• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

HowlingWolven

New Member
First off, yep, finally got driven to open a faf account by this outage.

Second of all, holy shit. The site's been down for less than 48 hours and we've got sixty-nine pages of mostly shitposting. (And yeah, I've kept up-to-date on it...)

Lastly, admins, keep doing what you're doing. As others have suggested, consider rewriting the backend from scratch (using 2016 standard practices instead of however old the core of the current code is) and if it makes sense by whatever metrics, don't waste time on getting that project off the ground. Oh - don't skimp on pentesting if that ends up happening.


To go back to the museum analogy: build a new wing for the exhibits while keeping the old one open. The new wing should be modern and energy-efficient, and it should be secure at night so thieves don't run amok. Hire some professional 'thieves' to attack the new wing, both during construction, as well as after it's open to the public.
 

skyliner_369

New Member
I just want FA back...
Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.
 

V3N44X

bool n00b = true;
Yanno...I discovered something during this FA down time....


It was, bright, warm and SUNNY outside...Wow!! Wonderful, You all should experience this yourselves instead of sitting in your dark caves of woe.


Plus tonight, I'm watching TOP GEAR!!! Gotta love the boys!!

The Data Lab is warm, dark, and full of blinky lights. I like it there. I love my servers. They love me back. They operate as I have designed them, and a couple monkeys operate them for me. I sit back... and watch the lights.
 

Sailors-Kitty

Silly little bidder
I'm just hoping that after this attack and FA is back up things get better for this site. So far, after being on it a few months, I've really enjoyed it. Especially how kind everyone is! I haven't really found a site with as nice as a community as this one does.
 

thunderstrike23

Crazy Lightning Dragon
I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;
 

V3N44X

bool n00b = true;
I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;
Nah. Shouldn't be scary. Shouldn't even be all that damaging.
And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
Unless this is their first security test ever. Then they deserve a spanking.
 

Lakue

Member
Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.
You can't understand, people are just ingorant and full of hate
 

Fordoxia

Member
I am super worried that the site's source code was handed out like candy... Cause that's some scary shit. Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;
Its especially not scary because of Kerchoffs' Principle, which postulates that you should assume that an enemy/hacker/adversary has access to your complete source code/algorithms, and that you should design your security to take account of this.
 

Samandriel Morningstar

The Morningstar
wait do I have to re-favorite crap after this is over ill be so tired and sore from these potential comic titles its ridiculous.

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.
 

thunderstrike23

Crazy Lightning Dragon
Nah. Shouldn't be scary. Shouldn't even be all that damaging.
And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
Unless this is their first security test ever. Then they deserve a spanking.

Well I hope it's not. That being said, from what I've read and such whoever had messed with the site was outright deleting things. Like users, submissions, etc...
Then again, I don't know -too- much about site programming. I had some basic training in Dreamweaver 8 back in 2007, but that's about it. Anyhow, I just hope it's not as bad as I think. Thanks for your time!
 

Cybeast

Phoenix
Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way.

I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?

While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.
 

Nendakitty

New Member
What I don't understand is. Everyone is so angry. Its a free website anyway so technically Neer owes us nothing and could just take down FA permanently if he wanted.

That's besides my point. Everyone's pointing fingers at haters and such. Most of the HUGE hacks on websites this year have been done to find fault in coding and get staff to fix it.

Has no one thought that the person who did this was trying to help but screwed up. I'm not saying it is the case, but you cant rule it out.

Its useless whining and saying "furry haters this and that". We aren't being attacked anymore and its more socially accepted being furries. Its probably someone having fun unfortunately. Or someone that messed up and tried helping.

Who knows. Crying doesn't help though.
 

Redfurryfire

New Member
Also, admin if you are reading this. There was a message most of the data was restored. but does that imply for 11 may or for the day before FA went down?
 

Fordoxia

Member
Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way.

I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?

While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.
This wasn't a DDOS, it was a hack. Different things.

Source code does not nessicarally give access to everything. In this case, it didn't.

The Exploit was through ImageMagik, which allowed the code to be obtained, allowing the attacker to search it for vulnerabilities.
 

Samandriel Morningstar

The Morningstar
I know there's no ETA, but anyone have an idea how much longer this might take?

There's been no word as of yet as far as I've seen,considering all of the stuff that needs to be taken care of I'm sure they're taking their time to make sure this doesn't happen again instead of slapping on a temporary fix and calling it good.
Just be patient.
 
Status
Not open for further replies.
Top