Jump to content

Chain of events


Recommended Posts

There has been some serious speculation, name calling and a LOT of make believe. Before using the word "fact", let me tell you my point of view and everything that I know to be true with this chain of events.


At 8am on the morning of 08/26/2014 I attempted to get on the forum. Upon noticing it was down, I immediately texted Darryl hoping he was aware of it. He assured me he was aware and was working on it. Following this a group text conversation occurred an hour later. In this conversation it was understood that Jay (Chief) was busy until 6, and nobody else was communicating the issues, or couldn't help because they were busy or their firewalls wouldn't allow them to. Later I read on Facebook that the forum had been down since the night before at some point. At 6:00pm on the 26th, nearly 12 hours after texting Darryl, a ticket was submitted to our hosting provider to resolve the issue - an issue that was not theirs. The site eventually came back online at - 9/5/2014 - twelve days later. I was given admin privileges by Jay(Chief) at 8pm 9/5/2014. After the site came back online.


Let's take a step back; I've been in the IT field since 1997. I've been a senior level systems engineer for the last decade. I've worked for large companies, small companies, energy companies, home offices, non-profits, and military organizations. I ran a web hosting company from 1999 to 2009. I've seen this site go through several heavy outages over the years; most have been 100% preventable. I decided to offer my much needed help and was considered by Darryl to be an admin a couple months ago (during my running as VP). According to Darryl (a board member and admin), a vote was held by the officers/board of the time saying that my involvement would be a conflict of interest as I was working on cuttlefishandcorals.com and was leading the VP vote. Later, I discovered that the board vote to keep me off the admin team never happened. I never became admin, but assumed the site was being cared for as best as it could.


Since being given access, I've done some analysis and found on the 25th of last month, we took a huge hit. We were breached by an organization named "ArHaCk.NeT". This is an organization that phishes money and raises mayhem. They used our site as a gateway for PayPal scam emails that you may or may not have gotten in the past asking you to verify your PayPal account - erroneously. This organization uploaded a file 's.zip' through an unpatched vulnerability in our server that contained the payload to make their web presence work. Luckily, restoring the site is as simple as looking through our most recent backups and restoring one that did not contain s.zip - or any traces of said payload - then simply patching the vulnerabilities and plugging the hole these hackers got through in the first place. About 8 hours of total work. Backups… Well, we didn't have anything valid. No backups had been made since November of 2012. Later, I heard that this was because VPSLatch (our server host) was bought by HostDime (a large hosting provider) and they removed this feature from our server/account. In a professional IT environment, nobody who has any experience with backups would ever assume that backups were being made. Backups should be verified by quarterly or bi-yearly "fire drills" where said data is restored to a sub-domain of the site and verified for integrity. Said backups would be stored off-server, preferably in multiple locations. Beyond backups, the server was in a neglected state of patching/updates. We were running an outdated operating system, a database server that was three stable revisions old (a couple years), web server (Apache) versions that were riddled with vulnerabilities and an Apache module (FrontPage Extension - http://docs.cpanel.net/twiki/bin/view/EasyApache/Apache/ModFrontPage) that warns you that running it is not recommended as it's a huge security risk.


Prior to me being given access to the forum, the forum had been restored. Both the web side and database side. The themes were partially broken, but the site was functioning for the most part. Automated site emails weren't being sent, and other small things needed fixing. Upon being given access to the server, I double checked that indeed this was the latest copy of the forum we had and I proceeded to resolve the little things. I found old archived site images from waybackmachine.org, resolved the email activation issues, and removed the FrontPage extension. I then ran a couple of utilities that check for rootkits and malware by comparing their checksums against an internet database of known good checksums. There were only a couple of things it returned, but nothing too serious. I resolved these small gaps in security and changed all of the passwords on the site. These passwords would then be updated and distributed to the admin team in the same document I was provided as soon as I had a chance. I gave vbulletin (the forum software) admin access back to Adam and Darryl as Jay already had it. There was also talk of a new admin team. Perhaps having Darryl focus more on his vendor relations duties and less on something he was trying his hardest with, but ultimately did not possess the knowledge or experience to be handling. This was not a slight against him or an attempt to humiliate or ego crush.


During the time the forum was down, I commented "[language filter]?!" and the such on things like "Our last backup was in 2012". This was immediately followed up by a text from Darryl telling me how they aren't trying to cover things up, but we should be selective on how we announce this to the forum. I've never been one for covering or tweaking the facts to make myself or a situation look better. I'm a blundering fool, much like many of us - but covering things up was never my style. [language filter] could have been responded to with "I know, we're not sure what happened…. But, yeah.. This really sucks - stay tuned folks!". Instead, I received a phone call from Darryl. He stated that he volunteers for the forum and does not get paid (insinuating that the lack of response or ability to resolve this issue was somehow justified because he doesn't get paid). He also stated: "Micah, I'm too old. Too old. I won't be taking any orders from a young guy like yourself.". I'm paraphrasing of course as this was a phone call and I'm pretty sure he used the word "whippersnapper". It was well received that Darryl and I don't get along with each other, but none of that was a determining factor for me wanting to help the site or for what happened later. Something that did not happen until nearly two weeks of the site being down. I too was kept mostly out of the loop during this time.


WestCoastReefers; let's address that rumor mill. Yes, there were frustrations about the site being administered poorly. Yes there was perhaps even venting. What there wasn't, was slander, name calling or competition. The site was created in an effort to give the community a forum - one way or another. Because I could not be given admin access to help resolve the community I love so dear, a few individuals and myself decided it would be best to give the forum a place to go in the event PNWMAS.ORG never came back online. The club was decided on their path, and I had to make a decision on mine. I chose to provision and create a server. I installed the forum software and proceeded to get categories configured so people could start registering and posting in PNWMAS's stead. Competition? No… I was 100% devoted to the same community of people that has now put on this witch hunt. Devoted enough to give up my position as VP on the broken forum/club. There was even a moment where we though "While we're at it, why not make it a for-profit site and charge for memberships. We have the opportunity to make the second site however we want.". In the end, we did not go that route - the concern for getting a site up to the community was more pressing than trying to change something that was proven to work. There is even an email chain floating around with our plans in it. Our plan was to start a new site. Frustrations were made clear and decisions were made based on our suggestions/concerns and votes. Like I said, there were a lot of us out of the loop and many of us assumed the worst with pnwmas. As far as CuttleFish and OceanRevive being in the sponsor section? The site wasn't announced as live due to the change in direction with PNWMAS.org. Those sponsors stated that a functioning site was needed and that they support the idea of having a backup/second site. Them being listed on that site in no way reflect actual sponsorship. No money changed hands and as far as I know, there was no exclusivity to sponsor only a single site. Many shops sponsor on multiple sites. Please try to keep what blame you find on myself and nobody else as nobody has done anything wrong; regardless of their level of support.


People in glass houses should not cast stones. We were not the only ones; at least one more domain (PNWMAS.COM) was purchased by another individual who is very involved in the forum. Somebody who works for an LFS who opposes these actions. This persons intents were the same as mine - to provide the community a place to go. Said person has now cast stones and proclaimed their hypocrisy.


Micah Morton

PNWMAS Vice President/SysAdmin

Link to comment
Share on other sites

"People in glass houses should not cast stones. We were not the only ones; at least one more domain (PNWMAS.COM) was purchased by another individual who is very involved in the forum. Somebody who works for an LFS who opposes these actions. This persons intents were the same as mine - to provide the community a place to go. Said person has now cast stones and proclaimed their hypocrisy."


President already accepted explanation and dealt with this issue by acquiring the right to pnwmas.com name.

Link to comment
Share on other sites

President already accepted explanation and dealt with this issue by acquiring the right to pnwmas.com name.


That doesn't unpurchase the domain or undo the initial intent of said domain..


To expel further rumor, I have little to hide. Should I have said some things? No... probably not, but like PNWMAS.COM, it's all spilled milk...


I have sent the email people keep referencing to Kevin and will post it publicly upon authorization from the board.



Link to comment
Share on other sites

Thank you for your explanation Micah. I honestly didn't have much expectation that PNWMAS was going to be able to be rebuilt myself after so much time had passed. It's a free forum with volunteer people; seeing it survive what happened is a surprise. It's unfortunate that so much dramatic scuttlebutt has been thrown around here. I appreciate what you, and everyone else that put long hours into this, have done. I certainly can't say that I've got that drive to put that kind of time and effort into something outside of a paying job.

Link to comment
Share on other sites

Sorry that people lost perspective on what is important in life. After all this is a fish forum not the library of all knowledge of man up to this moment.

As someone who has worked in IT off an on since the early '80's, yea when backups were completed on magnetic tape drives that you had to thread like the old reel to reels, I can only say WOW. To not have any kind of backup or disaster recovery plan just seems weird. But like I said, this is not life saving or threatening stuff.

People really need to get over themselves and get on with things.

Thanks for what you did save.

People could have handled themselves better, ALL of them , but lets move on and get back to the reason we're all here.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...