• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

rin_elyran

New Member
they had patched it to where it got blocked but it was too late apparently cause then they gave out the code that got taken via usb to random people and they attacked the site with it deleting accounts and such (just going based off my basic understanding of the informative posts provided by admins)
Well then, I guess I have no other advice to give at this time.

But I am indeed glad that things are looking up for the main site so far. I've been patiently waiting this whole time.
 

quoting_mungo

Well-Known Member
Again: Less of the bickering, shitposting, and veering miles off topic, please.
And if there is any posting of graphic medical photography, the culprit will get a forced vacation from the forums.

I really don't want to have to start addressing you guys individually about your conduct in this thread. Just please keep it on topic.
Is anyone else in this thread completely lost? I don't understand all this fancy techno lingo that these hip young kids are using. What I did understand is that hackers are getting fancier and things need to be updated. I have zero clue about how any of this works but it sounds like the staff should implement someone some of these ideas, less hackers(?) do more than just inflict FA with a paralyze status condition.
If you're willing to bear with my ridiculous love for metaphor, here's a low-tech metaphor for the situation for you:
Let's say FA is a museum. It's housed in a pretty old building, which has some secret passages and intruder-sized air vents still in it from where it was built. Because of these passages being a potential threat to the integrity of the works on display, the blueprints are stored in a locked room.
Well, it turns out that the lock factory that made the door lock to that room has constructed their locks in a way that lets people with a little bit of savvy open the door without the key. (This would be the "ImageTragick" exploit - the door lock in this case is ImageMagick.) Someone sneaks in, makes copies of the blueprints, and sneaks out before the museum owners find out there's a problem with their lock and can replace it.
A week and a half later, someone starts leaving folders with copies of the museum blueprints lying around. The museum obtains the contents of one of these folders, but while they're reviewing what exactly was included in the folder, someone uses the blueprints to pull a heist. (This would be the 17 May attack.) The museum immediately locks down and secures all entrances and exits before the culprit can cause even more damage.

So right now, we've got our maintenance people working overtime to find and block any remaining secret passages or intruder-sized vents.
Exactly, I assume thats why they said they're going through trying to fix vulnerabilities. FA has gotten off just doing security through obscurity for years, now that the source code for the site is out there they have to fix security issues.
That phrasing is... potentially quite misleading - vulnerabilities in the code and/or site function have been patched the entire time I've been on staff, and presumably before as well. Now, however, the timetable has been forced on doing a complete, in-depth audit.

Also please note that virtually all digital security has a measure of security through obscurity. Password protection when you log into a website relies on nobody else knowing your password, for instance. If your friends learn your Facebook password (or get a hold of your logged-in device for a few minutes, but that's a different matter), they can log into your account and post embarrassing status updates on your wall. Just mentioning this to put things into perspective - while ideally having source code shouldn't permit bad things to happen, as others have noted in this thread, open source software has vulnerabilities discovered all the time. Security through obscurity is not a perfect answer, or even a very good one, but it also should not be turned into something just short of a slur.
 

Tali Aurora

New Member
You like skeletons?
CAT.
X-RAY.
Wngf9yw.jpg

I.
AM.
GOING.
INSANE.
Thanks to @Shadow
Buddy, get the heart surgery picture.
 

YaoiMeowmaster

#FiftyFemboys
Furry Network still doesnt seem to compare. ;u; perhaps Im not following enough people yet. Or I think others are distracted and just waiting for FA to come back to abandon it entirely. (As if I didnt do the same to inkbunny, still I try)
 

AsheSkyler

Feathered Jester
Ghostery huh? I've never heard of that. What does it do?
A type of ad blocker. It also can prevent site redirects from misleading links, social sharing buttons, all sorts of tracking and analytical scripts, chat widgets, and things like that. And of course the configuration page that let's you determine how many and what kinds of things you want to leave you the heck alone.

I don't think it works on FA ads. I usually leave those enabled anyway since they're not as bad as those Flash ads.
 

ZX6R

Member
These people who are complaining about the downtime have never had any experience in Information Technology. If they did, they would understand the stress and frustration that this stuff can impose, and the many different angles that you have to look at when something goes wrong. You change and patch one thing, you break something else, you fix that and something else becomes vulnerable.
 

RocketExecutiveCypress

Lord of All Plants(In training)
Still clueless, but alright.
 
Status
Not open for further replies.
Top