The Great Ezboard Disaster of 2005

Discussion in 'Forum Software' started by writerfriendly, Jun 2, 2005.

  1. writerfriendly

    writerfriendly Aspirant

    Wow. All their boards wiped out as of two days ago? Ezboard says a hacker attack wiped out over 9,000 messageboards. Some boards still had data after the attack but as Ezboard rebooted their servers (whatever, I'm a technotard), it was lost, too.

    Front entry pages have been restored to most boards now and names of forums appear with "225 posts" or "1,987 posts" or however many posts existed in the forums listed on that front page and when you enter the forums, if there were 17 pages of posts in that forum, all the pages are still listed but THERE ARE NO POSTS VISIBLE. It's all gone.

    Some boards thought they'd escaped but now all their existing posts are rapidly becoming "Uknown User" and "this message cannot be restored."

    Many members are absolutely distraught over the loss of upwards of 50,000 posts and years of community-building. Some members used their Ezboard as the mainstay of conducting business and are losing hundreds of dollars a day.

    Most members seem willing to sit tight for a while and wait and see if Ezboard can restore their communities.

    There is a great deal of confusion in the main thread at Ezboard where all this is being discussed:

    So many angry people willing to believe in conspiracy theories and intolerant of other people who want to wait to hear what Ezboard can do to clean up the mess. There does seem to be a lack of communication from Ezboard to its members but they may just be trying to have something to say rather than making posts to fill up space.

    Can any experts here visit that link and come back here and offer your opinion as to what happened? I'd like to understand what actually took place.
  2. e996sh

    e996sh Aspirant

    Wow, I cant believe that they didn't have backups. :bonk:
  3. LeftWingNutjob

    LeftWingNutjob Enthusiast

    That sounds like an arbitrary code execution flaw. I'm obviously not familiar with EZBoard's server setup, but you shouldn't be able to get at backups with any other sort of flaw. Also, SQL Injection should only be able to get to one board at a time, so it would take 'hundreds of thousands' of hits in order to take down all EZBoards, which would surely be noticed before this level of damage was attained.

    My advice for those who were running a business off of EZBoard: run. You shouldn't run a business off a free service anyway ;) I don't see many businesses running on Tripod (even Tripod Premium) accounts for a reason :)
  4. writerfriendly

    writerfriendly Aspirant

    So how did so many boards get wiped out at one time? Was it an Ezboard code flaw or a hacker? Some people are speculating that the hacker was an Ezboard employee and Ezboard claims to be building a case against the hacker.

    Ezboard promotes their Gold Communities (paid service) in part with the promise that all data is backed up on a weekly basis but now they are saying the hacker destroyed the backups, too.
  5. LeftWingNutjob

    LeftWingNutjob Enthusiast

    You have to have a code flaw in order to have a hacker ;) (except of course there is that insider possibility)

    It is impossible to know what truly happened without Apache logs or other direct evidence. I would consider it a hacker unless some EZBoard staff suddenly disappears.
  6. writerfriendly

    writerfriendly Aspirant

    LOL. This one made me laugh.
  7. The Computer Mutt

    The Computer Mutt Bark Bigger Than Byte

    *Insert theory about how it happen here.*
    Are there many businesses that make any significant amount of money that would be using a free service?
  8. Sal Collaziano

    Sal Collaziano Womanizer

    Wow. Vanchau is gone, huh? He contracted me to work on ezBoard years ago. Well, this is what happens when "the main guy" gets bought-out.. The company losses it's original focus and it all becomes about money. It usually goes downhill from there..
  9. MGM

    MGM vBulletin Guru

    lol, wow... I'm speechless.... 9000 boards.... damn

    MGM out
  10. belindaj

    belindaj Enthusiast

    Wow - we were members there for a good two years through the beginning of the Gold Community program - we left when our Gold costs started to skyrocket (as one of the larger ezboard communities there) and they were unwilling to discuss more reasonable cost accountability.

    Thank goodness :)
  11. Blaminator

    Blaminator Too cool for school >

    Eek, *backs up my forum*
  12. phoenixdown21

    phoenixdown21 The Man with the Plan

    wow major league pnwed.

    I feel sorry for the people affected by this and for the company since this will be a permanant stain on thier reputation.
  13. Devon Aster

    Devon Aster Aspirant

    Holy smokes. I definitely wouldn't want to be on either end, user or management.

    Just for my own enlightenment, could someone explain how a backup would be accessible for hacking? I thought backups were generally dumped on to an independent drive or server?
  14. writerfriendly

    writerfriendly Aspirant

    Well, I don't understand how it works but some people who seem to know about things like that are saying the exact same thing as you are about backups being stored away from the online resources. Their threads get locked down at the Ezboard Help/Tech Forum. Ezboard is saying now that they only can back up what's been posted since two weeks ago. And yet the only posts that seem to exist are 2004 posts so it's confusing. Ezboard is saying they may only be able to restore some of the 9,000 boards but not all and they are saying that the hacker destroyed some backups but not all of them.

    Also, the hacking "event" is supposedly over but old posts from three years ago were still disappearing today. Ezboard says the posts that disappeared today were a result of rebooting their servers. But that would only account for what was in the cache, right? Do caches store posts for three years?
  15. Ted S

    Ted S Tazmanian Master

    Without knowing the full extent of their technology it is hard to say what is in a database, what is in flat files, what was deleted and how. The bottom line is that a site which has grown into sizeable company now faces a serious issue. Generally backups are hosted off-machine but that seems to have not been the case here. Given the number of sites they were hosting, most people would tend to agree that they made a bad decision in their infrastructure setup but critiquing their mistakes doesn't solve anything. Clearly a lot of their sites were small and not-for-profit but at the same time they do have a paid model which has grown extensively and for those people, going down is a business matter. EZboard's ability to get everyone back up and do so immediately is going to be vital for their company's future, not just in terms of saving face and future marketing but also to avoid losing their entire current paid customer database and of course lawsuits. I certainly would not want to be working for them right now, nor would I want to be a user of their services, in any case you can only feel bad for the people on the ground. Ultimately this will be a good week for competing services, forum software vendors and anyone else who tailors to this market as there will certainly be a large exit conversion rate, the question will be how soon can they stop the bleeding and start to patch things up.
  16. Michael Merritt

    Michael Merritt Enthusiast

    Wow, you were at ezBoard too? Who were you there? Not sure if you ever browsed the forums, or were just one of the developers or something, but I was Zerio back in the day. And was also Dymero for a while as well.

    But, it appears that Vanchau basically got kicked out of the CEO position when the directors (or however their setup is there) determined he wasn't leading the company well enough (or something like that). There were lots of complaints by people that highly requested features weren't getting added, that he'd set up lots of posts asking for feature requests, but then ignore them, etc. I thought he stayed on in some sort of advisory position, but maybe he left for good. Not sure.

    And in any case, this is all sad to hear. I started out at ezBoard, and even though I left them because I thought they were going downhill, I still think it's sad for any website to be hit this massively. Although, if the backups were indeed deleted, I very much hope they had updated backups in other places, such as mutliple backups on other servers, and OFFLINE backups (e.g. tape drive, or maybe some sort of high storage optical medium).

    To be fair, any business serious about using ezBoard would probably have paid for their gold service. Most likely a small business is one you might find doing this.
    Last edited: Jun 3, 2005
  17. writerfriendly

    writerfriendly Aspirant

    The exodus has already begun and people are thrashing around trying to decide where to go for their forums. I'm sure the businesses that used Ezboard were paying premium. I also had a paid Gold Community but the price goes up depending on how busy you are.

    I'm sort of waiting around to see what's going to happen. I don't have to pay up again for another 20 days.

    Credibility seems to be a big issue right now because people are not being given a whole lot of information and what they are given, they have trouble believing. It's very hard for some people to understand how they were enticed into paying for a service with certain promises made about secure backups and now that seems to have not been the case.
  18. Sarah

    Sarah Habitué

    The problem is, ezBoard gives no one (as far as I know from a year and a half ago) including paid gold boards, access to their data. An admin cannot back up their own data. You can never have access at the db level, period. So even if your board and posts exist, the only way to get them out is through screen-scraping type scripts. And you can't read the users' passwords, or even email address if they chose it to be private. Therefore migrating off ezBoard is a path of woe.

    And that's IF your posts are available on ezBoard. If not (like right now), forget it.
  19. Michael Merritt

    Michael Merritt Enthusiast

    Yea, that sounds about right. And even if you could get a backup, who knows what database system they use. With the size of ezBoard, I'd venture to guess they don't use MySQL, which is used the most by any other system an ezBoard user might turn to. Not to mention that at last check, they were still coding their board in Smalltalk, which I'm not sure even supports MySQL, but it might.

    Most likely they're using Oracle, or a similar database system like that.
  20. GeorgeB.

    GeorgeB. ............

    Wasn't there a script written to convert ezboard to vbulletin though?

    Could be wrong :(
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.