NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE

AS-NS Has upgraded and moved to a new name.... It;s the same people just all new software, and a new name. Please come and join us http://forum.asexual.me

You need to sign up a new... But it is SOOOO Worth it...

http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me http://forum.asexual.me



NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE - NOTICE





Is AVEN still hosted from someones mobile?

LordGrep
LordGrep
I tried to get on AVEN again, and again it's crawling, and it feels like it's hosted on the back of someones broadband connection. 

Anyone else having issues?
«1

Comments

  • cavalier080854
    cavalier080854
    Posts: 2,175
    I never go there. But is it as bad as it was before they upgraded their servers last year ? 
    I was really pissed, all my contacts dissapeared,  including an Ace who lived in my own town. I could never remember who his name was.
    Redshirt_Jim
  • deltaX
    deltaX
    Posts: 135
    AVEN's had problems since I joined in early 2014.  Once it was unusable for the majority of the summer, so honestly it working but being slow is relatively good.
  • Gloomy
    Gloomy
    Posts: 262
    Yeah it’s been slow as hell for me lately.
  • LordGrep
    LordGrep
    Posts: 2,686
    It makes me laugh, as I used to host over a million email accounts, and I never had this amount of chop.

  • cavalier080854
    cavalier080854
    Posts: 2,175
    I have just been over there and my tablet timed out before accessing the forums.
  • LordGrep
    LordGrep
    Posts: 2,686
    I really do wonder what they are doing as they seem to have some sort of load balancing going on. I wonder if they have issues with their sql server. Either way it's a bit odd that this sort of thing continues. I would have been crucified if I let this sort of thing go on for more than an hour let alone days, or weeks. 
  • deltaX
    deltaX
    Posts: 135
    To be fair, I think it's just one person handling everything, and Cole has a job and life outside of AVEN, so I understand why things take so long to be fixed.  But yeah, sometimes it get ridiculous.
    Redshirt_Jim
  • LordGrep
    LordGrep
    Posts: 2,686
    To be honest with AVEN's resorces, it shouldn't be left in the hands of just one person, no matter how cool, or cheap they are. Hosting costs are just not that high, and it affects so many people.

    I know how to build systems, etc, and I could run an ISP from the ground up, but for something as used as AVEN is, or how I hope this place would be one day, I wouldn't just try and pull it off on my own. At the end of the day it's the users that should come first.

    I am not trying to take a cheap shot here. I am just really surprised that a place as big as AVEN would leave all its infrastructure up to someone who's job isn't to keep it working. 

    No disrespect to the chap running things, but one really should have someone on the case who's job is to host large scale solutions, and one should have a contract with them to give a decent service. 


    cavalier080854User-43756e74
  • User-43756e74
    User-43756e74
    Posts: 77
    AVEN always had SQL issues as far as i remember. It just takes ages to load and if you’re lucky you can stay in but can’t load forums or post in them. I thought they frequently asked for donations to get a better server? I’m not sure though as it has been a long time since i’ve been there.
  • LordGrep
    LordGrep
    Posts: 2,686
    It LOOKs like one of the front end nodes are messed up. It appears that it depends which of the front end servers your get dished out by DNS as to how choopy things will be. At least they are using linux for the front end but they shouldn't be using something as heavy as ubuntu for the job. BY heavy I mean full of useless stuff like package management etc. BUild the sources, and parp them over. Sorry I will shut up. I am loosing people here, and there isn't anything I can do about it.


    Toffingtoncavalier080854
  • deltaX
    deltaX
    Posts: 135
    I might be wrong, but I though the reason AVEN didn't want to take on any volunteers besides Cole is that they didn't want to put someone in charge of that sort of stuff unless they were sure that person can be trusted.  If that's the reason, I can kind of see where they're coming from.  There are a lot of people who go from being on good terms with AVEN to being vehemently against them really quickly, and if those people were in charge of tech, things could go bad very quickly.  We all saw what happened on this site when Panarama decided to mess with things.

    Last I remember though, they were taking donations, so it makes sense to me that they should just hire someone.  If the tech person is being paid, then they probably won't just destroy things over a petty grudge, and if AVEN is willing to pay, they could even get an uninvolved third party to handle things.
    Redshirt_Jim
  • LordGrep
    LordGrep
    Posts: 2,686
    I know AVEN has got the money to do it, and it really doesn't cost that much to have a managed hosting company do it. That way there is no issue of having someone do what Pramana did, as it's a company being paid to do it.

    I can definitely see the risk of putting things in the hand of individuals. I will be taking far more precautions in future of what can be accessed, and more importantly I will always have at least three months of daily backups on hand in future. There is no way I would trust ANYONE with the keys to AS-NS again. 

    I was blown away by what Pramana did. Those are the actions of someone who really has an axe to grind, or someone who has a reason to hate a place. It is just so amazing to me that someone would do something like that just to get some users. What surprises me even more is that people just let him and Kazka get away with it, and went along with their crap without saying anything to him about it. I mean it was content that belonged to everyone. At the end of the day I did nothing to the guy at all. It's not like we had fallen out in any way. He just decided "I wan't to do something else", and instead of doing what normal people would do, and doing the something else, he decided that it would be just fine to utterly trash the hard work of someone else in order to get some users for his new site. 
  • LordGrep
    LordGrep
    Posts: 2,686
    I get the feeling that someone let the batteries on their phone go dead, as AVEN is unreachable now.
  • User-43756e74
    User-43756e74
    Posts: 77
    ^ Maybe their cellphone broke

    That’s why you should never ever trust anyone with your buttons because they all mean it well but when they have too much power they can do too much. Pranama’s example is a good one when it comes to that. 

    I kinda find it odd that there are 3 webmasters and Cole is the only one running the site??? Weird. 
  • LordGrep
    LordGrep
    Posts: 2,686
    It's back up again at least... 
  • User-43756e74
    User-43756e74
    Posts: 77 edited July 6
    I was about to edit my post: Cole just announced it was something caused by malware.

    https://www.asexuality.org/en/topic/173512-aven-server-update-july-5-2018/


    I only visited because I was curious if the site was up and I guess it works

    Edit: It’s down again
    Redshirt_Jim
  • LordGrep
    LordGrep
    Posts: 2,686
    Well coal seems to have a fair bit more clue than I thought, though it does seem to indicate that the servers are running windows which is very odd as the Apache version gives out Ubuntu. I am going to stop trying to second guess things that I have no insight into, and where I know that no matter what no one would listen in the first place. Not saying that from a point of arrogance, as they would be right not to listen, I don't have any of the information I would need to be able to give any advice. 

    Meh.. The fix talked about was on the 26th, and it's now the first week in July so I am guessing what ever the issue was, it aint fixed in any real way. 

    Never mind eh... I am only sad we don't have an alternative up and running at the moment.

    I'm sure our turn will come.  
  • Tercy
    Tercy
    Posts: 47
    LordGrep said:
    it does seem to indicate that the servers are running windows
    What gives you this impression? Just out of interest.

    Back when I had less disdain (for want of a better word) for AVEN and it was throwing up SQL errors every 10 minutes, I did send Cole a message offering to lend my technical expertise and either make some suggestions or apply fixes directly if applicable. 3/4 years later, that message still hasn't even been read. :p I wouldn't worry too much about banging your head against that particular wall; just let them play with their toys and you play with yours.
  • LordGrep
    LordGrep
    Posts: 2,686
    Yeah @Tercy That is the way to look at thing.. I'l play with muh toys, and they can play with theirs.

    I am assuming there is windows in the mix somewhere due to them mentioning malware affecting things, and those things being within the document system mentioned. The whole thing smells of windows. Also just some of the language used it 'Sounds' like a mixed system. Just an assumption. 

    So far all I have been abe to gleen is that their DNS is setup to parp requests to one of two www servers.. The DND dishes out the server order reversed every time, so a load balanced DNS. I am just assuming they are not using a level 5 switch to further chomp things up. I could find out more, but it's rude to go looking up a girls skirt without permission. And poking about with nmap defo needs loud and enthusiastic consent otherwise one might get to sit on the E-rapy step. 

    just from the language used I would guess at least 4 servers and maybe one of them, maybe the sql server is running on windows. (it would be a horrid way to do it but I have seen many companies do this who are comfy with windows, and tend to do as much backend as they can on windows, and just use Linux for the front facing stuff. I have seen companies do some crazy shit especially from those who are business systems that try their hand at internet services. Were as ISP companies tend to only use Windows where they absolutely have to. 

    Bare in mind that my systems knowledge is rusty as hell. I have not been heavily involved in anything for quite some time. But I pick it up as easily as falling off a bike. 

    I spent a fair bit of time lobying various AVEN mods, BoD folk, and admins for them to install RT. It is one thing that AVEN could really do with. A decent ticketing and management setup. You can bet your but cheek ASM will have glorious ticketing, and staff management. We want to get away with having as few a staff level as we can while still being open, and transparent with the ab-Users. 

    I want people who want to get in touch to mail us, and get a response from the right person quickly, and be kept in the loop as to who is dealing with them, and how things are progressing. It's so important for everyone involved to KNOW they have a way of talking to an tech admin, a media tart, or a lowly moderator, it's also key that they know their mail has not just hit a mail box that is full of adverts for better erections. I dread to think where an email to AVEN goes. What I do know is that you will not even have it's receipt acknowledged half the time, and most of the answers go along the lines of 100 words of LARP corp telling you how BIG and POWERFUL they are, and how they don't have to tell you anything, and therefor won't. 

    It would be nice after you sent a mail if things went like:
    > "Yo-we got your mail. Have a ticket number, with a web login to track your request, we will direct it asap.
    > Hey Mr Ticket holder, this message is now in Mr Fuckwit's inbox, He's the person in charge of Fuckwittery You are 4th in his queue, he is online in about 5 hours.
    > Hey dud Here is Mr Fuckwits answer, please keep the same subject to continue conversation.
    > Thanks for your reply Mr Fuckwit has passed this onto the Admins queue. You are number 3 on Mr Darkside's queue..

    You get what I mean... I used to LOVE getting RT to be polite, and manage both the customers and the human assets. People just love knowing what is going on, and that someone has YOU on their desk, and it's not some dead end. People just love being kept informed. 

    Also the people working on things love it too, as their workflow is logical, and organised, and they don't have to answer 90 emails a day asking "did you get my email", and all that jazz...

    Damn... Look at me.. I am damn well lobbying, and to people who don't have any say at all in anything. Now I have said it though, I am hoping you guys will demand it of us <grin>.. 
    Redshirt_Jim
  • Tercy
    Tercy
    Posts: 47 edited July 6
    It's possible they use Windows somewhere along the way - maybe for serving static assets or if they're using MSSQL or something.

    If they're using Amazon's EFS (as Cole's post suggests) I'm pretty sure they also need to be using EC2 (as I don't think you can use EFS by itself). And if the Apache banner broadcasts the OS as Ubuntu, it's probable they really are using an Ubuntu EC2 instance. EC2 also supports other distros such as CentOS and RHEL - so why any "professional" would choose Ubuntu over those two for a production server is a genuine mystery, but here we are.

    I suppose it's also possible Apache has been configured to advertise a false OS in the banner. This was something people used to do to try to be smart around the early 2000's. :p

    As for malware, it's just a general term for any malicious software that hits any system, Windows or otherwise. It's hard to say exactly what has happened from just the information given in Cole's post. The mention of something being disguised as a JPEG... so one possibility is that something dodgy was smuggled in the JPEG's EXIF data. An example of this is, sometimes you can put PHP code in the EXIF and then upload the file as photo.php.jpg - and then if the server is configured badly, visiting that /photo.php.jpg in the browser will cause Apache/nginx/whatever to treat the file and run it as a PHP script, executing the PHP code you put in the EXIF data. Then maybe if the code is a worm, it was slowing down the server by making requests to other servers (to try to spread itself) or making lots of disk read/writes trying to infect other local files. Or maybe it was *snore* mining cryptocurrencies. That's just one example anyway.

    Just to throw this out there, as I think you might be interested: Windows isn't always a bad choice for servers. The usual go-to example is, each OS has its own way of handling networking and Windows has a mechanism called IOCP - which is accepted as being (often/sometimes/usually) superior to the Unix/Linux alternatives. I did a quick search and dug up this slideshow as an illustration; in slides 6 and 7, you can see Windows' IOCP handled the requests better than Linux's epoll, despite epoll using more CPU (i.e. epoll worked harder yet did less). It's not always this simple, but you get the idea.
  • LordGrep
    LordGrep
    Posts: 2,686
    so why any "professional" would choose Ubuntu over those two for a production server is a genuine mystery, but here we are.

    Yeah, I pointed that one out too. I would be running shit on BSD, or Solaris. That's just my own taste. Ether way I would be using a build env, and a live environment. Live would have a restricted kernel, and be a binary only environment. At the very most I would use debian over ubuntu, Ubuntu just makes me think that someone has a desktop environment on a server, and if that is that case I would be pointing at that and saying "There's your problem mate". It's all a bit academic though as we are devoid of clue. 


    I suppose it's also possible Apache has been configured to advertise a false OS in the banner. This was something people used to do to try to be smart around the early 2000's. p

    Yeah I thought that but the version number does make sense for the latest version of Ubuntu. I don't see a windoze user obfuscating their server arch with something that current, It's usually an idea that comes to an admin, and then once it is set they forget about. The only question we both would be asking in unison now is "Why hasn't it been changed for something older to throw the l33t h4x0rz off the scent. Never mind.. There do seem to be some active vulns in that version of apache, I hope he's been good Mr Patch, or at least doing some apt-get upgrades.


    As for malware, it's just a general term for any malicious software that hits any system, Windows or otherwise.

    I guess... Though malware is usually a term for user level stuff... What is anything executable and not part of the core being allowed to be any where near it? IT's the whole point of having things run under their own accounts. I am just puzzling my brain as to how an SQL/apache app gets it's self in a position to be affected by something in what is in effect a shared directory... Maybe I am misunderstanding things here. I am not familiar with the whole amazon system you refereed to. The whole thing sounds like something got executed that was hiding as a jpg. The server side stuff doesn't do anything with the images other then open a data stream, it's client side stuff that displays them, and allows execution. An executable hiding as an image is just not something a server would do anything with other than say "here is your packets of jpg goodness". Do you get what I mean?

    I get what you mean about a badly configured server, but you would have to fuck it up so badly that I really don't think you would find it. It defo wouldn't be something that would start intermittently start chugging on the servers in the way it seems to have done... Though, if it is an image that is called periodically I guess it could be an issue. 


    I do think we are debating something we have no hope of knowing an answer to, and I feel we are dick waving our l33t h4x0r ski11z in the face of AS-NS... 


    I think we have both checked out as >Kiddyscriptorz. 


    Oh windows is a great choice for internal servers. I used to do some god like goodness with RDP back in the day. It's a pretty good office, and business system, though it is way overly complicated on many things. Having said that again I am way out of date. Last time I had my mits on a windows server it was win 2008. I really have a lot to catch up on as far as the learning curve goes. 


    I keep trying to persuade myslef to swat up again, and get back in to all this as a job again, but I just have so many bad memories of fucking clueless clients, and more clueless fucking suppliers. I lost the love of it when I got to the point where I was dealing with larg companies that paid me vast sums of money to manage things for them, but they kept insisting that things worked the way they thought it should. 


    I did a lot of work for the windows, in office environment companies that needed a toughened internet presence, and email solution, and they insisted everything was my fault, and just could not get it in to their heads that I understood EXACTLY what the processes were that something went through, so "loosing an email" was just not something my system could do, let alone loose them on and off periodically from the same user. Unix stuff gives you a certainty about things, where as windows it's all hidden in pretty directories with a billion different permissions and.. Well you know. The just thought my certainty on things was arrogance, and bravado, they just couldn't get it into their heads that I actually KNEW what I was talking about, and that all the cleverness were scripts I wrote myself that ran from a command line or were dealt with by a config, and the logging allowed me to trace every damn bit of data from DNS query to client packet acknowledgement, ain't no data going fucking missing.. 



    Any way I get the idea you are talking about, I would like to argue my logic, but I don't have nearly enough data or confidence that something hasn't changed since I was a god at this to be able to say anything much other than "Doesn't sound right". 


      

  • Tercy
    Tercy
    Posts: 47
    LordGrep said:

    I feel we are dick waving our l33t h4x0r ski11z in the face of AS-NS... 

    I think we have both checked out as >Kiddyscriptorz.   

    As long as we've established I'm the #1 hax0r... ;)
  • LordGrep
    LordGrep
    Posts: 2,686
    Not if you don't replace the "a" with "4" you're not <sticks tongue out>.
  • Tercy
    Tercy
    Posts: 47
    @LordGrep Did you catch the follow-up comments in that thread?
  • LordGrep
    LordGrep
    Posts: 2,686
    I've looked at them, and if anything I am more confused. I am trying to think why one would use such a complicated setup. Why use ec2 to host the avatar images? Why would they execute. Am I missing something? AVEN just isn't THAT big.
  • LordGrep
    LordGrep
    Posts: 2,686
    saw your post and added one of my own.. I did a bit of digging on this, and there aren't any css or ssi vulnerabilities with invisions software.
  • Tercy
    Tercy
    Posts: 47 edited July 8
    I'd assume they use EC2 to host the whole site and used it in conjunction with EFS - the idea behind EFS being that Amazon give you more storage space as and when you need it. You can't install stuff "on" EFS so to be able to install this magical malware scanner, they've had to install it on the EC2 instance and store the avatars there instead now (I also wonder why the malware scanner can't just scan files on the EFS, but I'll let that slide).

    As for how the file might cause mischief, there's so many possibilities it's hard to say without knowing their setup. I gave one example above. Another example is, some PHP software uses ImageMagick to do things like crop/resize/save images and in some versions there is a way of tricking it into running commands on the server by uploading an SVG file - and if the programmer isn't savvy, that might be as simple as just changing the .svg extension to .jpg (as ImageMagick detects the file format from the data, not the file name).

    Either way, I can't imagine any scenario in which a malware scanner is the appropriate response to protecting against dodgy image uploads. I don't even think it would work.
  • LordGrep
    LordGrep
    Posts: 2,686
    Why did they say they upgraded their servers then? If it's all done virtually, then there are no servers to upgrade.
  • Tercy
    Tercy
    Posts: 47
    I'm not sure what you mean. Virtual servers are still referred to as servers. EC2 can scale, but I don't think it does so automatically. Maybe the "upgrade" was to EC2 from whatever they used before. Do any of those answer your question?
  • LordGrep
    LordGrep
    Posts: 2,686
    I always assume that "Upgrading servers", and "we need money to upgrade servers" implies getting ones mits on some nice new grey and blue boxes, preferably with the word "Sun" written on them.  Moving to virtual servers is usually called "Migrating". Meh.. What do I know. Least now I know why a site with only about 50 consecutive users needs a load balanced setup, and an EC2 file server. I was a bit perplexed as I used to host about 20 sites with that many consecutive users on a single apache server. I mean I used to be able to host 20 virtual desktops from a single windows RDP server. 
Sign In or Register to comment.
© Copyright 2014 - Creative Dreams | Powered by Vanilla
All times are UTC