• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

V3N44X

bool n00b = true;
What a friend of mine who is a bonafide computer expert has to say about this: "Pretty sophisticated attack. Not a Joe down at the coffee shop thing. I can't imagine anyone putting in the work to do it for free. But back in the boot wars there were clubs of hackers working on that stuff. Crazy."

No, it was not sophisticated. The initial attack was using an exploit in imagemagick that any n00bs would be able to do easily.

The second attack was also simple, though arguably more complex, due to the source. But, I do not have insight into how it worked. Either way, I suspect it was a simple fault, also.
These attacks are certainly a joe at the coffee shop things.
Oh, and by the way, one of the best places to exploit something is at the coffee shop. Just don't be the only one there with the computer out. And VPN away anyways. etc.

These days, anything for "fun" like this will be done solo... the "teams" do it for profit. Someone doesn't like FA or the furry fandom. And that's the reality of it.


I just thought to ask. What convention were the drives distributed at?
To my knowledge, BLFC.

Ah.

On my own personal note, if it was just another DDoS attack on FA, this wouldn't be an issue. But some fucker out there has the source code and that means back-end access to everything. Passwords, personal information, the works.

They're either gonna have to make some serious back-end changes (which is extremely difficult), or start over again to stop this being a problem.

They'd better not have access to passwords. They'd better bloody be salted and hashed. Given the security of this site... change any passwords on sites that have the same password... seriously. Do it.
Changing it shouldn't be a problem o.o patching holes is always a good idea.
In fact, the site code should be regularly audited -- who at IMVU is watching?
Does IMVU even care?
They won't have to start over again. That's insane :3

I've been through a decent number of FA downtimes and it always seems to come back, if not always punctually.
This is different from the previous downtimes.



One thing I do have to say: Kudos to Dragoneer for actually admitting the site was attacked.
Boo for not getting audits done on a major site. :p
 
Last edited:

Gem-Wolf

da golden wuff
No, it was not sophisticated. The initial attack was using an exploit in imagemagick that any n00bs would be able to do easily.

The second attack was also simple, though arguably more complex, due to the source. But, I do not have insight into how it worked. Either way, I suspect it was a simple fault, also.
These attacks are certainly a joe at the coffee shop things.
Oh, and by the way, one of the best places to exploit something is at the coffee shop. Just don't be the only one there with the computer out. And VPN away anyways. etc.

These days, anything for "fun" like this will be done solo... the "teams" do it for profit. Someone doesn't like FA or the furry fandom. And that's the reality of it.



To my knowledge, BLFC.



They'd better not have access to passwords. They'd better bloody be salted and hashed. Given the security of this site... change any passwords on sites that have the same password... seriously. Do it.
Changing it shouldn't be a problem o.o patching holes is always a good idea.
In fact, the site code should be regularly audited -- who at IMVU is watching?
Does IMVU even care?
They won't have to start over again. That's insane :3

I don't believe IMVU gives a rats arse tbh.
If FA has to start all over again I'm walking and not returning.
 

ktar_aramee

New Member
Would FA be able to mass upload and organize photos in a way similar to Inkbunny? I have a few series of artwork on my page that may be better if they were grouped in a single "folder" rather than individual submissions and grouping them later. In cases of data loss like this, it could help artists and commissioners.
 

Gem-Wolf

da golden wuff
Would FA be able to mass upload and organize photos in a way similar to Inkbunny? I have a few series of artwork on my page that may be better if they were grouped in a single "folder" rather than individual submissions and grouping them later. In cases of data loss like this, it could help artists and commissioners.
It took FA 10,000 years to even get the folders they had, let alone improving them
 

TastesLikeGreen

New Member
I think the main reason I like FA over any other side is simplicity of use. It's easy to submit, like, fav, watch etc. About the only thing I prefer over FA is Inkbunny's writing interface. FA sucks if you're a writer and needs to copy how Inkbunny displays written text.
Personally, I prefer the big wide display they have on SoFurry for showing stories over the narrow tablet-style viewer on Inkbunny, even if I prefer FA as a site. Could really do with some tag/user blacklists, though, I can think of more than a few people whose art I wouldn't mind never seeing again... :B
 

peanutbutterking

New Member
IT WAS MEEEE~ not really, I'm sorry you got hacked ono and I know this doesn't matter in the least but thank you for trying to fix everything! and keeping us updated~ :p
 

Snowbbi

99% fluff
Hehe... you're probably right.
I like FN, but it's a bit... I dunno.
I made an account there today and I feel you on that sentiment. For me it just seems... Impersonal. It's just kinda there to upload your stuff and be done. I've found a few friends on FA and I'd hate to lose them over this.
 
D

Deleted member 82554

Guest
I don't believe IMVU gives a rats arse tbh.
If FA has to start all over again I'm walking and not returning.
They're going to have to start all over again, someone has the source code. That isn't just a simple patch and put FA back online job, the people that have the source will always have access to everything on a software level unless they make some serious back-end changes.
 

Keira_Lunar

Proffesor Kikinoe
Tumblr is the WORST at circlejerking jesus christ. Yup, most of the base is whining 15-17 year olds with no money and underselling their own art anyway.

Still...I got some really good business because of my art tumblr even though it hadn't been updated in months because i had my contact info on there. The client was really sweet and respectful too so even if you abandon it, dont delete. ;) But it was very surprising.


i only used Tumblr for one thing porn surfing granted that whole Rebloging thing and how lazy some users are i think im soon to stop visiting tumblr pages as i swear i have seen the same pics in more then 10 blogs ugh MESSY
 

peanutbutterking

New Member
I made an account there today and I feel you on that sentiment. For me it just seems... Impersonal. It's just kinda there to upload your stuff and be done. I've found a few friends on FA and I'd hate to lose them over this.
that's why I post my kik and telegram info
 

oto

New Member
Exactly. Furthermore, just because Weasyl doesn't go down doesn't mean it's reliable for business in any way, nobody's there.

Tumblr is uncomfortable, I do have an art blog on there and I post there but it's not really good for commissions. It's hard to keep track of who's who with how easy usernames can change, the messaging system isn't good and nobody has money there anyway. At least in my experience.

I hate tumblr not only for its crappy layout and also the things you said, but also for the fact that 95% of the userbase clearly does not know what a freaking NSFW tag is for their posts. Worse is that the tumblr staff apparently can't be bothered to enforce something as simple as NSFW tagging. And good luck reporting a inappropriate avatar.

I could put up with the usual unmarked NSFW crap for a while, but when I started seeing real life pictures of a popular artist's wiener without any sort of mature filter on (among other things), that was the last straw for me and I immediately abandoned my account there. As bad as the horrors of FA's NSFW database is, at least the people here are curt enough to properly tag them as such.
 
Last edited:
Status
Not open for further replies.
Top