• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

---Storm---

Artist for hire
A question for Dragoneer regarding the ImageTragick exploit
If I udnerstand correctly ImageTragick was patched upstream 30th April. Dragoneer said:

Somebody got the source code through the ImageTragick exploit (which we patched on May 5th)
So it took them five days to patch it. That was more than enough time for the attackers to steal the source.

So if the above is true, in this attack it wasn't ImageTragick, but some exploit they found in FA's code. Which is reasonable since we know the code is very bad and old - as an ex FA developer said, a "clusterfuck".
 

TheBlackKnight

New Member
If I udnerstand correctly ImageTragick was patched upstream 30th April. Dragoneer said:


So it took them five days to patch it. That was more than enough time for the attackers to steal the source.

So if the above is true, in this attack it wasn't ImageTragick, but some exploit they found in FA's code. Which is reasonable since we know the code is very bad and old - as an ex FA developer said, a "clusterfuck".

Not interested in the second exploit, but rather the first - As it shows a level of complacency in Fur Affinity's monitoring and patching of publicly announced vulnerabilities.
 
If I udnerstand correctly ImageTragick was patched upstream 30th April. Dragoneer said:


So it took them five days to patch it. That was more than enough time for the attackers to steal the source.

So if the above is true, in this attack it wasn't ImageTragick, but some exploit they found in FA's code. Which is reasonable since we know the code is very bad and old - as an ex FA developer said, a "clusterfuck".

wait wait wait, you mean that this all happend sometime between april 30th thru the first week of may, and no one seen it until yesterday?
am i understanding this correctly?
 

HalouDoval

New Member
First you identify the fault, then you make the patch.
Next you test the patch, then you roll out the patch whilst checking for any conflicts.
It takes time
^,-,^
When things go bad I tend to assume the worst of it. The Herpy.net website was knocked out for nearly 6 months between 2008 and 2009 because hackers took advantage of a hole in the site's security. A "fault" for which the staff were still apologizing years afterwards.
 

ferretsage

Well-Known Member
I remember getting angry about FurAffinity going down many years ago due to trolls/hackers, etc., and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.

So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.

And don't give me that BS that you have no interest in the porn. I've been on the sidelines of furry for 20+ years -- I haven't seen that flat lie used before by moral signaling insecure nerd manchildren most Western Civilization has degenerated into.

Disclaimer: I find mainstream Humanity as morally torpid as anything found within this community. No need to recognize, much less defend or attack furries/trolls/humans as worthwhile or separate factions.
 
Last edited:

Fawk

I don't like people
I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.

So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.

And don't give me that BS that you have no interest in the porn. I've been on the sidelines of furry for 20+ years -- I haven't seen that flat lie used before by moral signaling insecure nerd manchildren most Western Civilization has degenerated into.

Disclaimer: I find mainstream Humanity as morally torpid as anything found within this community. No need to recognize, much less defend or attack furries/trolls/humans as worthwhile or separate factions.
 

Faolan_Wolf-Wings

Aokin the Cyan Jolteon!
When things go bad I tend to assume the worst of it. The Herpy.net website was knocked out for nearly 6 months between 2008 and 2009 because hackers took advantage of a hole in the site's security. A "fault" for which the staff were still apologizing years afterwards.
Yikes! I sure hope we don't have to wait that long! It's bad enough that we'd be out for a couple days or a week at most!
 

Gem-Wolf

da golden wuff
I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.

So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.

And don't give me that BS that you have no interest in the porn. I've been on the sidelines of furry for 20+ years -- I haven't seen that flat lie used before by moral signaling insecure nerd manchildren most Western Civilization has degenerated into.

Disclaimer: I find mainstream Humanity as morally torpid as anything found within this community. No need to recognize, much less defend or attack furries/trolls/humans as worthwhile or separate factions.
 

Snowbbi

99% fluff
I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.

So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.

And don't give me that BS that you have no interest in the porn. I've been on the sidelines of furry for 20+ years -- I haven't seen that flat lie used before by moral signaling insecure nerd manchildren most Western Civilization has degenerated into.

Disclaimer: I find mainstream Humanity as morally torpid as anything found within this community. No need to recognize, much less defend or attack furries/trolls/humans as worthwhile or separate factions.
ow the edge.jpg
 

Caraid

Classy cat
Except for those of us who are trying to conduct business through FA, of course. There are always other routes, but it's certainly very inconvenient. I don't have the contact information of all of the clients on my waiting list so I can't progress with commissions once my current active list runs out.

Of course, I'm to blame for not having a backup plan there, but to assert that people are only miffed because they can't access "their pr0nz" anymore is obviously bullshit. Possibly a bit of projection, too.
 

quoting_mungo

Well-Known Member
A reminder to please tone down the bickering, side discussions (if you want to connect with someone on Kik or Telegram, or want to network with other artists, great, but please use PMs to discuss this so this thread can stay on topic), and image macros.

The ImageTragick exploit was patched within hours of tech becoming aware of it. Bad luck meant that before this patch was employed, someone decided to use the exploit to download our source code.

The attack that resulted in us taking the site down to prevent further damage was a second attack, unrelated to to ImageMagick save for likely being facilitated by the illicitly obtained source code. We know for a fact this code was distributed on USB drives at BLFC, and we have a copy of the data that was distributed on those drives.

As we wouldn't want to restore the site just to have it attacked again (possibly with more serious consequences), a thorough audit is being done to identify and eliminate vulnerabilities in FA's source code before it's brought back up. Still no ETA, I'm afraid, but be assured tech has been working hard on it.

Those of you who are artists for whom art is an important source of income, if you haven't already, you may want to check out the Art Sales section of this forum. It may not have as high traffic as what you'd normally get on mainsite, but it might at least help tide you over until we can bring the site back.
 

zidders

Well-Known Member
Not trying to make myself sound like I'm a super great guy-I'm not always as good a person as I'd like to be-but I believe if we want the community to be better we can make it better by doing our best to be kinder towards each other. That's the nature of some of humanities biggest issues-people disrespecting others. What led to this event was someone with a lack of respect and an unwillingness to show others a little common decency causing everyone a ton of grief. If we all did our best to respect each other more stuff like this would happen a lot less if at all.
 

LunaAzzurro

New Member
quick guide to boost morale in the wrong direction:

Listen to this track:
Then go to : www.furaffinity.net: FA is temporarily offline.
Then read the sentence "FurAffinity will return shortly!" over and over agian.

I miss you FurAffinity :(

I made an account just to tell you this was hilarious.
...this was hilarious...

Well.. there goes about 5mins of my life.
Not like FA is up for me to spend it there anyway. :mad:
 

Gem-Wolf

da golden wuff
Except for those of us who are trying to conduct business through FA, of course. There are always other routes, but it's certainly very inconvenient. I don't have the contact information of all of the clients on my waiting list so I can't progress with commissions once my current active list runs out.

Of course, I'm to blame for not having a backup plan there, but to assert that people are only miffed because they can't access "their pr0nz" anymore is obviously bullshit. Possibly a bit of projection, too.
 

Mid-Nightshade

New Member
A reminder to please tone down the bickering, side discussions (if you want to connect with someone on Kik or Telegram, or want to network with other artists, great, but please use PMs to discuss this so this thread can stay on topic), and image macros.

The ImageTragick exploit was patched within hours of tech becoming aware of it. Bad luck meant that before this patch was employed, someone decided to use the exploit to download our source code.

The attack that resulted in us taking the site down to prevent further damage was a second attack, unrelated to to ImageMagick save for likely being facilitated by the illicitly obtained source code. We know for a fact this code was distributed on USB drives at BLFC, and we have a copy of the data that was distributed on those drives.

As we wouldn't want to restore the site just to have it attacked again (possibly with more serious consequences), a thorough audit is being done to identify and eliminate vulnerabilities in FA's source code before it's brought back up. Still no ETA, I'm afraid, but be assured tech has been working hard on it.

Those of you who are artists for whom art is an important source of income, if you haven't already, you may want to check out the Art Sales section of this forum. It may not have as high traffic as what you'd normally get on mainsite, but it might at least help tide you over until we can bring the site back.

Thank you kindly for the update, hopefully it'll ease everyone's panic a little and stop the fighting among one another for something that's out of everyone's control.
 

ferretsage

Well-Known Member
Thank you kindly for the update, hopefully it'll ease everyone's panic a little and stop the fighting among one another for something that's out of everyone's control.

"Fighting", and yet this simple observational post is just my first reply to all the responses in this thread to my first post -- including an admin response at, like, 5 AM or some shit.

I'm not the first person to be dismissed as causing drama for furries without issuing any personal attacks or even punching back against any of the passive aggressive responses to my post. I'm not even fighting - - the drama is an illusion in your heads.

Sigh. Wasted words.

I am a gentleman who does not persist long where he is not wanted. As asked for by the administrative staff member, I will take my leave where there is no mutual respect lost.
 

SgtSitdown

New Member
I really hope you guys and girls can get this sorted quick :) i know how much of a pain this kinda thing can be X3
But yeah, hope fully when it does come back up, it doesn't immediately crash from traffic XD

G'luck <3
 

MamaGennie

New Member
I want to thank the team that is working on this to get FA back up and running. I know that you are working hard to get the issue resolved, and get FA back up and running. It can't be an easy task.

Ladies and Gentlemen, I know you want to be back to your pages, your submissions, you stories and everything else that you're involved in here, we all do. But, take it from a computer tech, this stuff isn't a five minute fix We may be down for a couple of days. I haven't gone back and read through forty some pages of this stuff. These guys and gals are doing their best to bring everything back to some semblance of normality, whatever the hell that is. So, look, calm down, go outside and play. You DO remember 'outside', right? It's on the other side of that thing you look through called a 'Window' and the big tall thing called a 'Door.' Take a walk, take a drive, go get on a bike and have some fun.

You're complaining and lack of understanding only makes this harder on the people who ARE trying to get it back for you.

Mama Gennie
 
Status
Not open for further replies.
Top