Welcome to Kametsu

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more!

This message will be removed once you have signed in.

IkarosBD

Service Crew
  • Content count

    38
  • Joined

  • Last visited

Community Reputation

44 Accepted

5 Followers

About IkarosBD

  • Rank
    Hedge Knight
  • Birthday

Contact Methods

Profile Information

  • Gender
    Male
  • Location
    Texas USA

Recent Profile Visitors

1,439 profile views
  1. New devlog post is up! Find it here.

  2. Quick update for you guys. We might actually take another whack at SSL pretty soon. And this time I'm gonna log it all for you. You're gonna get to see what goes on inside my mind when I'm tackling issues like this. The "DevLog" will be kept on my server at this URL: https://nekone.bdikaros.network/kametsu/devnotes/

    1. Etzimal

      Etzimal

      A blog detailing and archiving Ikaros's decent into insanity?

       

      Sign me up.

    2. Etzimal

      Etzimal

      descent*

       

      That is embarrassing.

  3. Yes this was already the original plan. Getting the certificate itself wasn't a problem as we already intended to use Let's Encrypt. The issue was, as stated before, a lot of things need to be upgraded on the backend first, and even the forum software itself needs an upgrade. We also still have to be certain that nothing will break when we roll it out here. I'll update my original post in this thread when we've determined a new time/date to tackle all this but at this point there's no telling when that would occur.
  4. @Cat - the problem with IPS licensing is this, while Kametsu does have a test board (that is always "offline") as permitted by the license, it is not configured in such a way that we could use it to test our setup first before rolling it out to the live site. It lives on the same host. We therefore cannot actually enable SSL for just it, we would have to do it for the production site at the same time. This ties directly into the configuration layout issue as well, specifically that of the webserver itself. There's also a number of major backend components that should ideally be upgraded first, as well, to get the best performance and security out of it. And as @Koby mentioned, my work hours increase drastically this time of year - this doesn't leave me with the sort of time I'd like to have to mess around with things like this. I'm already beginning to see these increases earlier than usual, and the type of work I do does tend to leave me a bit worn out from day to day, especially the longer I work on a given day, so that pretty much leaves me with very little motivation. With all the additional work I have to do with it just to get it to an ideal SSL-ready state and my dwindling free time I just cannot set aside time to do what I had planned to do. Coming up in February, this is gonna be even worse for me, as I begin to work more nights and double-shifts, so getting this done in February is pretty much completely out of the question as well, and perhaps well into March too, though I can't say for sure.
  5. Sorry folks but I've had to back out of implementing SSL on Kametsu. The reason is in the original thread: http://kametsu.com/topic/56908-cancelled-kametsu-is-going-https-ssl/

     

  6. @deanzel I can remove the ban if it's delisted off the CBL, you need only contact me directly. EDIT: Z-Line removed from your university IP. Verify for me please.
  7. Recently, Kametsu's IRC channel on the Xertion IRC network was subjected to a malicious attack by about 100-200+ spam bots flooding the channel itself. Xertion network staff were able to shut down the attack fairly quickly (*grin*), but the methods we used to do so may have restricted otherwise legitimate users from even joining in the first place. Being a root administrator on Xertion, I decided to create this thread should you find yourself on the receiving end of any of these restrictions we may have to use in the future, should another attack occur. Method 1: Channel Lockdown The first line of defense to defend the IRC channel from the flooding, is to lock the channel down. By this we mean we set so-called channel 'modes' that implement restrictions that make it really difficult for bots to attack the channel. Unfortunately, some of these modes may also block legitimate users (like the IRC regulars here on Kametsu for example) or otherwise interfere with normal channel activity. When this occurs, you'll usually get a message from the server explaining the exact reason why you can't enter the channel. Other restrictions may also be put into place as well at the same time. Such restrictions we may use to thwart bot attacks include: Setting the channel so that only registered users (that is, people who register with the network's NickServ nickname registration/management service) can enter. If this occurs, you'll be told by the server that you need a registered nickname to join the channel. You could attempt to register with NickServ (we have instructions on the IRC network's website), but bear in mind that usually if the registered-only mode is in effect odds are we aren't allowing new NickServ registrations either (so as to prevent bots from flooding NickServ with fradulent registrations). If you don't already have a NickServ account on the network, your best course of action then is to wait it out. Otherwise you can identify to your account on NickServ, which would then allow you to join. Setting the channel so that only registered users can speak - this applies mainly to those of you who are already in the channel when a flood occurs and restrictions are put into effect. It works like the above, except it just stops you from speaking until you are either identified to, or register with, NickServ. Again, like above, the way around this is to identify to NickServ if you have a NickServ account already. Otherwise you're probably going to have to be patient here as well. Throttling the amount of people that can join the channel at once - in addition to the above, #Kametsu uses a special channel mode that restricts how many people can join it within a given time period. It is meant to prevent join floods, which large groups of bots all too often do. This will block you from joining if the channel is experiencing a flood of joins from bots. The lockdown time is 1 minute, so try again every so often and you'll probably get in eventually. Again this is also subjected to the above restrictions so keep that in mind too. Channel bans - although it is highly unlikely, you MAY find yourself being told by the server you are banned from the channel. If this is the case, and the ban was NOT already there to begin with, please contact either myself or Koby via private message for assistance as you were probably caught up in a wider/broad ban meant to help control the flooding. Again this only applies to the IRC channel, NOT the forums! If you are affected by any of the above, and there is an active attack ongoing on the network affecting #Kametsu, then either Koby or myself will post status updates - located on the right-hand side of the forum's front page. Keep subscribed to these updates for any relevant information. Method 2: DNS blocklists In addition to the above restrictions, we also make use of DNS blocklist checking on connecting users. These lists are used to help prevent potentially malicious users or bots from connecting to the network in the first place, and are in constant use 24/7 on the entire network. While these blocklists operate really well and do a really good job of keeping malicious bots off the network, unfortunately on occasion these checks may also affect an otherwise innocent user. If you find yourself almost immediately disconnected from the network with a message stating you're listed on some RBL/blocklist/DNSBL/etc, then I want you to come here to the forum and send me a private message to let me know. Give me the exact "ERROR:" line your IRC client gives you along with the ban message, and I will happily investigate and see if I can get you connected. It is unfortunate, but it is a necessary security measure. The odds of this actually happening to innocent users is low, but it is definitely not zero, so I want to be sure anyone here that gets hit by one of these DNSBL/RBL network bans notifies me immediately. Method 3: Network Lockdown If channel controls are not sufficient to deal with the flooding, and/or its more widespread, we may have to resort to locking down the network itself, this will usually end up with you being almost immediately disconnected from the IRC network with the message "This network is temporarily not accepting connections, please try again later.". This means we have temporarily blocked all new connections for a little while in an attempt to shut down bot connections. If you receive this error, wait about 5-10 minutes, then try again, as this is never a permanent state. If you continue to get this message, try again every 5-10 minutes or so until you can connect successfully. If you have any questions or concerns, feel free to post them here. Given the situation we faced the other day I feel this thread is the least I can do to assist with anyone that might be affected by this should it occur again.
  8. You just HAD to ban my entire university's IP address on IRC...

    :(

    1. IkarosBD

      IkarosBD

      Just for continuity I'll repost what I told you on IRC, JUST so others are aware of it as well.

      Because of those godforsaken spambots, we had to increase network security, so it's not that *I* banned you. Rather the added security measures resulted in it.

      And again, I am sorry of that happened but it IS necessary unfortunately. We were caught with our pants down on the network.

    2. DeathTheKid

      DeathTheKid

      The lolis tho...

  9. @ani-me I can personally assure you this was not an effect of what we were forced to do. The only setting that was forced off was the 'Send me news and information' checkbox. That was it. I will look into this however. EDIT: The only setting our changes affected, was confirmed to be only the "Send me news and information" checkbox. If any other settings were toggled, they were not the result of our actions relating to the mailing list/mailserver debacle. Sorry if that's not what you want to hear but I can't really say what caused that for you. That being said my curiosity has been piqued. If any other users have seen this, please report it to me.
  10. If some of you were in the IRC channel earlier today, I want to apologize for that disruption. We had a bunch of spambots attack various channels on the IRC network 'cause someone got their panties in a wad. I'm keeping watch over things at this time and will continue to do so most of tonight.

  11. We have enabled mail functions again on the forum after clearing up the original issue with spam. There are a couple of things I need to let you know about though, because some changes were made to the system. First thing to note is that a lot of you may not receive notifications as fast as you had before. We had to throttle down how fast the mail server sends mail out to any given domain. Any noticeable delay will be dependent on the mail server's current load at the time the message is sent for any given email domain. Rest assured though mail will still be delivered. Another thing to note is, we forcefully unsubscribed all members from the mailing list option, which is what got us into trouble in the first place. Members must now explicitly enable that checkbox on their own if they want to receive admin-generated mails. However, Koby and I had a talk about it and he decided that for now no more admin-generated emails will be sent until proper controls can be put into place. This does NOT affect emails for threads you wish to be notified of replies for, or for received private messages, or any other such settings. It only affects bulk email, aka admin emails. Lastly, new registrations will now have the "send me news and updates" box unchecked on the registration form itself. Users can then opt-in on this form, or later after registration if they want. We apologize for the inconvenience this caused.
  12. Nevermind on my last update. I started up mail functions anyway. Mail is back in service!

    1. Moodkiller

      Moodkiller

      Many thanks for yours and Koby's time.

  13. We are STILL awaiting word from the server host regarding mail operation, they seem to be dragging their heels. If we do not hear back from them by the end of the day 1/20, I will resume mail operation. Again sorry for the inconvenience this has caused.

  14. UPDATE TO ALL USERS, PLEASE READ: As part of our efforts to restore mail functionality, we have forcefully unsubscribed all members from receiving admin mails. This does NOT affect your subscribed threads notifications or any other notifications settings - you will still receive emails for those including new PMs and any other options you may have enabled. Only admin-generated mails are disabled now, as it's not used very often if at ALL here. The email system has not YET been enabled as we are waiting to hear back from the server host, though I have no reason to believe we'll have to delay this further than tomorrow afternoon.
  15. UPDATE TO ALL USERS, PLEASE READ: As part of our efforts to restore mail functionality, we have forcefully unsubscribed all members from receiving admin mails. This does NOT affect your subscribed threads notifications or any other notifications settings - you will still receive emails for those including new PMs and any other options you may have enabled. Only admin-generated mails are disabled now, as it's not used very often if at ALL here. The thread at http://kametsu.com/topic/56969-mail-server-temporarily-disabled/ will be updated with this information shortly.