Invision Power Board 2.1.6 is a security release.

It is not clear if this patch will solve the spam problems we've been having. Please let me know if you encounter any spam posts... They look like they're filled with garbage characters. Thanks to those Apples who have been letting me know when they spot 'em.

EDIT: Based on what I'm reading on the Invision boards, it looks like this version (2.1.6) is not vulnerable to these attacks. In fact, one of the members of that board said that since installing 2.1.6 he hasn't seen any of the "justxpl" messages. I am hopeful that the problem disappears here too.

ANOTHER EDIT: I did a more thorough security sweep and found that malicious files had, in fact, been uploaded to the site on May 15, 2006 (beware the ides of May?). I am currently investigating if these files were activated or not -- it does not appear that they were, so the bomb was in place but did not detonate. I am removing the malicious files from the server.

A THIRD EDIT: I've enabled an advanced security system at the front-end of the forum. When a new user is registering for the Orchard, they must type in a randomly-generated code to complete their registration. This is to defeat automated registration programs that are likely being used by these spammers.

I applied this patch this afternoon. The Orchard was unavailable for about 15 minutes to allow for the patch. Please let me know if you spot anything that doesn't work after this upgrade.

Drew, that post was as good as any episode of 24! Keep up the good work agent Vogel.

drew, you're the best. (well, i guess you already knew that since you are the one that told me )

that's a darn lie. i told you.

drew.

Thanks Drew! When I saw that post from "god," I feared the end must be near.

Here! Here!

Thanks Drew for your work on this. It is nice to know the orchard is no longer in danger of turning into applesauce.

Thanks, Drew.

You're our hero!

We should declare May 31st to be "Drew rocks Day."

I like the sound of that.

Only 364 days until we celebrate it next.

I asked the manufacturer of our forum software to do an informal security audit of the forum, which they have completed. They've given us a clean bill of health.

While they cannot guarantee security (they're not a security company, after all), their opinion of the security of the forum makes me feel comfortable that any security holes are likely closed.

Still, if you see anything strange, please let me know at once!

On a side note, for those of you that might have need of a forum, I very highly recommend Invision Power Board. It's the most full-featured forum I've found, and offers the best support, as evidenced by their willingness to check out the forum.

Drew Vogel: Not Only The Drew™, But Also The Man™.

warning...invader...hull breach in section "movies"... 6-6-06 fast approaches... one more day...it's been nice knowing you all...Dan Brown is writing furiously as we speak...if we're still here on wednesday, I'm gonna buy a t-shirt "I survived..." or something inane like that... but with the return of justxpl it's not looking good...he slipped through our defenses like it was so much child's play. hold me, drew, I'm scared...

This is sort of like an episode of 24, but I'm one of the citizen's living in the city unaware that anything is going wrong. In fact, I figured "justxpl" was just some hip new cyber-speak I wasn't in on.



Thanks again for saving the day, The Drew.

Ah nice to see hexakosioihexekontahexaphobia alive and well. Even though there is great argument that it is 616. So if that were the case, then we already passed it and the world didn't fall into the eternal flames of hell. Or maybe it did and we are all just not aware of this fact.

Unnnm, yeah, I am totally off topic here. I guess I just wanted to use the word "hexakosioihexekontahexaphobia."