Everyone is not. Mine are processing out of order.
Upload #1650 is still pending after an hour and half, but uploads #1662 and #1689 have completed after an hour of waiting.
Posted under General
lastsinz said:
Hm, my uploads can't go through, but it looks like everyone else is uploading happily. Is it a problem on my side?
I don't think so. Look here:
http://danbooru.donmai.us/uploads/
All but one upload in the last hour are still pending. The one that is completed (post #1363478) was uploaded an hour ago and finished 8 minutes ago. And there are some uploads from 2 hours ago that are still pending. Looks like a problem.
The new upload queue is hell on earth. The pictures hang in there for hours and get uploaded multiple times because IQDB doesn't find them and they are not uploaded yet (lol).
Edit: Also you can't add more tags until the uploads are finally processed when you're either already asleep or forgot all about it.
This will become a problem because when I create a new artist tag, I immediately update it to make it active for future uploads. With this queue system, I'm going to forget doing that and cause future frustration.
The old upload system was way more efficient. Even if it was one at a time, the uploads happened so quickly that it didn't matter to me.
Type-kun said:
@Schrobby:Unless it's a joke, we might start to panic about security breach.
Oh great. No, that's not a joke. I'll change my password right away.
Edit: Done. I had quite a good password, BTW, a longer random combination of characters, numbers and special characters. So yeah, it's time to panic now. I suggest everyone changes their passwords regularly until this is sorted out.
Edit: I also deleted that post.
Updated
Schrobby said:
Type-kun said:
@Schrobby:Unless it's a joke, we might start to panic about security breach.
Oh great. No, that's not a joke. I'll change my password right away.
Edit: Done. I had quite a good password, BTW, a longer random combination of characters, numbers and special characters. So yeah, it's time to panic now. I suggest everyone changes their passwords regularly until this is sorted out.
Edit: I also deleted that post.
Wait, what's the issue that we need to change our passwords?
Can you tell me what the comment said? Was it just spam? You shouldn't have deleted it so I could at least try to figure out who edited it.
Is this happening with anyone else? It could just be a case of someone hijacking your cookie. It could also be a mod or janitor account that got hacked, although I assume they would leave more damage.
Zekana said:
Wait, what's the issue that we need to change our passwords?
Some bot-advertising shit from his account. In a form of both a comment and a flag. post #140982
Edit:
@albert: The comment had the exact same text the flag has.
albert said:
Can you tell me what the comment said? Was it just spam? You shouldn't have deleted it so I could at least try to figure out who edited it.Is this happening with anyone else? It could just be a case of someone hijacking your cookie. It could also be a mod or janitor account that got hacked, although I assume they would leave more damage.
A GitHub issue with more details was posted: https://github.com/r888888888/danbooru/issues/468
I don't think it's a server breach for the following reasons:
There was a major security vulnerability in Rails awhile back, but I patched this site within a week. This current version is running the most recent versions of everything.
It's possible a malicious hacker is just lying dormant, but using Schrobby's account to spam a comment seems like a poor use for it.
I assume his session cookie, or a janitor/mod/admin's cookie, was hijacked. This may indicate some sort of JavaScript vulnerability, but I'm going to need more instances of this happening before I can detect a pattern.
If this happens again, please leave the comment alone and let me know. This thread is getting too unwieldy for me to scan often, but I should be quick to respond to email or Github issues.
Regarding this thread:
My primary focus right now is to fix critical bugs so mostly I am responding to issues in Github as they come in. This thread has a lot of noise in it so it's difficult for me to keep up to date. If you feel an issue is critical, please either create an issue ticket on Github, send me an email, or send me a private dmail on the site.
Regarding the upload queue:
Okay you guys win. I have enough problems as is and it's clear I need better monitoring tools before I can make the queuing system work smoothly. I'll revert to synchronous uploads today.
Schrobby said:
Edit: I also deleted that post.
before it was deleted, i voted it down, didn't realize it was a spam. additionally, the comments section doesn't appear to display voted down comments and how many of them. when i clicked the post (post #140982), it still display the voted down comment, no notification of how many comments are hidden. my threshold is default value of 0 btw. (related: forum_posts #84554 )
Updated
albert said:
- A few months ago I upgraded to the most recent version of Debian Squeeze
Are security auto-updates turned on? I have Squeeze as my main OS at work, and it updates on nearly daily basis, and while most updates are minor fixes, I definitely see some serious stuff like ssl/ssh in there, from time to time.
But yes, luckily, Danbooru doesn't store any sensitive info, so it can be targeted only for large user traffic. Luckily, script injections should be impossible thanks to opensource/Git synchronization.
albert said:
If this happens again, please leave the comment alone and let me know. This thread is getting too unwieldy for me to scan often, but I should be quick to respond to email or Github issues.
Albert I am wondering if it was the name change bug from testbooru creeping up again?
The one where you could change your name to visually appear to be anyone else but not gain access directly to their account (ie no mod powers or such)
Siegmund said:
Albert I am wondering if it was the name change bug from testbooru creeping up again?
The one where you could change your name to visually appear to be anyone else but not gain access directly to their account (ie no mod powers or such)
No, this is different. The user name linked to my profile.
deaththekidd0 said:
when i add stuff to my favorites it dont work why is that 0.0
Regular members now have a limit of 4000 favorites. See here: http://danbooru.donmai.us/users/upgrade_information
You already have 6066 favorites.