• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

tbonethebunbun

Active Member
Hmm, was about time we got another bout of downtime around this time. Nothing new if you've been on FA for a long time, it'll be fixed soon enough.
In the meantime I'm just going to leave this old and once again relevant gem here.
Let's see how this'll end.
Dammit, I love Corsi...
 

KatherineFennec

New Member
Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.
Ok, first of all backup media is quite expensive on a large scale, especially if you want rolling, day by day backups. on top of this, in the grand scheme of things FA, like the furry fandom at large, is relatively small, so it's perfectly understandable to have a week go between full backups.
 

mikead999

New Member
FA, like most sites on the internet, doesn't actually store your password as you type it. They use a type of programming function called a hash which scrambles your password in an irreversible way. When you log in, it compares the hash of the login to the hash it has saved. At no point is your plaintext password saved. So no, the attackers wouldn't have your password.

Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.

Not to mention, with a custom browser (or maybe just using the console) it would also be possible to input the hash directly, skipping the hashing process. (Trust me, it's possible)
 
Last edited:

RedKomuso

New Member
So, they attempted to destroy database data, and didn't touch any personal information or passwords. So my questions are thus: Are you sure they did not copy passwords? It could have been to distract you while they stole user data, because it seems otherwise useless to delete info from the database, because it would not benefit the attackers. I was also wondering at what point the site would be back online, since you did not seem to specify that.
it will be up when it is up. the reason they didn't give an estimate is they do not know yet. but it will be some time. i mean they hae to go through and restore everything. and their back up is only material up to the 11th so anything that is after must be re-uploaded.
 

Takura

New Member
It's not like the staff took it in on a laptop. Someone infiltrated FA's server, extracted the source code, took a week to prepare it for distribution at BLFC on multiple drives, and left them in conspicious places.
Well they mentioned USB or something so it almost sounded like they took information with them to the convention. Still you would think FA would have better security by now...because this is getting ridiculous
 

Verin Asper

The Smart Idiot
Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.
no, its not impossible, just very very hard unless you are knowledgable of such hash system
 
M

mshy

Guest
Why must all of these hacker asshats must ruin the experience for us artists?
 

Takura

New Member
it will be up when it is up. the reason they didn't give an estimate is they do not know yet. but it will be some time. i mean they hae to go through and restore everything. and their back up is only material up to the 11th so anything that is after must be re-uploaded.
So this means we may not have FA for a few days or a few weeks? I can handle a few days but a few weeks...I hope that's not the case. Why don't they have better security? sheesh
 

casbuenting

Member
Oh also to all the new people to FA: Welcome to FA. The problems will be fixed shortly, however expect people to say this will be the end of days in the process.
 

tbonethebunbun

Active Member
So this means we may not have FA for a few days or a few weeks? I can handle a few days but a few weeks...I hope that's not the case. Why don't they have better security? sheesh
Get used to it, cause you'll be here for a while... No offense. Wanna be friends?
 

AliothFox

That High-Flyin' Foxy
GUYS. It's not a case of "FA having bad security." Have you heard anything that's been said? The security exploit was in the service FA *uses* for its database delivery. The security breach was not on FA's end. They had patched the exploit way back on the 5th. But data had been compromised before that, and since FA wasn't even aware of the exploit, they had no way of knowing said data was compromised. Instead of directing the selective outrage of the furry machine at FA, why not be outraged at the jerk who actually attacked the site? Even if FA's security could have been better, you don't prosecute the guy who had his house broken into, even if he left the door unlocked - you prosecute the actual thief.
 

Takura

New Member
Honestly, I follow many site like FA. So, for now until FA is working again, I'm going on Inkbunny. It has many of the same artists.
I'd like to go to Inkbunny but...eh I don't get much attention there so for me I'll be on DeviantArt...this sucks because I was just starting to become more active on FurAffinity again. Then this happens >_> Whoever is responsible for this mess is a complete dickbag.
 

Cloudchaser

Active Member
Why would someone do such a thing? What could they possibly have to gain from doing so? They should be forced to tell why, to hell with the right to remain silent
 
Status
Not open for further replies.
Top