Lots of people loved the OC, and I was certainly one them. More about that in the post mortem post to follow.
Details here are to the best of my knowledge, but some things are guesses without confirmation from people that are actually there, however if you read the associated news stories, I think you may agree that this all makes sense.
what happened?
The OC aka Old Chat aka Original Chat went offline a couple / few weeks ago for a couple days or so. Then it came back and everything was fine. It ran for some time, then it went offline again. It’s been about two weeks or so – and the chat server has been unresponsive. Not just for those trying to use the chat room, but also from admin access. None of my access points are working to that server. I can’t get in, the chat can’t get out.
Why did it go offline?
The OC chat server was housed in an “extra protected” data center. Our server is one computer there; housed in racks of other computers running other web sites. Apparently someone hacked into that data center, allegedly to get access to a kkk database and publicly dump details from within (more recent news stories appear to show that was not the main reason for the hack but a by-product).
When the breach was discovered, our data center unplugged those racks of computers from the internet to clear any infected files, change passwords all that.
I got notice of a breach of the systems there, and an apology, and told all would be fixed, hang tight. The system did come back up for bit, and then I started to see news stories about the breach. It appears that various law enforcement agencies were brought in to investigate the breach.
Day or so later, the rack of computers that our chat server was housed in was unplugged from the internet again. I assumed they were replacing hardware routers and switches and cables to make sure the data center was clean of any possible lingering infections, but now it seems there is much more than that going on, as it doesn’t take weeks to replace routers and hubs.
So little info
I gave them time, understanding how severe of a situation this is for them. Then I started emailing and calling. Days went by and I got a message like “We are working to restore the hosting computers, there is not ETA. It may be a while.” – more days go by. Nothing new from our hosting company.
Piecing Things Together
Pouring through news stories and web searches, this is what I gather.
Whoever got into the ‘kkk database’ did so in a way that breached the deep levels of our hosting company. These people had gained access to a ton of information, not just the database that was publicly shame exposed. It looks like they downloaded / copied a bunch of PIA (personally identifying information) from a bunch of people who were not related to the kkks site. This of course kicks in some other rules and laws and stuff beyond the hack and exposing of the one site. Which makes sense why federal agencies would be brought in to investigate everything.
I am not a lawyer nor an expert in data security laws or anything like that. However given that I have gotten notices from other companies that have been hacked in the past it seems that this is a very costly situation for the hosting company, beyond what they are losing from not getting hosting fees from customers like us who have their servers offline.
So there’s a chance the OC could be turned back on
For the past couple weeks I have been confident that our hosting facility would get all their hardware patched up and our original chat system would be reconnected to the internet doing what it does best.
However there are a couple of big problems even if our server is turned back on.
It dawned on me the other day that if the server is plugged back into the internet and we can use the system again, we must consider that the system could of been compromised by an unknown number people. I can’t trust the server it’s on, or the code that makes everything run, and neither should you or anyone else. I count at least 5 teams of people that have unfettered access to our server at this point, and turning it back on would actually be worse than permanently pulling that system down.
The Backups!
Next logical step would be to reinstall our chat system on another server at a different hosting provider and get the OC running again.
Unfortunately the last remaining code for that system was housed on the compromised server. The original chat script that I had on my own computer was destroyed when my computer got a virus last year. The company that made the original chat script went out of business. The guy that made the code base for our original chat system is no where to be found, I’ve tried several times, no replies to any emails in months.
This is a sad and embarrassing day / week / month – every programmer in the world would denounce this lack of backups of code, and they would be right to do so. I purposely made no backups of our chat server system, but I should of had two or three backups of the main code and all the mods, and I did… but my old main system was destroyed last year, and I did not think to pull a backup from the server. So the code is gone.
Privacy Information!
I updated / added some privacy information on our privacy policy page, and posted a link to this at the top of sex chat space and on the sidebar in the peeps section.
I STRONGLY encourage you to read the added privacy information on that page.
As mentioned on our previously posted privacy policy, our chat server was not set to record any of the conversations that were sent. The chat server at our OC data center was not set to get any profile info or anything from the peeps section of the site either. As was outlined on the privacy page long ago, our chat server does log some basic info such as your connection ip, browser, rooms entered, things like that. I have no way to know if that information has been accesses by any third parties at this point.
Good thing we developed backup chat systems.
Many of our older regular users have known about a backup system that at one time was called the “new chat” – it’s not so new now, and we have newer systems running actually, however many people will migrate over to the SexChatSpace.com site’s “new chat” page when the OC is broken.
Some people will find their way to our newest chat system, the “mv-chat” (creative name for “mobile / video chat” huh?
We also have a “flashy chat” system that is running as another backup option.
I have started to develop an even newer chat rooms system with an eye on the future as well.
I made a profiles section here, and you can find a similar option on the sex chat space site – another way that people may be able to find each other / message each other then the chat are down. If things get real bad I try to post on a WordPress.com blog and our twitter thing. I’m doing everything I can to keep channels open for everybody to chat with each other.
Future
The Mv-Chat system will be getting most of the attention for code updates. The mv-chat has many bonus features that the OC system did not have. There are a few things the mv-chat does not do well that was easy with the OC system, things like actions and others are mentioned and discussed on the mv-chat-info-page.
As is mentioned on the peeps registration info page ( http://www.sexchatsexchat.com/peeps/peeps-registering-info/ ) – you will now have an option to create a profile and “own” your screen name to some degree. With that ability people should have less issue with “imposters” pretending to be you, or someone you know. This registration system will also create more of a trail for tracking down people like MArk1… If we needed to gain and report additional information about someone like that. This of course means there are additional tracking points with whatever email provider you use to activate a registered account, and your ISP. These things are discussed on the peeps registering info page as well as in the update to the privacy policy mentioned and linked to above.
I am looking into adding encryption options for things around here, and we are also beginning to develop a new type of chat rooms system that is going to open up many more options for people. More on that in a couple months.
I’m also very open to ideas and suggestions. Every day I read comments and reply when they are left in the blog section here. Some people only engage this way on the kicked / banned page, others have found our site suggestions page or other pages where comments are open.
I spent a lot of time listening to people in the chat rooms the past week, and it was suggested that I came into the chats once a month for an open QnA / AMA (ask me anything) kind of thing to engage users in the chat rooms to hear things, so I will do that soon – I’ll post in the blog or peeps section a day and time if anyone wants to make suggestions they can know in advance I guess.
I have been listening to the feedback from people over the years, and try to modify things according to what I see and hear from people. Some things I can do quickly, other things that I want to make happen will take time.
Post Mortem
If you’d like to reminisce a bit about the old chat, there is a post here: The Old Chat Post Mortem (comments about the OC)
If you’d like to read some of the details as reported by various news outlets, a private search at startpage.com will give you many different places that have published varying bits of information about this hack. -> https://startpage.com/do/search?q=staminus+hack+kkk&lui=english
This was a major hack event, and they stole a lot of people’s info. You can see why they brought in the fbi and other forensic investigators to look through the equipment there.
Let this be a lesson to us all. Make a backup of your precious pictures and documents, encrypt that stuff with 7zip or something. And don’t leave that cd / dvd /us drive plugged into your computer.
If you have a router that you connect through to get to the internet (or anyone you know does) make sure the factory default password has been changed on that router. Even if you can’t find the manual, do some searches for your router model, turn off UDP, and change the default password. While your in the router settings, see if there is a firmware update.
If there is not a firmware update, and your router is more than a year old, I would trash it.
I think it’s high time that everyone realizes our data is not safe on computers at all. If you search for news stories about healthcare hacks, the Verizon enterprise super secure client breach, the opm breach, the Jp Morgan hack, Facebook flaws – you will see that the top security companies can not protect the data that we have “at rest” – social network messages and pictures, your yahoo mail, any of this data that is sitting on connected devices – your phone – unless it is encrypted, it’s not safe. Even if it is encrypted, determined hackers may find a way to get the pass codes and get the info.
nash.
will there be or is there now any way to change the registered email address. or password.
seems i may have registered with several different names some of which were simply misspelled but now those email addresses are locked from using them with other user names.. this has forced me to open new additional emails address to register the properly spelled name.. in addition is there away to get which user names i have registered with which address.. as now it seems that even my recorded passwords are not working if i open the page and it logs me in automatically it works but if i log out and do it manually it tells me my PW is wrong??
also this site http://www.sexchatspace.com i cant register on might be my brower but just says unavailable.. hope to hear back from you directly to any of my email addresses or which even one this passes to you on.. thanks
cj – which system are you having this issue with? the ‘new chat / aka peeps cams chat” or the mv chat? or the profiles section(s)?
I will be checking emails here in a bit.
little bit of both but i have to say its confusing the MV, flashy and NEW . since the users are split between all of them now….whats the best way to log in to all of them with ONE un and pw? maybe we start there and it fixes all the other issues i might be having..
I am sorry Nash, but this all BS. You wanted to get rid of the old system because of several reasons. One of the most important reasons has to do with having to register. By registering on the new system, you can garner information on the users that can be useful in a number of obvious ways. While the initial shutdown may have been legitimate, the continued shutdown and the specious reasons for this shutdown. Your die hard (no pun intended) may support you, you are and have lost a lot of your participants. It is your business and you are free to do what you want. I hope you regain your partcipants – but most have moved on. After this message, will I be blocked?
@Steve – No this is not BS – everything written above is pretty much the what and why. The exact days and such may not accurate, but this is what happened.
I will admit that I have planned for some time to have us move over to a new system eventually, for several reasons, but the plan was to slowly bring the new mv chat system into new phases over the summer, and hoped to have things ready for a transition by Halloween. This unfortunate turn of events has obviously sped up that process!
When you say “registering on the new system” I can garner more information on the users that can be useful in a number of ways, that to me sounds like you think it’s for nefarious purpose. Not exactly sure what you reasons or concerns are for that. The registration option does indeed add additional information about people that can be used for things that benefit most of the users, and as I pointed out on the privacy policy update, and the “about registering in the peeps section” – I try to be as clear about that, as well as suggesting things people can do to limit any exposure.
First off, registration is optional, not mandatory. The number one reason that I have been working on a system where people can register is that the old chat had a real problem with a few people who would login as other users and the impostering of many of our users was quite out of hand. Having the registration option is likely to save a lot of headaches for people, and save a lot of drama. For those who did not know that someone was logging in as them when they logged out of the old system – the registration option is saving some of their privacy that they did not consider may have been sacrificed by others using their name. That is something that some have dealt with knowingly, some have had major problems with, and yet I think many probably did not know that a certain person or couple of people were doing quite a lot of that. Certainly some that would use side rooms found the major issue of someone logging in as previous room owner and kicking everyone out, but the amount of this faking other peoples names with nefarious intent was surprising to me when I started looking up issues in the logs.
Also posted in the updated privacy info is mention of using some additional tracking information to stop abusive people like a certain MArk1TdkCnad from being able to abuse our open system. There are other benefits as well outside the chat rooms themselves, friends can find your profile, send offline messages, even make new friends via the profiles section with people who come to the site when you are not in the chat rooms. There are many benefits to registering for the new system that were not options with the old one.
Not sure what else you may be thinking that I want to do with additional info about users. I really go out of my way to limit exposure of user data. Some companies like Google and Facebook build their entire fortunes on the data of it’s users (even those that don’t know they are using google services) – I don’t like the long term profiling that systems like that create. I don’t want people to use their real names, I don’t want people to use their ISP given email addys, I limit cookies, and don’t sell or give away user data to other companies for profit or anything. So I’m not sure what your concern is or what you are inferring about that.
Some companies consider user data and tracking gold, yet there are some groups who realize that user data is a liability. More and more people are coming to this realization.
The continued shut down is for user safety. Maybe you do not understand what i was saying above about things being compromised, maybe you have not thought about the implications of that completely through. Maybe I need to spell out my concerns about that more and it will be easier to understand. I think once people realize that our hardware and the software in our old data could be doing additional logging and tracking by multiple groups of people, without my knowledge, it’s better to keep safer options going forward.
I am aware that we have lost a lot of our previous participants. Certainly I think our systems are awesome, and I want other to be able to enjoy them, and often times “the more the merrier” – however I am thinking that many of people who are choosing not to use our new system are probably people that we were having trouble with terms or rules violations. Maybe some found a better place when we went down. That’s fine and great, I have no desire to try to lock people into using our system here. If people find other places that are better to chat, by all means I expect them to use it. It’s not like I am getting a monthly check from each person who uses the chat rooms.
If people do find a better chat system, I’d love to hear from them what cool features they like so I could consider adding them here, and in future apps that we have started to develop. However I am not going to rush to try to be the next whatsapp. I’m one guy with limited resources, not some billion dollar unicorn team.
I should mention a few other reasons that we started to develop the mv-chat, since some people seem to think opening that and shutting down the OC was some kind of conspiracy. We started developing the mv system some years ago in order to code things that were not possible with the old real chat system. Mobile device functionality, avatars that are not served by third party servers, owned screen names, and encryption, those are the main things that we wanted in our future systems that the old chat could never offer. I tried like hell to get Eugene to recode the old system and these options, I asked him to open source it, I offered at one time a few grand to add some features, and all those things were shot down.
It became obvious to me years ago that we needed to get more mobile / tablet / phone friendly around here, and I began updating things to mesh well with those systems. The old chat system could not do many things that were obviously going to be important issues in the future, so we started working with other systems to get prepared for that. The fact that the OC requires the flashplayer to use is a problem, as less and less people are using it, and there has been a big push to abandon flash completely by several organizations, and for good reasons actually.
No you will not be blocked after this message. It’s very rare that someone would be blocked from messages here, I can only think of two people that have been blocked from messages in the blog section over all these years, and neither was blocked for their first comment. They were only blocked for repeating the same thing over and over even though their issues had been resolved. Maybe there have been some others, those are all I can remember right now.
Is it possible to increase the character limit on new chat? The limitations right now on it are stifling.
@nash: Great job on the old chat! i think it is one of the most beautiful chat systems written. it had the simplicity and yet highly effective to express our creative talents sexually.! Thanks for your efforts! i am sure your next work will be as brilliant as the the one before.
Bene I agree as I previouslu saw this format tbeing used another site and I did not like it all
It looks like. OSC had me spoiled!
Bene I agree as I previously saw this format being used ny another site and I did not like it all. It looks like. OSC had me spoiled!
Nssh, why couldn’t the new chat sitebe similar to the original chat site?
@Eboni – we are working on adapting the mv-chat system to be more similar to the OC. It’s taking longer than expected, but it’s one of the goals.
I actually loved the design of the OC, and re-making it similar in some ways will be small amounts of code, however some of the functions of the OC system, like “actions” are turning out to be a much bigger re-coding project. We are working on these things and a few others to make the mv-system better in the future.
Hey Nash. First of all, thanks for making this fun chat possible.
Could you please be a bit more precise, for people (like me) who are a bit dumb on internet / informatics stuff?
What am I risking, if I’ve been coming in the chat sometimes over the last 4 years, had sometimes really kinky chats, but without any exchange of pictures and personal datas?
I know it is a pretty stupid question, but I’m risking tohat my friends and family will know about my activity in here?
Please give me some clue, and sorry if my questions were stupid. Thanks 🙂
Daniel – I think up above a pointed out specific things that our Oc chat server logged… your ip address, username, rooms you entered, times.. a few basic things. Our oc chat server was never set to make any logs of any of the chat room conversations. If this is a concern to you, and it should be for most people, I suggest you read the information posted on the privacy policy page. There is info there about how to limit various exposure points on the web in general. Terms you don’t understand can be searched via startpage.com for more info.
In some cases, some groups may be able to identify your exact location using an ip address, and if the bill is in your name and you are the only person that lives there, only person that accessing the internet from there, your identity becomes more accurate. Some places combine your ip address history to create profiles and share it with additional third parties that add to that info that is stored about you. So google and it’s double click network may have a good idea of who you are by your IP, and your internet provider likely does. However most people on the internet would not be able to find out much more than the city and country in which you connected to the chat rooms with if they had that information.
Some people’s ISP’s give their customer “dynamically assigned ip addresses” (ones that change every day or hour for example) – and in those cases it becomes much harder to cross reference those things.
Again there is much more info about these things on the privacy policy pages, with references to more information. This comment is a synopsis of things, and certainly not going to be accurate for everyone in the world, and there are other things to consider on top of those – but that’s kind of the gist of what I would explain to a friend who asked something similar and had a few minutes to understand a few things.
Pingback: Old Chat Post Mortem - Sex Chat SexChat Blog