• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

coyoteOdin

Active Member
The situation is very unpleasant and nervous

I have two questions:
1. I hope you plan to appeal to the police to catch the criminals, who organized this attack?
2 and still in a period of the FA work again?

PS. sorry for my not very good english
 

PatrickQuin

New Member
This attack looks like the modern incarnation of industrial espionage.
The corollary to Kerchoff's principle, Shannon's maxim, e.g. assume "the enemy knows the system," still holds.
First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.
You and I, and anyone with related knowledge all know, that FA needs to be rewritten from scratch, because no matter how well you fix it up, it is still castle built of recycled cardboard and plastic bags, reinforced with duct tape.
...or at least it holds to an extent.
 
Both Weasyl and DA are garbage, IMO.

Waves @Bourbon. <3

PS: Is there anywhere you aren't, @Mr. Fox ?

Aint that the truth, though I don't know anything about Weasyl. I do know plenty about DA, having 2 friends chased off of there. One by a some psycho fangirl that was obsessed with my friend's story they were writing and one of the characters in it. My other friend left because DA wouldn't help her with a persistent art-thief who plagued many of the fandom we were both in.
I'm still on there under the name I use here (changed account for the reasons above), and I still wonder why the heck I'm still there.

Also FA I hope you come back soon, and that the staff are getting plenty of rest (rooting for you guys), and I hope the stuff they think is lost is salvageable.
 

LadyNightosphere

College Artist
I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen. :(

I'm also assuming there is still no ETA yet?
 

Keira_Lunar

Proffesor Kikinoe
well in the mean time if anyone wants to chat, both my steam and skype are scorcher836. go ahead and add me if you'd like. i dont mind meeting new furs. :p

Anyone who is interested in a chat group to talk and discuss their feelings or want to meet new friends, add me on skype @ tenaki1995 :3


i will add you both if you don't mind i like meeting new furs as well also my Skype and Steam are Keira Lunar i have no Kik sorry and when it comes to sending me a request on skype pls customise your request text saves me having to ponder if your a bot
 

Fordoxia

Member
I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen. :(

I'm also assuming there is still no ETA yet?

And this is why you make your own backups. At least 3 different storage mediums if you really don't want to loose it.
 

Snowbbi

99% fluff
I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen. :(

I'm also assuming there is still no ETA yet?
As of a few hours ago, there hasn't been one. I've been refreshing a lot of pages, including FA itself and there's still no news. Best to keep waiting here and checking r/furry, as the official statement over there is stickied too.
 

Hassat Hunter

New Member
Trying to go through this thread (I know, too much time). Kinda leave the first 35 pages be as it's too long ago, but here from page 35 on, trying to make my way to the current page.

Small note; it's rather funny how people try to make the artists go to an alternative site to sell their art then think that "smart business sense". Getting 95% less clientele is good business? And then they are truly shocked when the actual artists point out to them their 'smart business plants' are outright suicidal to their income.
I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...
FA fixed it 5 May. Alternative site (and apparently "much better than FA") Weasyl did... 3 May. So just a 2 day difference, and still the month inbetween people find so bad.

Safe to say if we were on another site, there would be absolutely no difference in this regards, and the only reason FA got picked out is it's popularity.
indeed last year my house got broken into now my house is heavily secured

i only hope FA admins learn from this
Well, now you've secured your house from theft, it burns down.
And you get an earfull of people who complain how that could have happened when you've protected yourself from. Basically what happened here.
You should not be remembering passwords. You should be using a password manager like KeePass to generate a unique password for every website. Then you have a master key that opens your database of passwords.
Congrats, you've generated a single-point-of-failure. If that fails... EVERYTHING falls appart. Generally I don't really consider that the best of security measures. You don't either giving 2P-Authentication afterwards.
It's like putting 10 locks on your door, but having 1 master key that fits all 10. Those 10 locks aren't more secure than 1 lock like that.
*shudders* no offences but i HATE the two step locking function its really messy and my phone can't take on any more apps i was lucky enough to install Steam mobile app at the least i don't need more
I really HATE Steam mobile authenticator with a pure passion. Aside from being REQUIRED (why? I have no smartphone) it's entire goal was to remove the single-point-of-failure... and instead they just shifted it to the mobile device, which are less secure than desktops by definition. So much fail. Not to mention to overrun all that they give you a single deactivation code which creates a new easy access point into your account, so the entire stuff is pointless to the extreme security wise.
 

nyannom1

Member
You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??
Since I only have around 3 followers and 5+ submissions, I won't be in much of a stink, but I understand how people would feel if they were on the site for a long time and had to start over.
Like I said before, it's hard rebuilding a demolished fortress, especially if the good building blocks are gone.
 

PatrickQuin

New Member
Last edited:

LadyNightosphere

College Artist
And this is why you make your own backups. At least 3 different storage mediums if you really don't want to loose it.
I know that now for next time. At least I still have a good chunk of my uploads on InkBunny, but not by much. I can probably go off of what I have on there to update my Weasyl and other places. If only they also had a transfer program like InkBunny does.
 

Keira_Lunar

Proffesor Kikinoe
Since as far as I can tell no one in this thread mentioned it: this caught the attention of InfoSec Taylor Swift:
So of course some tech folk are responding; including employees for big name companies; this should be a fun tweet thread to dig through.

Edit: this is too precious:


*sighs* oh geeze NOW it starts the confounded Twitter gosip this is why i don't have an account
 
It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity's source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.

We managed to get a hold of one of the USB drives and started to analyze what was distributed. While we were investigating, somebody launched a second attack against the site using information gleaned from the source code.

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.

We apologize for the inconvenience to the community, and are working to rectify the issues. If anyone has any knowledge/evidence as to who perpetrated the attack, or who was distributing the USB drives containing FA’s source code, please privately contact Dragoneer on Twitter (@Dragoneer) or via email at dragoneer@furaffinity.net.

We are working to restore FA as quickly as we can, but want to make sure we take proper steps to prevent any further issues. We will keep the community updated on our progress.


This is a photo of one of the USB drives distributed with FA’s source code. If you have any information on who was distributing these drives please let us know by contacting us as mentioned above.
This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.
 

NoahGryphon

Random pouncing
Im not really that worried because they said its backed up at least :p so il probably just lose a few favorites. But i still hope people who make moneh from furafffinity survive this
 
You're supposed to download a program called "tor" and use it in order to go onto the deep web. It's basically the layer of the internet below the "seen" internet, like ".net" and ".com" with a lot of red-rooms and things like that, where you use bitcoins to pay for things. You can get things like drugs and stuff like that on it. It's where all of the really unnerving parts of the internet are.
To be exact, Tor is the name of the deep web network. You need to download Tor Browser in order to access it.
 

KazWolf

Member
Im not really that worried because they said its backed up at least :p so il probably just lose a few favorites. But i still hope people who make moneh from furafffinity survive this
I really hope my ref would been saved, It's older than 6 days, and i put it in Furaffinity on last year. I hope i could get access to my ref sheet again as I don't have it on computer anymore, atleast can't find it
 

supersonicbros23

Appearance: unoriginal; Personality: out to lunch
This has espionage written all over it. Its almost exciting in that factor, at least the way I see it. I just wish I didn't live so far away from where this BLFC is/was supposedly held, I'd go in there and try to get some answers
 
This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.

I doubt people ever will. There are some people who are just snotholes and then there are people who just don't like us because we're nerds opposing to their nerdyness or what ever. It's like the Star-Treks fans not liking the Star Wars fans. We're in the spotlight right now because of twitter posts, a few bouts of drama that happened earlier this month and possibly because of Zootopia. People usually don't ever let other alone. Thats why nerds and geeks avoided the 'jocks' and so forth because people can't just be nice and leave each other alone.

Gawd I'm tired. X_x
 
Status
Not open for further replies.
Top