FA admin account compromised (yet again)

[UncreativeUsername]

I found this:


I don't know, for someone who could lose his job over being in Furry, he sure does put himself out there quite a bit.

The "studying to be a Journalist" bit also explains how he can spin any story and make him/FA look like the winner

I bet he won't want to be dealing with the media if they ever covered these debacles.

It's pretty much exactly what you said. Some no longer have any trust, some don't fucking care, some have no idea of what happened and when they do no what happened, they probably won't care as well.

Yeah, it's what you said. This will only benefit the rival porn sites, though. Some furries actually care about reputation and security.

[Jim Demintia]

The "studying to be a Journalist" bit also explains how he can spin any story and make him/FA look like the winner

Something tells me his educational past rivals that of Sarah Palin in terms of dropping out/transfers/changing majors/etc. If he even has a degree, he probably took 8 years and six colleges to get a BA in communications. I exaggerate, but you get the idea.

Wth is "the Globo TV media"? Apparently there's few links in journo departments to the English department anymore.

[Jim Demintia]

This will only benefit the rival porn sites, though.

It does concern me that it will come out that some rival porn slinger was somehow behind this. Verix made reference to developing his own site...while it would absolutely be par for the course in furrydom, it would sort of be depressing. I'd prefer this person remain nameless and faceless, it's better that way since the furries have no one to scapegoat that way. That makes it hard for them to rationalize the whole thing. They start rationalizing--no more chance for introspection. Not that there ever was; the headless-chicken effect is amusing for now, though.

[ProvincialTwit]

FURRY WILL EAT ITSELF

Seriously I'm more than happy to sit back here and watch the whole thing collapse in on itself.  But it'll keep going; A.F.F. has been predicting the end of furry for 20 years now.

[UncreativeUsername]

It does concern me that it will come out that some rival porn slinger was somehow behind this. Verix made reference to developing his own site...while it would absolutely be par for the course in furrydom, it would sort of be depressing. I'd prefer this person remain nameless and faceless, it's better that way since the furries have no one to scapegoat that way. That makes it hard for them to rationalize the whole thing. They start rationalizing--no more chance for introspection. Not that there ever was; the headless-chicken effect is amusing for now, though.

You think someone like Jery or Toumal or Varka was behind this, or are you referring to some small fry few furs have heard about?

[Jim Demintia]

You think someone like Jery or Toumal or Varka was behind this, or are you referring to some small fry few furs have heard about?

I have absolutely no reason to think that. It worries me though that whoever did it did it for personal gain, i.e. killing the competition, either for a current or future site. I don't know of any names; I don't really care about any of the names.

Whores, all of them.

[Conan]

Something tells me his educational past rivals that of Sarah Palin in terms of dropping out/transfers/changing majors/etc. If he even has a degree, he probably took 8 years and six colleges to get a BA in communications. I exaggerate, but you get the idea.

Wth is "the Globo TV media"? Apparently there's few links in journo departments to the English department anymore.

First he was in school to be a Journalist.
Then he became an Animator.
Then he graduated, got a job as an animator, and ragequitted when he didn't advance fast enough.
Then he got into IT.

Perhaps they were talking about Globo, the Brazillian TV network? Or maybe they misspelled Global, from Canada.

Either way, at least he has enough brains to realize locking the media out of your convention is a sure fire way to get a guaranteed "The freaks are in town" story.

[bridgeportcat]

I found this:


I don't know, for someone who could lose his job over being in Furry, he sure does put himself out there quite a bit.

The "studying to be a Journalist" bit also explains how he can spin any story and make him/FA look like the winner

Oh, hey, CraftyAndy. He's been leaving some really awful comments defending dogfucking in my LJ post about this debacle, something about dogs enjoying orgasms or something? Also a delicious smattering of misogyny. This would make sense, if he was GOOD BUDZ with dragoneer and all.

[Jim Demintia]

Whatever their ISP did on the router level was hit-or-miss at best; it seems like maybe 60-70% of the time you could not establish a connection to the site. Hit Enter again on your URL bar and it would likely work.

However, it's slowly getting worse. I have 100% no idea about how DDoS is mitigated, so I have no clues why that might be.

[Conan]

Whatever their ISP did on the router level was hit-or-miss at best; it seems like maybe 60-70% of the time you could not establish a connection to the site. Hit Enter again on your URL bar and it would likely work.

However, it's slowly getting worse. I have 100% no idea about how DDoS is mitigated, so I have no clues why that might be.

From what I saw it didn't work at all. The DDoS continued after that for a few hours before the people doing it quit. I doubt InfoRelay did anything since they offer DDoS protection for $500 a month. Way out of FA's price range.

[Pi]

Well, DDoS is pretty shitty. "woo boy i can sling packets!!"

Of course, during a DDoS would be kind of a great time to take the site down and let someone who knows what they're doing give the code a good once-over.

Instead, we get twitter updates saying "We did fix it. The hole was closed day one. The other issues were more complex, but were likewise closed."

[Eevee]

Someone on FD2 asked what I would do, were I the owner.  In the interest of preserving this somewhere not locked behind moderated membership:

Shut the thing down, all hands on deck, audit the fuck out of it. Restore forums as soon as possible so users have somewhere to go.

Reset all admin passwords. Remove privileges of anyone on staff who uses a stupid or shared password again, permanently. Add a second authentication layer for admin actions, like client certs. Disallow using admin powers against other admins. Restrict super-admin abilities (like viewing full note history) to my IP address. Implement soft deletion for artwork. Implement flashing red warning lights for highly unusual activity, like staff logins or sessions from new IPs.

Then, and only then, bring it back up. Apologize profusely, explain the problem, explain the fix, explain the steps taken to prevent anything similar from happening in the future. Drink heavily.

[Conan]

Someone on FD2 asked what I would do, were I the owner.  In the interest of preserving this somewhere not locked behind moderated membership:

Shut the thing down, all hands on deck, audit the fuck out of it. Restore forums as soon as possible so users have somewhere to go.

Reset all admin passwords. Remove privileges of anyone on staff who uses a stupid or shared password again, permanently. Add a second authentication layer for admin actions, like client certs. Disallow using admin powers against other admins. Restrict super-admin abilities (like viewing full note history) to my IP address. Implement soft deletion for artwork. Implement flashing red warning lights for highly unusual activity, like staff logins or sessions from new IPs.

Then, and only then, bring it back up. Apologize profusely, explain the problem, explain the fix, explain the steps taken to prevent anything similar from happening in the future. Drink heavily.

I would force them to associate staff emails with their accounts. No more Gmail, no more Yahoo/MSN/ect. Admins/mods use @furaffinity.net and that's it. That way I can control how strong their email password is, force password resets, and disable the ability to allow anyone to reset the password.

I'd also probably remove the ability for admin accounts to have passwords automatically reset as well. Oh, and the usual "you get 5 login attempts before 15 minute lockout/captcha" for everyone else.

The best thing about the "shutdown" thing right now: It wouldn't drive away users. Inkbunny is down and SoFurry just doesn't seem that popular. It's practically guaranteed that everyone would come back, but it would mean sacrificing those uptime numbers that show how good of a website admin you are, apparently.

[a pigeon]

Not even saying that it's a DDOS or giving any further information:



"core issues" in this case is PR speak if ever I heard it.

[Pi]

THIS gets an admin notice, but not "we were just hacked twice"?

What the fuck is WRONG with these people?

[UncreativeUsername]

The best thing about the "shutdown" thing right now: It wouldn't drive away users. Inkbunny is down and SoFurry just doesn't seem that popular. It's practically guaranteed that everyone would come back, but it would mean sacrificing those uptime numbers that show how good of a website admin you are, apparently.

Yeah, I noticed IB has had a very lengthy downtime. It seems like it was because of a pre-existing issue having nothing to do with FA's debacle, but the timing is pretty bad.

[a pigeon]

A freshly minted 'neer comment:

Seriously. What happened to us could easily have happened to /any/ other site. Maybe the damage may not have been as severe, but... one slip in coding, a simple problem...

It's unfortunate.

(made about 15 minutes ago @ time of posting)

http://www.furaffinity.net/journal/1954308/#cid:16250550

[Pi]

I suppose I should document my brilliant reply for when he later deletes it:

You have been having these "slips in coding" and "simple problems" for how long? How many people have tried to tell you about them? How long have you ignored/banned/shunned these people?

It's unfortunate.

[UncreativeUsername]

Seriously. What happened to us could easily have happened to /any/ other site. Maybe the damage may not have been as severe, but... one slip in coding, a simple problem...

It's unfortunate.

So he's admitting the damage was worse on his site because it happened on his site? Wow. I wonder if he's drunk. I wouldn't blame him if he was at this point, frankly.

I suppose I should document my brilliant reply for when he later deletes it:

You have been having these "slips in coding" and "simple problems" for how long? How many people have tried to tell you about them? How long have you ignored/banned/shunned these people?

It's unfortunate.

That's not brilliant. That's common sense.

[Conan]

The best thing about the "shutdown" thing right now: It wouldn't drive away users. Inkbunny is down and SoFurry just doesn't seem that popular. It's practically guaranteed that everyone would come back, but it would mean sacrificing those uptime numbers that show how good of a website admin you are, apparently.

Yeah, I noticed IB has had a very lengthy downtime. It seems like it was because of a pre-existing issue having nothing to do with FA's debacle, but the timing is pretty bad.

There's been a few rumors that they've extended their downtime to do a complete security review of the code before coming back online.

You know, like competent people do.

So he's admitting the damage was worse on his site because it happened on his site? Wow. I wonder if he's drunk. I wouldn't blame him if he was at this point, frankly.

Remember, this guy thinks people hate him just because he's an admin and does admin things. He has a severe persecution complex (see http://lists.claws-and-paws.com/pipermail/pa-furry/2003-November/005695.html).