Crisis averted, for now
On April 25, 2018 a critical vulnerability was discovered in Drupal that allows attackers to remotely run code on web servers. It has already been exploited on some sites (not The Hidden Blade) to run Bitcoin miners. The vulnerability is easily patched on Drupal 7 and 8. The bad news is The Hidden Blade runs on Drupal 6 which is no longer officially supported. Some volunteers backported the patch to Drupal 6 and I have installed it. So I think we're good for now.
Upgrading to another major version would be a pain because of all the customization I've done to the site. Still, this vulnerability has demonstrated that we can't stay on Drupal 6 indefinitely. I will investigate upgrading to Drupal 7 or 8 on a test site with the goal of eventually switching over.
In the meantime our web hosting service is monitoring the site for intrusions. If the patch was insufficient and attackers manage to exploit the site, then they will disable services until I can get it upgraded.
PM incoming!
“Force has no place where there is need of skill." Herodotus
I will investigate upgrading to Drupal 7 or 8
Status update: Drupal consists of Core and Contributed modules. When a new release of Core comes out, it takes some time for third party developers to update their Contributed modules. I took inventory of the Contributed modules currently in use by The Hidden Blade and checked their status in Drupal 7 and 8.
Drupal 8 is not going to happen. About half of the modules we need either aren't ready yet or will never be ported to Drupal 8 because the developers are no longer actively maintaining them.
That leaves Drupal 7 which kind of sucks because it's next in line to be dropped from official support. There are only four modules on THB that have no obvious migration path:
- Premium: Restricts access to premium content.
- Smileys: Allows the easy use of graphical smileys (or 'emoticons').
- SWF Tools: Embed flash content and media players on your pages.
- User List: Creates several user lists for viewing members of the site.
The one I'm most concerned about is SWF Tools because that's how we embed large videos on the front page. There are probably workarounds or replacement modules for all of the above.
HTML5 playback ought to be supported?
Good call. There's a Drupal module called Video.js which is an HTML5-based video player for Drupal 7 and 8. Another developer provided a Drupal 7 module that configures Video.js to play YouTube hosted videos.
If that doesn't work, you can always try and hack something together with iframes. That's what the embed html on YT vids uses.
In the meantime our web hosting service is monitoring the site for intrusions.
It's that time again - Crisis Time. 
I will be installing security updates this month (May, 2022) to bring it back up to code. Downtime will be kept to a minimum. If you find the website down and want a status update, please visit our Discord server.
Updates are complete and our web hosting service has given The Hidden Blade its stamp of approval.
No pressure, but try and get the site certificate when you can too.
Enabling HTTPS made its way to the top of my to-do list for another website I'm building. As promised, I took the opportunity to do the same for The Hidden Blade.
PureNihilist666, please test https://thehiddenblade.com/ and let me know if anything else needs to be done. So far it's working well for me in Chrome but only so-so in Firefox. The latter complains that the images are not secure or something.
[Firefox] complains that the images are not secure or something.
This was an issue with smileys loading from the insecure (http://) URL. It seems to have resolved itself with the gradual flushing of the image cache. Firefox now reports the site is secure.
How does it look to you PureNihilist666?
Enabling HTTPS made its way to the top of my to-do list for another website I'm building. As promised, I took the opportunity to do the same for The Hidden Blade.PureNihilist666, please test https://thehiddenblade.com/ and let me know if anything else needs to be done. So far it's working well for me in Chrome but only so-so in Firefox. The latter complains that the images are not secure or something.
Looks good for me!
My sincere apologies for not replying promptly as I wished to do. School's started again and I've honestly forgot about AC in general for a while; but excuses are going to get me nowhere.
No issues with opening the image in a new tab or opening the image as a link in a new tab. I've tested this in Brave which is Chromium based and the site is upgraded to https from what I can see. Browser says the certificate is valid.
Again, sincere apologies for replying a month later and I thank you for your great work on the upgrades to the site.
Crisis Time
The site went down unexpectedly on August 7 - 8. I tracked down the error and asked our web hosting service if they had recently upgraded mySQL on our database server. They were like, "Yes, on August 7. Didn't you get our advance notice?" No, I did not. It turned out I wasn't subscribed to that mailing list. I am now.
They had a good reason for upgrading the database software. mySQL 5.7 has reached end of life and is no longer being maintained by Oracle. The new version, mySQL 8.0, is incompatible with the version of Drupal we use for The Hidden Blade. The web hosting service has temporarily moved our database to a mySQL 5.7 server. That's why you're able to see this now. This server was set up to give web developers about 30 days to update their sites for mySQL 8.0 functionality.
I have a plan for upgrading The Hidden Blade to mySQL 8.0. This will be a permanent solution. After I finish testing the upgrade, there will be a scheduled downtime to move the database back to our original server. I don't anticipate any data loss.
Whenever the site is down, remember you can always find me and most of the active community on our Discord server.
I have a plan for upgrading The Hidden Blade to mySQL 8.0. After I finish testing the upgrade, there will be a scheduled downtime to move the database back to our original server.
My plan worked brilliantly. 
The site will be down briefly on the evening of August 16 to switch from the temporary to the permanent solution.
That's great to hear!
Awesome.
“Force has no place where there is need of skill." Herodotus
The site will be down briefly on the evening of August 16 to switch from the temporary to the permanent solution.
Done.
The web hosting service has temporarily moved our database to a mySQL 5.7 server. That's why you're able to see this now.
We're now off of the temporary mySQL 5.7 server and back onto our original database server, which is now running mySQL 8.0. That's why you're able to see this now.
In the coming days you may see a text box with a red background containing one or more error messages. If that happens the error will be sent to a log that I am monitoring. Please do not report such errors to me until after August 31, 2024.
the error will be sent to a log that I am monitoring.
Monitoring that error log has really paid off! Besides fixing some minor errors that arose from the recent PHP upgrade, I was able to identify and fix some longstanding issues with the site.
For example, look at author panels in this thread. You'll now see icons indicating whether each comment author is online or offline (green light or red light), and additional icons to send the user a private message or email. You may now enter two or more words in the Search this site: bar at the upper left, and also edit Personal Information (location, occupation, etc.) in your profile.
Yes, The Hidden Blade is back and better than it has been in years.
Yay upgrades!
Hell yeah!
“Force has no place where there is need of skill." Herodotus
A+ job Stab!