Pages: 1 |
| LOST DATA! (Read 604 times) |
| view log Runner / Superhero |
posted: 3/5/2008 at 3:51 AM |
All of my entries from 3/1 - 3/3 were lost. There were here this afternoon and now are gone. Was there a problem with the db where you had to restore back to a certain time?  |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua "Flash" Gordon
Runner/ Superhero
The Running Adventures Of...
joshua.flash.gordon@gmail.com
http://www.myspace.com/joshuagordon
http://blog.myspace.com/joshuagordon
blog by email: http://www.feedblitz.com/f/?Sub=20730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
| view log Runner / Superhero |
posted: 3/5/2008 at 4:05 AM |
In total, 10 workouts that were logged are missing. Can you please explain what happened so I know whether or not there is a larger problem with Running Ahead?
You can even check my blog (http://blog.myspace.com/index.cfm?fuseaction=blog&Mytoken=8FA092AC-96AB-4BDB-A68985D4271D5229101249024)
from Sunday where the entry from Sunday's race is show on the entry. No longer in my log... |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua "Flash" Gordon
Runner/ Superhero
The Running Adventures Of...
joshua.flash.gordon@gmail.com
http://www.myspace.com/joshuagordon
http://blog.myspace.com/joshuagordon
blog by email: http://www.feedblitz.com/f/?Sub=20730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
|
posted: 3/5/2008 at 10:33 PM |
jgordon,
I loaded the database snapshot taken on March 3 and saw that indeed there were entries for the range you specified. There is only one way to delete entries from the database, and that is by individually clicking on the delete icon in the workouts list as the owner of the log. I checked the server log and at around 4:43 PM EST yesterday, these workouts were deleted. I cannot determine who deleted them by the IP address in the server log, but the machine belongs to the smoothstone.net domain. Does that ring a bell?
The server only allows the owner of the log to delete records. Therefore, whoever that deleted them must have direct access to your log. You need to think back around 4:43 yesterday. The obvious possibility is that you were using a public computer and forgot to log out. There are other explanations but the RA server is not the blame. I can help you reconstruct some of your missing data if you like. Drop me an email and we'll go from there.
eric :) |
|
|
| view log Runner / Superhero |
posted: 3/6/2008 at 3:53 AM |
eric,
that's really crazy...
I only access the log from my laptop - @ 4:43 EST I was in a meeting and the laptop was in my backpack.
No idea who smoothstone.net is...
I'll change my password and hope there isn't a larger security issue here.
I have the data in duplicate - so, ultimately, I can recreate but it is alarming nonetheless... |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua "Flash" Gordon
Runner/ Superhero
The Running Adventures Of...
joshua.flash.gordon@gmail.com
http://www.myspace.com/joshuagordon
http://blog.myspace.com/joshuagordon
blog by email: http://www.feedblitz.com/f/?Sub=20730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
| view log Hurdle the Dead |
posted: 3/6/2008 at 1:34 PM |
| Quote from jgordon on 3/6/2008 at 3:53 AM: so, ultimately, I can recreate but it is alarming nonetheless...
As far as I know, in the two years I've been using this log, this has never happened to any of the now thousands of users.
Personally I find it alarming that you seem unwilling to admit the blitheringly obvious: that the most likely "security issue" was you or someone else using your login.
Can't you use your superpowers to track down the culprit? |
E-mail: JakeKnight2002@aol.com
-----------------------
"The past is nothing but a series of recollections; it does not own you ... if we are prisoners of the past, we are jailer as well."
~~ Jack Kerley, The Hundredth Man
|
|
|
| view log Runner / Superhero |
posted: 3/6/2008 at 4:34 PM |
It is strange because I work in a secured building with only 10 people in my office, my computer is password locked when not on, there is a password for the site, and nobody knows my passwords (I err on the side of caution). Plus, this laptop was in my bag at the time of the "offense".
I just wish I knew what happened to better be able to prevent from happening again. Eric does a great job with this site - that is not at issue.
Unfortunately, running is my only super power (even that is questionable) - outrunning a hacker or whatever can be tough... |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua "Flash" Gordon
Runner/ Superhero
The Running Adventures Of...
joshua.flash.gordon@gmail.com
http://www.myspace.com/joshuagordon
http://blog.myspace.com/joshuagordon
blog by email: http://www.feedblitz.com/f/?Sub=20730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
| view log Barefoot and happy |
posted: 3/6/2008 at 5:56 PM |
I see two possibilities here:
1. It looks to me like delete requests are made via GET, not POST. If this is true, there are some browser extensions that might be prefetching all the links on a page and inadvertently triggering deletions. You have the requests protected by Javascript confirmation, but it's still conceivable that some browser or extension would ignore that. It's actually a violation of the HTTP standard to have any GET request cause a state change.
2. As for security, it's quite likely that RunningAhead's cookies can be sidejacked, which is particularly easy on wireless networks. This is a widespread problem that effects many sites, including Hotmail for example. The only reliable solution is to run the whole site over SSL (an expensive proposition in terms of server load), or as a user to always use a VPN to safely tunnel traffic through the wireless network.
For such an attack to work, somebody has to actively be sniffing traffic within wireless range of you while you're using Runningahead. jgordon, have you pissed off any computer-savvy coworkers? ;) |
|
|
| view log Funky Monkey |
posted: 3/6/2008 at 6:01 PM |
| Quote from Ed4 on 3/6/2008 at 5:56 PM: I see two possibilities here
Geek.
 |
| It's all fun and games until the flying monkeys attack. |
|
|
| view log Runner / Superhero |
posted: 3/6/2008 at 8:08 PM |
| I am on a wireless network about a block from MIT so who knows? |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Joshua "Flash" Gordon
Runner/ Superhero
The Running Adventures Of...
joshua.flash.gordon@gmail.com
http://www.myspace.com/joshuagordon
http://blog.myspace.com/joshuagordon
blog by email: http://www.feedblitz.com/f/?Sub=20730
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
| view log Resonate |
posted: 3/6/2008 at 8:56 PM |
| Quote from jgordon on 3/6/2008 at 8:08 PM: I am on a wireless network about a block from MIT so who knows?
If I was a pissed off hacker wanting to mess up your running log, I wouldn't delete anything. I would just modify all your entries to make you look like you were slower. Maybe add 20-30 minutes to your PRs. |
Mike | Current Training Plan
Out near the edge where life is in full color. |
|
|
| view log Funky Monkey |
posted: 3/7/2008 at 2:14 AM |
| Quote from jgordon on 3/6/2008 at 8:08 PM: I am on a wireless network about a block from MIT so who knows?
More importantly, do you like monkeys? |
| It's all fun and games until the flying monkeys attack. |
|
|
Pages: 1 |
