Talk: Star Trek auctions

This is the talk page for discussing improvements to the Star Trek auctions article. For general discussion, go to Memory Alpha's Discussions or Discord. Click here to start a new discussion on this talk page.

Star Trek Auction Listing Archive Status[]

Greetings,

Some years ago there were a few high-profile auctions of Star Trek stuff, most notably the Christie's and IAW! auctions. Around that time I created an archive of information about the items with the descriptions and photographs and whatever else I could scrape together. It was hosted on a private computer at my house, but I wanted it to be somewhere public where others could use it. A kind fellow called Jason Stevens offered to host it for free on his own Star Trek collection website, startrekpropcollector.com. See Template:Stala. Anyway, it was very limited; basically ftp only and I could not change anything about the configuration of the server, so I had to create a "lite" version mostly made of static pages that all had to be regenerated by a chain of scripts, and sent the update to the server by ftp every week. I tried to add as many features of the private one, like search and comments and whatnot, that required login, but again the options were limited. After a while, it got rather large, and the chain became complicated to maintain and the once fun and interesting task became a chore, and I moved to a different place without setting up my server, and the archive was neglected.

Recently, several years after, I was contacted by Lyn Wright, one of the nicest and best Trek prop collectors, and she told me that the archive was broken and asked if I could fix it. I could not contact Jason, and my copy of the old archive is in storage somewhere, so I dug around in old emails looking for the FTP login information, and hey it worked! I downloaded a copy of the archive just in time before someone else bought the domain and I was completely blocked out. Luckily the new owner apparently bought it to save the archive, and it is still there and working, but it looks like their snapshot was an older (and slightly broken “hello world!”) version. I have not been contacted by anyone involved in the recovery.

The important part:

The login database (users' names, email addresses and passwords) was stored in a single-file sqlite database. That is all that was available due to the previously mentioned limitations of the hosting arrangement. The passwords were hashed, so it would take a rather significant effort to figure them out (unless they were very simple), but it is not impossible and they should be considered compromised for two reasons:

First, I no longer have any control over the archive at startrekpropcollector.com and whoever does has all (or most) of the existing data including the login database.
Second, after looking through my recent snapshot, it seems very clear that at some point it had been hacked via an old installation of a PHP forum software that existed elsewhere on the site. That means the login database file could have been downloaded by someone else.

If you use that same password anywhere else, you should change it.

Sorry for the trouble. --Bp0 (talk) 04:11, July 10, 2018 (UTC)