Server Admins - PokeBeach Needs Yo Help!

Water Pokemon Master - you may want to take off the PokeBeach specs (what it runs on, programmed with, etc.) from this post and only give them out at your discretion. For security reasons of course!

I am a pro-programmer, but since sys admin stuff isn't my cup of tea yet, I'm not sure I'd solve this problem quickly (though with enough time and Google, I'm sure I could figure it out!).

Good luck with your search because Pokebeach is awesome - keep up the great work!
 
Last edited:
Water Pokemon Master - you may want to take offthe PokeBeach specs (what it runs on, programmed with, etc.) from this post and only give them out at your discretion. For security reasons of course!

I am a pro-programmer, but since sys admin stuff isn't my cup of tea yet, I'm not sure I'd solve this problem quickly (though with enough time and Google, I'm sure I could figure it out!).

Good luck with your search because Pokebeach is awesome - keep up the great work!

Web developer here. There's actually very little information in the post at all. Aside from Twig, all the programs mentioned are incredibly common for running web servers, and Twig is just a templating system - it doesn't go deep enough to have any bugs that can affect the server. Any competent attacker targeting this site would already have tried any known security holes in those programs.

I *might* have been able to find a bug if I had access to the site's code. However, it seems WPM is (quite rightly) trying to avoid giving out the code to more people than necessary, and I don't know that I'd have the time in the near future to dive into unknown code trying to find a bug that takes hours or days to surface. I also have very little experience with Nginx, preferring Apache.

I won't apply to look into the code, as I don't have nearly enough time these days to dive into an unknown system, and it seems WPM is (quite rightly) trying to keep the number of people having the code and/or access to the server low. I've got a few hunches about possible causes, however, which I will send to the e-mail above.
 
A hacker wouldn't go for the membership money. Good hackers rarely steal actual money, they prefer to steal data to sell for money or use the server as a bot. Stealing actual money breaks quite a few laws "regular" hacking doesn't, and attracts the interest of the police to a much greater degree, so it's not worth the risk.

However, good hackers also try to stay undetected for as long as possible. Bringing down the site the server's hosting is very counterproductive for a hacker. As far as I can tell, there's no reason to suspect hacker(s).

PS. Just to clarify, by "good hackers" I mean skilled ones, not morally good ones.
 
Why are people assuming it's a hack? The way WPM described it, it sounds like a bug or something that isn't connect properly somehow. Now I'm not an expert in programming, but shouldn't we be looking across the board?
 
Um, nobody's assuming it's a hack. The closest to that is the third post, which is just a general warning not to share too many server details publically. Any other post that's mentioned hackers has done so to explain why it's not a hack. Because it's not a hack.

Aside from that, yeah, there's almost surely a bug in the website code causing this.
 
Why are people assuming it's a hack? The way WPM described it, it sounds like a bug or something that isn't connect properly somehow. Now I'm not an expert in programming, but shouldn't we be looking across the board?
Tutti's exactly correct. If it was a hack, it would do something else
 
Back
Top