybe running a seperate "commercial" hosting area, perhaps with dedicated comic services like webcomicsnation.com, which wouldn't have to have a newsbox, or share revenue with donations like the free sites do. Another idea is to maybe offer dedicated game servers for things like counter-strike and such. Other options are maybe stick with the shared donation/ad revenue, but just work hard to get some good, quality content here. I mean, a couple more sites like DMFA is all that's needed. Question is, how to attract such sites? I mean, obviously I need to get one top of my game with applications and whatnot... Speaking of..


7. How can I redo the application system? I want some sort of quality "filter" on new members, but at the same time, I feel bad because the current "wait for Xepher the bevelant dictator to nod" method is leaving lots of worthy applications sitting in limbo because I don't have the time I need to take care of them. I was hoping that with them on the forum, there would be lot of peer review. Don't get me wrong, there are a few members that have been doing a lot of work looking at applications and giving good opinions and advice, and I thank them... but I need more than two or three opinions to let me feel comfortable rubber-stamping something. When I rebuild, should I make a system that requires current members to show up and vote on new people from time to time, or is that trying to force a community where there's not one? How else could I redo it? Do I deputize some trusted people to review and approve/deny applications?


I think that's about it for now, and I apologize for the length of this post, but it's stuff I need to sort out (and apologize for.)

robynie

  • Full Member
  • ***
  • Posts: 131
    • View Profile
    • http://www.robynie.com
Status, Plans, and Questions...
« Reply #1 on: February 12, 2006, 03:11:10 am »
1.  Obviously if you don't have the time or resources to rebuild right now you shouldn't.  I don't mind a little downtime if it means you have some leeway for happiness!

2.  I think I am only using these features right now:
-Webserver
-FTP
-MySQL
-PHP
If I'm using anything else I don't know about it!
What is the statistics thing?  I don't see my username on there so now I'm curious how I get that...

3.   I am not familiar with SCP, but if I can use my FTP client to do it that would be fine by me.  Or really just as long as someone can recommend something to use and it doesn't confuse me!  I don't mind using web-interfaces too much as long as they aren't missing anything important.

4.  Other than the statistics that I didn't know existed until now, I can't think of anything...

5.  I don't know enough about this sort of thing to even notice.  ^__^

6.  I'm not really sure how to generate revenue.  Other than what you mentioned where users could pay to remove the newsbox.  I'm not really sure how big a demand there would be for that though, it's not the most restrictive thing in the world...

7.  I wish I had as much time to read the applications as I used to...  :(  I don't think you should try to force it though, because if people really don't have an interest in it they probably won't take it seriously.  It might speed things up if there were some kind of form or something, because a lot of people seem to read the rules, then still miss some things, then people who are reading the applications say, you need this and this and this, which leads to the person correcting it and continuing the application process, when they could just have all this done to begin with?  So people could spend more time considering a completed application than just quoting the rules of the process.

Aetre

  • Jr. Member
  • **
  • Posts: 96
    • View Profile
    • http://aetre.xepher.net
Status, Plans, and Questions...
« Reply #2 on: February 12, 2006, 03:22:23 am »
1. It doesn't worry me personally, as I'm paranoid about backups m'self and have about fifty copies of my website files on various cd's, floppies, and two hard drives, going back two years. What I would worry about more is the downtime during such attacks; some sites like missmab might eventually lose readership if the server is consistently inconsistent. A single incident every few months though is hardly anything.

2. I use my aetre@xepher.net addy as a forwarding address to my gmail account, which is a much longer addy (aegelmaereaetre@gmail.com). This tends to help when my friends need an easy-to-remember addy to send stuff to. I'd like to be able to keep using both it and the forwarding option. FTP I can do without as long as whatever method is used to upload files can still upload all the same file types to all the same places--in other words, if it's as functional, it's fine by me. PHP is handy for comic sites, though right now I only use it for my newsbox. Lastly, stats are fun to look at sometimes. :)

3. Like I said above, if it's functional and more secure, go for it. I've never gotten Dreamweaver's FTP to work correctly anyway, so I use an independent program. I'd have no qualms with using something else if for us legit users it remains as useful. As for shell... I don't even know what that is. So I'm gonna move on...

4. I can't think of anything for this one...

5. My site's always loaded pretty quickly, even on 56k (such is the way of life when you have few images and mostly text). Speed of uploads and downloads has been pretty good, too.

6. I'm all for the gaming server idea, even though I'm not a gamer... it's a great way to attract audiences to xepher.net in general, and as a person who's spent a few years surrounded by the gaming crowd (been to Otakon three times, administered the VGC forums for a while), they aren't a bad market to attract. The traffic for gaming would no doubt dominate traffic for anything else if you're successful, but such is the way of the world, I guess.

7. Sorry I haven't gotten around to critiquing like I used to... It might help if you split the applications into subforums (Art Applications, Writing Applications, Music Applications, Comic Applications, Other Applications) and then put various people in charge of each section (reserving, of course, your own right to veto if necessary). I'd gladly volunteer for judging the writing entries if such subforums were implemented. This kind of organization would greatly help both judges and applicants compare and contrast similar applications, rejected and accepted alike, for reference and precedent in making current judgments.

Hope that helps. :)
"Not even the Human can stop me now..."

griever

  • Sr. Member
  • ****
  • Posts: 457
    • View Profile
Status, Plans, and Questions...
« Reply #3 on: February 12, 2006, 03:29:41 am »
I just don't get why anyone would coordinate to hit your service like that.  It's not like messing with xepher.net is going to make them famous or something.  And it's not interrupting a cash flow for you.  Weird people.

Quote
1. Do you think waiting to rebuild the system is a good enough option? Does it worry you undully that the server might be compromised in the meantime?
I'm not really all that worried...I've got back ups of everything, now that my personal CSV/SQL problem has been fixed.  If they take my site, I feel sorry for them.  It certainly isn't a trophy.
Quote
2. Please let me know which ones you actually use, which ones you'd like to use (or might in the future,) or ones I forgot or that you'd like to see
Webserver, SCP, Email forwarding, MySQL, SQLite (I only use the forum though...dunno if that counts), PHPMyAdmin (sorry), Virtual Domains, PHP.  I could see how adding web-based file uploading would be beneficial to some members, but I don't think I'd ever use it.
Quote
3. Do you think I should prioritze security, or ease of use / convience, and to what degree?
I think security should come first, although since there aren't any credit card numbers or anything to steal (is there?), it shouldn't be like a maximum security prison.  
Quote
4. What other features or services would you like to see added?
I pretty much like things the way they are....  I can't think of anything else to add.
Quote
5. How do you feel about the quality of service?
I think the quality of service is great.  Xepher.net has its ups and downs, just like any other hosting service.  I guess I'm kind of laid back about the whole server running/server dead thing.
Quote
6. I want ideas here. I have a couple problems I'm trying to solve.
Personally, I favor just getting more attractive sites here.  I think that the sites that generate the most revenue should not have the Xepher.net box on them so that they'll look like they're being commercially hosted.  It should just be a Paypal thing, like what Miss Mab has.  Of course, this means attracting those sites....  But I like the fact that people aren't separated by who pays and who doesn't.  It's kind of disheartening to see a split section on some of those types of sites.
Quote
7. How can I redo the application system? When I rebuild, should I make a system that requires current members to show up and vote on new people from time to time, or is that trying to force a community where there's not one? How else could I redo it? Do I deputize some trusted people to review and approve/deny applications?
I don't think requiring that people show up and vote is good.  Making people do something may put them in a bad mood and vote nay on all applications, even if the application is spectacular.  I'm going from the top of my head here, but what about limiting applications to a waiting pool of 10 or 20 at a time?  Once they're approved or denied, there's a spot open for someone else to apply.  While the applications are in the waiting pool, current members can give feedback and such.  If you use the queue system, I think someone you know IRL or who has been a constant feedback writer should be entrusted to automatically deny sites that don't follow the format or are just spam, thus opening up the spot for applications that follow the format.

EDIT:  I forgot to add...as for getting those spectacular sites...maybe, on some occasions, just going out there, presenting the Xepher.net package, and seeing if you can get them to hop on board.  And of course, applications.  But if there's a web comic out there that's awesome, but has ads or the owner is paying for it all, I think making a presentation isn't bad.  Or is this not something done by website hosts?
"You can get all A's and still flunk life." (Walker Percy)

tickyhead

  • Sr. Member
  • ****
  • Posts: 305
  • I enjoy crushing the hopes and dreams of others :D
    • View Profile
Status, Plans, and Questions...
« Reply #4 on: February 12, 2006, 04:47:26 am »
1. I say wait until you're ready and you have the money. I'm not really worried about the security at the moment, I have more back ups in and around my computer than I can keep track of. >>;

2. The only things I use on this list are the webserver (obviously P: ), SQLite (same forum style as this one), a virtual domain (mystikskies.net is just so much more professional....and short :P), and FTP, though since I use a freeware program I'm willing to change over to SCP or whatever. Obviously I use PHP too, if only for the newsbox. I generally don't use xepher.net email since I have more email accounts than I know what to do with, and the rest of that list is pretty much greek to me. Personally I don't think I'd ever use a web-based file manager unless I absolutely had to, but if you think people would want/need  it then go ahead.

3. I say you should go a little more half and half, as much security as possible without being too overbearing, though I'd trust any decision you made on the level of security you think xepher.net needs. Like I said though, I'd rather not use web-based uploading unless I absolutely had to.

4. I can't really think of anything that I'd actually use for this one. :

5. So far I haven't run into anything bad regarding service quality. My site, despite being "graphic intensive", managed to load easily even on my aunt's crappy dial-up service. I haven't had any problems with it, so I'd say the quality is fine.

6. I'm not really good with ideas involving money, sorry. : The commercial hosting might work, but it doesn't seem to have many perks that would make people go for it over the free hosting. Some people may be happier not having the newsbox or sharing the meager percentage XN gets from donations, but I'm not sure how many would actually go for it. I think that you should opt for attracting more DMFA-esque sites, though I have no idea how you would. You could always hint to other people on xepher.net to spread the word *winkwink*.

7. Heh....I've had my off and on moments of replying to applications I guess. XD I think both Aetre and griever have good ideas for this one, separating applications into different sections and limiting the amount of applications that can be up at any given time. If you ever go for deputizing people I'd be happy to help out in any way possible. :)

I probably forgot stuff that I wanted to say, but it's been a long day so I think I deserve some scatterbrained-ness. :P
I don't hate everyone, I'm just very, very disappointed in them.

qchiapetp

  • Newbie
  • *
  • Posts: 1
    • View Profile
Status, Plans, and Questions...
« Reply #5 on: February 12, 2006, 10:54:55 pm »
2. FTP!!

Databits

  • Global Moderator
  • *****
  • Posts: 1,607
  • Programming's not just a science, it's an art.
    • View Profile
Status, Plans, and Questions...
« Reply #6 on: February 12, 2006, 11:33:31 pm »
1: While I don't think it's a bad thought to do this. Wait till you're ready to do it, not when we are, I'm getting a slight grasp on some of this stuff ever since I started ellipsis (RO game server). ;)

2: I don't even realyl touch FTP much anymore. If I can use SSH and SCP, that's the best. But perhaps restricting it a little more would help. Something like the requirement of public keys, which is waaaaaay more secure in SSH, as you can't simply try multiple passwords on viable account targets. Actually, you could probably set up something like this now and secure SSH a lot more, people who have the knowhow can even change their own keys if need be.

I use MySQL and PHP pretty often, but I've never made use of any sort of web tool or xepher webmail services. Probably wouldn't hurt to set up some sorta mail forwarding system that users can use and drop the full email support. Many people have primary account they use elsewhere anyhow. I also haven't touched SQLite or Cron. As for cron, not much need for anyone to really use it is there, other than maybe you.

I don't make use of SQLite because, while I've heard good things about it, I also hear it starts to have issues when processing large amounts of data. So I personnally haven't messed with it because I'm working on designing game servers. :P

I also make use of the virtual domain, with my domain name.. :P

3: Security with usability is my preferred choice. As I've pointed out, after it's set up, SSH can be just as easy to use as FTP apps. Tutorials are simply a matter of time to write, but not too difficult. Dropping FTP in favor for SCP would probably be to everyones benifit in time of hacking attempts.

4: I don't think there are a whole lot of other features that are really *needed* on a webserver that I know of. The image proccessing stuff (was an addon in PHP4, dunno about PHP5) would be nice to have. Esspecially if people plan on having generated things like anti-bot image keys on forums for registration.

5: I think that the current service is considerably fast in terms of most free web hosting services. Lack of banners/popups (something that ruins 90% of the web) and fast response are pretty good on the current service.

6: Sure, the commercial space sounds like a fantastic idea. As for a game server area... that would probably bog things down considerbally. Even on a new system. Which could cause response time issues with other things depending how widely/heavily used it is. Also note that while web servers are targets for hacking, game servers are even more so. Jeeze I have like maybe 20-25 registered members on EllipsisRO and I've had a few hack attempts... and it's not even widely known. lol

7: The rating system based on the users who are here and their responses doesn't sound like a bad idea. But in terms of deputizing people, that could be a tad risky depending on who. Unless you do it as a kinda majority vote thing over all those you "deputize"? There are a few things you could do there... not really sure what would be the best idea.
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

Bitstream

  • Newbie
  • *
  • Posts: 21
    • View Profile
Status, Plans, and Questions...
« Reply #7 on: February 13, 2006, 11:03:29 am »
The services I use:
Webserver
FTP
Email
Webmail
POP3
SMTP
Spam filtering
Wildcard email
Virtual Domains

All these aside from the webmail are what I would call "essential", at least to me. I very much like having the webmail access as well.

I've always been quite happy with the service. A long while back, it used to be slow, but I haven't noticed any problems in a long time. Upload speed seems to be rather slow, but I don't know if that's on my end or what. Usually that isn't a problem for me, but rarely I'll upload something large and I'll notice.

I'm afraid I don't know much about server security. I would definitely feel the loss of FTP access, but I imagine I could adapt. I've never used SCP before. Being limited to a web-based upload system would be very unpleasent though. I hope it doesn't come to that.

reinder

  • Full Member
  • ***
  • Posts: 142
    • View Profile
    • Rogues of Clwyd-Rhan
Status, Plans, and Questions...
« Reply #8 on: February 13, 2006, 07:23:29 pm »
I'm a bit sick and not in any mood to answer questions in great detail, but...

What I need: webserver, PHP, MySQL (though Mithandir is working on database abstraction to allow WillowCMS to work with other SQL descendents), FTP, SSH and maybe some libraries to support my Gallery installation although I'm thinking about phasing that out and moving the contents to WillowCMS. I don't use the email stuff currently supplied by Xepher at all.

I'm somewhat concerned by the idea of a backdoor being open and will take measures to back up my contents. One problem is that WillowCMS adds random strings to the names of images uploaded through it, so the database itself if useless without an exact copy of the images as they appear on the website. Hmmmm...
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

Gwyn

  • Global Moderator
  • *****
  • Posts: 1,039
    • View Profile
Status, Plans, and Questions...
« Reply #9 on: February 13, 2006, 07:49:56 pm »
1. Do you think waiting to rebuild the system is a good enough option? Does it worry you undully that the server might be compromised in the meantime?

Whatever is the best option for you is a good enough option for me. All my stuff is backed up the wazoo anyway


2. When I rebuild, I'm going to try and resecure things even more than now, but I don't want limit the useability too much. How many non-essential services here do you actually use? To clarify, here's the list of things people can or do use here. Please let me know which ones you actually use, which ones you'd like to use (or might in the future,) or ones I forgot or that you'd like to see

Webserver (essential)
SSH (essential... at least for me, shell/command line access)
SCP (secure file upload, used instead of FTP)
FTP (unsecure file upload... I may be getting rid of this anyway)
Email (username@xepher.net)

Webmail --I plan to use it more once I get my act together, the thing is so full of spam though, I don't know what to do with it.
IMAP (email access protocol)
IMAPS (secure version of above)
POP3 (email access protocol)
POP3S (secure version of above)
SMTP (Outgoing mail server)
Email forwarding
Spam filtering
I don't use much of the e-mail now, I do plan to use it, but I wont lose any sleep if you get rid of it.

Wildcard email (anything@username.xepher.net goes to your account here.)--this would be cool

Wildcard filtering (possible future addon... would let mail for address1@username.xepher.net get sorted into a different folder than address2@username.xepher.net. Would require use of email access that supports folders, either IMAP or Webmail.)---also sounds very cool

Virtual Domains (using a domain you purchased, EX: www.missmab.com rather than missmab.xepher.net)--plan to use it soonish

Statistics ( http://xepher.net/stats/ and in the future, more advanced stuff)

Web-based file manger/upload (possible addon in the future)--would be sweet


3. Do you think I should prioritze security, or ease of use / convience, and to what degree? For example, would losing FTP and having only SCP be worth the added security? (WinSCP is just as easy as FTP for direct access, but a lot of editors (like dreamweaver) only support FTP for their builtin file upload.) On the other end, would having to do everything via web-interfaces be too restrictive? That is, having to upload and manage everything in a web-app, with no access to shell, FTP, or other such things. (This is the extreme option, but I believe it would've been secure enough to prevent the most recent hacking attempts, as they all relied on shell access.)

Whatever is more secure, and better for you, I have nothing aginst changing what I use to upload files. I've never used SCP but I'm sure it's not leaps over my tiny brain.


4. What other features or services would you like to see added?

I'm not sure but I'd be glad to discuss and offer my opinion on any ideas you have.


5. How do you feel about the quality of service? By this, I mean how fast the server responds, how well it runs scripts, general performance stuff. This is not to rate MY service as an admin... which has been seriously neglectful when it comes to things like reviewing applications. I apologize for that, but what I'm considering is trying to find a new hosting service for the new server. I notice a decent amount of packet loss and wildly varying ping times with the current one. (On the other hand, it's REALLY affordable, and you get what you pay for.)

I don't notice any problems, but my site isn't all that complicated anyway.


6. I want ideas here. I have a couple problems I'm trying to solve. First off, I want Xepher.net to grow, and I want to do so with quality, not just by becoming another geocities. Secondly, I'd like to find a way to get some small income for this thing. I'm looking at investing about a thousand bucks in a new server, and hosting is still costing another hundred a month. If I move to a better host, it could be even more. Right now, the only real income is from donations, and 90% of that is from DMFA ( http://missmab.com ) Still, it's been just over three years since I put the server in chicago and I've spent about 3800 bucks out of pocket for this, not counting hardware costs. I don't intend to forgo the free hosting, but I'm thinking options along the lines of maybe running a seperate "commercial" hosting area, perhaps with dedicated comic services like webcomicsnation.com, which wouldn't have to have a newsbox, or share revenue with donations like the free sites do. Another idea is to maybe offer dedicated game servers for things like counter-strike and such. Other options are maybe stick with the shared donation/ad revenue, but just work hard to get some good, quality content here. I mean, a couple more sites like DMFA is all that's needed. Question is, how to attract such sites? I mean, obviously I need to get one top of my game with applications and whatnot... Speaking of..

To get the thousand bucks for the new server, you could maybe have some sort of a "upgrade xepher.net" drive. I have some money sitting around for something like that if you ever needed it. I mean Canadian money but our dollar is totaly going up!

Other than that you could give sites that you host the option to put tasteful ads up, like google ads or  like alot of webcomics do these days. If the site wants ads they can have them, but like donations you could get a percentage of the ad revenue. I don't think you should have to force anyone to have ads, just give them the option to allow decent ones.

I like the dedicated server for games idea. Not sure about the commercial hosting area, since that kinda ruins what you where going for in the first place.

I think you need some sort of logo, to show that we're a community kinda like how all the comics that form BlankLabel all carry the logo. We could also get some community projects on the go and have different websites for them.



7. How can I redo the application system? I want some sort of quality "filter" on new members, but at the same time, I feel bad because the current "wait for Xepher the bevelant dictator to nod" method is leaving lots of worthy applications sitting in limbo because I don't have the time I need to take care of them. I was hoping that with them on the forum, there would be lot of peer review. Don't get me wrong, there are a few members that have been doing a lot of work looking at applications and giving good opinions and advice, and I thank them... but I need more than two or three opinions to let me feel comfortable rubber-stamping something. When I rebuild, should I make a system that requires current members to show up and vote on new people from time to time, or is that trying to force a community where there's not one? How else could I redo it? Do I deputize some trusted people to review and approve/deny applications?

I liked when we could vote for them(I know you can't do that on this forum). Deputising sounds good but maybe combine that with the general publics thoughts and votes




I think that's about it for now, and I apologize for the length of this post, but it's stuff I need to sort out (and apologize for.)

It's all good
Pizza party! Pizza for everyone!....who has money?

Xepher

  • Techsmith
  • Administrator
  • *****
  • Posts: 4,325
  • Illegitimis non carborundum!
    • View Profile
    • Xepher.net
Status, Plans, and Questions...
« Reply #10 on: February 13, 2006, 11:11:51 pm »
Okay, first off... thanks for all the feedback. Let me answer a couple things.

Gwyn: Wildcard email (anything@username.xepher.net) works already, try it if you want. As for spam, turn on the spam filtering under your account management! Also, tasteful ads (like google ads) already are allowed. So far though, I've only seen Reinder's site (www.rocr.net) using them.

Reinder: When I say I can't trust the server... I mean that in the paranoid sense, it was once infected, and until completely wiped, must be considered possibly infected still. In the practical sense, I think I did get all the bits of hackery out this time. The way things run here, there's not much room for hiding backdoors without altering files I have signatures for. In the practical sense, I'm not too worried. You bring up an interesting point about the backups though, as a lot of CMS (and other web-based stuff) do that random-filename thing, meaning it's tricky to restore a backup unless you recopy everything AFTER it's been put on the server. One of the ideas I forgot to mention for the new server will be an option for user-initiated backup. Basically let a user login and choose "backup my files" and the server will make a second copy of them.

alice

  • Newbie
  • *
  • Posts: 9
    • View Profile
    • http://alice.xepher.net
Status, Plans, and Questions...
« Reply #11 on: February 15, 2006, 10:50:53 am »
I'm not particularly worried about the security issue; I have all my files backed up. I say do whatever works best for you. I'm not particularly fond of the web-only interface idea, but on the other hand, I'm all for security, so whatever you end up doing is good with me. And I've never had any complaints about the server; minor glitches every now and then come with the territory.

About revenue-- I think I'd have to agree with Gwyn that commercial hosting seems anti the XN ideal. Everything else sounds reasonable. Game servers-- I could see something like a pay-to-play MUD (are those even popular anymore?) or something in the realm of KoL. Counterstrike and that ilk do have their advantages though, I suppose.

Things I use:

Webserver
FTP <--fine with adapting to SCP if you decide to get rid of this
Email
Webmail <--only when I'm not in the vicinity of my computer for several days, so: rarely
IMAP <--have been using this instead of POP as I recall that being the preferred option at one point. Either is ok with me.
SMTP <--rarely
Spam filtering <--although I still get a fair amount of spam every day
Wildcard email <--haven't played with that yet
Statistics
Web-based file manger/upload <--might be a nice alternative

aimless

  • Newbie
  • *
  • Posts: 1
    • View Profile
    • http://aimless.xepher.net
Status, Plans, and Questions...
« Reply #12 on: February 16, 2006, 04:29:00 am »
I'm not sure if this is a related phenomena but I've been experiencing issues with the webmail interface as of recent.

Specifically outgoing messages provoke the following error
"ERROR : Bad or malformed request.
Server responded: Received: BAD Command unrecognized: FROM "

And, if they're delivered at all, have a tendency to be garbled into gibberish, although some still get through intact. The problem may be an isolated one, so I include it here in case it has not already been brought to your attention. Can't exactly e-mail the details, after all. ;)

Even with fairly regular updates to my own page, my contributions to this community have been, at best, sporadic, so I hope I don't seem like the sort of ingrate who only bothers to pop in when there's a problem.
Even if I don't seem like such an ingrate I do feel like one, as such weighing in on the potential course of this community at present is a little too awkward for me.

Xepher, I'm sure that whatever decision you come to make will be well thought out and executed. For a lone fellow running this whole shebang purely out of magnanimity you've always done an exceptionally good job.
So thanks for that, I appreciate it.
It's a hollow victory if you don't sow a few seeds of catastrophy along the way.

reinder

  • Full Member
  • ***
  • Posts: 142
    • View Profile
    • Rogues of Clwyd-Rhan
Status, Plans, and Questions...
« Reply #13 on: February 17, 2006, 10:10:40 am »
I'm getting several thousand "Undeliverable email" messages each week on my Xepher email adress. I see them because I don't have my spam filters on, but the fact that so many are sent to me in the first place (all of them in Portuguese, from email servers in Brazil, with the vast majority apparently warning me that the returned message has been flagged as spam) may be worth investigating.
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

Xepher

  • Techsmith
  • Administrator
  • *****
  • Posts: 4,325
  • Illegitimis non carborundum!
    • View Profile
    • Xepher.net
Status, Plans, and Questions...
« Reply #14 on: February 17, 2006, 07:56:03 pm »
Yeah, spam sucks... sounds like some spammer decided to use your email as a "from" in junk he's sending out. As such, the email servers that are rejecting it are sending a notice to your email. The only option (other than just filtering/ignoring it) would be to find whatever ISP owns those servers, and convince them to stop "returning" spam to you. I've seen this happen many times before, my own admin email here gets several hundred a day, and good chunk of those are "returned" messages like the ones you're getting. I'm sorry, but the only thing I can really do from this end is filter things. There's some manual options to blacklist certain emails, so if most of these are coming from one or two places, then I can setup the blacklist for you (or show you how to do it.)