• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

nyannom1

Member
so this is a sorta like a DDOS attack ?

i hated when that happen to steam at around the Xmas sale
Is it bad that whenever I think of DDoS I think of this image?
hello-hello-can-you-hear-me.gif
 

marcwolf

Auzzie Wolf
Oh...I do highly expect that in some deep, dark bunkers, there are military grade computing equipment, just waiting for World War III to start...complete with Reel-to-Reel drives, out there.

Granted, I'd be far more worried about the fact that there are still air traffic control towers in operation to this day, operating with computers that still function off of vacuum tube tech. Why, you couldn't even run Windows 1.0 beta on one of those!

*chuckles* One of the reasons I have slide rules, log books, and a small library of basic engineering manuals etc. Yes it's fine to say you have Guns and Ammo. But what happens when the ammo runs out. Meanwhile I'll be the guy keeping whats left going.
 

Bourbon.

Member
so this is a sorta like a DDOS attack ?

i hated when that happen to steam at around the Xmas sale
No, DDoS are much more simplistic and virtually anyone can do it. It's basically flooding a site's servers until they get knocked offline by making it seem like there's tens of thousands of unique people accessing the site at once.
 

Keira_Lunar

Proffesor Kikinoe
No, this is very different. A DDoS only keeps people from accessing the server that hosts the website.
This time around someone found a way in using stolen source code and started deleting things off the servers. Most the stuff that was deleted is able to be recovered using a backup, but anything newly submitted will have been lost and will have to be resubmitted by users.

ah ok so more like a Trojan Virus i have had my share of those buggers i noramly Anti virus scan it the do a system restore to just before i download said infected file but thats just for one computer i don't think the same idea would work for a server
 

nyannom1

Member
heh heh just can't stop watching the comments roll in its 2:10PM for me i have 20 minuets before i have to wash the dishes wether i like it or not

but im sure i will be back to monitor the comment streaming in
I have a feeling once I put my phone down (I'm on mobile atm) I'm going to wake up to 500+ messages.
Makes sense anyways, this is a big deal.
 

jup-reindeer

New Member
so this is a sorta like a DDOS attack ?

Well, not exactly. This is more like FA has been bondage secured with the hacker holding all the BDSM gear. Probing out the most sensitive spots and going to town as they wish. (Only FA isn't having fun.)

Whereas a DDOS is more like the busy tone on your phone when pressing buttons is refused to connect the call.
 

thesweetiger

Thesweetiger
humm I See the admin control and the user control is in the same software
Put on a seperate domaine and software for moderator and admin reduce a lot this type of attack
User interface code is free of the admin code
in the user interface , a specific db user and you need to restrict him for the user table to insert , update and select ,
in the admin domaine you meet in first a login page with the necessary only and have an another db user with more access

Out of that , FA need a new server setup
all main server need to be doubled
so with a good dns setup the traffic is seperate in two , if one fail the other one can operate without problem and the tech can fix and bring back easily and fa don't stop they activity
also with this setup you can do some maintenance on one and after switching on the other one , preventing any software issue
 

kisuka

New Member
so this is a sorta like a DDOS attack ?

i hated when that happen to steam at around the Xmas sale
This is much worse than a DDOS Style Attack.

With a DDOS attack you are hammering a server to utilize all their bandwidth so that others cannot access the site.

CVE-2016-3714 (the exploit that was used), allows you to execute shell commands on the server. Giving you access to pretty much the entire FA infrastructure if you're good enough.

I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...
 

YaoiMeowmaster

#FiftyFemboys
I've been really kind of confused all day since FA has been down. Now, as an artist it's not my only place where I put my drawings, I have like 5 other places, save my refs to the computer and backup my work constantly, it's just...really lonely? FA has traffic and reach for me like none of the other sites I use. At first when I woke up and it was down I was mildly annoyed but used to it, but the prospect of losing a week is a struggle. I had a YCH auction that was doing very well that I'll have to restart if it's not restored. Who knows if it'll get bid on again. I can only imagine what my other friends are going through when they post 5-8 submissions a DAY.

Granted, this is not entirely FA's fault. There should have been more security because the site's always been vulnearable, but someone obviously went through a lot of fucking trouble to do this. And also, its pretty disgusting that some people are finding it funny and pretty much throwing parties and saying thank god.

As dragoneer said... whoever did this isn't hurting him no matter how infamous he or the other staff may be.

They're hurting the artists of the site, and our clients.
 

nyannom1

Member
Well, not exactly. This is more like FA has been bondage secured with the hacker holding all the BDSM gear. Probing out the most sensitive spots and going to town as they wish. (Only FA isn't having fun.)

Whereas a DDOS is more like the busy tone on your phone when pressing buttons is refused to connect the call.
This makes so much more sense that it's scaring me a bit.
Though, if FA isn't having fun, wouldn't those sensitive spots be either a) infected; or b) broken skin?
 

Bourbon.

Member
ah ok so more like a Trojan Virus i have had my share of those buggers i noramly Anti virus scan it the do a system restore to just before i download said infected file but thats just for one computer i don't think the same idea would work for a server
No, it's not like a virus at all. Viruses are malicious programs that can log information and scramble programs and disable them as well as delete files.
 

Keira_Lunar

Proffesor Kikinoe
I've been really kind of confused all day since FA has been down. Now, as an artist it's not my only place where I put my drawings, I have like 5 other places, save my refs to the computer and backup my work constantly, it's just...really lonely? FA has traffic and reach for me like none of the other sites I use. At first when I woke up and it was down I was mildly annoyed but used to it, but the prospect of losing a week is a struggle. I had a YCH auction that was doing very well that I'll have to restart if it's not restored. Who knows if it'll get bid on again. I can only imagine what my other friends are going through when they post 5-8 submissions a DAY.

Granted, this is not entirely FA's fault. There should have been more security because the site's always been vulnearable, but someone obviously went through a lot of fucking trouble to do this. And also, its pretty disgusting that some people are finding it funny and pretty much throwing parties and saying thank god.

As dragoneer said... whoever did this isn't hurting him no matter how infamous he or the other staff may be.

They're hurting the artists of the site, and our clients.


awww * hugs* i hope your action ends well in the end its never good to loose money and your right this is hurting the users more then the admin
 

Keira_Lunar

Proffesor Kikinoe
This is much worse than a DDOS Style Attack.

With a DDOS attack you are hammering a server to utilize all their bandwidth so that others cannot access the site.

CVE-2016-3714 (the exploit that was used), allows you to execute shell commands on the server. Giving you access to pretty much the entire FA infrastructure if you're good enough.

I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...


to little to late to put it simply right ?
 

kisuka

New Member
Granted, this is not entirely FA's fault.

Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:

www.cve.mitre.org: CVE - CVE-2016-3714

A system administrator needs to be watching the latest updates / exploit reports of everything that their web apps use. Failing to patch critical security risks like this in time can be deadly.
 

Keira_Lunar

Proffesor Kikinoe
No, it's not like a virus at all. Viruses are malicious programs that can log information and scramble programs and disable them as well as delete files.

ok im just trying to understand a bit more on whats going on i know its not a virus or a DDOS attck but no matter how you look at it were all screwed till its fixed
 
D

Deleted member 82554

Guest
Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.
 

Keira_Lunar

Proffesor Kikinoe
Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30.

geeze thats a long time it was discoverd and only now it was "patched" ok not tossing blame but ouch on FA's part
 

Keira_Lunar

Proffesor Kikinoe
Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.

i understand that but im not one to branch out to other sites just cause of one that i been a part of for a year now happens to end up in this state
 

YaoiMeowmaster

#FiftyFemboys
awww * hugs* i hope your action ends well in the end its never good to loose money and your right this is hurting the users more then the admin
Thanks a lot *hugs back* Luckily I do still have the files, its just the idea of wasted time that bothers me most. not to mention that all the people who watched my stuff in the past week are no longer going to be watching me. since i doubt they will remember unless they see the ad again, thats another possible loss of potential. D:

Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:

www.cve.mitre.org: CVE - CVE-2016-3714

True, but its not as though Furaffinity was "asking for it" the way twitter knuckleheads are making it seem. It's still abominable that someone attacked it in the first place and they need to be held responsible for their actions as well.
 
D

Deleted member 82554

Guest
i understand that but im not one to branch out to other sites just cause of one that i been a part of for a year now happens to end up in this state
Are you afraid you might find something better?
 

nyannom1

Member
Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.
While that is true, you can post art and look at other art sites, however, with some people that have commissions to do and who gain income from said commissions will still suffer (unless they have another said site that can do this, though, a percentage will still be hacked off).
 

YaoiMeowmaster

#FiftyFemboys
Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:

www.cve.mitre.org: CVE - CVE-2016-3714

A system administrator needs to be watching the latest updates / exploit reports of everything that their web apps use. Failing to patch critical security risks like this in time can be deadly.
Believe me, I'm incredibly irritated that Furaffinity's lax attitude pretty much caused this to happen, but there's blame to be had on both sides.

While that is true, you can post art and look at other art sites, however, with some people that have commissions to do and who gain income from said commissions will still suffer (unless they have another said site that can do this, though, a percentage will still be hacked off).
^^^^yup
Commissions are really not that easy to get as people seem. You have to establish yourself for a while and/or know someone who will promote you on that site. FA is a large percentage of income for many people and its not their fault for that. For example, even though many of my friends get some clients from facebook and twitter, 90% of their following is FA based. To the point where they literally cannot leave.
 

Fawk

I don't like people
True, but its not as though Furaffinity was "asking for it" the way twitter knuckleheads are making it seem. It's still abominable that someone attacked it in the first place and they need to be held responsible for their actions as well.
^This. Yes, FA could have acted faster. But that doesn't make what other people did okay.
Like, if I don't lock my car it doesn't make whoever stole it less of a horrible person, even if it does mean I should have been more careful.
 
Status
Not open for further replies.
Top