Website Was Down! ... New Website Coming Soon!

From Project: Gorgon Wiki
Revision as of 15:03, 22 January 2024 by BetaNotus (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This Blog Post was part of the Gorgon Website blog. It was posted by Citan on Sunday, November 1, 2015.

Previous Post: The Pain -- and Joy -- of Alpha-Testing
Interlude: Kickstarter 3: Updates
Next Post: Citan's Bug Reporting

Additional Blog entries can be found on the Developers page or in Category:Game Blogs

The Website Got Broken Into!
For several hours tonight this website (but not the game) were offline. A hacker used a new Joomla exploit to get into the website's administration area. Fortunately we stopped them before they were able to do too much, but it took a while to be confident enough to put the site back up.
This isn't a huge freak-out moment for us because the website is very isolated from the game itself. It's just a website. Your forum passwords are salted and hashed, so there's nothing really juicy here. The bigger danger is that they could have added malware injection into the site, or found other ways to be dickish and destructive, but we spotted them before they could do anything.
If you've followed the blog in its various incarnations you know I've complained about this website's underlying Joomla software before. This bug didn't make me happier with Joomla, that's for sure.
We have the fix for today's exploit in place, but the exploit took advantage of a really dumb Joomla bug that should never have existed in the first place. So who knows if there's more of those waiting to be found in Joomla in the future?
So... anyway, this is basically the last straw. We're making a new website without Joomla!
New Website And Forums Coming!
We've actually been working on a new forum for a few weeks already, because the one we're using is very limited. The forums are the meat of this website, so we'll just remake the other parts (the info pages, the blog, etc.) around the new forums, rather than trying to integrate the new forums into this website.
Unfortunately we're unable to copy over the existing forum posts. This is very sad because there's a lot of good stuff in our current forums, but better to bite the bullet and switch now than wait any longer than necessary.
The existing forums will be open for another week or so while we get the new one ready, but after that these forums will become read-only. We'll keep the read-only version around for a few months so that you can find old posts or whatever else is needed.
We're working hard to make sure this next forum is the final forum, so we don't ever have to switch again. It has a lot of power, flexibility, and security, and hopefully it will be our permanent home for many years to come.
Password Resets Are Currently Offline
Actually, there is one place where this website talks to the game server, and that's when you create an account or change your password. The website talked to the game server to update your in-game data at the same time. I've decided to break this feature so that there's absolutely no communication between the website and the game server, just to be 100% safe.
That means that you can't change your in-game password right now, because there's no way to do it from within the game, and changing it here on the website will just change your forum password. If you really really need to change your in-game password, please email [email protected] and we will change it manually for you!
I know that any kind of hacks can shake your confidence in us. But I believe being open and transparent is the best medicine we've got. This forum hack was really not a big deal. It was just irritating and time consuming.
Your game data is fine, and, again, the game data isn't stored anywhere near the website data. It's not even in the same half of the country. They're very distinct with very different security precautions.
We'll be adding more security "wrappers" around our next website so that it's harder for people to take advantage of any new exploits that show up. And I am a big fan of keeping data separated. The website and the game servers will never share the same database. (The computers can talk to each other via special channels, but their actual databases are separate.)
I have to admit that my main concern has been keeping the game data secure, and the forums have been a bit of an afterthought. We used normal precautions, of course, but we haven't really gone above and beyond to keep the forum safe. We'll do that in the future.
Game Update News
In unrelated news, there's a big game update coming that will change all kinds of game systems. My hope is that it will be ready by next weekend. Fingers crossed!
This next update lays a lot of the groundwork needed for Steam integration, among other things. We expect to have the game for sale in Steam Early Access some time in December.
That's about it for now. Happy Halloween!