Paid Members Chris B Posted November 25, 2022 Paid Members Share Posted November 25, 2022 Is this an issue that's happened elsewhere before, @Moo? Quote Link to comment Share on other sites More sharing options...
Admin Moo Posted November 25, 2022 Admin Share Posted November 25, 2022 2 minutes ago, Chris B said: Is this an issue that's happened elsewhere before, @Moo? Do you mean on ukff.com or more generally? Caching issues are quite common, but I don't think we've ever had this issue on ukff.com before, ever. Quote Link to comment Share on other sites More sharing options...
Paid Members Chris B Posted November 25, 2022 Paid Members Share Posted November 25, 2022 Just now, Moo said: Do you mean on ukff.com or more generally? Caching issues are quite common, but I don't think we've ever had this issue on ukff.com before, ever. I mean more generally. Just curious how you figured out what happened and how it got solved - I'm guessing, if similar effects have happened on other forums, that made it easier to solve. Quote Link to comment Share on other sites More sharing options...
Keith Houchen Posted November 25, 2022 Share Posted November 25, 2022 3 hours ago, Keith Houchen said: And see which members they were bitching about behind their backs. Verrry interesting… Ok. I posted this as I thought it was funny to shit people up as I am assuming people have said how other members are arseholes via PM. True to form, nobody else did.  I’m sorry for any anxiety caused by this. It was obviously bollocks as Moo and others have explained how PMs couldn’t be read. Quote Link to comment Share on other sites More sharing options...
Paid Members quote the raven Posted November 25, 2022 Paid Members Share Posted November 25, 2022 (edited) I was aware of this morning and thought it was a hack, when changing my password failed I logged off and got hold of the people I had on Facebook to do the same. emailed moo.  That said I was @RalphyV2 long enough to want to eat biscuits.  Edited November 25, 2022 by quote the raven Quote Link to comment Share on other sites More sharing options...
Loki Posted November 25, 2022 Share Posted November 25, 2022 Not that I don't believe you @Moobut I absolutely was able to click the messages button at the top and saw a list of someone's PMs, headings and first line of content. Are we assuming therefore that that account had happened to open their own inbox and then I did the same and saw their cache? Quote Link to comment Share on other sites More sharing options...
Max Power Posted November 25, 2022 Share Posted November 25, 2022 I'm generally thick regarding any tech, so it's refreshing to know that I haven't made a bollocks of my account. Although my general posting does suggest otherwise, granted. Quote Link to comment Share on other sites More sharing options...
Admin Moo Posted November 25, 2022 Admin Share Posted November 25, 2022 5 minutes ago, Loki said: Not that I don't believe you @Moobut I absolutely was able to click the messages button at the top and saw a list of someone's PMs, headings and first line of content. Are we assuming therefore that that account had happened to open their own inbox and then I did the same and saw their cache? Yep - that's exactly what would have happened - the person's PMs you saw would be someone who had visited the forum during the time period and had opened their messages during that time. Quote Link to comment Share on other sites More sharing options...
Admin Moo Posted November 25, 2022 Admin Share Posted November 25, 2022 10 minutes ago, Keith Houchen said: Ok. I posted this as I thought it was funny to shit people up as I am assuming people have said how other members are arseholes via PM. True to form, nobody else did.  I’m sorry for any anxiety caused by this. It was obviously bollocks as Moo and others have explained how PMs couldn’t be read. To be clear - that is not the case. Someone could have seen DMs from another account if that person had read their own DMs during the time period. Because of the way caching works, it's sort of a roll of the dice whether you saw your own DMs or someone else's who was also accessing the forum at around the same time in the same location. Quote Link to comment Share on other sites More sharing options...
SuperBacon Posted November 25, 2022 Share Posted November 25, 2022 28 minutes ago, Moo said: So a request to a website with a CDN cache (like we have) works like this: Your browser > Content Delivery Network (CDN) Cache > ukff.com server If the URL is in the cache, then the content is returned without talking to our server, like this: Your browser > Content Delivery Network (CDN) Cache A typical CDN has maybe 100+ different caches around the world. If we assume most UKFF visitors are from the UK (logical!?) then there's maybe 3-4 different cache locations people typically would be routed to. Under normal circumstances, logged-in content would not be cached at all - and traffic would skip the cache and be delivered *only* to you. However, during the time period of ~1300 yesterday to ~0930 today the CDN was caching too aggressively. What that means is if you were the first person to hit http://ukff.com/some/url in lets say the London location yesterday when the issue started, the version of http://ukff.com/some/url that you saw would go into the cache. If I came along after that and requested the same http://ukff.com/some/url URL, I might see your version of the page. So individual logins weren't compromised or leaked, but you might have seen the HTML that was destined for me because my version got cached before you. It's an important distinction between that and a database leak which is where someone gets the entire database of all users and content, forever. That is not what happened. The tricky part is it's really hard to be certain exactly what pages were cached and from which accounts... but suffice to say if you did not visit ukff.com while logged in during the time period, your pages will absolutely not have been put into the cache at all and therefore nobody else could have seen them. The fix was to remove the caching configuration and purge the cache completely, which is what happened at ~0930 today. At that point, all cached pages were removed. Mate, if I didn't understand the first post, I'm not gonna understand that am I? 😂 Quote Link to comment Share on other sites More sharing options...
Paid Members PunkStep Posted November 25, 2022 Paid Members Share Posted November 25, 2022 If anyone were able to see my messages, all they'd see are conversations with @SuperBaconabout football kits and @Carbombpleading me to go and see SASH! with him. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 25, 2022 Share Posted November 25, 2022 If anyone saw mine, I can only apologise and suggest counselling. Quote Link to comment Share on other sites More sharing options...
SuperBacon Posted November 25, 2022 Share Posted November 25, 2022 7 minutes ago, PunkStep said: If anyone were able to see my messages, all they'd see are conversations with @SuperBaconabout football kits and @Carbombpleading me to go and see SASH! with him. Combine the two with a lovely Peru shirt Quote Link to comment Share on other sites More sharing options...
Paid Members PunkStep Posted November 25, 2022 Paid Members Share Posted November 25, 2022 Ecuador, surely? Quote Link to comment Share on other sites More sharing options...
Paid Members Carbomb Posted November 25, 2022 Paid Members Share Posted November 25, 2022 26 minutes ago, PunkStep said: If anyone were able to see my messages, all they'd see are conversations with @SuperBaconabout football kits and @Carbombpleading me to go and see SASH! with him. Actually pleading with you to go and see him one more time Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.