5/17 Site Attack

[HowlingWolven]

First off, yep, finally got driven to open a faf account by this outage.

Second of all, holy shit. The site's been down for less than 48 hours and we've got sixty-nine pages of mostly shitposting. (And yeah, I've kept up-to-date on it...)

Lastly, admins, keep doing what you're doing. As others have suggested, consider rewriting the backend from scratch (using 2016 standard practices instead of however old the core of the current code is) and if it makes sense by whatever metrics, don't waste time on getting that project off the ground. Oh - don't skimp on pentesting if that ends up happening.


To go back to the museum analogy: build a new wing for the exhibits while keeping the old one open. The new wing should be modern and energy-efficient, and it should be secure at night so thieves don't run amok. Hire some professional 'thieves' to attack the new wing, both during construction, as well as after it's open to the public.

 

[Samandriel Morningstar]

Just a suggestion but we could move on over to this topic instead.


forums.furaffinity.net: >post anything you're thinking right now ITT

 

[Redfurryfire]

Guys, please keep on topic. Thanks~

Please, i beg you. kick of Fangs and Furry from this topic/forum hes annoying everybody here. :/

 

[Nendakitty]

Guys, please keep on topic. Thanks~

Admin literally said no more of this rubbish.

Sigh. I'm stressed.
This song is epic. Not gay. I love it.

WHY WONT SPOILERS WORKKKK

Still posting in the wrong thread though.

 

[skyliner_369]

I just want FA back...

Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.

 

[Moderator-Gazelle]

Right okay I did say please keep on topic. Beginning now, users who continue to not follow the rules will be prohibited from posting to this thread for one hour. You have been warned.

 

[V3N44X]

Yanno...I discovered something during this FA down time....


It was, bright, warm and SUNNY outside...Wow!! Wonderful, You all should experience this yourselves instead of sitting in your dark caves of woe.


Plus tonight, I'm watching TOP GEAR!!! Gotta love the boys!!

The Data Lab is warm, dark, and full of blinky lights. I like it there. I love my servers. They love me back. They operate as I have designed them, and a couple monkeys operate them for me. I sit back... and watch the lights.

 

[Fordoxia]

Then you stop posting videos.

By god, the irony is off the charts.

Seriously though: Terms and Rules | Fur Affinity Forums

 

[Sailors-Kitty]

I'm just hoping that after this attack and FA is back up things get better for this site. So far, after being on it a few months, I've really enjoyed it. Especially how kind everyone is! I haven't really found a site with as nice as a community as this one does.

 

[thunderstrike23]

I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;

 

[V3N44X]

I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;

Nah. Shouldn't be scary. Shouldn't even be all that damaging.
And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
Unless this is their first security test ever. Then they deserve a spanking.

 

[Lakue]

Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.

You can't understand, people are just ingorant and full of hate

 

[noveltybest]

wait do I have to re-favorite crap after this is over ill be so tired and sore from these potential comic titles its ridiculous.

 

[Fordoxia]

I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;

Its especially not scary because of Kerchoffs' Principle, which postulates that you should assume that an enemy/hacker/adversary has access to your complete source code/algorithms, and that you should design your security to take account of this.

 

[skyliner_369]

You can't understand, people are just ingorant and full of hate

I know... and I just wish they weren't, but I know that they will never go away. It's a fact of life, like taxes and death.

 

[Samandriel Morningstar]

wait do I have to re-favorite crap after this is over ill be so tired and sore from these potential comic titles its ridiculous.

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.

 

[thunderstrike23]

Nah. Shouldn't be scary. Shouldn't even be all that damaging.
And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
Unless this is their first security test ever. Then they deserve a spanking.

Well I hope it's not. That being said, from what I've read and such whoever had messed with the site was outright deleting things. Like users, submissions, etc...
Then again, I don't know -too- much about site programming. I had some basic training in Dreamweaver 8 back in 2007, but that's about it. Anyhow, I just hope it's not as bad as I think. Thanks for your time!

 

[Lakue]

I know... and I just wish they weren't, but I know that they will never go away. It's a fact of life, like taxes and death.

Sad but exact, it could takes days to talk about people's hate and the furry fandom and it has been done too much before

 

[Cybeast]

Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way.

I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?

While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.

 

[Nendakitty]

What I don't understand is. Everyone is so angry. Its a free website anyway so technically Neer owes us nothing and could just take down FA permanently if he wanted.

That's besides my point. Everyone's pointing fingers at haters and such. Most of the HUGE hacks on websites this year have been done to find fault in coding and get staff to fix it.

Has no one thought that the person who did this was trying to help but screwed up. I'm not saying it is the case, but you cant rule it out.

Its useless whining and saying "furry haters this and that". We aren't being attacked anymore and its more socially accepted being furries. Its probably someone having fun unfortunately. Or someone that messed up and tried helping.

Who knows. Crying doesn't help though.

 

[versailles100]

I know there's no ETA, but anyone have an idea how much longer this might take?

 

[Redfurryfire]

Also, admin if you are reading this. There was a message most of the data was restored. but does that imply for 11 may or for the day before FA went down?

 

[Nendakitty]

I know there's no ETA, but anyone have an idea how much longer this might take?

Could take hours, could take days, depends on how much they have left to fix

 

[Fordoxia]

Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way.

I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?

While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.

This wasn't a DDOS, it was a hack. Different things.

Source code does not nessicarally give access to everything. In this case, it didn't.

The Exploit was through ImageMagik, which allowed the code to be obtained, allowing the attacker to search it for vulnerabilities.

 

[Samandriel Morningstar]

I know there's no ETA, but anyone have an idea how much longer this might take?

There's been no word as of yet as far as I've seen,considering all of the stuff that needs to be taken care of I'm sure they're taking their time to make sure this doesn't happen again instead of slapping on a temporary fix and calling it good.
Just be patient.