HACKED!?
- Thread starter Charrio
- Start date
codewolf
RBW Con Staff
well im afraid your sources maybe slightly screwed then mate.....Janglur said:
the reason it would have done that is that if a site is going down one of thae main thigs that goes first is the database or rather the connection to it...therefore if they tried to log in basically they'd be sending their passwords off into nowhere as there is nothing to reference the password to.....
and for those of you that dont know...if something has been stored in a database using MD5 encription the password field in the database would read something along the lines of 51D7FE4312 rather than your password ("fish" for example)
HyBroMcYenapants
STEVE HARVEY = HOMOSEXUAL
OK ALL I HERE IS THIS.......BAWWWWWWWWWWW
LOL JUST KIDDING BUT DAMN YA'LL GOT OWNED
LOL JUST KIDDING BUT DAMN YA'LL GOT OWNED
Orlith Nemeth
Member
SDWolf said:Also, has anyone else noticed that the forums are insanely slow right now? I'm even getting MySQL "too many connections" errors. DoS attack, or just too many furs wondering where their fapping materials went? (j/k!)
Take care, and good luck, Admins!
Thats actually probably the case, since last time i actually managed to connect to the Site Status forum, there were 466 guest users, and countless more registered users viewing the forum :/
dave hyena
A wonderous moorhen
Preyfar made a site status post, giving some infomation about this:
http://www.furaffinityforums.net/showthread.php?tid=11488
More details will follow.
http://www.furaffinityforums.net/showthread.php?tid=11488
More details will follow.
crimsonwolf90
Next subj... I mean, customer!
I've got a word for this and it rhymes with muster bluck...^^
...anyways, one of the admins is on and aperently the database was just fine, at least, that's what they said. It was "untouched" so to speak.
...anyways, one of the admins is on and aperently the database was just fine, at least, that's what they said. It was "untouched" so to speak.
SDWolf
Habitually Lurking Lupine
Stratelier
Well-Known Member
(Better change my forum pass just to be sure, separate accounts should use separate pwds anyway, but they get harder to remember that way....)
Jade-Starrz
New Member
Well this was nice to wake up to. Now I can't check anything and some little hacker moron should have a foot shoved up his bum. I don't understand how people can have nothing else to do with their time to the point of hacking.
Janglur
Active Member
Sslaxx said:
codewolf said:
I answer this with the following quote:
Sslaxx said:
Considering the DB leaked not once, but twice, unencrypted.. yyyeeaaahhh. Wouldn't surprise me if it wasn't encrypted now, either. And a metric buttload of people couldn't log in. Ten minutes later, errors came up, then moments later the site's down. I doubt a ten mintue timespan was JUST a case of server shutdown. Seems a bit too long.
And we all know that at least one account leaked today. I would not remotely doubt that it was more serious than admin are letting on, and the site defacement was only the tip of the iceberg.
After all, the stuff staff usually dismiss as unimportant seems to consistantly blow up in their face.
After all, the last security issue was 'not that big a deal', enough that they didn't feel it necessary to even casually mention it. Until another admin went batshit over the implications. That admin lost, plus the drama it ensued, was pretty big enough to have warranted more attention than was given (see: none). Now this security breach...
Are we all now paying for this oversight?
Thank god I changed my password when that drama happened, and took down all my art.
falderal
Member
Janglur said:
No. If worse comes to worse, they can just deny all connections to Furaffinity's servers and get to it from the physical location of the servers. Don't worry, the data is quite safe, very easy to disable network connections or hit the power buttons while they sort out through the extend of the comprimise.
devillo
Behind You
The forums are lagging probably because EVERYONE is on them going mental over this. Which is fair enough. This whole security thing happening AT FA:U (which is what the post suggests to me) means someone left a computer unattended or left the password on it, and someone therefore just dropped the ball. Ah well, Hopefully tomorrow some 12 year olds power gets blown and he has to do without the internet for half an hour. He just might explode.
Jade-Starrz
New Member
Sslaxx said:
How do you figure? Just curious... I am new to the site so I am still trying to figure things out.
falderal
Member
Janglur said:
If a computer is being subjected to more than a usual amount of traffic or stress, then it can most certainly take longer to shutdown. It's very easy to disable connections with right click, and click stop.
Even if not, when any server is taken down, say the server for the site's Database: SQL, which they do run, there is no data coming in from that server and computer's tend to not like when they were receiving data and suddenly it stopped.
There would be a lot more problems if a high security account was broken into, we may not even see anything at all, the domain may even come up saying it's for sale. I would think that they were more concerned about the security breach than about putting up a webpage saying that furaffinity is down.
In all, that it took the time it took, is admirable. It takes some of the administrators longer than that to respond to big problems where I work. The damage is more than likely serious but not critical.
My account was the one that was jacked and admin accounts can not access the DB -- you can only do that through root, and root is fine. My root password is much more secure and is fine.Sslaxx said:
My admin account got hijacked due to a vulnerability with wireless systems, we were aware of it, but due to certain issues not able to fix it when we wanted to. The damage is small, and affects only those people who accessed FA over wireless while attending FAU. Due to the hotel's anonymous, free wireless, there is no way to track the data and there -- and this is problem of any free public wireless system.
We've locked the site, secured what we can and are currently looking into seeing what damage has been done. Thankfully, Crypto and I were able to get stop the problem roughly after 10 minutes after it started, so I think the damage is minimal at best. We know WHO did it, too.
STrRedWolf
Lazy-ass Drygerskunk
Preyfar said:
Someone forgot to shut down Telnet and use SSH instead... lovely.
crabby_the_frog
Member
Preyfar said:
Well, that's great news, indeed. Hopefully you'll be able to learn how said person did whatever to get your password, and as such, develop a new defence agaimst it?
I dunno... but it's good to hear that things are under control. Possible hackings aside, how was the convention?