FA admin account compromised (yet again)

[Conan]

So they've been under a supposed DDoS attack for a few hours... Loading it directly doesn't load but going to it's IP half works (ever since the facdn.net split that site never loads images). Their data server (the Dell with 64GB of RAM) seems to be the one being raped as it takes forever to load images who's addresses I have saved.

Yes, that's right, they're being DDoSed and the servers are still up. The dataserver even has a RAC! They can shut it off remotely! SHUT IT DOWN ALREADY.

[Dr. Dos]

If the site goes down entirely people notice and ask what happened.

If it doesn't then a ton of users have no idea anything's been going on.

[a pigeon]

The issue has been escalated (whatever that means), soldiers in the furry army are at the push of pike and the FBI are readying the cuffs:



No admin notice on the site of course.

[Jim Demintia]

Rodox_video nailed it in the other thread: the FBI does not care that the alpha dorks of a cartoon porno site were actually proven to be massively incompetent and douchey. You know, as opposed to it just being sort of a rumor.

I'm sure he filled out that same form that 4chan fills out on fbi.gov whenever there's a raid. GOOD LUCK WITH THAT.

OH and what's this, he still has that same cellphone? Aren't you due to buy a new gadget yet, Sean Piche? You don't want to lose your "materialistic whore" status, do you?

[Fiz]

"Hello, this is 911, state your emergency."

"Help! Police! Someone has leaked the personal info of rapists, pedophiles and dogfuckers from my cartoon porn website!"

"HA HA VERY FUNNY! WHAT ARE YOU GONNA SAY NEXT, MY REFRIGERATOR IS RUNNING!?" click

""

[UncreativeUsername]

Hello, everyone. Just wanted to say hello and that I really love the info I have gotten from Vivisector. Quite a nice site.

Anyway, I noticed Dragoneer pulled the journals about what happened with the site and Zaush. You know, the revised ones he made about 48 hours ago? What a fucking moron. Speaking of Zaush, I found something on Wolfyboy16's (Conner Hemming, some notorious FA ban evader) Twitter. He links to some .rar link about some Zaush-related stuff of Dragoneer's . I don't know what's on it. I'm very un-tech savvy and don't know how to download and prevent getting viruses. Figured maybe one of you folks can find some use for it. http://www.mediafire.com/?3998a7zhqdrhcxy

[Fiz]

Hello, everyone. Just wanted to say hello and that I really love the info I have gotten from Vivisector. Quite a nice site.

Anyway, I noticed Dragoneer pulled the journals about what happened with the site and Zaush. You know, the revised ones he made about 48 hours ago? What a fucking moron. Speaking of Zaush, I found something on Wolfyboy16's (Conner Hemming, some notorious FA ban evader) Twitter. He links to some .rar link about some Zaush-related stuff of Dragoneer's . I don't know what's on it. I'm very un-tech savvy and don't know how to download and prevent getting viruses. Figured maybe one of you folks can find some use for it. http://www.mediafire.com/?3998a7zhqdrhcxy

Considering the filename, it's most likely just Dragoneer's deleted journal about "The Event".

[UncreativeUsername]

Perhaps. Maybe Dragoneer said something in his journal or someone else revealed some info that prompted him to delete, and none of us saw it between the remark and time of deletion.

[Fiz]

Perhaps. Maybe Dragoneer said something in his journal or someone else revealed some info that prompted him to delete, and none of us saw it between the remark and time of deletion.

Verix anokorok posted XSS using the URL code into that journal. They then disabled BBcode and deleted the journal. That's probably why.

Edit: I can't fucking read.

[UncreativeUsername]

Perhaps. Maybe Dragoneer said something in his journal or someone else revealed some info that prompted him to delete, and none of us saw it between the remark and time of deletion.

Verix posted XSS using the URL code into that journal. They then disabled BBcode and deleted the journal. That's probably why.

I'm sorry, I don't know what all that means. I'm good with drama, not technical stuff. Sounds like Verix was being a jerk (not like I blame him) Why was he not banned?

Also, I see my username wasn't deemed creative enough. I rather liked it. Ehh, well.

[Fiz]

I'm sorry, I don't know what all that means. I'm good with drama, not technical stuff. Sounds like Verix was being a jerk (not like I blame him) Why was he not banned?

Also, I see my username wasn't deemed creative enough. I rather liked it. Ehh, well.

Cross-site scripting.

And actually I was wrong, it wasn't Verix. It was someone else and they were banned. My bad.

[UncreativeUsername]

And actually I was wrong, it wasn't Verix. It was someone else and they were banned. My bad.

Ahh, I see. No worries, we all make mistakes (especially me). At least Eevee has some company now. I wonder what the chances are a hacker will break in once again within the next few days and cause get another shitstorm. By all I have read here and elsewhere, FA's coders and few in number and horrible in quality, and Eevee could do some extreme damage if he wanted to. I'm honestly surprised this hasn't happened before now.

[Pi]

Funny thing is, Eevee didn't do anything that was all that bad. Inconvenient, sure. Malicious? Very slightly.

They banned him anyway, because exploiting security issues is something that only the evil trolls do.

[UncreativeUsername]

Funny thing is, Eevee didn't do anything that was all that bad. Inconvenient, sure. Malicious? Very slightly.

They banned him anyway, because exploiting security issues is something that only the evil trolls do.

Yeah, he had comments randomly 'hidden by the administration' and forced the fuckwits to do something about it. They should have thanked him for not, you know, doing what happened lately and just sticking to randomly hiding remarks, rather than ban him. Well, it's to be expected from Princess Piche, though.

[Eevee]

I did something designed to be fixable and reversible within a matter of minutes.  :T  Alas the one moderately competent person on staff was asleep at the time.

The XSS thing was just "javascript:alert('Hi!')", as far as I know.  It didn't do any damage whatsoever; it was just a proof of concept.  Not sure why that's deserving of a ban.  Maybe I missed something.

[Heimdal]

Yeah, he had comments randomly 'hidden by the administration' and forced the fuckwits to do something about it. They should have thanked him for not, you know, doing what happened lately and just sticking to randomly hiding remarks, rather than ban him. Well, it's to be expected from Princess Piche, though.

They didn't really listen to him, they got rid of him and swept it all under the rug. Now they have this much more serious problem... and they are probably just looking into a new, bigger rug to sweep it all under again. What a bunch of idiots. Laziness is one thing, but they didn't even seem to think this would happen. Pure incompetence.

This has been very entertaining! I wonder what will happen next?

[Fiz]

This has been very entertaining! I wonder what will happen next?

Nothing. They'll patch the holes (heh), if they even know what the holes are, considering the story keeps switch from the Gawker PW leak, to XSS vulnerabilities in the trouble ticket system, to e-mail issues. Then they won't listen and this will happen all over again. Considering it's now officially been proven that something like this can happen to site, someone else is going to keep prodding at the site until they break it again. I mean, Eevee posted a large list of issues he knows about the site, with things as serious as "An attacker can trick an admin into exercising any administrative powers." and "CSRF session hijacking" and they've still not even asked him about the majority of the list. Why? Probably because he "can't be trusted" and "killed Ferrox".

Okay, fine, whatever, then why are you refusing help from other people? People sending fucking resumes, people willing to sit down and explain this shit in detail to you. What is the obsession with needing to go "LOOK MOM I DID IT BY ALL MYSELF!"? Holy smell.

I could bitch about this all day. Point is nothing will initially happen, things will get quiet, and it'll inevitably happen again, most likely at a bigger magnitude.

It's no longer a question of if, it's now a question of when.

[Heimdal]

It's no longer a question of if, it's now a question of when.

It was always a question of when, they just ignored the obvious.

You're probably right. They are going to place a bunch of buckets under the leaks and pretend the roof is all fixed, then it will happen again. Right now though, I'm referring to what will happen next in regards to social responses. To some, their credibility is blown to shit, but probably the vast majority will stick by them out of stupidity or just have no idea anything happened at all. Still.. I anticipate something interesting popping up that our assumptions won't have covered.

[UncreativeUsername]

This has been very entertaining! I wonder what will happen next?

Very entertaining to me, too! Maybe in his notes we'll find Dragoneer is a zoophile or a pedophile. I do know from one of the notes he rejected a bribe by an minor who was age locked not with moral outrage or a ban, but by the assertion the code was so broken he didn't know how (which is very believable, but, still). God only knows what gems are still hidden in the admins' notes.

[Fiz]

Right now though, I'm referring to what will happen next in regards to social responses. To some, their credibility is blown to shit, but probably the vast majority will stick by them out of stupidity or just have no idea anything happened at all. Still.. I anticipate something interesting popping up that our assumptions won't have covered.

It's pretty much exactly what you said. Some no longer have any trust, some don't fucking care, some have no idea of what happened and when they do no what happened, they probably won't care as well.