INFO: Some download passwords are broken now

Posted By : Bully | Date : 29 Sep 2008 23:59:00 | Comments : 22 |

Burn in Hell :-)

AvaxHome "developer" paparazzi shot


As many of you know, we struggle hard to bring AvaxHome back to full life. On that sad day we did not only lose all servers etc, we also lost the perhaps most important member of our team, the person who worked very hard in the background taking care for our server network, taking care for software testing and updating etc. I more and more notice how impossible it is to replace him.

But life must go on and AvaxHome back to full service, so we added some new man-"power".While the start of the new AvaxHome 7 weeks ago did look very promising, it more and more changed to a bad nightmare. So far all "imporvemnts" and new bugs were only done to to code of the AH engine and the server config, but meanwhile even our database is no longer safe against such quick hacks without using the brain.

To make it short: One of our script kiddies had the great idea to fix the no longer working links to avaxsphere.com (like in links to blogs or to other publications). By itself no bad idea. The problem was HOW this fix was done. Instead switching on the brain first and thinking HOW to fetch the right places where such changes should be done (inside real LINKS!), our script kiddie did it as wrong as it could be done - he did a global text replace over the full database.

... SET `text` = REPLACE (`text`, 'avaxsphere.com', 'avaxhome.ws');

And this was done to both parts of a publication and even to all comments ....

OK, partial we are lucky. Our script kiddie was not aware that the simpole way he did this shit, it was of course CASE SENSITIVE :-))

So every "avaxsphere.com" written like "Avaxsphere.com" etc. is still unchanged.

For ALL users:

If you read anywhere in a comment things about avaxhome.ws which make no sense at all, please read it as avaxsphere.com and it makes sense.

For downloaders:

If you downloaded a file and cannot unpack it:

If the upload was done BEFORE August 2008 (birth of the avaxhome.ws domain) you need to change the password back to its original style.

For example:

Wrong: Password: avaxhome.ws
Correct: Password: avaxsphere.com

Wrong: Password: www.avaxhome.ws
Correct: Password: www.avaxsphere.com

Wrong: PW: I_love_avaxhome.ws
Correct: PW: I_love_avaxsphere.com

and so on. If you have problems with that, please send a mail to "-=Pasha13=-" - he will do his best to help you.

For publishers:

If you followed our suggestion (FAQ) to use "www.AvaxHome.ru" -or-
If you never used avaxsphere.com as (or as part of) a password:

Great! You can relax and need to do nothing to older publications. No need to read further.

Sorry friends, we need your help. I was not even informed about this masterpiece of SQL coding, now it is much to late to go back to a backup before this trash was done.

1. You need first to remember which publications you had with a password including avaxsphere.com.

There is NO way to use our search engine to make this easier for you, because your user name is NOT stored in the data indexed by our search engine.

Best solution is to click on "My news" and browse all your publications.

2. For each fitting publication you need to click on EDIT button, locate the wrong done changes to "avaxhome.ws" and manually correct them. Now click on SAVE to send your publication back ... to our mods.

3- Please be PATIENT. At same moment you save a confirmed publication again, it will be automatically removed from all public AH pages. It is added to the waiting line of our moderators. And there it will stay until one of our mods find time to handle it. Depending how busy or motivated they are, this can take "a bit" time. Or "a bit" more time :-) Please keep this in mind and do not send us mails like "Where is my publication xxx?".

Again: Sorry for these new troubles.


Posted By: Unknown Date: 27 Sep 2008 18:07:04
Posted By: mad-mex Date: 27 Sep 2008 18:41:00
Maybe new coder thought, that all uploader read FAQ first.
"If you have a wish and possibility then please use the following password for your archives: www.AvaxHome.ru "

btw, time to update FAQ (ftp2share etc)
And I can´t see images in FAQ - is http://avaxhome.ws/faq_elements/ still available?

@ (-)
I like that _Jacques_ name more ;-)
Posted By: Jacques le dernier Date: 27 Sep 2008 18:59:03

3- Please be PATIENT. At same moment you save a confirmed publication again, it will be automatically removed from all public AH pages. It is added to the waiting line of our moderators. And there it will stay until one of our mods find time to handle it. Depending how busy or motivated they are, this can take "a bit" time. Or "a bit" more time :-) Please keep this in mind and do not send us mails like "Where is my publication xxx?".

As Avax - for the first time after a looong time of retention - is moderating and perhaps even Torai, who is back since today, also will help, it might not become as bad as stated :-)

@ m-m - better? :-)))

Posted By: tonyd Date: 27 Sep 2008 20:34:57
i would like to post but i can't because i don't understand Uri name ?
Posted By: franklee Date: 27 Sep 2008 21:37:34
Posted By: tonyd Date: 27 Sep 2008 20:34
i would like to post but i can't because i don't understand Uri name ?

The URI name is similar to (if not the same) as the title of your publication, but in lower case, with underscores instead of spaces. It becomes the page link to a publication.

For example, the URI of this page is "info_wrong_passwords.html"
Posted By: jantine Date: 27 Sep 2008 22:54:42
is this to easy ?

... SET `text` = REPLACE (`text`, 'avaxsphere.com', 'avaxhome.ws');

and back again...

... SET `text` = REPLACE (`text`, 'avaxhome.ws', 'avaxsphere.com');

It's just a thought, perhaps toooo simple, I go back to my frog upload :-)))

Posted By: Jacques le dernier Date: 27 Sep 2008 23:06:30


Yep - your solution would be too simple to work correctly :-(

with your suggested

... SET `text` = REPLACE (`text`, 'avaxhome.ws', 'avaxsphere.com');

you also would replace those 'avaxhome.ws' which never before were 'avaxsphere.com'


Pasha could follow your solution but after this, he has to do additional steps to 'repair' most of the new mistakes:

... SET `text` = REPLACE (`text`, '="http://avaxsphere.com', '="http://avaxhome.ws');
... SET `text` = REPLACE (`text`, '="http://www.avaxsphere.com', '="http://www.avaxhome.ws');
... SET `text` = REPLACE (`text`, '="http://pic.avaxsphere.com', '="http://pic.avaxhome.ws');

this solution might also result in some wrong things but the number would be significantly lower than in the actual state because 'avaxhome.ws' is used only in the last few weeks and not for more than one year as 'avaxsphere.com'

Posted By: jantine Date: 27 Sep 2008 23:37:42
oepssssss :-)) http://img146.imageshack.us/img146/7355/blondmomentdu8.jpg
Posted By: Database Date: 28 Sep 2008 11:56:29
Heey guys,

If you're looking for a coder, perhaps i can contribute my 2 cents. Let me know if you're interested... :)
Posted By: Bully Date: 29 Sep 2008 00:42:39

@ jantine

> is this to easy ?
> and back again...
< ... SET `text` = REPLACE (`text`, 'avaxhome.ws', 'avaxsphere.com');

<slowly counting to 100> ...

WOW. Duch girlie power at its best :-)

Congratulations! You found the way to even increase the current mess and also break all links or passwords which really should be avaxhome.ws. Your quick solution shows that you perfectly would fit to the current team of AvaxHome "developers".If Pasha already hired you, please give me a sign of warning :-)))

> It's just a thought, perhaps toooo simple,

Hint: In promote part I wrote " ... - I have no way to automatically fix it."

OK, Jacques le dernier already explained to youu what the logiccal problem of your solution is. I try to enhance this with an even easier to understand example:

Let's say you have a folder on your HD which contains mp3 files from BOTH George Baker and Beatmeisjes. You wanna fix this, but do a mistake and rename all Beatmeisjes to George Baker. Now you have a directory with only George Baker inside, which is of course not correct. "Solving" this by doing opposite, renaming all files "back" to Beatmeisjes is easy. But what do you have now? Yep, now all files really from George Baker are Beatmeisjes. Great, eh?

So, what is Jantine doing to sort out this mess?. Yep, she has to handle now each file manually. She loads the file, listens to the sound and based on what her brain tells her she manually has to rename the file. After doing this for EVERY file, she is back to the directory as it was before.

And now back to AvaxHome. To manually decide if a changeback is needed or not, we would have to check over 1 million of databse records. You see the problem?

Yep, I also found some solutions to filter out a lot of the 1 million automatically - but the amount left which needs to be checked manually is still much to big -. this would keep us busy for months. For this reason I asked our publishers to help us. But this is also no perfect solution - because many publishers are not online now or even fully left us, so they will never fix.

@ Jacques le dernier

TNX for your words!

It is great to see that there are still people who are able of logical thinking. Gives me back some hope in mankind / AvaxHomekind :-))

BTW, just a few days ago I spent my time explaining that professional software development is about 80% THINKING / ANALYZING and just 20% coding. For sure it is not like script kiddies do: No thinking at all, just hacking some code, if I am lucky it works, if not ... who cares? All what will happen is that Bully cries bit, but these cries are easy to ignore.

Our current technical team also finally needs to understand that they do not work on a private system where every new bug can be seen as just a joke. Whatever they do has consequences to millions of other people.

All people who were not able to EDIT anything for full 1 week for sure wonder why this bug was not fixed at once (and I still wonder how this shit of code was deployed for public use without testing), the publishers who lost their pictures because of an other bug at almost same time for sure will not "chill out" like our "developers" - they for sure have no fun to manually upload their pictures again.

And I bet all the German users who live around Cologne area did not have fun seeing that they no longer were able to access AvaxHome, just because one of our eggheads had the "great" idea to completey block all accesses from a German ISP. Same again - doing changes without switching on brain first. Trying to hit 1 single user who is using this ISP, they did block 131 thousand German ip-addresses.

And guess what? This guy they wanted to block has much more brain as they have combined. He just used an anonym proxy and used AH without problems. But all the other German users of this internet provider were given "403 Aceess denied" whenever they wanted to connect to AvaxHome. Sure, who cares? Relax, German users. We do not have time to waste a few seconds for thinking before we do something.

Anyway, this shit was at least even to fix (after spending many hours, because I did not believe that we would do such nonsense, special not after I had checked that our firewall did not had such a rule) - this trash on the full database cannot be undone.

Well, the main problem is that some of our people need to understand that we do not deal just with code, just with collections of bits in the database. We deal with REAL PEOPLE. All the content you see as AvaxHome was created by real people. People who spent THEIR time to create the content. Without these people there would be no AvaxHome at all.

So, whatever we do at code or database, our main goal should be to respect these people and not careless hurt them or even trash their work. I have no idea at all why I am the only one from the AH technical staff who understands this. It's a shame that I have to write such words at all.

Posted By: Bully Date: 29 Sep 2008 01:39:45

@ Pasha

> Chill out!

Yeah, I would prefer very much if you would give me ANY CHANCE for chilling. But as we both know, in the last 6 WEEKS we had more bugs and more shit as we had in all the YEARS we run this engine. Each and every day I have to ace some new shit - and most of it could easy have been avoided by just thinking a bit before starting careless hacking.

> It was me who did this, no need to cry :-)

YOU??? Nah, I do not think that it was you. I know since 2007 that you (same as me) use a sophisticated SQL Suite to access the database. There is no reason at all why you should give yourself the pain to work with the simple MySQL commandline version.

But no matter if you or not, I really see no need for a ":-)" - there is really nothing funny at all by trashing the database in a way that it cannot be undone.

>If you cannot unpack archive, just try this passwords:


> With "www" or without it.

Yep, sure. HERE you should add a ":-)" Asking users to try 8 different passwords after a download is really very happy if after 8 tries they perhaps still cannot access the downloaded stuff.

OK, it seems you really still do not understand WHY I asked our publishers for help.

In 1 week, or 1 month, do you really think that every user of AvaxHome will remember the words you write here, that in case of problems he should do 8 additional tries to unpack?

Fact is they will not even remember this publication at all, telling that we have a problem with passwords.

This shit will stay in the database forever. And there is really nothing funny about this at all. OK, seems you really need me to tell you what will happen:

People come to AvaxHome, search the databse, gladly find something they search since long time. They happy spend their time downloading and when it is finally done and they try to unpack they will be pissed of.

If the downloader is a member of us, he will write a public comment telling in (pergaps) friendly words to the publisher what an idiot the publisher is if he cannot even write correct passwords.

If they have another download they cannot unpack because of wrong written password, they will give up about such a shit site as AvaxHome. And when they are really pissed off they will leave comments at other websites, warning other people to not waste their time with a cheat site like AvaxHome.

But perhaps I am fully wrong, perhaps they will really browse all publications and read all comments until they find your words that they "just" need to try out 9 passwords and PERHAPS will be able to unpack this way.

> It was me who did this, no need to cry :-)

If it really was you- I still doubt this - the "need to cry" is even much bigger. MUCH^2 bigger!!!

BTW, do you remember our mails a few months back, after the move to new data-center? When you asked me how to be able to again access the database on the new config? WHAT did I write after my long explain how to bypass the protection? You remember?? I clearly wrote: PLEASE MAKE NO SHIT, ..."

Nah, the Pasha I know would have at least added a simple trailing "/" to the replaces to make sure that he really changes links. Or added some WHERE criteria to select really fitting instances. And of course he would not have done this with a commandline client :-)


I still doubt Pasha's word, but if it was really Pasha doing this, please be aware that the picture on top is no longer 100% valid. About 5% of the picture are wrong in this case. :-)

Posted By: Bully Date: 29 Sep 2008 03:03:02

About publication URI

Since over 2 years the "How To ..." part of our FAQ includes these lines:

"News uri-name" - The topmost field is URI.
The URI is a unique string tied to your publication. It is part of the URL to call your publication. All users will see it on screen and in stored bookmarks. Make sure the URI you chose makes sense. For technical reasons you can only use the characters “a” to “z”, “0” to 9”, “_” and “-“. Blanks (“ “) and capital letters (“A” to “Z”) are not allowed in URIs!


What do you think WHY we have a FAQ?. The link "RULES & FAQ" is the FIRST LINK of the main menu, on top of each and every AvaxHome page. After login, first line of your screen shows "Hello: <your username, some spaces> RULES & FAQ. OK, the FAQ is not in best condition. Our FAQ Keeper found no time since almost one year to update it. :-) A few things are missing, a few things are still in "Russian-English" style :-)) but special the part carefully explaining how to create publications is really worth reading and tells you everything to make even your first publication bypass our moderators and go public.

Again, this quoted text is over 2 years old. Meanwhile (I guess - I did not test the current running engine for this) capital characters should also be OK.

And yes, I know that it is a joke to write in the FAQ that capital letters are not allowed and direct below giving examples which include many capital letters :-))) About 1 1/2 year ago I asked our new crowned FAQ keeper to change it, but somehow he is to busy with other things. Even more annoying for me is the nonsense that the FAQ still tells people who publsish music albums that they should type "Genre: xxx" in promote. ARGGGGGGHHHHHHH. "Genre: Rock", "Genre: Reggae" and so on. what ELSE as genre should it be when the info line starts with "Rock" or "Classical" or "Reggae" or "Jazz"? :-)) And as our mods have no time to remove this fucking "Genre:" before confirming, more and more publishers follow this "great" idea. :-(

But back from FAQ to URI:

The URI is needed to build an URL and the URL is needed so that people can access your publication in their browser.

Each AvaxHome publication URL has 3 "parts":

1. Domain - like: avaxhome.ws
We decide this part :-)
2. Category path - like: music, eboks etc.
YOU decide this part by carefully selecting from the last listbox in the editor.
3. The URI - like: Pasha_for_Sale :-)
YOU decide this part by carefully selecting what you type into the URI edit field.

The URI should be something which direct fits to your publication. It CAN be same as your title (fixed to fit needs of URI limits), but it can also be different.

If you have a very long title, it is better to not use it in full for URI. Special if you use a category like /music/rock/southern_rock" etc, the URLs can grow toooooo long if you additional add a 60 byte URI :-)

We could have fully avoided the URI by accessing publications by the so called Publication ID. But all URLs would not speak for themselves by having just a number. Avax wanted a good looking AvaxHome, so we have URIs to make sure that URLs can speak for themselves.

But this only works _IF_ our publishers write meaningful URIs. Writing instead URIs like "iz_125", "iz_126" etc. is not fitting to Avax's wish for good looking and self explaining URLs. :-)

Much worse of course are our publishers who just hammer out random selected characters like "sjgkzpc4t" until they find a unique URI our editor allows them to save.

And another hint for publishers who wrote a fine URI like "frank_zappa_-_hot_rats" and still are not allowed to save: THIS should tell you that someone else already used same URI. This should remind you to use our search engine to carefully check that you do not waste your time creating a publication which our mods will simply refuse by telling you that it is a duplicate posting. :-)

OK, I guess I touched all topics related to URI. But if we would add such long text to each topic of the FAQ, the FAQ would grow to a size no user would be willing to read.

Posted By: Zebula Date: 29 Sep 2008 04:35:44

What is Bullying?

Bullying can be defined as deliberately hurtful behaviour,
repeated over a period of time, where it is
difficult for those being bullied to defend themselves.

specially for the girls to get some more power :-)


Posted By: jantine Date: 29 Sep 2008 06:55:28
@Chilling Bully

<slowly counting to 100> ...
(gelukkig heb ik meer verstand van verzekeren) sorry Dutch joke ;-)

"please give me a sign of warning :-)))"
Don't worry, it's not gonna happen ;-)
So take a deep breath..and perhaps a second one and count back again to zero.
In the meantime (while counting not to fast) you can download a special Dutch Upload.
great music for you to chill out a bit. ;-)

@Zebula <(^^,)>
Thanks! great book any change for bringing it here at AH for upload ?
Posted By: Bully Date: 29 Sep 2008 09:01:24

@ Zebula

> What is Bullying?
> ...

Yep, sure, feel free to go on hurting my feelings, sniff, ....

> specially for the girls to get some more power :-)

Even more? The AvaxHome girls already have too much power over me :-))

OK, I guess it is time to reveal the secret about AvaxHome usernames. Most user names are very different from the user behind the name. Most user names are just "wishful thinking"

Bully for example. Just a try to hide the shy, sensitive, peaceful, understanding, charming, deep-caring, easy-to-hurt, <a few 100 words skipped to keep comment short> person against the cruel world of AvaxHome users.

Pasha for example. Kisz wishful thinking - a REAL Pasha has no need for such a name - a REAL Pasha just uses Avax as username :-)

@ Jantine

> Don't worry, it's not gonna happen ;-)

I know Pasha better as you do, if he can do anything to make me crazy, he will do :-)))

Posted By: jantine Date: 29 Sep 2008 10:50:50
Somehow I have the feeling (reading between the lines) a few things said here in the comments above including my own comment might perhaps look like a joke for others, but is ment a bit sarcastic.
Ok, sorry for taking part in this conversation. as I really don't want to hurt somebodys feeling
it's time for me to leave this thread.
Posted By: Bully Date: 29 Sep 2008 12:03:12

@ Jantine

Feelings are never easy. We both know that, I guess. And "reading between the lines" can be very dangerous :-)

> ... ncluding my own comment might perhaps look like a joke for others, but is ment a bit sarcastic.

TNX for telling me this secret! Sarcasm is soooooooooo unknown to me that I need some help to recognize it :-))

> I really don't want to hurt somebodys feeling

I wrote these words to "Zebula", not to you. Perhaps you should have some PM with Zebula before you start again "reading between the lines" :-))))) If you do not recognize what is such easy to recognize, I fear you spent toooo long last night at a Dutch "coffe shop" ;-))

Anyway, why not just write nice comments like this one:

>>Posted By: xxxxxx Date: 29 Sep 2008 10:37
>>Bully, it's always nice to read your comments :)

Posted By: dnunda Date: 30 Sep 2008 00:48:01
Hey Guys, it's no big deal to try a few different passwords. How often do regular Avaxians refer to old publications anyway?
Congratulations on getting the site back up and running again - its running faster than it ever did. Keep up the good work.
Posted By: Zebula Date: 30 Sep 2008 04:33:43


"... great book any chance for bringing it here at AH for upload ?"

Sorry this one I could not find as ebook but I posted another one here:


It's from 2008 and even may be based on more actual knowledge.

Posted By: franklee Date: 11 Nov 2008 13:49:32
Some could say that people shouldn't lock up their house. How aggravating it would be for someone wanting to see what's inside without permission.

Do away with all sorts of security for everything and all will be rosy, eh?
Posted By: kharmok Date: 17 Nov 2008 19:03:55

I just found my avaxhome.info passwords were all changed to avaxhome.ws

I'll correct them all now.
Posted By: stevesteve Date: 23 Nov 2008 06:23:40
Whoops! Got it w/the passwords. Never mind, except big thanks to Mr. Happy.