[thelist] phpBB hacked and Crystal Tech isn't being very helpful

Joel D Canfield Joel at BizBa6.com
Sat Mar 28 00:54:04 CDT 2009

> and then blame the host for not being so keen to help you track down
> by
> all accounts sounds like something you could/should have prevented
> yourself
> (from their point of view)

well, they haven't even clearly stated a point of view, other than to
point me to outdated exploits and recommend upgrading (yes, I'm on 3.0.2
and there's a 3.0.4 out), and suggest that perhaps I've shared my ftp
passwords with someone unsavory and forgotten about it. after much
pushing from me, they've done enough checking on the server logs to rule
out the possibility of my accounts being compromised and causing this

since it's code they recommend, I assumed they had *some* level of trust
in it. I mean, really, if I said "if you bought a hammer at Bob's
Hammers, you could hit that thing right there." and you did, and it
broke, would we still be friends if all I said was "Huh. Not my fault;
you hit it." Especially if you were paying me to rent whatever it was
we're pounding on with said hammer?

> if you move this app to another host, and it gets hacked again, will
> blame the new host?

well, the new host is gonna be someone who provides server admin, not
just space and bandwidth rental. if they recommend an app and it's a
buggy piece of crap, yes, I'm going to blame them. I'm paying them,
ostensibly, because they're experts.

I need a host who won't recommend an app this obviously buggy. yeah, I
could do the research. I don't want to. I wanna pay someone who's good
at it to do that part, and let me focus on what I'm good at. just like
I've reached the point that I don't care how my car runs; if it breaks,
I'm not gonna fix it. there are experts who do that. I expect the
mechanic to put a sticker in the window to tell me when the oil should
be changed, and inspect things when I come in for a checkup. Yeah, if I
hear a strange noise I'm gonna check it out, but I'm not crawling under
there every weekend just for fun.

I think the days are long gone when every web developer needs to be a
server admin too. And yet, unless my hosting service is going to take
some responsibility for their recommendations, I'm going to have to know
more than they do. 

and, of course, you know I was referencing you as a respected authority,
not a dupe; as in "Sheesh, if rudy said it was good, I knew it was

yeah; you knew that.


More information about the thelist mailing list