January 8, 2011: FA Technical Exposé

[Pi]

Wherein I throw a portscan at FurAffinity's two netblocks and wax technical about the results.

For those interested, the raw nmap results are available. Ignore the "open/tcpwrapped port 21" stuff; that's an artifact of my home network's FTP proxy.

[Conan]

Things aren't  blocked because they were too busy making the router say UPLINK TO PANTS! LOLOLOLOLOL

Also, I'm trying to figure out what equipment they're running. Does anyone recognize the make/model/manufacturer of the top two servers in this picture? For the record I believe the top one is Figment, the "application" server that doesn't do anything. Apparently it's serving the ads and is supposed to be the hosting server for the service that was supposed to launch months ago.

[u63r]

I go away for a month, and I miss all the fun. And some of it was even on my birthday.
 

[Jim Demintia]

Dax is the Kevin D. in "kevindproductions". He only has a high school diploma and he's running around the data center of a major web retailer in NoVA generally getting paid way too much to screw around (he's come close to getting fired several times). He also rivals Dragoneer in the "doing dumb things with money" category—he's a gadget whore almost as bad as 'Neer and he has a Subaru WRX that he pays/paid for on a credit card. Looking through his Twitpic reveals the sort of stuff he spends his time doing.

He also has an annoying habit of randomly jetting off to random places, dropping hundreds of dollars on a plane ticket days in advance, to visit random furfag friends of his.

Also, looking at those nmap files...is it possible to NFS-mount stuff off of FA's servers? Because if so, Christ.

[Pi]

I get this on IRC out of the blue:

[03:11:55] <Dragoneer> Regarding the Sikrain/sirkain.net from your tech expose, the reason they point to a Comcast IP is because they're no longer a part of our hosting. We were hosting them externally for a while, but they're not related to the site.

Really, this asks more questions than it answers. If they're "no longer part of [their] hosting", why is it racked? Why does it have an IP assigned? Why isn't it firewalled?

And, oh look, here's net-cat being passive-aggressive again:

[08:18:52] <net-cat> So, this: http://www.vivisector.org/vivblog/index.php?/archives/32-FA-Technical-Expose.html
[08:19:03] <net-cat> Would you actually care to know?

Also, looking at those nmap files...is it possible to NFS-mount stuff off of FA's servers? Because if so, Christ.

I didn't try. But leaving those things open is like sticking a Windows box on the 'net without firewalling the SMB ports.

[Jim Demintia]

I can't think of one good reason why you'd have more than 80/443 and maybe 22 be open to the Internet on a Web server, but what do I know, I don't run a furry porn site. Oh, and if you open 22, use pubkeys and disable keyboard-interactive or whatever SSH calls password auth. Because...well, one word: "hysterix"

[Pi]

[12:09:25] <net-cat> 66.231.180.81-83: InfoRelay's Hardware.
[12:09:43] <net-cat> 66.231.180.84-87: Correct
[12:11:01] <net-cat> 70.33.186.194,196,200,202: Correct.
[12:11:35] <net-cat> 70.33.186.204: Vitrualization host.
[12:12:07] <net-cat> 70.33.186.211-220: Hosted virtual machines.
[12:12:37] <net-cat> 70.33.186.221: Correct.
[12:13:36] <net-cat> 70.33.186.222: Not our server. They are paying us.
[12:14:12] <net-cat> 208.115.128.10: Dax's personal server. Not hosted in our rack.
[12:19:20] <net-cat> Also, than you for pointing out 1023. That was supposed to have been turned off some time ago.
[12:27:08] <net-cat> Ack, sorry. 70.33.186.210 is also a virtual machine.
[12:29:42] <net-cat> Also, all the staff have @furaffinity.net email addresses. Some of us opt to not use it. It is not, as you say, a "paid privilege."

So. a good chunk of that table isn't a waste of hardware, just a waste of ipv4.

This still doesn't explain why the default page on 70.33.186.200 (Trogdor xD) is still kicking out redirects to the Moldovan electronics retailer. If this were my server, that'd be a cause for moderate alarm.

[Jim Demintia]

Would Yak have anything to gain by doing that? Or rather, would that electronics retailer have anything to gain by paying Yak to do that?

[Pi]

Would Yak have anything to gain by doing that? Or rather, would that electronics retailer have anything to gain by paying Yak to do that?

I don't want to speculate any further on this.

[16:01:19] <net-cat> Oh, also. Novastorm doesn't expose a MySQL port because it doesn't need any public incoming connections.

…and the thing you call the 'primary backup server' somehow does?

[Fiz]

[12:29:42] <net-cat> Also, all the staff have @furaffinity.net email addresses. Some of us opt to not use it. It is not, as you say, a "paid privilege."

Not related to any of this hosting business but this is fucking bullshit. I highly doubt any of them have @furaffinity.net e-mail addresses, considering how much they run through staff members, it'd be a "waste" to them. Plus I don't think any of the admins had ever listed their so-called @furaffinity.net address on their profile at ALL.

Though, if what he says he's true, the people that "opt out" of using a server side e-mail address are fucking idiots. "Oh, a more secure server side e-mail service that can be shut down easily if anyone were to tamper with it? Fff, fuck that, let me use my highly insecure Yahoo e-mail address for my administrative accounts, because no one on the internet could possibly know my birthday/real name/zip code and the name of my pets/the town I was born in!!! Besides, gotta show off my bejeweled highscore. HEH."

[Pi]

Not related to any of this hosting business but this is fucking bullshit. I highly doubt any of them have @furaffinity.net e-mail addresses

Well, hey, look, their mailserver lets me interrogate who has an account there!

vrfy sdfsdf@furaffinity.net
550 5.1.1 <sdfsdf@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy root@furaffinity.net
252 2.0.0 root@furaffinity.net
vrfy dragoneer@furaffinity.net
252 2.0.0 dragoneer@furaffinity.net
vrfy chase@furaffinity.net
252 2.0.0 chase@furaffinity.net
vrfy irreverent@furaffinity.net
252 2.0.0 irreverent@furaffinity.net
vrfy pinkuh@furaffinity.net
252 2.0.0 pinkuh@furaffinity.net

[Conan]

Though, if what he says he's true, the people that "opt out" of using a server side e-mail address are fucking idiots.

The person who's letting them "opt out" of using the official email that doesn't have a password reset button is a fucking idiot.

Pinkuh and Dragoneer are the only two I've seen advertise their @furaffinity.net addresses.

Well, hey, look, their mailserver lets me interrogate who has an account there!

vrfy sdfsdf@furaffinity.net
550 5.1.1 <sdfsdf@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy root@furaffinity.net
252 2.0.0 root@furaffinity.net
vrfy dragoneer@furaffinity.net
252 2.0.0 dragoneer@furaffinity.net
vrfy chase@furaffinity.net
252 2.0.0 chase@furaffinity.net
vrfy irreverent@furaffinity.net
252 2.0.0 irreverent@furaffinity.net
vrfy pinkuh@furaffinity.net
252 2.0.0 pinkuh@furaffinity.net

See how many former staff members still have an account. That should be good. Nevermind!

New admin Summercat is not on there... Damaratus still is though!

[Fiz]

Well, hey, look, their mailserver lets me interrogate who has an account there!

vrfy sdfsdf@furaffinity.net
550 5.1.1 <sdfsdf@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy root@furaffinity.net
252 2.0.0 root@furaffinity.net
vrfy dragoneer@furaffinity.net
252 2.0.0 dragoneer@furaffinity.net
vrfy chase@furaffinity.net
252 2.0.0 chase@furaffinity.net
vrfy irreverent@furaffinity.net
252 2.0.0 irreverent@furaffinity.net
vrfy pinkuh@furaffinity.net
252 2.0.0 pinkuh@furaffinity.net

lmfao told ya. So lets see, chase has one and isn't an admin anymore and irreverent has one and may not be staff anymore (doesn't have admin permissions but is still on the staff page?), so that just leaves Pinkuh and Neer, a junk address and the root one.

What a thing to lie about.

The person who's letting them "opt out" of using the official email that doesn't have a password reset button is a fucking idiot.

That too.

[Pi]

So lets see, chase has one and isn't an admin anymore and irreverent has one and may not be staff anymore (doesn't have admin permissions but is still on the staff page?), so that just leaves Pinkuh and Neer, a junk address and the root one.

The junk address was rejected, and "root" is a standard account on UNIX systems. The rest were the only ones I tried.

Conan, who did you try out?

[nrr]

The junk address was rejected, and "root" is a standard account on UNIX systems. The rest were the only ones I tried.

You know, I wonder if postmaster@ and abuse@ and other addresses work...

Code: [Select]

vrfy postmaster@furaffinity.net
252 2.0.0 postmaster@furaffinity.net
vrfy abuse@furaffinity.net
252 2.0.0 abuse@furaffinity.net
vrfy info@furaffinity.net
550 5.1.1 <info@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy support@furaffinity.net
252 2.0.0 support@furaffinity.net
vrfy preyfar@furaffinity.net
252 2.0.0 preyfar@furaffinity.net
vrfy jheryn@furaffinity.net
550 5.1.1 <jheryn@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy alkora@furaffinity.net
550 5.1.1 <alkora@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy aerak@furaffinity.net
550 5.1.1 <aerak@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy vitae@furaffinity.net
550 5.1.1 <vitae@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
vrfy verix@furaffinity.net
550 5.1.1 <verix@furaffinity.net>: Recipient address rejected: User unknown in local recipient table
Hmm.  I wonder what sort of a response I'd get if I sent mail to abuse@ and support@, let alone everything else.

[Fiz]

The junk address was rejected, and "root" is a standard account on UNIX systems. The rest were the only ones I tried.

Conan, who did you try out?

Re: Junk addy. Right, read it wrong, my bad.

Though in all honesty, the folk could be using an alternate name as opposed to their FA signup name.

[Conan]

So lets see, chase has one and isn't an admin anymore and irreverent has one and may not be staff anymore (doesn't have admin permissions but is still on the staff page?), so that just leaves Pinkuh and Neer, a junk address and the root one.

The junk address was rejected, and "root" is a standard account on UNIX systems. The rest were the only ones I tried.

Conan, who did you try out?

Some of the ones I tried have now been posted, but I tried Damaratus (account still active) and Summercat (User unknown), then some standards: DMCA (User unknown) and Legal (User unknown).

[Ben]

Witchiebunny also advertises having an @furaffinity.net address on her page, in case anyone was wondering.

[Pi]

HEAD http://70.33.186.200 --> 302 Moved Temporarily
HEAD http://70.33.186.200/index.php --> 404 Not Found


Now it's just broken, not "looking like it was compromised"! Progress!

[Conan]

Somewhat relevant: sometime today they jumped into the code and proceeded to...


... make 75 journals display in your control panel. You know, the ones that usually say "Journal deleted by the poster" because they're spam about streams. Meanwhile Commission Information is still offline and the code probably still has as many holes as it did this time last month. Their ports are wide open and Figment is still running 30 VMs and not the hosting service like it was supposed to.

FURAFFINITY: WE PUT THE NO IN INNOVATION.