In response to PJ hacked and data for 80,000+ messageboard posts gone! from www.adultnetsurprise.com

"Basing one's entire webmaster community's communication on a less than $100 script with no contingency plan (for backups, additional security, etc) in place is an unwise business strategy."

Feedback: AdultBuzz :: Gossip :: 030503

Lee - you are right, in a business there is no excuse for NOT making backups. I have a daily tape made in my business and that covers my data and I promote to clients the importance of making routine backups. I think people in their personal systems, however, are not nearly as dilligent sometimes as they should be with making backups, and that was my intended point, not really to make excuses for PornoJunkies.

It should also be noted that many hosts out there do NOT automatically backup data for their clients. You have to request this separately as a service or do it yourself.

I'm thinking PJ found this out the hard way that not only did their program not make backups, but the host didn't make backups for them either ... yikes!

Hopefully their customer stats for their affiliate program are protected with a much higher level of security

Folks, this is really important, please check with your host and make sure that there is some provision for this or your website work might go down the drain literally overnight

Now there is a deeper issue here which might not be so readily apparent that I'll take a second and explain also.

The problem with a lot of the Adult Webmaster boards from a security perspective -- and Adult Netsurprise is not affected by this BTW -- is that most are using the same publically available (commercial or otherwise) messageboard system and unfortunately malicious hackers can get ahold of the source code and scour the web and/or find exploits themselves in this code -- and then exploit these programs.

VBulletin, UBB, phpBB, etc have had (and continue to have) several known exploits and if the individual website's programmers are/were not staying atop the patches, then they are/were susceptible to these exploits.

This is just the short list of the various Adult Webmaster boards using the popular VBulletin script: GFY, XBiz, Pornisbad, XNations, Pornojunkies, AdultBizBoards (there are plenty more) ... all of these boards could be susceptible to the same type of attack as Pornojunkies if the scripts aren't routinely patched and/or customized.

Obviously in the case of Pornojunkies, this process wasn't happening and the writing was on the wall.

For any webmaster who posts regularly at any of these boards you might want to at the very minimum either privately or publically point out to the admin how important it is that they have their programmer(s) stay atop the patches for VBulletin, make at the very minimum daily backups of the database files, and perhaps even have their programmers add some custom coding to secure these programs beyond what comes out of the box with this script.

Basing one's entire webmaster community's communication on a less than $100 script with no contingency plan (for backups, additional security, etc) in place is an unwise business strategy. It's a recipe for disaster.

VBulletin is a great program and I don't want my comments here misconstrued as some slam against their program nor the creators of it because this is not at all what I'm saying here, but what I am saying is that any program where the source code is released to the public becames available for scrutiny by hackers and exploitable.

There are these so-called "white hat" hackers which live for finding holes in programs and sending them off to various public "security" websites either for ego or for promotional gain. A lot of times these public "security" websites don't even notify the vendors of the found holes before publishing the exploits to the public!

This is gross negligence on the part of these "security" websites because what they do is unleash to the hackers the information they need to go and do damage (like what happened to PornoJunkies) to the websites who use these scripts

I started keeping track of many of my own messageboard posts a long time ago on various boards at my personal site because I had noticed that one Adult Webmaster board out there was actually dropping their archives after 1 year ... 1 year and your words are gone unless you knew how to deep search for the threads through their search interface.

Huh?! So I make a post and then one year later it is no longer relevant or worthwhile? Fuck that.

Not that I think I have anything all that worthwhile historically to say, but I certainly didn't want my time erased where I answered a question or provided help to someone just because some webmaster resource owner didn't patch an exploitable program or had unwisely chosen to place less value on their board archives than I did.

IMO one of the most valuable tools for the various boards is the search function, because almost all questions have been asked before in this biz. These boards are cyclical and the information just keeps coming out over and over and over again. The names and faces change, but the general information pretty much doesn't.

What happened to Pornojunkies will happen to others if they don't build a contingency plan

I hope other webmaster resource owners who use VBulletin will chime in that they do have some sort of extra CUSTOM safety measures in place to protect the information that webmasters take time to post.

Those who know that this gossip column was under attack may notice and should realize that while service at ANS was interupted, the posts themselves and history was not ever in jeopardy.

There are multiple backup systems in place [at Adult Netsurprise] and as long as I have anything to do with this website from a programming perspective, there will continue to be

How to do multiple file uploads using php from adultnetsurprise.com

"Maximum file size (default) is 2MB. This can be changed by altering the upload_max_filesize variable in php.ini"

Hi eric,

To do multiple file uploads, you must pass an array from the form like this:

example code:

<input name=\"uploadfile[]\" TYPE=\"file\">
<input name=\"uploadfile[]\" TYPE=\"file\">
<input name=\"uploadfile[]\" TYPE=\"file\">
<input name=\"uploadfile[]\" TYPE=\"file\">
<input name=\"uploadfile[]\" TYPE=\"file\">

That would allow you to pass 5 separate files into an array called $uploadfile

You would then loop through the 5 elements and replace the code you have with a call to the index in the array. Something like this:

example code:

for($i=0; $i<4; $i++) {
  // remember arrays start numbering at zero
  // so the 4 is actually 5 elements in array
  if ( ($uploadfile_name[$i] != "") && ($uploadfile_name[$i] != "") ) { 
    // perform your file operation
    // remember to add to end of
    // uploaded file the following
    // variables where appropriate
    // 
    // _name = filename
    // _size = filesize
    // _type = filetype
  }
}

Things to remember:
- maximum file size (default) is 2MB. This can be changed by altering the upload_max_filesize variable in php.ini. If you try to upload more than 2MB and this is not changed then it will do nothing.

Hope this helps! Happy coding to you :)