Gfy(lite) A Solution to the search feature.
 

It seems strange that gfy cannot keep its search feature working very long. The board is huge and it obviously uses alot of resources to keep it backed up, but i think it should be easier once you upgrade the script, ( and im not sure what is holding you back )

With the enormous amount of webmasters on this board, im sure someone can help gfy get things fixed.

I have created a simple app that checks gfy on a timer for the latest 50 threads. It displays the top 50 threads in a small window. You can set triggers for certain words you may wish to track in a thread title. When it detects a thread to be tracked it pops up a window with an internal browser to view and respond to the thread.

Very usefull for going to sleep and waking up to find your tracked threads waiting for you to respond.

When i initially made this program i added alot of features that i have since disabled , due to the negative effect it could have on gfy.

--- An Autoresponder for threads ( this could be abused )
--- Tracking by post not just by thread title ( this uses up mega gfy resources , but im working on a simpler version )
--- A login structure ( not sure if lens would like this or if many would trust this )

I dont want to release this program if gfy is completely opposed to the idea, or if gfy plans to upgrade anytime in the near future..

Any other features that you would like to see, please respond.

Some important notes...

GFY LOGIN SCRIPT IS UNSECURE !!!
GFY PROFILES ARE UNSECURE !!!

When running a program i designed to check my own board for vulnerable passwords, i found THOUSANDS of vulnerable passwords on gfy.

Because i dont have access to the gfy admin account ( cough cough ) it is not capable of informing users by email to change their passwords. But if lens ( or another gfy employee ) would simply run this program you could save yourself some future problems...

whats a working search url worth to you :Graucho

YOOU ROCK

I dont need it i have my own :)

I will click your sig 10 times.

several clicks on the website in your profile.

If you have it, please ICQ me.

5 000 $

:1orglaugh :1orglaugh :1orglaugh

sup smoke dog

Smokey,

I know what is holding them back. Lensman doesn't give a fuck. That's why this place sucks a hairy ball sack lately.

True :(

Lens has alot on his plate.

That being said, gfy will have some bad days soon if something is not done.

If i can use admin feature then eventually someone without ethics will use it and fuck up gfy. Its as simple as that.

I found an unlocked door in the back of the gfy bank vault. Eventually someone else will notice the door is open as well.

So what? This place has about 40 advertisers paying 3 grand a month

Dont fucking tell me they cant fire some fag intern to moderate this board. They could hire a fulltime employee JUST on what we pay in advertising on this board.

He doesnt care, because the more threads like this that happen = more pageviews = more $.

It's a horrible way to run a business.

smokey

stop babbling and give us the search :bowdown

I hope the GFY search has been down for these past months because it increases page views and post counts to have it down (by forcing people to start new threads and ask questions they would rather search for).


At least that would be strategic.

I agree, but if every gfy user lost his name in 1 day , guess how many pageviews gfy gets.. ( well a bunch at first , but )

And its got holes right now that would allow exactly that.

And disappointing if true.

goatse is nothing compared to gfy

So do it Smoke. Maybe something will get done. Only time changes are made here is when you fuck with the board. You're the catalyst we all need and love. :)

Log in and set everyones post count to 0

that would be funny

That would push a few people to suicide.

Do ya blame vBulletin for the security issues or adult.com for setup of servers and the program?

lol ... smokey is pseudo. he's all mouth and no action.

i bet he can not even bypass a javascript login protection.

But just temporary :feels-hot :Graucho :winkwink: :thumbsup

No way jose.. :)

I can advise someone for lensman to contact to fix the problems, but...

I like gfy and i dont think you could reverse the changes if you fucked it up like that, it would cause chaos. If i thought gfy could just rollback to yesterday maybe i would explain the problems in detail and let someone else exploit them ,but i dont htink thats possible

they arent using the latest version of vbulletin so i dont blame vbulletin i blame apathy

Translation:

i talk only shit. i have no hacking skills. i have not found any holes in gfy. heck, i don't even know how to bypass javascript login protections.

No idea what smokey is talking about, but I'm guessing he just knows the history of security fixes to VB 2.x and has checked to see which ones have not been patched here @ GFY.

Figuring GFY is probably a pretty standard out of the box VB 2.x install (maybe with a little clustering going on)... well... lets just say that VB is so widely used, that when bugs are found, patches/fixes are made available pretty quickly.

But it's still up to the individual forum admins to install them.

you got me .. :1orglaugh

Umm yah, did i claim anything different ??

I RUN A VB FORUM !! yes i know some of the patches. Thats kind of the point if you missed it.

GFY is very very popular thats the problem. If it were a small forum it wouldn't be hard to fix and it wouldnt even be much of a concern. But gfy is huge. I dont charge 5k for adspace either lol

I'm not trying to claim i'm some fucking god , i'm saying

HEY THE BACKDOOR TO THE VAULT IS OPEN. CLOSE IT

Announcement:

Smokey is selling GFY adspace 20% cheaper than Lensman

you're wrong.

everything he's saying he can do, it's possible. a lot of the things have already been done in fact. he's already done a few things himself.

*blushes.. i did not...

Turn on your icq for a sec.

Don't get me wrong Smokey... I was just adding my 2 cents & commenting on why such security issues would exist within this application.

I wasn't trying to make light of what you said/or know at all. I know you know more than the average bear :winkwink:

yup . 90% of the issues can be found in one way or another on the vb site

lol..

He said gfylite.

I'm not at home right now... I'm celebrating my girlfriend's bday :)

Hit me up tomorrow, or email me: psyko514(at)gmail.com

:thumbsup

All I can say is that if I was in the position that Lens is in with this place... I would make damn sure the VB shit was constnatly in check security wise - with a few other security provisions made to the web servers, db server, and the network - just in case something were to ever slip by.

I think that wheh you have a money maker such as GFY you shlould give it a little more attention. But then some people still have it in their heads, not to finx thinga that aint broke. At least it aint broke in their eyes.

Banners still show, a threads are added, and responses are added.

You're celebrating her b-day and still posting here? LOL :glugglug

Back in the day I was a software engineer, at a search engine company. Search is hard on large sets of data.

I don't know anything about vBulliten or whatever this site runs on, but I'll bet a dollar that the searches are just standard PHP scripts querying a SQL database. You aren't going to make that scale without some serious hardware. It's the wrong way to go. Way too much data gets pushed through this board.

If anyone here actually has the authority to try and fix search, I'd be willing to give some advice and maybe try to put some software up.

Don't waste your time writing another PHP script.. it's not gonna work. If you REALLY want to fix search, either use this:

http://jakarta.apache.org/lucene/docs/index.html

Or hell, you could probably rig up Google Desktop Search to scan the pages if you exported them to text :) That would be a total hack, but it would be a lot faster than a SQL query!

(Ok, don't really do that... Use Lucene.. it's the only way to fly).

Or, hire me! I'll make it work for 10k :)

:helpme


Search functions in VB has been streamlined for some time. Sites as big as GFY with a large base of tech savvy users should also make other provisions to protect themselves against DOS attacks on more resource intensive operations.

This isn't really a problem with VB, PHP/MySQL or even the size of GFY's archive... for the amount of money the place brings in, it could be easily resolved within a few days (with the right tech people of course).

But the first thing to do, as Smokey suggeted, would be to bring the scripts up to date security wise (and no, this doesn't mean go to VB3.x)

If it were me and the archive was as large as GFY's... I might make sure that searching & general forum use were completely independent on the backend.

That way if some fucker wants to attack the board via search... fine.. but you're only going to cripple the search feature during your attack - not the whole board.

Many other combinations of software an and networking things could be done as well. But whatever.

Sure.

I wasn't suggesting a solution to the DOS problem.. A seperate set of boxes is the way to fly for that.

I was addressing the problem that search is slow as balls when it DOES work , which is because the way searches are run is inefficient. (this makes it easier to DOS too)

Fast search at a minimum requires reverse indexes, which is the opposite of what SQL does.. (short explanation: normal SQL search would scan each post for the word "dog", causing every post to be read during a search... a reverse index would build an index of each word.. so when you search for dog it would just go look up that word in the hash, and return all the pages in the index)


Or are you saying that this stuff is taken care of already by the vBulliten search if GFY just configured it properly?

there is a hack for this board that disables the search feature when it is under too much load or too many people are using it

also new versions of this board have better indexing and thread searching the problem could be easily soved

Smokey, Do you consult? Rates?

I'm pretty sure there were some imvprovemtns recently to the way the search function works in VB.

They might only apply for VB3.x though.

I have already given a (possible) solution. No bullshit...straight technical fix.

http://www.gofuckyourself.com/showth...adid=373026&s=

FreeBSD needs to be configured for better MySQL performance. Do this and late VB releases..and easy as that.

... funny all this shit coming from the c unt that refbombed jayxxx !!!

Both, plus PHP's documentation regaridng sessions.
vBulletin patched up some of the major issues in a way that
at least makes it harder to exploit, if you use the default settings.
The admin for the relevant settings don't mention that
by changing the settings you open yourself wide open
to easy attacks where the attacker can take over the admin account.
Just to demonstrate, I did just that on another major webmaster board.
I made a post that when read by the forum admin
gave me admin privileges.
Lens should have this shit fixed, that's on him.
But on the other hand he probably has as hard a time as
anyone else finding qualified programmers who know shit
about security, search, or relational database.

I very respectfully disagree a little, perhaps, with colpanic.
If not with what he said, with what he implied.
SQL products such as MySQL can certainly do full text
searches of large datasets very quickly,
but the database needs to be set up right to do that.
MySQL provides a totally transparent "fulltext" index that
would go a LONG way in that respect.
Then certain other columns that are not indexed
by default in VB need simple indexes.
I would suggest that the MySQL code, with the appropriate
idexes and all, would be a lot faster then the Java ( :( :1orglaugh )
solution he mentioned.

Now if Lens paid us each a couple hundred bucks, as a team
we could have it working nicely very quickly. :)

From http://www.gofuckyourself.com/gfy_faqs.html

4. GFY Haters... If you are a GFY Hater, don't go away mad, just go away. You want to hate on GFY, go do it somewhere else. Plain and simple

We'll all be happy to see you gone.