Warning: mysql_connect() [function.mysql-connect]: User 'boxcardb' has exceeded the 'max_user_connections' resource (current value: 10) in /home/pangaea/boxcar/classes/security.php on line 15

Did it to me too

Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/pangaea/boxcar/portal/lib/db_fns.php on line 11

So the www-data user is denied to access the mySQL database? That is a bit suspicious, who is hosting this? it seems like someone wants boxcar to be down, is it someone from pdm or LaF that is hosting?

PDM BROKE BOXCAR. THEY HAVE FSED US ALL!

Actually, qzjul (Evo) hosts boxcar.

kill joy Xin!

yea bc is on qz's server due what tc did. no1 else is that trustworthy.

looks fixed.

same MySQL server as EE?

still exploded.

wow Pang. Your coding is just epic...

www-data with blank password for your DB calls huh? That's really smart.

Can you point me in the direction of your phpmyadmin login so I can view all of boxcar and possibly more?

Qzjul, get pang to fix this crap before your whole server gets compromised.

PS it appears pang learned nothing about security from the TC/hanlong stuff...

www-data'@'localhost is denied because it is trying to get in without a password that is required.

wonder if this has anything to do with me deciding to watch Battlestar Galactica today? somebody decided to call in the Cylons? mmmm, boobies.

that can also happen if the DB is down LI. But yes I spoke to QZ and apparently pang's code makes random calls to this user but there is no www-data in the database.

QZ needs to get faster hamsters to run in the wheel. or maybe they just need some steroids.

yea front end blames back-end and versa vice

i'm going to put boxcar in a VM at some point here

just learning about how to set up & administer VM's this weekend heh

Think it just went down again.

Fix the database config, give it more connections...

then you run into problems with the game getting cut off. The problem is being worked on. Be patient while they work on it.

still up for me

the main problem is the half-minute queries that can cause it to pile up on itself

but i've looked at fixing them, and there's no quick way for me to do it, i'm not familiar enough with its db

Qz, as we discussed over lunch last year... You should just open up a new hosting site based on Evo's template ;)

yes! i should!

man i need more time though =(

not to complain to qz in public, but i'd have fixed all the glaring problems in the first place if I had root access to the game server to make some changes to the apache config.

the boxcar codebase is garbage and I'd like to just shut it down if there was a public, viable alternative hosted... but it really just needs a few apache rules tweaked to work right (non-absolute paths, case insentive queries and probably a few more I'm forgetting about, but if Xin just gave me a braindump of all the issues he flagged earlier in private, it would likely encapsulate all of them). I'm in the same boat as qz -- no time. And with the time I have, ee isn't really on my priority list any more other than coming here once in a while when someone messages me about the most recent outlandish thing to happen. And then I read a few threads, remember why EE's not on my priority list and I go back to other stuff :-(

PS. Mr Copper is just crying wolf; there is no database/security problem in any way shape or form unless someone inserted code without my knowledge prior to the migration to the EE environment.

<3 Pang

lol yep crying wolf. Mysql generates errors about www-data getting access denied when it gets in the mood right?

Pang if you'll sign a hold-harmless I'll show you EVERYTHING wrong with boxcar.

Put up or shutup.

www-data is not the user that Boxcar uses to access the database.

just shut up.

Boxcar crashing just as LaF goes to war? color me shocked....

[quote poster=discharged; 24089; 446111]Warning: mysql_query() [function.mysql-query]: Access denied for user 'www-data'@'localhost' (using password: NO) in /home/pangaea/boxcar/portal/lib/db_fns.php on line 11

[/quote]

As I said, mysql is known for making up fake authentication attempts. That's what I hear at atleast...

I can't believe you do this for a living, no wonder my job security is through the roof ha


PS pang, in case you were wondering the call to www-data@localhost is in the db_fns.php file on line 11...

No, you shutup ;)


PPS Hey Pang since you locked this so you wouldn't look bad I'll write here. I never stated that this was your user, I stated there was a call to this user in your code on line 11. McDonald's actually has quite a good information security department but I don't work there, sorry but good try ;). Your code is likely full of plenty of fun easter eggs like the one found above. That's probably why you don't want it tested...

I can't believe you're so full of yourself. you're wrong and you don't seem to understand it. i'm not telling you more because THAT would be a security risk, but i do not connect to the database with the www-data user -- regardless of what you think you're seeing, that is not the db connection Boxcar uses.

if your theory about your job security is like your ego, it's likely quite overblown. don't burn bridges at McDonalds, eh?

i don't care to continue having you make such incorrect accusations, so thread closed.