Home | Webstore
Latest News: OOTP 25 Available - FHM 10 Available - OOTP Go! Available

Out of the Park Baseball 25 Buy Now!

  

Go Back   OOTP Developments Forums > Prior Versions of Our Games > Earlier versions of Out of the Park Baseball > Earlier versions of OOTP: Online Leagues > Earlier versions of OOTP: Commissioner's Corner

Earlier versions of OOTP: Commissioner's Corner Want to run an online league? Want to learn about the 'ins' and 'outs' of being a commish? This is the place!

Reply
 
Thread Tools
Old 05-25-2009, 01:29 PM   #1
rasnell
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Location: Frankfort, Kentucky
Posts: 3,738
Hackers win; how to run online without web

After two hacks, many updates and hours lost this holiday, we still are getting a trojan alert on the new, scrubbed clean, freshly installed and updated web site. (EDIT: Once bookmarks were removed and the cache cleared, the new site was fine for the lone GM. However, I'm still looking for options other than a web site).

I've had this league running through nine seasons and have great GMs.

What are the steps to run this league manually, without a web site?

I want to zip the league file and send via email, without ftp or web, etc. Anyone else doing this? Is there a simpler or faster way for owners to get the updated league file without having to unzip and manually overwrite the league file after each sim?

If there is not a manual workaround, I regret to inform my super GMs that my online league experience is going to come to an end because of these hacker attacks through OOTP 9.2.13.
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Find out more about the 1929 World Series in my book, "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See the web site at www.rootforthecubs.com. The book is at http://www.amazon.com/Root-Cubs-Char...t+for+the+cubs.

Beta tester, OOTP 2007-2023 and iOOTP 2011-2014.

Last edited by rasnell; 05-25-2009 at 08:53 PM.
rasnell is offline   Reply With Quote
Old 05-25-2009, 07:03 PM   #2
satchel
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,681
Have you thought about using the web, without using a website? You could use a domain and web access, without using an actual site. Maybe the lack of code, programs, and features on the server would discourage hacking. If there are no HTML or PHP files on your server, that would reduce your vulnerabilities.

You could just email your owners when the new file is available.
__________________
JL Commish
NPBL Rhode Island Reds ’33 ’34 ’35
TCBA San Francisco Railbornes ’74 ’76 ’77 ’78
FL New Orleans Black Sox ’56 ’57 ’58 ’59
satchel is offline   Reply With Quote
Old 05-25-2009, 09:49 PM   #3
kq76
Global Moderator
 
kq76's Avatar
 
Join Date: Nov 2002
Location: Vancouver, Canada
Posts: 10,668
You could use your own computer as an FTP server with a program like Serv-U. Or simpler, you could just make the file into a torrent. I wouldn't bother with email.
kq76 is offline   Reply With Quote
Old 05-26-2009, 05:43 AM   #4
rasnell
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Location: Frankfort, Kentucky
Posts: 3,738
Unfortunately I am one of those customers who doesn't know enough about any of this to look for other options.

I have decided to disband my 16-GM league after nine seasons after two hacks this month, finding something new every day that kept triggering virus warnings for my GMs, going through the multiple steps to assure everything was scrubbed and updated, and reading that I still will not be protected.

I've got to say that I am amused about the computer world where the customer is always blamed for their lack of knowledge. If you had known bugs that persisted with a car, you would call it a lemon. When it involves software, you call it user error or buyer beware.

Today is very disappointing. We had a super league. The web was the best part for writing stories and having fun. But that's the part that's exposing the GMs to risk.

The only fix is to hide the web, league reports and just use the server to secretly move the league file. No fun to me.

I just hope that OOTP realizes this testimonial from someone who loves the game, has been a beta tester for four years and recruited several GMs who had never heard of the game. It all ends today for the online experience.

Speaking bluntly, I am not reassured that Markus and Andreas are now discussing some security options when OOTP 10 is ready for release without the fixes mentioned to a problem that has now existed for two years.
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Find out more about the 1929 World Series in my book, "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See the web site at www.rootforthecubs.com. The book is at http://www.amazon.com/Root-Cubs-Char...t+for+the+cubs.

Beta tester, OOTP 2007-2023 and iOOTP 2011-2014.

Last edited by rasnell; 05-26-2009 at 05:45 AM.
rasnell is offline   Reply With Quote
Old 05-26-2009, 10:33 AM   #5
kcroyalgm
All Star Reserve
 
kcroyalgm's Avatar
 
Join Date: Jun 2007
Posts: 634
Quote:
Originally Posted by rasnell View Post
Speaking bluntly, I am not reassured that Markus and Andreas are now discussing some security options when OOTP 10 is ready for release without the fixes mentioned to a problem that has now existed for two years.
Very sorry to hear about your league.
But I think the OOTP folks can't do much to protect a web site. OOTP does not produce web site software. Web sites are always vulnerable to hacking. That's a sad but true fact. Government sites get hacked. Commercial sites get hacked.
How about moving your site (at a reasonable expense) to allsimbaseball.com? Let them worry about web site security for your league.
kcroyalgm is offline   Reply With Quote
Old 05-26-2009, 11:10 AM   #6
f.montoya
Hall Of Famer
 
f.montoya's Avatar
 
Join Date: Nov 2004
Posts: 6,066
Quote:
Originally Posted by kcroyalgm View Post
Very sorry to hear about your league.
But I think the OOTP folks can't do much to protect a web site. OOTP does not produce web site software. Web sites are always vulnerable to hacking. That's a sad but true fact. Government sites get hacked. Commercial sites get hacked.
How about moving your site (at a reasonable expense) to allsimbaseball.com? Let them worry about web site security for your league.
All true, what you say...and he is already a client of allsimbaseball.com but there is nothing that can be done if the game continues to leave a door wide open. Some of Roger's frustration also is due to his and my AV software weren't picking up on what another GM of his was seeing with his AV software. All AV software is different, but that's a completely different subject that I could go on and on about.

Anyway, cleaning, upgrading and migrating, securing and separating directories, changing passwords, etc, etc. and that other GM of his was still seeing his AV program detect something. Finally finding where it was that the elusive infected file was at seemed to coincide with Roger's threshhold for... well you get the picture.

I don't blame Roger at all for feeling defeated. His site is now clean and the hacker did not succeed in monetizing his work(I could go on and on about this too), but he did succeed in demoralizing a very active commissioner that truly loved his league.
__________________
Fidel Montoya

Asahi2 Baseball ex-Commissioner(Historical League Since 2004)
www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!)
Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required)
f.montoya is offline   Reply With Quote
Old 05-26-2009, 03:40 PM   #7
rasnell
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Location: Frankfort, Kentucky
Posts: 3,738
The biggest factor for me is even after Fidel's nobel and repeated efforts and how much we went through to recover from two hacks in the past month, it's clear that no measure of web security on our end was going to assure safety and security for the GMs because of the known flaws with the way OOTP handles FTP.

I'm disappointed that it has reached this point when online commissioners were reporting problems to Markus and Andreas a year ago and it's not until the eve of release of OOTP X that we now hear the prospect of some fixes.

I have patiently endured the many bugs of online play where the automator never worked and no one could ever answer why, where we had to figure out on our own that you had to turn the schedule grid off for league reports to load correctly, the other lesson that if you did not always include names.dat and retired.dat in your files, some GMs would get missing links or garbled data.

In addition, our league forum was getting spammed so ridiculously that we had to disable it. This was the place for league conversation, trade talks and tips for our new players. We turned that off two months ago because of the outrageous spamming that could never be blocked.

Despite all those glitches, we had tremendous fun and the web site for news and reports was the best. And then it turns out the feature that was the most fun is what led to the hack, the trojan and our downfall as a league.

This was such a great group. It definitely led to new recruits who had never heard of OOTP and it's all gone today for our little ole league.

I'm just one customer, with a few new recruits that I brought along with me, who concede that the hackers won. I don't know what they get out of their malicious sport.
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Find out more about the 1929 World Series in my book, "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See the web site at www.rootforthecubs.com. The book is at http://www.amazon.com/Root-Cubs-Char...t+for+the+cubs.

Beta tester, OOTP 2007-2023 and iOOTP 2011-2014.

Last edited by rasnell; 05-26-2009 at 03:46 PM.
rasnell is offline   Reply With Quote
Old 05-26-2009, 06:26 PM   #8
satchel
Hall Of Famer
 
satchel's Avatar
 
Join Date: Apr 2002
Location: Ft Smith AR
Posts: 2,681
Quote:
Originally Posted by rasnell View Post
...you had to turn the schedule grid off for league reports to load correctly...
I didn't know about this. Does that solve the problem of the faulty automation? Or does this address a different issue?


Quote:
Originally Posted by rasnell View Post
And then it turns out the feature that was the most fun is what led to the hack, the trojan and our downfall as a league.
When you say "the feature that was the most fun," do you mean the general online league aspect?

Quote:
Originally Posted by f.montoya View Post
Finally finding where it was that the elusive infected file was...
Where was it?
satchel is offline   Reply With Quote
Old 05-26-2009, 07:21 PM   #9
f.montoya
Hall Of Famer
 
f.montoya's Avatar
 
Join Date: Nov 2004
Posts: 6,066
Quote:
Originally Posted by satchel View Post



Where was it?
In the "images" folder that got transferred from the old site to the upgraded site. Normally, only images are in there not php or html files, which are usually what get affected.
__________________
Fidel Montoya

Asahi2 Baseball ex-Commissioner(Historical League Since 2004)
www.allsimbaseball.com (OOTP web hosting - Customized sites for online leagues - Sign up, Connect OOTP and Play!)
Share Your Mods - Free, unlimited and easy to upload to share your Mods instantly(free site registration required)
f.montoya is offline   Reply With Quote
Old 05-26-2009, 08:07 PM   #10
rasnell
Hall Of Famer
 
rasnell's Avatar
 
Join Date: Jan 2003
Location: Frankfort, Kentucky
Posts: 3,738
Per your questions, Satchel:
-- At the end of every season, my league reports would not generate and would hang at around the 50 percent mark. It took a lot of brainstorming on the forums until we found that turning the schedule grid off at the end of the season allowed the league reports to generate without a problem.
-- The automator only worked briefly for me and no one was ever able to solve why it hangs at 93 percent. I even let it run all night to see if it would eventually do its job, but that didn't work either.
-- The feature that was the most fun for me was writing the stories for the web pages and the interaction with GMs on the forum. We had so many spammers every day on the forum that we turned it off a month ago. The web page is what was infiltrated, generating a trojan warning for two GMs, despite many separate attempts by Fidel to resolve.
-- I am confident that Fidel diligently resolved everything that he could with his great service, but he is only 50 percent of the security issue. I have no confidence in what I've read from you about the other 50 percent where OOTP has left the doors open. I would rather be safe than sorry with the GMs and was only 50 percent sure that we'd be OK.
-- More importantly, my patience and having to deal with this finally hit the point of no return today.
-- I hope to return months or a year from now when true security fixes are part of a v9 patch and OOTP X.
__________________
Charlie Root won more games for the Cubs than any pitcher (201), yet was remembered for one pitch to Babe Ruth. Find out more about the 1929 World Series in my book, "Root for the Cubs: Charlie Root and the 1929 Chicago Cubs." See the web site at www.rootforthecubs.com. The book is at http://www.amazon.com/Root-Cubs-Char...t+for+the+cubs.

Beta tester, OOTP 2007-2023 and iOOTP 2011-2014.
rasnell is offline   Reply With Quote
Old 06-06-2009, 02:40 PM   #11
john1974
Major Leagues
 
Join Date: Sep 2004
Posts: 304
Did you use a PHPnuke site?

As a website designer this happens alot on many types of sites. What I did for my league was move it all to a online forums like proboards.com

keeps thats stuff away, although its alittle plain looking though.
john1974 is offline   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:53 AM.

 

Major League and Minor League Baseball trademarks and copyrights are used with permission of Major League Baseball. Visit MLB.com and MiLB.com.

Officially Licensed Product Β– MLB Players, Inc.

Out of the Park Baseball is a registered trademark of Out of the Park Developments GmbH & Co. KG

Google Play is a trademark of Google Inc.

Apple, iPhone, iPod touch and iPad are trademarks of Apple Inc., registered in the U.S. and other countries.

COPYRIGHT © 2023 OUT OF THE PARK DEVELOPMENTS. ALL RIGHTS RESERVED.

 

Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Copyright © 2020 Out of the Park Developments