Dragoneer (murasadramon) wrote in furaffinity,

December 2010 Hacking

       By now, many of you know that Fur Affinity was attacked on Thursday, December 16th 2010. Attackers were able to compromise the admin system using an XSS exploit in the trouble ticketing system to gain control of an admin account. We pulled the website offline, and closed the hole that lead to the initial attack, but not before the intruder was able to illegally compromise the private notes of 41 users (including admins and staff) and the vandalism of several galleries. Regrettably, the leeching of notes occurred before the hacker made his presence known on the site, and we were not able to stop it.

       At no point were user passwords or the site database compromised.

       After closing the initial hole that the intruder was using to compromise the site, they then attacked an admin's e-mail, managing to compromise their email account to perform a password reset. With the new password, they were able to get back into the site and into the forums. At the same time, another attack was launched on a second admin, compromising a long-abandoned account they had which was setup as an e-mail fallback for their main account. In both instances, the attackers were able to gain access back into the system, causing scattered vandalism.

       We were able to flush the attacker out of the system through multiple wipes of cookies and active login sessions (which some of you may have noticed when your account were logged out).

       After Yak revised and recoded the security side of the admin panel, the attackers then launched a distributed denial of service (DDOS) attack against FA as a final measure. Working with our host, we were able to block the attack and restore services to the site. While we had initially suspected potential issues due to the 1.2 million Gawker passwords that were leaked (which had affected some regular users on the site), we want to clarify that the Gawker leaks WERE NOT an issue with the FA intrusion.

       Galleries which were wiped are in the process of being restored, and we are working to strengthen and improve security. We have also removed the ability for certain admins to view notes. We will be bringing in additional coding help to perform security audits and improve upon the site's platform, as we do take security seriously. We regret that this happened, and ultimately the blame for this lay with us for letting the hole slip through the cracks. That said, it does not excuse the intruders for their actions, and we are working with law enforcement to pursue the issue.

       On behalf of the entire staff of FA we apologize for what happened. We make no excuses for what happened.


       If you have questions, please feel free to ask, we will update the thread with a Q/A. Keep responses civil, and honest. There has been enough drama over this, and we want to work towards peaceful resolution.

EDIT: Had the date wrong in the initial attacks. My apologies. The initial incident happened on Thursday, not Friday.
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

← Ctrl ← Alt
Ctrl → Alt →
← Ctrl ← Alt
Ctrl → Alt →