News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

Status, Plans, and Questions...

Started by Xepher, February 12, 2006, 02:24:05 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

reinder

Well, that is the most obvious explanation, except that I don't see forged "from" or "Reply-to" headers in the returned messages. It's still entirely possible that the messages were sent with a forged whatchamacallit - SMTP envelope? Or simply with a forged bang path leading back to orca.xepher.net, but while we're being paranoid... something doesn't match the pattern of what I've seen on other occasions when the same thing happened at other addresses. Mainly the short, sharp bursts in which those thousands of emails bounce back to my email address.

In short, while I don't think it's obviously the case that the spammers are using our email server and pretending to be me, I'm not 100% convinced that they're not. So could you keep an eye on that email server?
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

Xepher

Sure thing... I try to keep an eye on it anyway. :-) But yeah, you say it's different then past events, so could you perhaps send me a copy of a couple of the exact messages you got so I can dig in the headers more and match stuff against log files? Alternatively, put them in an IMAP folder (if you use IMAP) and I can read them on the server. I don't want to go digging through your Inbox without permission.

Xepher

Oh, while I'm here, I've got another thing I'll be implementing on the new server... incremental backups. This will let me make automated backups once a week (or maybe once a day, depending on the overhead) without fear of accidently grabbing corrupted data. It will let me (or users) roll back any file to any backup date. For example, if you corrupt a file by accident one day, then a week later corrupt another file, but don't notice either for a another week. You'll be able to "roll back" the first corrupted file by 2 weeks to the last uncorrupted version, but roll back the second file only one week, to it's last "good" version. I'll have to see how bad the overhead would be on this, but I imagine I'll be able to keep weekly backups for at least a few months worth of time. Older backups getting removed after that. It may be possible to even have daily backups. I'm doing some testing now with my own stuff, trying to see how bad the overhead is.

Kaspalian

Glacier speed response as usual.

1. Waiting is fine by me if it's easier for you - I have back-ups.
2. I don't use that much, just FTP, webserver, email and stats.
3. Wish I knew a bit more about this, then I could actually say something helpful. I only know FTP, but I've got no problem with learning to use something different if it's needed for security. I don't use an editor, I just write everything myself - but I'm afraid I don't understand enough to know how the changes you're suggesting would effect me...
4. I'm fine with what's available.
5. I've never had any trouble with the site (actually, that's not true, but all the trouble was caused by me).
6. Gah. I'm rubbish at promotion, self or otherwise- so amno help here either. P.S. Still sorting out money Xepher, it wasn't all a lie! Living in two places at once and having your computer stolen makes online apps really fun (excuses, excuses - I'm sorry).
7. I think a queue and dividing apps into sections are both good ideas. Maybe if you did those, you could combine it with some kind of email alert for new apps? I guess it wouldn't work currently as you get so many, so it would just mean loads of mail. But if there were only 20 or so apps on the go at one time and they were sectioned up - people could say they want to be alerted by email when an app for a particular section they are interested in comes up? Then they could click a link in the mail to get to it, give it a read and see if they want to say anything? I don't know, I know I'm pathetic and lazy when it comes to looking at applications, and I really should go to the forum more often. But speaking as someone who IS pathetic and lazy, it's a bit duanting when you go in and there are so many - especially as the order changes and I can never remember what I have looked at and what I haven't.
Anyways. Sorry I can't be more help with ideas.
So, yeah...

Chow

I haven't been here very long, I know, and I'm not "in" yet as far as hosting, but my input would be:

-I, personally, can wait for the new server before you start making decisions. I mean, you're the one offering the free service, so who can really complain?

- I think the separate web-comic service is a good idea, seeing as how it looks like a big chunk of the members have comics

- While I don't mind converting my comic to PHP (once again, that whole "begars can't be choosers" thing) if I end up on Xepher, I have it in ASP right now, and I was wondering if the new system(s) will be able to handle ASP?
[some kid]: :cool: "wei long....clever..."
[me]: :/
[Ian]: :mad: "Actually....that's his name, JERK!"
[me]: :lol:

SilentFyre

1. Take your time. So far nothing has been affected on my site but the front page being backed up. I would like it to be safe, but realistically I don't want you to do anything you can't at this moment.


2. Webserver (essential)
FTP (unsecure file upload... I may be getting rid of this anyway)
Email (username@xepher.net)
POP3 (email access protocol)
Email forwarding
Spam filtering
PHP (scripting... used by lots of webscripts/forums/etc, including the XN newsbox)
Statistics ( http://xepher.net/stats/ and in the future, more advanced stuff)
Web-based file manger/upload (possible addon in the future)


3. I prefer using FTP because it makes it a million times easier to transfer my files and back them up. Its instant and I hardly have to locate them at all.



5. The server has always been reliable except during its down times. To be truthful, I've always used my own site as a 'Does my internet work right now?" check.


6. Unfortunately, I don't think my art is quite up there enough to bring in any money, but I'm trying to work on that. Once I do get out of this house and into college, I wouldnt mind trying to donate some spare money to the server. However, I'm not really sure how you could bring in others that coudl help earn money. marketing isnt really my thing.


7. Allowing a few trusted people might be of use to you. However, I wouldnt mind helping with the application process if I could. I don't have much time to myself these days but checking the forums once a week may not kill me.

good luck Xepher and I hope everythign runs smoothly.

Xepher

Thanks ya'll, for understanding. I'm looking at options for what a new machine would cost, and considering if I want to stay with the current hosting center, or put it in a new place. Hopefully I can get to some applications and accept new people without having to wait for that to get into place, as it could be many months. Right now, I'm looking at a move back to Texas at the end of May, and I just don't know how smoothly all that's going to go. I'd ideally like to have a few weeks in May while I'm not working and before I move where I can go and take care of pending applications. I may get to them sooner, but can't promise anything.

Chow: You asked about ASP. The answer is that this site will likely never support ASP. The reason is that it's a Microsoft product, and requires both a license and a windows server to run on. Everything here runs on free, open-source software. I would _consider_ ASP if, at some point in the future, there was a way to run it for free, on apache under linux, but I doubt that will ever happen. I talk about replacing/upgrading the server as costing about $1000. If I were to buy and run the thing on windows, I would easily spend another $1000 in software alone. And probably have to rebuy/upgrade that every few years as new versions of things come out. Anyway, bottom line is it's not going to happen. I'd say take a look at http://asp2php.naken.cc/

Chow

Quote from: XepherChow: You asked about ASP...

... Anyway, bottom line is it's not going to happen. I'd say take a look at http://asp2php.naken.cc/
That's cool, I was just curious. Thanks for the site too. Way cool. PhP it is!
[some kid]: :cool: "wei long....clever..."
[me]: :/
[Ian]: :mad: "Actually....that's his name, JERK!"
[me]: :lol:

ChaosArchivist

I may not be a website owning member, but nonetheless, I feel it is important to give feedback to such important questions.  I hope this is not too presumptuous of me.

1) I have no problem with waiting for the server to be rebuilt.  While it is important for there to be security, most people probably back up their sites, so data will not be lost (at least not much data).  Take it at your own pace, that will ensure the best job.

2) I have no grounds to answer this question on, I'm not even sure what other services I might use in addition to the essential services... although if you keep the email, it would be a good idea to keep the spam filtering as well.

3) Some added security might be needed, especially with the newer viruses that hackers come up with that could be attached to picture files or otherwise (mostly a threat to those with Windows systems).  Security should be about an equal priority to ease of use, with maybe a little more emphasis on security in my opinion.

4) No idea, honestly...

5) I have no problem thus far with service, but not having a website, I am not really an accurate judge of these things... By the way, I really do not mind the wait on the application, it allows me more time to build of a "buffer" of comics and refine my artwork, so no problem.

6) For the whole increased income thing, you could always give some of the site owners the option to donate 100% of their proceeds to Xepher.net through the Donate button on their website.  I have no ideas for the other problem though...

7) The application system is fine for now at least, but it might be best to let some others approve the applications as well, or at least have them write a short recommendation for you to read and then decide from there.
Observing Chaos in action since before the new millenium

griever

Quote from: ChaosArchivist6) For the whole increased income thing, you could always give some of the site owners the option to donate 100% of their proceeds to Xepher.net through the Donate button on their website.  I have no ideas for the other problem though...
Actually, that options already exists.  ^_^  I use it, mostly because I don't need my site for money.  Not like any visitors give any, except my friend, who was only using it to see if his Paypal account still worked.  *grumbles*
"You can get all A's and still flunk life." (Walker Percy)

reinder

Xepher, I don't use that inbox anyway, so you have my permission to look at it all you want. I'll try setting it up for IMAP as soon as I have a bit of time and energy to spare.

Right now, it's clean, with nothing new in there but cron reports. These tend to pile up but that's not a problem. I'll notify you when there's a new batch of suspect messages.
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

gracey

Hi. I just read the "Must See" post on the newsbox, so I'm here to give a few cents.

1. I'm okay with you rebuilding. I'm feeling that you're going to do what is right. Yoda.

2. I am not using that much. I've been using FTP but if you're getting rid of it I'll be willing to fiddle with SCP. I use PHP, will try CGI, but I haven't even tried to use an of the email thingies cus I am scared. Or easily frustrated. Whatever. MySQL and that is, I guess, it.

3. In the long run if using only SCP can prevent a hacking, it's better for you. I mean, it's your free time it'll eat up to undo the damage, right? So I for one won't say no. Its understandable that I'll have to learn a little more on computer stuff, but I'm a fast learner.

4. I have no idea. I'm content.

5. Compared to my attempts at other services like Tripod, FortuneCity, and Geocities this service is a walk in the park.

6. I think that the comic idea is genius. See, I can put comics that I have made in there to see if it'll create some revenue for you. I'll be happy to even make a new one for pay to see! Something with action and drama...

7. I don't think you should change a thing about the quality control for applications. I feel that if someone wants it bad enough, they wait.  It's gruelling but a process.  A panel of judges? Okay but I wouldn't want someone to talk tomatoes when all they know is onions...I find it hard for peers to judge when they have no idea what kind of work goes into it. If you select members based on their say, expertise on a subject, they can judge all they want - on that aspect alone.  I say don't force members into judging, some people aren't so opinionated as others.
"Watch it Jeff, she's packing ovaries!" - Patrick, Coupling

Wart

I've been reading a friends page here for several years now, all without ever noticing any sort of slowdown.  Server seems to be running well..
I don't think getting rid of FTP access is going to solve your problem.. You'll most likely always have more trouble with people giving out thier passwords than anything else..
From the other post or two or three of yours I've read here you're a pretty bright person.. I think the idea of hosting a few game servers would be fine.. Most hosting companies run several servers on one box, so surely you could handle a couple as well as serve up webpages.. Besides, people pay $45+ all the time to host a single game server.. Surely you can find at least one person :)
I think the idea of using Xen or VMWare or whatever you'd use sounds fairly sound.. Nothing wrong with iscolating things a bit, and any performance loss would be fairly small and wouldn't matter a whole lot..
Going back to the idea of cutting features, if you really want the site to grow, it'd be silly to chop off things like mysql and such..
As far as peer reviews of applications, I didn't even know they got posted to the forums.. I might try to look at a couple every now and then..

Lissa QUON

Eesh, I am a very bad e-citizen. Haven't checked up on things here for a long time. Many apologies.

1 - Since I'm not paying anything for this hosting it seems silly of me demanding you drop everything now and fix the server, I'm also not that concerned. A secure system would be nice, though I'm not up sleep-less at night worying about someone yoinking my files.  I've got my files backed up so whatever happens I'm set.

2 - Well I don't use much of the features but I do use-
webhosting
e-mail (channeling stuff from my xepher mail address to gmail)
FTP (however am willing it adjust my methods if need be)
PHP (newsbox, I'm also hoping to update my tech of page design so might be using this in future)
statistics option is nice

3 - Security is important. Ease of use is nice but I'm sure I can adjust, as long as things don't get too complicated.

4 - Really can't think of much, I'm happy with whats here now

5 - Never had much trouble with the site, except for the hacked times. Load time seems decent from my end, nothing to complain about.

6 - Raising revenue - The gaming server - while generating revenue seems like it would bog the rest down.

I'm not very good at promotion, though I'd say word of mouth would help. Actively going out and getting awareness out about the community might help pull some fund bringing people in.

Commericial hosting while sounds great doesn't really seem right to me, it seems like it'd set up a hierarchy in here which would go against the feel of the community. But do whatver you see fit, this is your baby.

The comic hosting idea might be a decent one, to raise funds set up a part that is pay for view, I'm sure that there are some artists here who wouldn't mind donating work for such thing. I know I wouldn't.

Having some people sell ad space on their site and use the proceeds to fund xepher might not be too bad as long as it's done tastefully and in moderation.

7 - The Application process right now doesn't strike me as too bad a system. Though I'm bad and need to visit that section and vote a bit more often.  But a deputy system might make things go along abit smoother. And guilting people into do a minimum amount of voting might not be too bad, considering the fact that we are getting very decent free webhosting.

However as stated earlier by others, this is your time and effort mainly so do what you feel you can when you can. I'll not complain with whatever you decide.

Xepher

Again, thanks for the feedback. Here's my current thoughts on things, based on what people have said.

I do plan to build a new server, and in the process rebuild the software end of things. I will likely use Xen or some other virtualization system to isolate components better.

I will likely be narrowing down the services that run on the machine. Mainly this means FTP will probably go away, as it's the easiest to hack. If someone's sitting on the same subnet as you, they can easily snoop packets, and FTP passwords are just plain text. If I do that, I will probably have to stop other plain-text services as well, and require SSL for email connections.

MySQL, while useful... is a royal headache to administer. My previous plans have been to drop it entirely, but seeing as a lot of you use it, (and a lot of software doesn't support SQLite yet) I don't know... Maybe I can find an easier way to integrate it with everything else.

With the possible exception of FTP going away, I don't think I'll need to do anything that alters the way people use services here. That is, despite the increased security, there shouldn't be any more difficulty for the end user.

Revenue: If I did the game server thing, I'd likely do a seperate machine. At the very least, it would be a seperate virtual machine, so it wouldn't bog down regular use here. As was pointed out, there are people that rent a single game server for 30-50 bucks a month. I could probably run four of those on a dedicated piece of hardware, and it would cover the cost for both itself and xepher.net. The commercial hosting... was mainly just an idea. As was mentioned, it seems counter to the main ideas here. I'll probably just continue what I've done in the past. That is, people (usually friends or people I know) have approached me to host commercial ideas. I usually think of it as "sponsorship" and give them space for a percent of their profits. To date, none of them have actually turned a profit. :-) But either way, know that commercial hosting would be entirely seperate from the free hosting here. If someone's paying me for a site, it's not gonna be in any of the same lists of users, the newsbox, or anything like that. In fact, I think you'd be hard pressed to know it exists. There are actually about 4 commercial sites here right now. None are really active, and most are failed ventures of friends of mine, but my point is that if I ever did do commercial service, I wouldn't let it interfere at all with how things run now.

As for applications...  I think ya'll are right. I can't force people to do it, or they'd do it wrong. What I think I'll probably do is semi-automate things. I'll probably take it off the regular forums, and write some custom stuff for it. That way there will at least be a form to fill out, so people don't get screwed up by not putting the right info down. Originally I wanted that to happen, because when things were small, seeing people overlook directions was a good indicator that they weren't really paying much attention. Nowdays though... well, it's big enough that I find myself judging more on content alone, rather than personality and the dozens of other little details I used to. I just don't have time to really get to know everyone before deciding. As such, a form-based application is the way to go. I'll provide an area for basic info (username, site name, etc.) a box for a description of the _idea_ and another for the general "let me in because..." stuff. I'd also give an option for uploading a few images along with the application, so people don't have to go make cheap websites elsewhere to show off their stuff. I'll probably also integrate a voting box, and I'll probably deputize a few volunteers to tend things and answer the easy questions, point out obvious problems, etc. That would help me by weeding down things a bit. That way, when I get three or four deputys telling me "let this one in" I can be pretty confident that it's a good one to go for. I'll probably also draw up some written guidelines for what I look for in applications, so everyone can be on the same page when judging.

Think that's it for now... I'll add to things here as I work them out in my head. As always, ideas or comments are welcome.