5/17 Site Attack

[Lunarmagic]

Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!

There is no need to be hostile. The people who work on networks are not all mighty gods who can prevent everything bad that happens but chose not to, they are people just like you, but with a bit more knowledge on how a computer/network works. In a couple of months you could have a large majority on how a network and computer work memorized without actually feeling much smarter.

 

[TheN1K0L4Z]

I think we have dissension in the elite ranks of FA's Staff! I want all the staff evaluated. I'm gonna get me a conviction!

JK; But still, whoever was distributing those forged keys, obviously has some issues within the staff. So, whoever had the gall to use the exploit against our empire, better come clean now, or we will find you, without hesitation! Justice will be served!

 

[Rythas]

I mean, just remember that this isn't the fault of any authority figures present. Precautions are taken on every website that I know of to keep them from being hacked and such, so the whole USB ordeal was the work of someone who took advantage over something accidental. Not everyone is perfect, not many sites are perfect (apparently Google is since they challenged hackers to break their codes), and this is especially true when a community is targeted by people under educated about said community.

 

[Iracuse]

It was several years ago when FA was much smaller and easily could have withered away due to it. The site perseveres because it continues to provide what other sites can't.

Aye, something like that. As long as this downtime doesn't last for weeks on end, we should be fine.

 

[RestrainedRaptor]

The exploit in question was not with FA's code but with a plugin called ImageMagick. Once we were made aware of the vulnerability it was patched, but were not aware that the source code had been leaked at tha time.

Yes, I understand how it occurred (and I saw the ImageMagick news a while back). However, IMVU has had reasonable time (since January) to help find and fix security flaws in FA's codebase, as well as provide adequate hardware... They are obligated to do that, right? Well, I hope they're working a little harder now.

 

[LOLman777]

Um... Will the FA community bring back FA just as it was?

 

[Kendareru]

@Dragoneer Take the time you need. These sorts of issues aren't "push button to fix" and it's understandable that it may take a while. The site'll be up when you're goo and ready, and we'll live until then. Unless someone decided to hold their breath until the site's back, in which case... oops.

 

[Altair_the_lugia]

That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.

I know, I'm just ticked off. Can you blame me? FA's been running the same fossilizing code for years. It was only a matter of time before someone found an Achilles heel. I'll give props that it wasn't exploited till now.

 

[Rythas]

My question would be, does IMVU earn anything from having the website up? I would think that, if they did, they would put more effort into making sure that the website is secure. If they don't, then I understand why they wouldn't care as much.

 

[Traveller800]

I mean, just remember that this isn't the fault of any authority figures present. Precautions are taken on every website that I know of to keep them from being hacked and such, so the whole USB ordeal was the work of someone who took advantage over something accidental. Not everyone is perfect, not many sites are perfect (apparently Google is since they challenged hackers to break their codes), and this is especially true when a community is targeted by people under educated about said community.

well said, rythas. It reminds me of a similar attitude to miner players on eve online. Most of the non-miners think they are cowards and don;t belong in the game. I know at least one player who was driven from the game by this toxic attitude.

This is one of the reasons I like this site...because it reminds me of a second community in eve online...a group called 'broadcast4reps' who instead of being shortminded fools, go out of their way to be welcoming and supportive to everyone they meet, a bit like the FA community were when I set up a little account on your site and spent my time commenting on the art I liked.

 

[AliothFox]

That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.

I remember a couple years ago when it was in read-only for a month or so. There was the threat of a "mass exodus" then, just like there is every time FA has a hiccup. Most of the people who talk about "leaving FA" tend to either be divas who just use it as an opportunity to get a bunch of attention in the form of "please don't leave!" comments, or people who have a personal beef with FA because their ticket/issue didn't get resolved exactly as they'd have liked. FA has gone through a hell of a lot worse than this.

I think this is truly a case of "what doesn't kill you makes you stronger." If anything, this will likely prompt a much-needed security audit, and the site will be better and safer as a result. For all people have complained about IMVU, the site's performance has actually improved somewhat considerably since the sale. Downtime used to be something that you could count on every 2 weeks or so. Now the site can often stay online for 2-3 months, under a much larger load. So it helps to step back and put things in perspective.

 

[Exemption]

So sadening that people would do such a thing, hope its gets resolved soon.

 

[desoto_jellywerewolf]

Now, be honest. Raise your hand...

How many of you created FA Forums accounts just because of this.

*Raises hand*

THIS GUY DID.

 

[Storok]

oh my god why is everybody thinking there is an apocalypse...

 

[Lunarmagic]

Yes, I understand how it occurred (and I saw the ImageMagick news a while back). However, IMVU has had reasonable time (since January) to help find and fix security flaws in FA's codebase, as well as provide adequate hardware... They are obligated to do that, right? Well, I hope they're working a little harder now.

It can actually take a lot longer than months to replace the hardware. (Depending on how much/old it is.) I am sure they are doing their best and you should have more faith in what they are doing if you do not know the specifics of their operation.

 

[Orca1]

Shouldn't this issue be brought to the FBI? I may be mistaken, but this could be considered an act of cyber-terrorism, or at least within the purview of their cyber crimes unit.

 

[tbonethebunbun]

Now, be honest. Raise your hand...

How many of you created FA Forums accounts just because of this.

*Raises hand*

I did, for two reasons...

1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.

2: I'm the same guy who, 5 years ago on Youtube, told everyone who was whining, crying, moaning, and complaining about this exact same thing to "GET OVER IT!" Yeah, I am the "OFFICIAL" tbone2004 in case you were wondering. Of course, I didn't create that to be a total jerk, I did it just to provide a sense of comfort in these dark times. After all, it's just a character I play, just like with my fursona when I fursuit at cons.

But in all seriousness, guys... FA IS GONE AND WILL NOT BE COMING BACK FOR A WHILE, SO GO DO SOMETHING ELSE! YOU DO KNOW DOOM JUST CAME OUT, RIGHT???

 

[Traveller800]

I did, for two reasons...

1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.

2: I'm the same guy who, 5 years ago on Youtube, told everyone who was whining, crying, moaning, and complaining about this exact same thing to "GET OVER IT!" Yeah, I am the "OFFICIAL" tbone2004 in case you were wondering. Of course, I didn't create that to be a total jerk, I did it just to provide a sense of comfort in these dark times. After all, it's just a character I play, just like with my fursona when I fursuit at cons.

But in all seriousness, guys... FA IS GONE AND WILL NOT BE COMING BACK FOR A WHILE, SO GO DO SOMETHING ELSE! YOU DO KNOW DOOM JUST CAME OUT, RIGHT???

*shoots you with BFG 9000* Yes

 

[Lunarmagic]

@Dragoneer Take the time you need. These sorts of issues aren't "push button to fix" and it's understandable that it may take a while. The site'll be up when you're goo and ready, and we'll live until then. Unless someone decided to hold their breath until the site's back, in which case... oops.

Thank you for remaining positive, and (based on what they said) It should not take more than a couple of days. A full restore is a bit of a hefty tole.

 

[nuccathewarrior]

This sounds like it was either China, Russia or North Korea. They have been attacking the website I run for Big Time Youtubers which recently started. I'm not advertising it but it sounds like they found an exploit in the system big time to access personal data of each account which is quite scary. Possibilities, could be ISIS, Anonymous, or just some scriptkiddie that managed to hack into the site's database.

The best thing to do is find out the source, find out who did, if its a Chinese IP, Russian, or Korean, Ban the entire range because they will never stop until you give up, Look at the logs of which IP visited possibly 1-6 weeks back including today. Finally get a backup data unit rolling. Also close ANY remote ports that you may have open for third party... I understand the problems that it may cause but the hackers nowadays are attacking phpmyadmin, phpadmin, webadmin, ports such as 3306 which is the SQL server port and possibly any remote ports that you have open besides port 80 and 587 or 25.

It doesn't hurt to think like one, thinking preventive measures, thinking how they attack, and knowing when it will happen. My experience with hackers is 500 fold knowing how they will attack at random. Hell, I could be knocked out tomorrow and not even know about it. Plus also I forgot to mention is phishers who love making fake ass websites to get your info.

Please take these hints, these skills I know and make sure it will not happen again.....

 

[Rythas]

I haven't been around long enough to see what AliothFox has said about website improvement, so I'm really glad to know that they've been improving it. I think people complain everywhere just because they can; for example, I work on a game server that has many sub-servers, and if one goes down everyone tends to go into the lobby and start going "omg I'm leaving this server sux butt" "hate dis :'(" and the like. If DeviantArt ever went down, I expect they would get the same response.

 

[b0rnstellar]

I think we have dissension in the elite ranks of FA's Staff! I want all the staff evaluated. I'm gonna get me a conviction!

I can see it now.

Let the SALEM FURAFFINITY WITCH TRIALS COMMENCE

 

[Bourbon.]

Shouldn't this issue be brought to the FBI? I may be mistaken, but this could be considered an act of cyber-terrorism, or at least within the purview of their cyber crimes unit.

I agree, I'm pretty sure this is very much illegal and needs to be reported to the proper authorities.

 

[OmegaOverdrive]

This could be a big problem. .w.

 

[tbonethebunbun]

*shoots you with BFG 9000* Yes

BRUH, DO YOU EVEN IDDQD?