Quote:


Do you know what you are talking about?

Quote:


Anyone who contacted us (and there were several hundred) would have received the latest info on the situation ASAP.

Firstly, regarding backups, when the ChessPub.exe server failed I had the hard drive replaced and a sophisticated backup system put in place, with my own servers plus another outside one. I also had a lot of the code updated with the latest patches (incidentally we use Unix servers). I thought I was safe!
It turns out the backups are useless for the simple reason that the invisible Trojan horse, or whatever it was, could have infested the backups too! I know, it sounds crazy, I never knew such problems existed (well, yes I heard that the Chinese had been hacking into the Pentagon, but who would be interested in chess theory?)
I personally answered all the emails we received, either here or at improveyourchess.com, and gave the latest information from the sys admin guy (which regularly turned out to to be rather optimistic!) If anyone didn't get an answer that was either because their email didn't get through, or ours was stopped.
It never occurred to me to put a notice on the IYC site, as I couldn't imagine anyone looking there, without first emailing chesspublishing...
I have always been very careful to keep backups of the games database, but from now on I will also backup the list of subscribers...
I would like to thank all those who wrote words of support during the ordeal, about how to deal with the IT guys, and I particularly appreciated the advice to get myself a good hard drink!

Like TopNotch, I also searched around the internet hoping to find some clue of what was going on and I also emailed the admin guys at ImproveYourChess.com. However i got ZERO response. I would hate to jump to the conclusion that non titled paying subscribers are treated differently

GMTonyKosten wrote on 10/26/07 at 21:03:56:

Glad it is back up

Yes these attacks are indeed quite more common than advertised (I wonder why ) and they are hard to defend against.

One thing to ask the IT guys is if they can make a weekly text dump (ie a semicolon seperated text file) of the members of both the forum and chesspub with their email. So that you can put that dump on a local pc (unattached to chesspub) so that you will always have a list of emails to keep users informed if there is something similar (or just an upgrade which needs to put the server offline for a couple of hours). May also be an idea for your pgn-files (I suspect you already do, but it will never hurt).

It's a relief to have the site up and running again, but I have to side with Dink on this one.
I googled the web to try and find out what was going on using all kinds of key words, and remarkably got absolutely no useful information.

In a further effort to find out what was going on, I eventually on a whim sent an email to the admins on improveyourchess.com, which more or less comprises the same staff as chesspublishing.com. Thankfully they responded promptly and put my mind at ease.

I wonder if Dink and I are the only subscribers concerned by the circumstances surrounding this latest attack, curiously looking around the forum everyone seems hunkydory and satisfied without criticism just to have the site back online. While in the interim on other chess forums such as Pete Tamburo's Chess For Amateurs for instance, a thread was started by someone as anxious as I to know what was going on.  

Hopefully when and if the next attack strikes, heaven forbid, a notice advising subscribers of the situation could be posted on an alternative website, say improveyourchess.com for instance, that way a simple google search could put an end to any wild speculation and place my and perhaps other subscribers minds at ease.

Unlike Dink though, I think I will renew my subscription as my tolerance level is fairly high and so far for me the pros far outweigh the cons. However, there are lessons to be learnt from this latest unfortuante attack, and should such an unavoidable crash occur again I would hope it's handled much more efficiently from a PR and Customer service point of view.

Regards,

Toppy

Some 'script kiddie' hacked onto the server, apparently, and it had to be removed from the network to protect other people (and ourselves, from possible criminal pursuit ) According to the system admin guy the server had to be completely rebuilt, and our backup servers were useless as the invisible 'rootkit' would have got onto them as well. Obviously I wanted the site back online as quickly as possible but apparently this whole business is really time-consuming, as then they had to try and fix any potential security holes - if they didn't there is the obvious risk that the idiot who did the original damage would renew his 'exploit'.
A further problem was that the sys admin guy kept assuring me that it would be ready before end of business each day, before discovering further problems with some of the older code. There are still some problems, but at least the site is back online.
The site was totally offline so there was no page on which to explain anything, and I had no access to the subscriber database so I couldn't send out any explanatory email.
I have been assured that this sort of attack is actually more common than you might think and has brought much bigger businesses than ours to their knees (including one well publicised security company!)
Naturally we are completely powerless as we just try to get good chess content out and rely totally on the experts for the actual running of the servers.