Register

  • Discover new ways to elevate your game with the updated DGCourseReview app!
    It's entirely free and enhanced with features shaped by user feedback to ensure your best experience on the course. (App Store or Google Play)

PDGA site down?

Went to pdga.com about 15 minutes ago, and got this image instead...
pdgahacked.jpg


Tried to go back a few minutes ago and got nothgint.
pdga.com hacked?
 
redundancy is very easy to achieve with a simple website like the pdga. If anything, the db should be the only single point of failure. I have a few pix 520's, older f5's and some 6504's if you all want em. Maybe that would let them get some hardware thats under warranty with even next day replacements. Or, just purchase a GTM box and contract with a second provider in another region. Only tricky thing would be backend db synchronization for writes which could be done without a dedicated pipe between.

Too bad the site got hacked. Hopefully a bare metal restore wasn't too bad. Let me know if you need help with unix hardening. Also separating the message board from the site and tour db seems like a good idea.

cheers....
 
Honestly, for an organization that makes as much money as the PDGA, there's absolutely no excuse for using web hosting, period.

They should have a server in their offices, run by themselves, on their internet connection...It's ridiculously cheap to do so.

Seeing that they got CRACKED, I don't buy that any site flakiness was a hardware failure...it was more likely the DDoS attacks that the crackers used to break in that were causing availability problems.
 
The site was hacked but the forums and most likely data were ok. It looks like someone is exploiting an issue in the site to replace the homepage with that crap. They probably took the web server offline to try and fix the issue although they could have just restored the original page and left the site running while working on a fix. Then again, this is all speculation and I have no details on what is actually going on.
 
plastic_fondler said:
redundancy is very easy to achieve with a simple website like the pdga. If anything, the db should be the only single point of failure. I have a few pix 520's, older f5's and some 6504's if you all want em. Maybe that would let them get some hardware thats under warranty with even next day replacements. Or, just purchase a GTM box and contract with a second provider in another region. Only tricky thing would be backend db synchronization for writes which could be done without a dedicated pipe between.

Too bad the site got hacked. Hopefully a bare metal restore wasn't too bad. Let me know if you need help with unix hardening. Also separating the message board from the site and tour db seems like a good idea.

cheers....
Click to expand...

I doubt it was the firewalls that let the crackers in. More likely than not it was a SQL injection attack or a buffer overflow. Their hosting company should already have something like a Pix in place...If not, the PDGA didn't do any due dilligence in making sure their web host wasn't just some dude in his basement.

Database replication between sites without a dedicated link is trivial. Hardest part is encrypting the connection, which can be done with an SSL cert, or by sending a dump file rather than using conventional replication from the RDBMS, and using SSH encryption to send it...

This is all silliness...for $300 worth of server they could have their site hosted in-house...It's not like their load will ever be high enough to bog down what you can buy for $300 these days...Then, it's just a matter of having a spare server to replicate the database to, behind the same firewall.

timg,

if it was hit from the forums, not only is the PDGA silly for not updating their forum software (as most of the forum software are pretty good about posting news when they have a security update), but they really SHOULD take the whole server down and wipe the whole thing. First thing any cracker worth his salt does when he gets into a server like that is install a rootkit or backdoor so he can get back in once they've noticed he's been there...In order to be sure, you always want to cleanse the server.
 
SkaBob said:
Honestly, for an organization that makes as much money as the PDGA, there's absolutely no excuse for using web hosting, period.

They should have a server in their offices, run by themselves, on their internet connection...It's ridiculously cheap to do so.

Seeing that they got CRACKED, I don't buy that any site flakiness was a hardware failure...it was more likely the DDoS attacks that the crackers used to break in that were causing availability problems.
Click to expand...

A dedicated internet pipe big enough to keep the PDGA site snappy would be pretty expensive. They co-locate their servers (based on what another poster here said) at a hosting facility which is what a lot of places do. It's a great option for places that don't have techs on staff and can be more reliable than having all that hardware onsite.

I suspect the same thing would have occured had they hosted in house and since they don't have a dedicated tech staff it would have taken even longer to repair.
 
timg said:
A dedicated internet pipe big enough to keep the PDGA site snappy would be pretty expensive.
Click to expand...

Bull. Have you seen the prices you can get a T1 for these days? My former employer was paying $400/month for pretty expensive T1 service through MCI...You can get a fractional or burstable T1 for much cheaper than that, even...Heck you can do it for around $130/month if you feel like dealing with Cavalier...
 
I suppose it depends on your view of what expensive is. At $400/mo. that's $4800/yr just for the pipe. I'm not sure what co-locating costs but it's probably cheaper than your average rackspace server that runs in the $150/month or so. So they can save $2000-3000 or more by not opting for a T1.

Then there's the issue of who's going to maintain the stuff? Perhaps their current place offers managed hosting so they take care of swapping drives, sys admin stuff, etc. Otherwise they might have to contract out with a local tech company for that stuff which means additional funds.
 
Oh, co-lo is always cheaper than a dedicated pipe of the same quality and speed...

The thing about not keeping any techie on staff is...well... the whole company is paperwork and computers.

If a company that's primarily run by their computers can't be bothered to keep someone employed (or at least on call) to FIX them, why should I give them money year after year?
 
Not sure they can get T1 all the way out at the IDGC if that's what you're suggesting?
 
If they can get a phone line there, they can get a T1 there...moot point anyways, as I doubt the PDGA will bother to run a T1 line if they haven't already.
 
no....just laughing to myself and as I imagine working them into our transit peering....but I doubt they run bgp or are located at an ixp.
 
Well now is as good a time as any since the other one was hacked. Why fix the old when you can get the new one going? I'm not quite sure why the forums are offline though. I would have guessed they would have moved them to the new hardware ahead of time.

Fixing the spelling errors on the "Coming Soon" page couldn't hurt things either.
 
As I remember, they are switching over to a new BB structure, which means they would have had to back up the forum database and then import it in to the new structure. My forums, with roughly 160 members and only 1500 posts is 12MB, imagine the size of a 10,000 member forum with hundreds of thousands of posts. Ick. Although they were using UBB before and I was pretty sure that is what they are switching too.

I was actually supposed to help with the transition but have since lost my job and volunteer time is temporarily put on the back burner. If they do need SQL/PHP help they know how to get ahold of me.

I hope the transition is quick and painless. I'm pretty sure they are taking the transition in segments, and the first segment is going to be the basic homepage structure. The forums should be last.
 
Looks like someone caught the spelling mistakes :)

I didn't know they were updating the forums too. It's too bad they aren't able to do the update in stages while still having the old pages available in the interim.
 
You must log in or register to reply here.

Similar threads

Plastic Thunder
The number of disc golf player has declined, by a large number.....
5 6 7
Replies
120
Views
15K
biscoe
B
prerube
share your DGCR moments
Replies
17
Views
1K
donnyv
donnyv
Skamanda
Proposed rule changes for 2024
16 17 18
Replies
357
Views
21K
coupe
C
mandoplastic
Back Again
Replies
0
Views
445
mandoplastic
mandoplastic
ru4por
TD Help from the PDGA
Replies
7
Views
3K
ToddL
T

Latest posts

Top