WordPress › Support Tag: WP-Live-Chat

WordPress › Support Tag: WP-Live-Chat http://wordpress.org/support/ WordPress › Support Tag: WP-Live-Chat en Tue, 24 Nov 2009 05:25:51 +0000 BondageRadio on "WP-Live-Chat" http://wordpress.org/support/topic/163630#post-740413 Tue, 22 Apr 2008 02:08:22 +0000 BondageRadio 740413@http://wordpress.org/support/ Or you could wait till the web host replaces the dead blade in the server. This plugin is a wordpress front end for the well known CGI:IRC chat client, the only information exchanged between the server and the plugin is user name, referring page and desired channel to join. We have now added the capability of staying AWAY from the Adult server and connecting to freenode.net (the same irc server Automatic uses for their chat rooms) The CGI application does still run on our servers but this can be changed by a simple code change to point the plugin at your own CGI:IRC installation and interface. The code for the proprietary interface is not included in the plugin package, it is however maintained on our server as a courtesy. MOST hosts see connecting to IRC as an additional service for which they charge extra, or as a TOS violation due to the proliferation of file sharing bots passing out warez and pr0n, so installing the CGI on your own host may result in issues. The plugin *WAS* distributed as *T-Shirt Ware* but no one seemed to like the idea that you actually got something BESIDES free software for your donation. Instead a single button sized advertisement was included in the CGI, and the donate link points to our Project Wonderful location to purchase Ad Space in the chat window, for $1 a day. Otto42 on "WP-Live-Chat" http://wordpress.org/support/topic/163630#post-715932 Fri, 28 Mar 2008 19:47:29 +0000 Otto42 715932@http://wordpress.org/support/ The plugin not working anymore is a valid concern. You can report that problem here: <a href="http://wordpress.org/report-bugs/" rel="nofollow">http://wordpress.org/report-bugs/</a> mikehelms on "WP-Live-Chat" http://wordpress.org/support/topic/163630#post-715912 Fri, 28 Mar 2008 19:22:43 +0000 mikehelms 715912@http://wordpress.org/support/ Kalessin, I agree with your points, but there's not a lot of server heavy-lifting to do with a chat client. The data being stored is textual - and even if files were being swapped, they could simply be stored as blobs. Nothing that a barebones Wordpress-capable server couldn't handle. The server that this plugin references isn't even active; ergo, the plugin doesn't work. I still believe that this plugin should be removed. Kalessin on "WP-Live-Chat" http://wordpress.org/support/topic/163630#post-714977 Thu, 27 Mar 2008 08:26:27 +0000 Kalessin 714977@http://wordpress.org/support/ There are various reasons for interacting with an external server, such as a requirement for executable code which would be too much hassle for the average WordPress user to install. There is a plugin which creates PDFs of WordPress content which uses its own servers to do the grunt work. The WP-Live-Chat plugin seems fairly upfront about where the code is and its NSFW status in the accompanying readme. I would suggest that it's up to the individual whether they want to trust this particular site with which to exchange data. I personally would not, given some tactics in use by other porn sites. My biggest concern is that the plugin is described as a "mIRC web client" when presumably they mean "IRC web client". mIRC being the name of a popular Windows IRC client. I assume this is an honest mistake, not an attempt to capitalize on someone else's good name. mikehelms on "WP-Live-Chat" http://wordpress.org/support/topic/163630#post-714872 Thu, 27 Mar 2008 02:04:01 +0000 mikehelms 714872@http://wordpress.org/support/ Hello everyone, I took a look at the code for the WP-Live-Chat plugin, and it appears to be fronting data on a porn server. There's absolutely no reason that data for a plugin should be hosted externally; security concerns notwithstanding, it's certainly not the kind of development ethic we'd probably want to see in the Wordpress community. Not sure how I would go about "petitioning" for this plugin to be removed. Cheers, -- Mike BondageRadio on "DDoS Attacks Take Our Site Down - The Whole Story" http://wordpress.org/support/topic/148253#post-665184 Thu, 20 Dec 2007 20:39:31 +0000 BondageRadio 665184@http://wordpress.org/support/ I was deliberately vague on my connection information, I'll admit that much. As for contacting my providers, it was they who first notified me about the DDoS attack on the chat server, by telephone. When the notice/warning/threat had come in, I was asleep ... the attack started at 1 am. Back Tracking the information and compiling it for whomever would listen I found out all I could about the kid who made the threat and his server and his host's information. I would publish that info here, but most would say that's just bad taste. When I could not get through to his host on their contact form or their help chat, or even the phone number they have listed on their site and in their domain whois, I found out a little more about what was going on. It turns out that the address they list as their address in the whois information reaches back to an empty parking lot (Google Maps Lookup, satalite view) in IL. A reverse phone number lookup revealed that the toll free number they published several places, including on their domain whois, network node info and on their website, dials through to a Urologists Office in California. One section of their site, reveals that for $150/month this same network provider will offer you protection against DDoS attacks, even if you are not on their network. (How exactly does THAT work again? Protect me from attacks by NOT attacking Me.) The next step was going up the network food chain to both Above.net and Level3.com to gain access to their Abuse and or Technical contact information. Find a published phone number, e-mail address, or contact form to fill out, when you are under DDoS assault. Try... please... I finally wrote to every e-mail address I could find published on their site (mostly sales) until I got to one sales person with an email-auto-responder that listed his Home number... I called him at home (I could hear his kids in the background) and he directed me to the VP of Network Operations, and gave me the unlisted numbers to both tech support and his direct line. (Tech Support?... unlisted?... what?) As soon as I got this information I called, it was 6PM and he was going out the door, done for the day. I talked with him for 2 hours and then he finally said "Oh!!! Distributed Denial of Service... wow, those are tough to track down." (Vice President Of Network Opperations? Who did you sleep with?) I wanted to kill some one. Long story shorter... a week later I'm still getting hammered and then the hacker pointed at my main SQL server. 48 MILLION HITS in 4 HOURS I don't care what network or firewall you have... your site is going down. 3 million hits in a day is a SLOW day for most sites with a pr 5 or better. I'm a pr 3 site... 5000 hits in a day is average. I pointed at the FBI because I didn't want my servers CATCHING FIRE. I hid behind the guys with the guns and badges, and where with all to make headway against that kind of assault. And... I checked... The Local Tampa office of the FBI still hasen't gotten the complaint yet... no one called... and no, it's not a crime to direct my DNS names to their IP addresses... so long as I don't mind my visitors seeing their website. So, it turns out, the phone call I got was a Social Engineering Hack, to get my DNS off the FBI IP's, till the order to halt the attack propagated through their bot net. Tampa Office is looking forward to reviewing the complaint. -Still PO'd- theapparatus on "DDoS Attacks Take Our Site Down - The Whole Story" http://wordpress.org/support/topic/148253#post-664704 Wed, 19 Dec 2007 21:06:39 +0000 theapparatus 664704@http://wordpress.org/support/ I've been thinking about a reply to your original post for most of the day but, without knowing the physical aspects of your account and your host, it comes down to me with you having a rather bad host. Granted I don't know what your setup was but to me, it really sounds like your host didn't have enough security measures in place. I know a strong firewall isn't a cureall but we run a wonderful pair of Intel routers on our racks and yesterday they blocked well over 3 million bad connections. Granted 1.4 million were in spam alone but those boxes are a lifesaver. We don't have DDoS attacks and, yes, we've been targeted a number of times. You never mention contacting your host which for us would have been the first step. Again, not knowing the specifics to your attack, most DDoS attacks we've seen follow some sort of pattern that we've in the past have been able to come up with a filter to block them at the routers. Heck, we've blocked some attacks simply by changing some IP addresses around. And I've got to agree: Forwarding on attacks to the FBI website was just dumb. You've now admitted publicly and for the record that you yourself have assocatied yourself with an attack onto their servers. Congrats, you just admitted to a felony. (Adding a modlook at this. Maybe the mods will be nice enough to edit out this thread.) And anyone who is familiar with IRC knows that there's a lot of trouble with running a server on an IRC network. You need someone in there and watching over the server 24/7 to prevent stuff like this. Again, I'm not aware of everything that occured but I've got to admit, it really sounds like you went the wrong way on this. BondageRadio on "DDoS Attacks Take Our Site Down - The Whole Story" http://wordpress.org/support/topic/148253#post-664683 Wed, 19 Dec 2007 20:50:23 +0000 BondageRadio 664683@http://wordpress.org/support/ In a direct response to our 'Concerns' about DDoS 'Issues', The FBI and their Internet Crimes Unit contacted me by telephone to tell me they will 'Look Into' the issue. However, My directing the attackers AT their computer system 'May be construed as an Assault on the Federal Government' They recommended that I return the IP addresses to normal and log all connections. I simply responded "No problem, in the mean time, I want to see a log of every shooting victim in the DC area, with date and time of impact for every bullet. I'll get around to capturing the shooters after I see the logs.." and then I hung up. Our Tax Dollars at work. BondageRadio on "DDoS Attacks Take Our Site Down - The Whole Story" http://wordpress.org/support/topic/148253#post-664535 Wed, 19 Dec 2007 15:54:42 +0000 BondageRadio 664535@http://wordpress.org/support/ Several days ago our Host Site was completely demolished by a DDoS attack against our SQL server and several other servers on our network. We know who the Attacker is, oddly enough because they were braggadocios enough to come in and announce themselves BEFORE the attack. They suggested that we switch from a simple home hosted server for our chat, to a paid server with better protection. Interestingly enough, they just happen to have access to a paid host, who specializes in IRC hosting, and even offers 'PROTECTION' from DDoS attacks. When the attack took place exactly as threatened a short time later, we reported the offender and his company to the company's service providers, Level3.com and Above.net (which was no easy chore seeing as no direct abuse line or contact phone number was listed anywhere). They said they would "Look into it", while we attempted to switch servers for our chat services. Apparently, during the week long wait for the attack to stop, a copy of our report made it back to the attacker, who upscaled the attack to a full blown assault on our site and SQL server. This time the report was sent to the FBI's Internet Crime Unit. While we waited for more 'Nothing' to happen we again attempted to switch server locations. This time the attack followed the DNS move, we could not get away so easily. Finally, during a 'low tide' in the ongoing attack, we redirected all of our domain names to a single IP at the FBI's Internet Crimes Unit. Still, nothing has happened, but we are able to get our message out from our home connections, to let all of you know why we are down, and why our site redirects to the FBI. If Loss of our wp-live-chat plugin function on your wordpress blog has caused you any problems what so ever, you are ENCOURAGED to fill out the complaint form that you are directed to when using older versions of our plugin, or the form presented when you visit our homepage. Please fill it out using the information on Mr. K. Hall, as presented in the FAQ in the plugins repository here. -OPOPC- (One PO'd Plugin Coder) BondageRadio on "WP-Live-Chat (T-Shirt Ware)" http://wordpress.org/support/topic/145764#post-656147 Fri, 30 Nov 2007 18:22:26 +0000 BondageRadio 656147@http://wordpress.org/support/ First: as the plugin author, I have never used the SVN before, so bare with me as I struggle through using it to keep things up to date. I can NOT stress this enough... WP-LIVE-CHAT is ALPHA Software... I'm working in my spare time, like most of the other authors here, so if I don't reply to your questions in the demo chat room <Mezentius>, please don't think I'm ignoring you. Yes, the plugin home page is an ADULT site... and the chat rooms on the ADULT SERVER are geared for a MATURE crowd, but there is nothing saying that a blog, by an adult, can not be hosted on an adult server, and the users be Mature. This would not be a good plugin for say, 'Billy's Birthday Blog', unless of course 'Billy' was over 18. <code>/* it wouldn't hurt if she was cute, too. */</code> This is a good plugin for other types of blogs however, Political Blogs, Sports Fan Blogs, RPG and Clan Blogs, Tech Support Blogs, or just as a Help Chat for plugin support issues on other plugins. I will not be releasing a NON-Adult-Server version, or a version that will work with YOUR IRC server. I run my server with a very relaxed TOS, and I'd like to see it grow before I add to my competitor's servers. I will however encourage anyone who wants to, to create their own version, and will even host updated user submitted, TOS compliant, versions under the same SVN location.