Site Updates (Site News)

A couple of weeks ago, details of a serious security vulnerability in the the Drupal CMS which the site is based on were published.

All fixed, with no impact other than that I took the site off-line for a few days to avoid any possible risk of intrusion while waiting for the relevant security fixes to become available. If you noticed a "site under maintenance" page showing from early evening on Mar-28, this was the reason.

Kind regards,

Andy

Hopefully you didn't notice, but a few days ago I moved the chat and www sites to a new server. There was a very small amount of downtime, about 15 minutes I believe, when the sites would have been inaccessible. There were also a few days where notification emails were not being sent out regularly.

Changes

• We are now hosted by digitalocean.com at their UK data centre.
• Pretty much everything should work exactly as before. A couple of minor exceptions:
  • Emails sent to you by the subscriptions system and other automated emails from the site such as a password recovery email will now show the from address support(?)netgenius [dot] co [dot] uk.
  • The www site front-page has changed, now missing the image "slide-show". This is due to a bug in the original design which causes an incompatibility with the newer version of PHP which we are now using.

The main reason for this move is to make the site easier to manage. I also expect the site to be generally faster than before, and it certainly seems that way to me.

Regards to everybody,

Andy (ng)

Updated to Drupal 6.37 (security update) and latest versions of all modules.

Updated the sites (chat and www) to Drupal V6.33 (security update). As I've said before, that's about as exciting as having your car serviced. Further information here.

De-activated cookie message (no change to cookie policy).

• Installed Drupal core and modules security and bug-fix releases. We are now running Drupal 6.31,

Next service due at 150,000 miles :)

Technical stuff for my reference:

Backups taken prior to upgrades (drush ard)

Chat site

backup saved in
/root/drush-backups/archive-dump/20140616174449/ksfiomdepositors_chat.20140616_054452.tar.gz

Security and code updates will be made to the following projects: Date [date-6.x-2.10], EU Cookie Compliance [eu-cookie-compliance-6.x-1.10], Fivestar [fivestar-6.x-1.21], Link [link-6.x-2.11], Masquerade [masquerade-6.x-1.9], OAuth [oauth-6.x-3.0-beta5]

All installed ok.

www site

backup saved in
/root/drush-backups/archive-dump/20140616174426/ksfiomdepositors_new.20140616_054426.tar.gz

No additional module updates.

Disabled modules: prepopulate and views_calc on as they are no longer supported. I don't think we were actually using them.

• Checked status reports on both sites - clean.

Hi Ng,

Many thanks for all your work behind the scenes which allows us all to see all the news on the website!

James aka everhopeful

Discovered that we were down to only 4% free disk space, which might have been the underlying cause of today's downtime. Freed space by deleting old backups (March through May). Disk space now 39% free.

Installed the available security updates for Drupal (on this occasion, only relevant to the public site, the chat site is unchanged).

• Path Access [path_access-6.x-1.x-dev]
• Views Bulk Operations (VBO) [views_bulk_operations-6.x-1.14]
• Webform [webform-6.x-3.19]

Both ksfiomdepositors.org sites were unavailable today from around 13:22 to 21:10 GMT due to a technical fault.

Technical detail for my reference:

Apache processes seemed to be stalled for some reason, though not using significant CPU. service apache2 restart fixed the issue.

Disabled (temporarily) automatic user blocking due to inactivity.

• Drupal security updates installed - now running version 6.28
• Accounts unblocked for all those who had reported their account as having become blocked due to inactivity during January (quite a large number).
• Email sent to all users to remind them of the need to login once in a while to prevent automatic account blocking/deletion.

Disabled block cache which should fix the occasional validation error problems when posting to the shoutbox.

Drupal CMS updated to version 6.27 which addresses various security vulnerabilities described here.

Security updates and maintenance upgrades installed on chat and www sites (Nothing exciting!)

Technical detail

chat site:
Security and code updates will be made to the following projects: Email Field [email-6.x-1.4], Google Analytics [google_analytics-6.x-3.5], Markdown filter [markdown-6.x-1.3], Organic groups [og-6.x-2.4], Video Filter [video_filter-6.x-3.1]

(successful)

public site:
Security updates will be made to the following projects: Password policy [password_policy-6.x-1.5]
(successful)

As you will no doubt have noticed, I have made changes on both the chat and www sites to support recent legislation changes regarding websites' use of cookies. There is (and always has been) a description of our use of cookies in our sites' privacy statement - there are no changes to that policy.

So, enjoy clicking to accept cookies - they are sugar-free and non-fattening :)

Good heads-up, thanks Andy.

Lou

A number of members here have recently had their user-account blocked due to not having logged-in for more than a year.

The blocking is automatic - the purpose is to weed-out users who have apparently "gone away" so that they can eventually be deleted for security and data-privacy reasons.

Please remember to log-in once in a while - otherwise the system has no way of knowing that you're still "out there" - even though you may be receiving and reading email updates, there's no way that we can detect that.

In summary, just log-in to the site occasionally - you don't need to post or do anything else - that will prevent the automatic block from triggering.

Installed latest security and other updates.

drush output:
Security and code updates will be made to the following projects: Google Analytics Reports [google_analytics_reports-6.x-1.3], Mass Contact [mass_contact-6.x-1.2], Token [token-6.x-1.19]

Installed security update for email field - installed version is now 6.x-1.3.

I've made the Shout Box visible even when not logged-in, previously it was visible to logged-in users only. You still need to log in to post in it.

The visitor statistics page and block are now working again. This required installation of an updated version of the Google Reports Module.

Removed the superfluous and non-functional Glossary menu link (top menu) - the remaining Glossary link works as before.

The visitor statistics report has stopped working for some reason. I've spent a while investigating but can't see what the reason is. Logged a support request here.

I've added a link on the quick links menu (near top-right of page) to create a poll, as it was probably far from obvious how to do that. Any logged-in member is able to create new polls.

Updated the system to Drupal 6.26 and all modules to latest versions on both chat and www. All seems to have worked without issues. As I've said before these upgrades are necessary but unexciting, a bit like having your car serviced :)

A few notes for myself:

• Disabled OG Forums module which is no longer supported.

• Disabled the following unused/unimportant modules: Block edit links, Clone, Multiple mandatory groups by role, Node Convert, OG Audience, Organic groups access control, Pending User Notification, Popups: Add & Reference, Popups: Administration Links. Left them in the modules directory - delete at a later date.

• Re-enabled BAM module backups at 24-hour intervals with 15 day lifespan. Backup size is currently 43MB gzipped, so 15 copies will be about 650 MB. We currently have 4GB free space so that will reduce to around 3.3 GB. This is in addition to OS level (cron based) backups which seem to be working fine and currently occupy a little over 1GB (daily, 3 day lifespan.)

I've changed things so that tables can now be included in posts by defining them in Markdown format

To show a table you enter text for each column separated by vertical bars. First line contains column headers; second line contains a mandatory separator line between the headers and the content; each following line is a row in the table. Columns are always separated by the pipe (|) character.

Heading 1   | Heading 2   | Heading 3
-------- | -------- | --------
Row 1 Col 1 | Row 1 Col 2 | Row 1 Col 3
Row 2 Col 1 | Row 2 Col 2 | Row 2 Col 3
Row 3 Col 1 | Row 3 Col 2 | Row 3 Col 3

Note that due to proportional fonts, columns won't line-up properly when you are typing them, but the end result looks like this:

A further possibility here is a WYSIWYG editor to provide a similar interface to typical word processing programs, with buttons for bold, italic and so on. It's on my to-do list!

I've changed a setting so that posts mas in the Shout Box are no longer deleted - previously they were deleted automatically after seven days. This change makes the All Shouts link (shown in the Shout Box) more useful.

A quick aside, I welcome suggestions for changes of this type. In general I don't want to change the site too much as I guess everybody is now pretty used to how it all works, but the whole thing was rather thrown together (rather than designed!) in the early days, and I'm aware there is a lot of room for improvement.

Changed system permissions so that file attachments are now visible (downloadable) without being logged in. When uploading files, please first rename the file to remove any non-alphanumeric characters other than space, hyphen and period.

There's a new Visitor statistics block, currently shown on the left of each page. The "counter" which was previously shown on the lower-right of each page has been removed (to reduce database size and disk space usage.) The link to http://chat.ksfiomdepositors.org/admin/reports/google-analytics shows further detail.

Around 10:30 GMT today the server was downgraded to the minimum hosting plan offered by xtrahost. This gives us 512MB RAM and 10GB disk-space, which should be adequate with the current level of activity (much much lower than a few years ago!). Everything seems to be working fine after the downgrade/reboot.

Note to myself: reduced the number of stored backup copies from 7 to 3 as we are now relatively low on disk space - currently 79% used - may need to make further changes to how backups are done to reduce disk space requirements.

I've changed permissions so that it is now possible to edit your own form and news posts (it was already the case for blog posts.)

Note, that when you edit and save a post, the system automatically keeps a copy of the old version - if you later need access to the old version, or need to have some information permanently removed, contact me.

I've tried to make all forum areas now public, with the exception of the old Core group area which I've deleted because it contained personal information.

Unfortunately one of the side effects seems to have been that various old post are appearing as updated even though they haven't been. Well, they've been made public, which may mean that they're now visible to you even though they weren't before, so in that sense they're new/updated.

I'm still testing to see if this has actually worked as intended - the idea is that all forum site content should now be visible (and searchable) on Google.

Added Forums back to the main menu, and to the "quick" menu (top-right corner) to make it easier for people to get directly there - the whole Groups concept now de-emphasized. Nostalgia sets in!

You may notice the number of registered members has dropped by about 1000. This was due to an automated deletion of all members who had not logged in during the past two years, and who had never posted on the site. At the time of writing we now have 1525 registered users.

I've removed the block that was shown in the left side-bar listing Latest projects and groups since it's pretty pointless these days. It can be switched back on if the groups feature starts being more actively used (i.e. with new groups being added.)

I've completely removed the notifications system on the public site - this is two avoid the same issues there as here - outdated email addresses causing mail bounces and "inactive" users complaining about email being received. In practice this will make little difference as the public site is rarely updated.

ng,

Suggest you should immediately delete your latest post "Deletion of "inactive" user accounts" (mass mailout). It is clearly most inappropriate that the email adresses of all recipients should appear here!