• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

5/17 Site Attack

Status
Not open for further replies.

HowlingVoice

Starcaller
I just love how there's always some form of shitfest whenever something happens to FA.

Not the end of the world, it'll be back. XD Though as an artist it DOES suck not having access to some of my clients and ref materials. Partly my fault yes. I do have their emails so if worst comes to worst I can recontact.
 

Samandriel Morningstar

The Morningstar
Hi guys! If you could please keep the thread on topic I really don't want to have to hand out time-out cards (1 hour thread restrictions) to peeps~ Please keep on topic in the thread <3

Were%2BStill%2BHere%2521.jpg



Thank you.
 

Snow Sailor

New Member
So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.
 

supersonicbros23

Appearance: unoriginal; Personality: out to lunch
I just love how there's always some form of shitfest whenever something happens to FA.

Not the end of the world, it'll be back. XD Though as an artist it DOES suck not having access to some of my clients and ref materials. Partly my fault yes. I do have their emails so if worst comes to worst I can recontact.
The hardest part is for people, like me who have nothing else to do with their sad life, to get over 24 hours of stir crazyness.
 

KazWolf

Member
I am happy. When site comes back, I will instantly take my ref sheets into my computer, so atleast I have it if something would happen again, I hope nothing would happen ever again, but who knows.
 

Samandriel Morningstar

The Morningstar
So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.

What happened was pretty much said on the post that began this thread by Neer.
But I'm sure if they want to respond to us with a more detailed report they will,but I doubt that since the general specifics really aren't something we need to worry about unless it was of concern to the general safety and so on of the members.
They'll basically cover what's been lost and make sure any loose ends are taken care of for the members of the forum/website.
 

tbonethebunbun

Active Member
WORD OF ADVICE TO EVERYONE:

When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3
 

KazWolf

Member
WORD OF ADVICE TO EVERYONE:

When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3

Thats what I am going to do. Every picture I have I will put to my hard drive.
 

xTwilightStarx

A polished turd.
Glad to see things will be back in working order again soon~
People got way too scared about this!

Also, sorry for off-topic posting.
I was scratching my head for hours wondering why I couldn't comment on anything.
I'll refrain from talking about unrelated things.
 
So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.

well put, my answer ( know very little about the inner workings of this site) is that they got into the server that was holding the pictures and whatnot while the server used to store users and passwords was on another rack and had a different firewall to pass through.
 

ZX6R

Member
WORD OF ADVICE TO EVERYONE:

When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3
Yep. I've been doing that forever. I have all my stuff on my file server, which does nightly backups.
 

Snow Sailor

New Member
What happened was pretty much said on the post that began this thread by Neer.
But I'm sure if they want to respond to us with a more detailed report they will,but I doubt that since the general specifics really aren't something we need to worry about unless it was of concern to the general safety and so on of the members.
They'll basically cover what's been lost and make sure any loose ends are taken care of for the members of the forum/website.

I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.
 
The site is coming back online very very soon, hold tight guys it'll be up at-- oh someone posted the twitter announcement.

YAAAY~
^^; Sorry. I hope that was okay for me to post. I was excited and thought I should share.

WORD OF ADVICE TO EVERYONE:

When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3

How does one back-lock their stuff? I have an external-HD....so should I just put it on that as usual?
 

Snow Sailor

New Member
well put, my answer ( know very little about the inner workings of this site) is that they got into the server that was holding the pictures and whatnot while the server used to store users and passwords was on another rack and had a different firewall to pass through.

Hmm I see. They said that there was a week's worth of content and users lost, however, which implies that the users WERE stored on the exploited machine.
 

ZX6R

Member
I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.
Maybe the user accounts are stored on a different server?
 

Snow Sailor

New Member
Maybe the user accounts are stored on a different server?

Didn't they say that there were a week's worth of new users and content removed? That implies that there was user data stored on the exploited server. Maybe I misread something; if I did please correct me.
 

Samandriel Morningstar

The Morningstar
I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.

Oh it's fine there's nothing wrong with being curious I was just saying that they'll probably just give us all the basics instead of getting into it in depth unless somehow you were able to offer your services to them.
I don't believe anything with passwords was an issue or general information like that but changing passwords is a good idea in general.
You might want to contact Dragoneer personally and see if you can be of any help,you may learn more on the issue then.
 
Status
Not open for further replies.
Top