I'm sorry I forgot to tell you earlier, but very, very early this morning I couldn't get on to FB for about 15 minutes and it said there was a MySQL Error. Just so you know about it. No need to respond.

I saw the same thing but then I saw Foggy on line so I figured he was backing up the database or doing some maintenance.

R.C. is right. Every morning, sometime between 4 a.m. and 6 a.m., I back up the Fogbow database. And while I download the database, Hostgator denies access so that you don't put up a post when I'm only part way through the download.

For you techies, the database is stored in *.sql.gz format, and it's already up to 53,195 KB, even zipped up like that.

Res Ipsa explained one time that our website is hosted on a computer with more than 100 other websites, and I'm sure they have backups of their own. But if the absolute worst was to happen, and their server blew up or something, when they get me back online I'll have a backup of my own, and we can never lose more than 24 hrs. worth of posts.

ME TOO !!!!!!!!!!!!!!!!!!!!!!!!

I got this disturbing message while having my third cup (or was it the jug?) of coffee and taking slice of Fog from the Bow for breakfast at 10am.

PS. I hope your procedure first makes the database backup to disk and then the FTP of that file down to your pc. Helps with overall speed and isn't necessarily affected in case communications burps.

No, but after you explain to HostGator, I'm certain they'll change their evil ways.

Warning --- (NOT an April fool's joke, that I can tell) -- SQL (ie the forum database) can get corrupted.

http://arstechnica.com/security/news/2011/03/massive-sql-injection-attack-making-the-rounds694k-urls-so-far.ars

I have no idea if this happens on the FB forum software.

The Ars Technica article says this pattern of attack has been observed for some six months. MySQL was attacked. PHP is vulnerable.

It would probably be good to know what that particular JavaScript file looks like.

I checked the phpBB support site. If this was happening to phpBB forums all over the place, their team of competent volunteer experts would be on top of it. There hasn't been a post about SQL injections there since sometime in 2008, as far as I can find. There are no alerts to board owners. I think this isn't a problem for Fogbow, but I'll keep an eye on it. I do make a full copy of the database every morning. The worst that can happen is we lose one day's worth of posts. That hasn't happened since the day Fogbow came online.

Comment: Websites that modify their web page generating code often and take user input are the sites that are vulenerable to SQL injections. Often these are customer oriented websites where web developers get little time to test their code, or where inexperienced developers are working on.

Code with little modifications in reference to user input gets seasoned over time and will generally not be cracked easy. Open source projects for major software packages have now well implemented test procedures to prevent such attacks. phpBB can be considered seasones in this sense. The last major failure I remember was the WordPress issue last year. The problem at the users end is generally not following the deleopment of their supplier, and ignoring updates or not implementing them fast enough after a security issue was communicated.