Jump to content





Dearest Friends and Visitors of the Fountain Pen Network,
We have started implementing the changes we promised here: Upcoming Changes To FPN
Please do read the linked message above.









Photo

Maintenance On Fpn Server


  • Please log in to reply
5 replies to this topic

#1 wimg

wimg

    Stip Etruria nut :)

  • Admin

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 19,451 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 10 April 2014 - 15:22

In a few hours time some necessary maintenance will take place on our server.

Exact down time is not known yet, but should not be more than 2 hours. Start of this maintenance is between 17:00 and 19:00 UTC, or 12:00 and 14:00 EST.

 

Warm regards, WIm


the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#2 wimg

wimg

    Stip Etruria nut :)

  • Admin

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 19,451 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 10 April 2014 - 23:17

As we have had a few questions on the OpenSSL issue and the Heartbleed virus, a few answers:

 

- Our server was patched on April 8 already, by our host provider.

- We do not (and never did) store any credit card information on our server.

- Our server is only accessible from a non-standard port, from just 2 ip-addresses, with a private key only, which is not stored on the server.

 

In short: we were (and are) safe.

 

However, it is always wise to change one's password every so often, so if you do feel the need to do so, by all means, do :).

 

HTH, warm regards, Wim


the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#3 pen2paper

pen2paper

    arty o the irst art

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPip
  • 4,813 posts

Posted 11 April 2014 - 01:26

Figured just that.

 

Was in the middle of resetting all passwords to get this old machine locked down, (may see new life with ubuntu later on, but who knows when/if I'll have the time to tinker with it). Next, have to get new router up and set for new pc. FPN pw was reset, and poof > maintenance notice. Thanks for waiting until I was done ; )

 

Was surprised how many passwords had accumulated. 

 

Thanks for letting Us know, and keeping the ink well Prairie safe : )



Posted Image~Hi! fountain pen enthusiast here~

#4 cambookpro

cambookpro

    Rare

  • Member - Gold

  • PipPipPipPipPip
  • 148 posts
  • Flag:

Posted 11 April 2014 - 08:22

Figured just that.
 
Was in the middle of resetting all passwords to get this old machine locked down, (may see new life with ubuntu later on, but who knows when/if I'll have the time to tinker with it). Next, have to get new router up and set for new pc. FPN pw was reset, and poof > maintenance notice. Thanks for waiting until I was done ; )
 
Was surprised how many passwords had accumulated. 
 
Thanks for letting Us know, and keeping the ink well Prairie safe : )


Be careful about resetting passwords if the OpenSSL patch hasn't been released to that website.
If you do, and it is still vulnerable to Heartbleed, it could make it easier for potential hackers to get your password, as the Heartbleed vulnerability is to do with what servers cache in their memory. If the website hasn't been patched and you reset your password, it could potentially be worse than just leaving it.

Of course, sites that have been patched (like FPN) are fine to change your password on, and it's probably a very good idea to do so.

Hope that helps anyone :)
If guns kill people, do pens misspell words?

#5 wimg

wimg

    Stip Etruria nut :)

  • Admin

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 19,451 posts
  • Location:Maastricht, Netherlands, EU
  • Flag:

Posted 11 April 2014 - 08:44

In addition: passwords here are not stored in memory, a hash code is, which changes with every login.

 

Also, we do use encryption for our store (ionCube) in order to preserve privacy.

 

@P2P: Sorry, but that is the eternal dilemma - when to do maintenance :). Some people will suffer, unfortunately.

 

Warm regards, Wim


the Mad Dutchman
laugh a little, love a little, live a lot; laugh a lot, love a lot, live forever


#6 pen2paper

pen2paper

    arty o the irst art

  • Member - Gold

  • PipPipPipPipPipPipPipPipPipPip
  • 4,813 posts

Posted 11 April 2014 - 19:03

 

Be careful about resetting passwords if the OpenSSL patch hasn't been released to that website.
If you do, and it is still vulnerable to Heartbleed, it could make it easier for potential hackers to get your password, as the Heartbleed vulnerability is to do with what servers cache in their memory. If the website hasn't been patched and you reset your password, it could potentially be worse than just leaving it.

Of course, sites that have been patched (like FPN) are fine to change your password on, and it's probably a very good idea to do so.

Hope that helps anyone :)

 
Thanks for responding. You answered the specific question I couldn't find online, before I did the resets.
That said, announcement to all the evil hackers who now have my Everything. ; ) I lead such a boring life, with no funds to steal, they've wasted their wasteful time on me.. lol Besides, I don't do banking online, (hmm... now why wouldn't I trust that??? most things are on auto-pay. So unless they tap my brick and mortar bank, should be ok.
The one thing the Did get was valuable time yesterday. My taxes would be ready, set, go. (need a scowl y face emotie).

Yay, good practices Wim! Thanks to both.
p2p

Posted Image~Hi! fountain pen enthusiast here~