# 5/17 Site Attack



## Dragoneer (May 17, 2016)

It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity's source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.

We managed to get a hold of one of the USB drives and started to analyze what was distributed. While we were investigating, somebody launched a second attack against the site using information gleaned from the source code.

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.

We apologize for the inconvenience to the community, and are working to rectify the issues. If anyone has any knowledge/evidence as to who perpetrated the attack, or who was distributing the USB drives containing FA’s source code, please privately contact Dragoneer on Twitter (@Dragoneer) or via email at dragoneer@furaffinity.net.

We are working to restore FA as quickly as we can, but want to make sure we take proper steps to prevent any further issues. We will keep the community updated on our progress.



https://imgur.com/o0gwbet


This is a photo of one of the USB drives distributed with FA’s source code. If you have any information on who was distributing these drives please let us know by contacting us as mentioned above.


----------



## SonicWolfe (May 17, 2016)

I was expecting FA data base have a back up similar to RAID 1, aka real time back up. Even if the site is not backed up in real time, 6 days/weekly seemed a bit too long for a website, especially the ones like FA which had been attacked quite often due to its contents. A daily, bi-daily, or tri-daily back up plan would sound more reassuring.
Further more, if any loop hole/incidents may effect user content/database like this one, I think FA administrators should immediately notify users, and  in order to prevent possible damage like this one, FA administrator should go as far as take the site down WHILE investigating solutions. From my own experience, 6 days of contents is quite a lot, approximately 420 pics just from my own watch lists. Some artists may not even brother to re-upload the deleted ones due to the automatic submission spam protection system (Not saying the spam protecting is unnecessary or undesirable, but in reality I knew several artists had decided not to upload comics or pictures on FA because of the current spam protection system).


----------



## Dragoneer (May 17, 2016)

SonicWolfe said:


> I was expecting FA data base have a back up similar to RAID 1, aka real time back up. Even if the site is not backed up in real time, 6 days/weekly seemed a bit too long for a website especially like FA which had been attacked quite often due to it's contents. A daily, bi-daily, or tri-daily back up would sound more reasonable.


We have RAID 10s in all our servers. Full database and storage backups are held on other servers, so it's not quite the same as a single drive going offline and needing to replace the backup. And yes, doing daily backups is something we want to do, but with a site the size of FA, it can cause some severe slowdowns doing them constantly. We're in the process of acquiring a new backup storage system which would allow us to do said backups (but also requires a network upgrade).


----------



## GamerFox (May 17, 2016)

So this is going to involve a whole code rewrite?


----------



## ohtar (May 17, 2016)

As horrible as this is, one cant help but admire the efficiency of the attack. Its kinda impressive just how creative hackers can get! ._.

Hope you guys are able to restore the lost data. I cant imagine what a pain in the ass this is for you guys!


----------



## GreenReaper (May 17, 2016)

> I was expecting FA data base have a back up similar to RAID 1, aka real time back up.


RAID is not a backup - nor does database replication protect against malicious actors. You just end up replicating the damage, although a delay and point-in-time recovery can help.

Daily backups _are_ a good idea, if you can manage it. Preferably held on a machine not accessible through information on the master server.


----------



## hikyuuri (May 17, 2016)

Well, that explains why my account stopped working.  Thank you for the update!  I feel bad for those who have lost likes, watches, and submissions in the past few days because of this.


----------



## Shockey Rai (May 17, 2016)

I can't believe someone would do that. :/
I hate people that do this kind of stuff.


----------



## RestrainedRaptor (May 17, 2016)

With FA having been a part of IMVU for a while now, I would've expected the staff to be able to pull on their technical knowledge and resources to do a full security audit on the codebase and set up daily backups long before this incident occurred. It has been known for years that FA's code is broken and insecure, so I would've expected that to be a part of the contract - if they did any research. What exactly are they providing for the community again?


----------



## Jane_M_J (May 17, 2016)

Is this situation mean we have to wait for FA for days or even weeks?!?


----------



## AndroKei (May 17, 2016)

Will Notes be lost during this process?

I can't be the only one with important commission information in Notes over the past several days.

*ETA:* And what about Journals?


----------



## Jones111 (May 17, 2016)

"Its kinda impressive just how creative hackers can get!"

Actually, that's not impressive. If you've got a lot of source code, you will find security loopholes sooner or later.
There are some open source libraries that include unfixed security issues since years because people are too lazy to fix them. But any decent attacker will find them.


----------



## Dragoneer (May 17, 2016)

RestrainedRaptor said:


> With FA having been a part of IMVU for a while now, I would've expected the staff to be able to pull on their technical knowledge and resources to do a full security audit on the codebase and set up daily backups long before this incident occurred. It has been known for years that FA's code is broken and insecure, so I would've expected that to be a part of the contract - if they did any research. What exactly are they providing for the community again?


The exploit in question was not with FA's code but with a plugin called ImageMagick. Once we were made aware of the vulnerability it was patched, but were not aware that the source code had been leaked at tha time.


----------



## Traveller800 (May 17, 2016)

I don;t get it...whats the motivation?  Its clearly not cash otherwise they would have demanded a ransom or something.  Why would they devite time to fucking with your website?  Its stupid AND cruel to the users.


----------



## Jones111 (May 17, 2016)

I'm asking this for a friend, here:

Please share details why you think that accounts haven't been breached.
Please tell the people at least to a vague amount how secure their passwords were/are.

Did you use salted hashes? Did you use breakable hashes like MD5 or sha-1?

If you didn't use salted hashes at least, you should advice anyone to change his/her password and don't reuse the current one on any other web service.


----------



## Quinnn (May 17, 2016)

6 days is a long time.

I'll never understand people who do stuff like this. What do they get out of ruining other peoples fun? especially since they're supposedly part of this community as well.


----------



## DrawWithLaura (May 17, 2016)

AndroKei said:


> Will Notes be lost during this process?
> 
> I can't be the only one with important commission information in Notes over the past several days.
> 
> *ETA:* And what about Journals?


"Other information such as journals, notes, passwords, and personal information was not affected."


----------



## Traveller800 (May 17, 2016)

Quinnn said:


> 6 days is a long time.
> 
> I'll never understand people who do stuff like this. What do they get out of ruining other peoples fun? especially since they're supposedly part of this community as well.



that is exactly what I said, Quinnn.  What goes through their heads?


----------



## Jane_M_J (May 17, 2016)

Dragoneer! Is whole this situation mean we have to wait for FA for days or even weeks?!?


----------



## GamerFox (May 17, 2016)

I'm betting it was partisans for certain other sites.


----------



## Somnium (May 17, 2016)

Quinnn said:


> 6 days is a long time.
> 
> I'll never understand people who do stuff like this. What do they get out of ruining other peoples fun? especially since they're supposedly part of this community as well.



hackers need to practice somewhere before moving to the real stuff


----------



## Jones111 (May 17, 2016)

Traveller800 said:


> I don;t get it...whats the motivation?  Its clearly not cash otherwise they would have demanded a ransom or something.  Why would they devite time to fucking with your website?  Its stupid AND cruel to the users.



Some people just do this for fun or as a challenge.
Some people want to sell the data, others hate the content so much that they simply want to destroy it.
Some people want to find users to take a ransom from.

The reason of the content deletion is probably just that the attacker(s) wanted to remove as much evidence as possible.
Deleting everything makes finding out what actually happend much harder.


----------



## Serathinian (May 17, 2016)

People go to really dumb extents just to damage a website.


----------



## Dragoneer (May 17, 2016)

Jane_M_J said:


> Dragoneer! Is whole this situation mean we have to wait for FA for days or even weeks?!?


Our priority is fixing the issues and restoring the content. We want to get the site back online ASAP, but we need to do it right. I don't have an ETA.


----------



## Traveller800 (May 17, 2016)

GamerFox said:


> I'm betting it was partisans for certain other sites.



Not meaning to sound dumb (this is the first time I;ve ever seen any sort of attack like this), but what do you mean?  Partisans?


----------



## Fordoxia (May 17, 2016)

Great!  Now I have to browse these forums instead of browsing for pictures containing large electric tacos.


----------



## Electro⚡Spectrified (May 17, 2016)

Please make a list telling what will and what will not be lost in the backup restoration, if not everything.


----------



## Dragoneer (May 17, 2016)

GamerFox said:


> I'm betting it was partisans for certain other sites.


Please don't speculate. We don't know who did it, and without evidence, finger pointing at anyone or other sites does not help the situation.


----------



## protocollie (May 17, 2016)

SonicWolfe said:


> I was expecting FA data base have a back up similar to RAID 1, aka real time back up. Even if the site is not backed up in real time, 6 days/weekly seemed a bit too long for a website, especially the ones like FA which had been attacked quite often due to it's contents. A daily, bi-daily, or tri-daily back up would sound more reasonable.



raid is not a backup solution, raid is a reliability solution.


----------



## StarJelly (May 17, 2016)

Oh Noooooo I literally JUST created a new account like 2 days ago to move all my art to.


----------



## Traveller800 (May 17, 2016)

Jones111 said:


> Some people just do this for fun or as a challenge.
> Some people want to sell the data, others hate the content so much that they simply want to destroy it.
> Some people want to find users to take a ransom from.
> 
> ...



makes me happy I never commisioned anything...means no risk to my back account


----------



## jarmenj (May 17, 2016)

With FA being the largest collection of people in the anthro community and well, the nature of the fandom and how a bunch of people don't like said nature, something like this tends to happen pretty often.

RestrainedRaptor brings up a great point though, with the 'upgrade' by IMVU, there ought to be better cyber attack protection. Hopefully you guys and gals can strengthen FA's protection in the future because I'm sure there's quite a few folks who depend on the site for a secondary or even primary source of income.

Anyhow, thanks for keeping us all in the know, here's hopin the downtime won't be too long!


----------



## Traveller800 (May 17, 2016)

Fordoxia said:


> Great!  Now I have to browse these forums instead of browsing for pictures containing large electric tacos.


did someone say....taco's?


----------



## Jane_M_J (May 17, 2016)

Dragoneer said:


> Our priority is fixing the issues and restoring the content. We want to get the site back online ASAP, but we need to do it right. I don't have an ETA.


So is a possibility we don't have to wait for our site for days?


----------



## Fordoxia (May 17, 2016)

Traveller800 said:


> did someone say....taco's?


Not just _any _tacos...

*ELECTRIC TACOS!*


----------



## Traveller800 (May 17, 2016)

Fordoxia said:


> Not just _any _tacos...
> 
> *ELECTRIC TACOS!*



*drools* mmmm...electric tacoooo's


----------



## Taluwen (May 17, 2016)

Yikes! This really sucks. But guys, you can't predict every little thing that's gonna happen. There's no way anyone could've predicted this.

I'll never understand why people do this sort of thing. You gain nothing.


----------



## Draconas (May 17, 2016)

If any artists still communicate with clients via FA: don’t do that I don’t feel very sorry for them. This has happened countless times.


----------



## Fordoxia (May 17, 2016)

Taluwen said:


> Yikes! This really sucks. But guys, you can't predict every little thing that's gonna happen. There's no way anyone could've predicted this.
> 
> I'll never understand why people do this sort of thing. You gain nothing.



One word: Schadenfreude.


----------



## Kahmal (May 17, 2016)

Traveller800 said:


> I don;t get it...whats the motivation?  Its clearly not cash otherwise they would have demanded a ransom or something.  Why would they devite time to fucking with your website?  Its stupid AND cruel to the users.


Sometimes they do it just because they have nothing better to do with their lives.


----------



## Traveller800 (May 17, 2016)

Kahmal said:


> Sometimes they do it just because they have nothing better to do with their lives.


like how dillon the hacker constantly claims to hack youtubers when he is clearly a moron who is desperately in need of a taste of chaos magic?


----------



## KimButt (May 17, 2016)

Oh lord.


----------



## Kahmal (May 17, 2016)

Traveller800 said:


> like how dillon the hacker constantly claims to hack youtubers when he is clearly a moron who is desperately in need of a taste of chaos magic?


More or less, yeah.


----------



## Traveller800 (May 17, 2016)

KimButt said:


> Oh lord.


indeed...hackers...can't live with them...can;t banish them to the sock puppet dimension


----------



## Fordoxia (May 17, 2016)

Now, be honest.  Raise your hand...

How many of you created FA Forums accounts just because of this.

*_Raises hand*_


----------



## suicidalfox (May 17, 2016)

Great, now I'll have to go outside to entertain myself! All this fresh air and sunshine makes my body feel weird!


----------



## Traveller800 (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_


*raises lion paw*


----------



## KimButt (May 17, 2016)

Well fucking hell.


----------



## AndroKei (May 17, 2016)

suicidalfox said:


> Great, now I'll have to go outside to entertain myself! All this fresh air and sunshine makes my body feel weird!


But I don't like the outernet ;-;


----------



## Storok (May 17, 2016)

quick guide to boost morale in the wrong direction:

Listen to this track: 



Spoiler: This










Then go to : www.furaffinity.net: FA is temporarily offline.
Then read the sentence "FurAffinity will return shortly!" over and over agian.

I miss you FurAffinity


----------



## Winterbeast (May 17, 2016)

Why is easy. anyone who has lost an account by admin action is a potential hacker. The reasoning being If I can't have access, then no one can.


----------



## KimButt (May 17, 2016)

Traveller800 said:


> *raises lion paw*


*Raises hand up and chirps*


----------



## Lunarmagic (May 17, 2016)

It is a little saddening that there is not an incremental backup on the site. (For those who do dot know, it is one that sees a difference, or additional info and bucks up those changes while not having to back up the whole server.) It is generally more efficient than doing a full and you do a full back up at times that the servers are taking the least amount of stress. If that had happened then you could have saved a bit more data. This is just personal thoughts as an Information Technician (IT) though with no knowledge as to how much the people working there know what they are doing, nor knowing what equipment they are working with. I know personally that The Navy utilizes this technique and, generally, Has some of the most out dated equipment out there, ie. Windows XP and Vista. Just general concerns/advice. If I am wrong about anything I would be happy to hear from you.


----------



## shyguy777 (May 17, 2016)

Awe man! This just sucks dragon balls. I just got over 30 WATCHES on my page just yesterday!


----------



## AndroKei (May 17, 2016)

Jane_M_J said:


> Do we have to wait for FA for days/weeks or is a possibility it'll back sooner?


It's been said repeatedly there is no ETA currently.


----------



## MaverickHunterDBoy (May 17, 2016)

Great.  At best, I like to pretend that Peeves (the poltergeist from Harry Potter) likes to pull this crap to cause site downtime.

But, for hacking and stuff, yeah, some people have nothing better to do than to make others' lives miserable.


----------



## Fordoxia (May 17, 2016)

Lunarmagic said:


> ... I know personally that The Navy utilizes this technique and, generally, Has some of the most out dated equipment out there, ie. Windows XP and Vista. Just general concerns/advice. If I am wrong about anything I would be happy to hear from you.



No, no...  The United States Strategic Command's nuclear missile silos have the most outdated equipment.  8-inch floppies!


----------



## Heartstring the Pony (May 17, 2016)

Jane_M_J said:


> I really don't wanna wait for FA for days or even weeks! I won't stand it!!


Calm down, they're clearly working as fast as they can to get the issue resolved, and an attack like this is both unusual and extreme. 

What they don't need right now is people getting pissy at them while they try to resolve it.

Sorry, I don't mean to be a white knight or anything, but your constant posting and demanding to get the site back up annoyed me.


----------



## Traveller800 (May 17, 2016)

quick...we could try gathering the dragonballs and getting shenron to wish the site back online


----------



## HalouDoval (May 17, 2016)

Can't wait to sit down and spend my time figuring out what I've been doing between the 11th and 17th of May, when, or if, this issue gets resolved.
It's gonna be great....


----------



## b0rnstellar (May 17, 2016)

Thank you for the update!


----------



## KimButt (May 17, 2016)

I'm praying that it wasn't very serious


----------



## Jane_M_J (May 17, 2016)

Heartstring the Pony said:


> Calm down, they're clearly working as fast as they can to get the issue resolved, and an attack like this is both unusual and extreme.
> 
> What they don't need right now is people getting pissy at them while they try to resolve it.
> 
> Sorry, I don't mean to be a white knight or anything, but your constant posting and demanding to get the site back up annoyed me.


I'm sorry! I've got a panick. Earlier I didn't know what ETA means but now I know and... I'm still sad.


----------



## StarJelly (May 17, 2016)

I know what I was doing, and now i get to do it for 2 more days sadly.  Re-adding all the accounts I watch to a new account is...time consuming at best. Oh well.  At least it's less work than the FA staff is having to do.


----------



## Heartstring the Pony (May 17, 2016)

Jane_M_J said:


> I'm sorry! I've got a panick. Earlier I didn't know what ETA means but now I know and... I'm still sad.


It's a website, not a bomb that's about to go off. Be glad it's provided for free and realize that any website sometimes has serious downtime issues. Welcome to life.


----------



## Storok (May 17, 2016)

ETA means "Estimated time of arrival" for everyone that doesnt know untill now


----------



## shadow42 (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_


hand


----------



## masahikoko (May 17, 2016)

makes me glad I don't use notes for commission info, and an outside form maker to get all that. at least this way i can still work on current coms even if i can't get any new ones (or far less than i otherwise would), and have alternate contact info for commissioners, until the site is back up. I hope you're able to fix it soon! good luck.


----------



## Lunarmagic (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_


Yep, but I had a legit comment to post about possible security measures.


----------



## HalouDoval (May 17, 2016)

Heartstring the Pony said:


> Calm down, they're clearly working as fast as they can to get the issue resolved, and an attack like this is both unusual and extreme.
> 
> What they don't need right now is people getting pissy at them while they try to resolve it.
> 
> Sorry, I don't mean to be a white knight or anything, but your constant posting and demanding to get the site back up annoyed me.


I don't think the site staff are paying much attention to this threat right now.


----------



## Jane_M_J (May 17, 2016)

Heartstring the Pony said:


> It's a website, not a bomb that's about to go off. Be glad it's provided for free and realize that any website sometimes has serious downtime issues. Welcome to life.


At least I didn't create my account between 11th May and this day. Phew...


----------



## Kragith Zedrok (May 17, 2016)

Oh damn...


----------



## Bourbon. (May 17, 2016)

This is a little disappointing because I was getting pretty close to 5000 watchers and I was pretty excited, and rolling the database back by a week is going to knock me back down a bit. 

Will those of us who have an ad be compensated for an extended downtime (if it persists for long, I mean)?


----------



## RTDragon (May 17, 2016)

To be honest i'm not really surprised at this. Considering of all the art sites i'm FA is the one that goes down often and considering this was another exploit. From all sites i can completely understand downtime. Though it's also a good thing to branch out on other sites and not just use the same site.


----------



## shadow42 (May 17, 2016)

Storok said:


> quick guide to boost morale in the wrong direction:
> 
> Listen to this track:
> 
> ...


lol


----------



## Heartstring the Pony (May 17, 2016)

HalouDoval said:


> I don't think the site staff are paying much attention to this threat right now.


And yet it still annoyed me enough to reply.


----------



## Lunarmagic (May 17, 2016)

Fordoxia said:


> No, no...  The United States Strategic Command's nuclear missile silos have the most outdated equipment.  8-inch floppies!


Still using those on ships as well.


----------



## WorgenQueen (May 17, 2016)

Yo, Dragoneer!
I have to ask, is there any way you know how these source codes were spread on the USBs? How they were distributed? And, which convention they were distributed at?


----------



## Storok (May 17, 2016)

HalouDoval said:


> I don't think the site staff are paying much attention to this threat right now.


I can totally agree with that becaue they are maybe fixing some website right now


----------



## TwistedTeeth (May 17, 2016)

@Everyone saying "haha poor ppl who use notes for commissions"

They already said that notes and journals weren't affected. So, nothing was lost there. IDK why y'all are trying to make that a point when it's been said twice now that those things weren't affected.

That being said, this IS a good reason to conduct commission taking outside of fA's notes. Because next time this happens (and there most likely will be a next time) it could possibly take out the notes as well. Google docs or those forms people been using are a good thing to look in to- I know I'm definitely going to look into it myself.


----------



## Canislupusbluewolf (May 17, 2016)

Any chance this might be related with the release of the "fursonas" movie / documentary? It's makers have been said to have some kind  of motive :-/


----------



## Dragoneer (May 17, 2016)

WorgenQueen said:


> Yo, Dragoneer!
> I have to ask, is there any way you know how these source codes were spread on the USBs? How they were distributed? And, which convention they were distributed at?


Somebody got the source code through the ImageTragick exploit (which we patched on May 5th). We assume they put them on flash drives and distributed them out, or left them in public places hoping for them to be found. We don't really have any other information.

On of the BLFC security staffers found the drives and notified and FAU staffer who was at the con, and we were able to get a copy of the contents sent over via Skype to start analyzing.


----------



## Iracuse (May 17, 2016)

You'd think people would have better things to do than to target furry sites, but I keep forgetting the type of people who dedicated their lives to hating furries are aggressively stupid and have nothing better to do with themselves.

Hope to see the site back online soon.


----------



## masahikoko (May 17, 2016)

TwistedTeeth said:


> @Everyone saying "haha poor ppl who use notes for commissions"
> 
> They already said that notes and journals weren't affected. So, nothing was lost there. IDK why y'all are trying to make that a point when it's been said twice now that those things weren't affected.
> 
> That being said, this IS a good reason to conduct commission taking outside of fA's notes. Because next time this happens (and there most likely will be a next time) it could possibly take out the notes as well. Google docs or those forms people been using are a good thing to look in to- I know I'm definitely going to look into it myself.



It's not so much that they could have been affected. i'm just glad that i have access to my commission details, where as people who dont back them up currently have no access to stuff they'd need to work on things.


----------



## Storok (May 17, 2016)

Canislupusbluewolf said:


> Any chance this might be related with the release of the "fursonas" movie / documentary? It's makers have been said to have some kind of motive :-/


I dont get it to be honest


----------



## Dragoneer (May 17, 2016)

Canislupusbluewolf said:


> Any chance this might be related with the release of the "fursonas" movie / documentary? It's makers have been said to have some kind  of motive :-/


Again, please don't speculate. We do not know who it was, and pointing fingers without evidence does not help the situation.


----------



## OraKitsune (May 17, 2016)

This is a sad news for me, because I've got some friends here who post their own art, fics, animations, etc. only in this site. Hope ya'll restore FA ASAP, because it'd the the tragedy if the site would disappear at all


----------



## wolfbeast (May 17, 2016)

GamerFox said:


> I'm betting it was partisans for certain other sites.


Or just someone very destructive. I hope they understand the gravity of performing this kind of attack.


----------



## Rythas (May 17, 2016)

Storok said:


> I can totally agree with that because they are maybe fixing some website right now


Here's someone with their head on their shoulders  I was working on grabbing an adoptable from someone before this happened and noticed that the website was slowing down very quickly. We talked by Note mostly, but we had messaged over Facebook before and finished the adoption there. If any of you guys have a Facebook, it might be worthwhile to find the people you were working with inside furry Facebook groups to finish what you've started (or join those groups so that you have company as this progresses).


----------



## Altair_the_lugia (May 17, 2016)

Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!


----------



## Traveller800 (May 17, 2016)

Altair_the_lugia said:


> Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!


why would he 'deserve' to have his website nuked by 12 year old keyboard warriors?


----------



## Bourbon. (May 17, 2016)

Altair_the_lugia said:


> Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!


That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.


----------



## Iracuse (May 17, 2016)

Bourbon. said:


> That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.


There was a three month downtime? I must've missed out on that one, sounds rather impressive.


----------



## Gardevoir-trainer (May 17, 2016)

I tried this "Outside" thing once. The graphics were alright, but the storyline sucked...


----------



## Bourbon. (May 17, 2016)

Iracuse said:


> There was a three month downtime? I must've missed out on that one, sounds rather impressive.


It was several years ago when FA was much smaller and easily could have withered away due to it. The site perseveres because it continues to provide what other sites can't.


----------



## Traveller800 (May 17, 2016)

Gardevoir-trainer said:


> I tried this "Outside" thing once. The graphics were alright, but the storyline sucked...


and you get a five star rating way too fast


----------



## BRN (May 17, 2016)

Your decision to close the site down was swift and appropriate. Here's hoping the damage can be mitigated.

Good luck, guys


----------



## Traveller800 (May 17, 2016)

Bourbon. said:


> It was several years ago when FA was much smaller and easily could have withered away due to it. The site perseveres because it continues to provide what other sites can't.


good art and a friendly accepting community.


----------



## b0rnstellar (May 17, 2016)

Altair_the_lugia said:


> Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!


It really isn't as catastrophic as you set it to be. Just a little breach that can be fixed with some work which, undoubtedly, Neer and his team are putting in to get this solved.


----------



## HalouDoval (May 17, 2016)

TwistedTeeth said:


> @Everyone saying "haha poor ppl who use notes for commissions"
> 
> They already said that notes and journals weren't affected. So, nothing was lost there. IDK why y'all are trying to make that a point when it's been said twice now that those things weren't affected.


It doesn't really matter whether or not the notes are affected, if the site cannot be accessed the site cannot be accessed, notes and all.


----------



## Lunarmagic (May 17, 2016)

Altair_the_lugia said:


> Wow... Just wow. You know, I know I shouldn't angry, you had this coming after all, but jeez Dragoneer... I-I don't even have the right words for how f#*%(@ up this is. And because of this, a lot of people are likely to jump ship from it. FA's the Titanic, so you better pray this was hack isn't the iceberg that sinks it!


There is no need to be hostile. The people who work on networks are not all mighty gods who can prevent everything bad that happens but chose not to, they are people just like you, but with a bit more knowledge on how a computer/network works. In a couple of months you could have a large majority on how a network and computer work memorized without actually feeling much smarter.


----------



## TheN1K0L4Z (May 17, 2016)

I think we have dissension in the elite ranks of FA's Staff! I want all the staff evaluated. I'm gonna get me a conviction!

JK; But still, whoever was distributing those forged keys, obviously has some issues within the staff. So, whoever had the gall to use the exploit against our empire, better come clean now, or we will find you, without hesitation! Justice will be served!


----------



## Rythas (May 17, 2016)

I mean, just remember that this isn't the fault of any authority figures present. Precautions are taken on every website that I know of to keep them from being hacked and such, so the whole USB ordeal was the work of someone who took advantage over something accidental. Not everyone is perfect, not many sites are perfect (apparently Google is since they challenged hackers to break their codes), and this is especially true when a community is targeted by people under educated about said community.


----------



## Iracuse (May 17, 2016)

Bourbon. said:


> It was several years ago when FA was much smaller and easily could have withered away due to it. The site perseveres because it continues to provide what other sites can't.


Aye, something like that. As long as this downtime doesn't last for weeks on end, we should be fine.


----------



## RestrainedRaptor (May 17, 2016)

Dragoneer said:


> The exploit in question was not with FA's code but with a plugin called ImageMagick. Once we were made aware of the vulnerability it was patched, but were not aware that the source code had been leaked at tha time.



Yes, I understand how it occurred (and I saw the ImageMagick news a while back). However, IMVU has had reasonable time (since January) to help find and fix security flaws in FA's codebase, as well as provide adequate hardware... They are obligated to do that, right? Well, I hope they're working a little harder now.


----------



## LOLman777 (May 17, 2016)

Um... Will the FA community bring back FA just as it was?


----------



## Kendareru (May 17, 2016)

@Dragoneer Take the time you need.  These sorts of issues aren't "push button to fix" and it's understandable that it may take a while.  The site'll be up when you're goo and ready, and we'll live until then.  Unless someone decided to hold their breath until the site's back, in which case... oops.


----------



## Altair_the_lugia (May 17, 2016)

Bourbon. said:


> That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.


I know, I'm just ticked off. Can you blame me? FA's been running the same fossilizing code for years. It was only a matter of time before someone found an Achilles heel. I'll give props that it wasn't exploited till now.


----------



## Rythas (May 17, 2016)

My question would be, does IMVU earn anything from having the website up? I would think that, if they did, they would put more effort into making sure that the website is secure. If they don't, then I understand why they wouldn't care as much.


----------



## Traveller800 (May 17, 2016)

Rythas said:


> I mean, just remember that this isn't the fault of any authority figures present. Precautions are taken on every website that I know of to keep them from being hacked and such, so the whole USB ordeal was the work of someone who took advantage over something accidental. Not everyone is perfect, not many sites are perfect (apparently Google is since they challenged hackers to break their codes), and this is especially true when a community is targeted by people under educated about said community.


well said, rythas.  It reminds me of a similar attitude to miner players on eve online.  Most of the non-miners think they are cowards and don;t belong in the game.  I know at least one player who was driven from the game by this toxic attitude.

This is one of the reasons I like this site...because it reminds me of a second community in eve online...a group called 'broadcast4reps' who instead of being shortminded fools, go out of their way to be welcoming and supportive to everyone they meet, a bit like the FA community were when I set up a little account on your site and spent my time commenting on the art I liked.


----------



## AliothFox (May 17, 2016)

Bourbon. said:


> That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.



I remember a couple years ago when it was in read-only for a month or so.  There was the threat of a "mass exodus" then, just like there is every time FA has a hiccup.  Most of the people who talk about "leaving FA" tend to either be divas who just use it as an opportunity to get a bunch of attention in the form of "please don't leave!" comments, or people who have a personal beef with FA because their ticket/issue didn't get resolved exactly as they'd have liked.  FA has gone through a hell of a lot worse than this.

I think this is truly a case of "what doesn't kill you makes you stronger."  If anything, this will likely prompt a much-needed security audit, and the site will be better and safer as a result.  For all people have complained about IMVU, the site's performance has actually improved somewhat considerably since the sale.  Downtime used to be something that you could count on every 2 weeks or so.  Now the site can often stay online for 2-3 months, under a much larger load.  So it helps to step back and put things in perspective.


----------



## Exemption (May 17, 2016)

So sadening that people would do such a thing, hope its gets resolved soon.


----------



## desoto_jellywerewolf (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_




THIS GUY DID.


----------



## Storok (May 17, 2016)

oh my god why is everybody thinking there is an apocalypse...


----------



## Lunarmagic (May 17, 2016)

RestrainedRaptor said:


> Yes, I understand how it occurred (and I saw the ImageMagick news a while back). However, IMVU has had reasonable time (since January) to help find and fix security flaws in FA's codebase, as well as provide adequate hardware... They are obligated to do that, right? Well, I hope they're working a little harder now.


It can actually take a lot longer than months to replace the hardware. (Depending on how much/old it is.) I am sure they are doing their best and you should have more faith in what they are doing if you do not know the specifics of their operation.


----------



## Orca1 (May 17, 2016)

Shouldn't this issue be brought to the FBI? I may be mistaken, but this could be considered an act of cyber-terrorism, or at least within the purview of their cyber crimes unit.


----------



## tbonethebunbun (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_



I did, for two reasons...

1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.

2: I'm the same guy who, 5 years ago on Youtube, told everyone who was whining, crying, moaning, and complaining about this exact same thing to "_*GET OVER IT!*_" Yeah, I am the "OFFICIAL" tbone2004 in case you were wondering. Of course, I didn't create that to be a total jerk, I did it just to provide a sense of comfort in these dark times. After all, it's just a character I play, just like with my fursona when I fursuit at cons.

But in all seriousness, guys... _*FA IS GONE AND WILL NOT BE COMING BACK FOR A WHILE, SO GO DO SOMETHING ELSE! YOU DO KNOW DOOM JUST CAME OUT, RIGHT???*_


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> I did, for two reasons...
> 
> 1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.
> 
> ...


*shoots you with BFG 9000*  Yes


----------



## Lunarmagic (May 17, 2016)

Kendareru said:


> @Dragoneer Take the time you need.  These sorts of issues aren't "push button to fix" and it's understandable that it may take a while.  The site'll be up when you're goo and ready, and we'll live until then.  Unless someone decided to hold their breath until the site's back, in which case... oops.


Thank you for remaining positive, and (based on what they said) It should not take more than a couple of days. A full restore is a bit of a hefty tole.


----------



## nuccathewarrior (May 17, 2016)

This sounds like it was either China, Russia or North Korea.  They have been attacking the website I run for Big Time Youtubers which recently started.  I'm not advertising it but it sounds like they found an exploit in the system big time to access personal data of each account which is quite scary.  Possibilities, could be ISIS, Anonymous, or just some scriptkiddie that managed to hack into the site's database. 

The best thing to do is find out the source, find out who did, if its a Chinese IP, Russian, or Korean, Ban the entire range because they will never stop until you give up, Look at the logs of which IP visited possibly 1-6 weeks back including today.  Finally get a backup data unit rolling.  Also close ANY remote ports that you may have open for third party...  I understand the problems that it may cause but the hackers nowadays are attacking phpmyadmin, phpadmin, webadmin, ports such as 3306 which is the SQL server port and possibly any remote ports that you have open besides port 80 and 587 or 25. 

It doesn't hurt to think like one, thinking preventive measures, thinking how they attack, and knowing when it will happen.  My experience with hackers is 500 fold knowing how they will attack at random.  Hell, I could be knocked out tomorrow and not even know about it. Plus also I forgot to mention is phishers who love making fake ass websites to get your info.

Please take these hints, these skills I know and make sure it will not happen again.....


----------



## Rythas (May 17, 2016)

I haven't been around long enough to see what AliothFox has said about website improvement, so I'm really glad to know that they've been improving it. I think people complain everywhere just because they can; for example, I work on a game server that has many sub-servers, and if one goes down everyone tends to go into the lobby and start going "omg I'm leaving this server sux butt" "hate dis :'(" and the like. If DeviantArt ever went down, I expect they would get the same response.


----------



## b0rnstellar (May 17, 2016)

TheN1K0L4Z said:


> I think we have dissension in the elite ranks of FA's Staff! I want all the staff evaluated. I'm gonna get me a conviction!


I can see it now.

Let the* SALEM FURAFFINITY WITCH TRIALS COMMENCE*


----------



## Bourbon. (May 17, 2016)

Orca1 said:


> Shouldn't this issue be brought to the FBI? I may be mistaken, but this could be considered an act of cyber-terrorism, or at least within the purview of their cyber crimes unit.


I agree, I'm pretty sure this is very much illegal and needs to be reported to the proper authorities.


----------



## OmegaOverdrive (May 17, 2016)

This could be a big problem. .w.


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> *shoots you with BFG 9000*  Yes


BRUH, DO YOU EVEN IDDQD?


----------



## RapidStrike (May 17, 2016)

I'm curious as to what the exploit was that allowed the attackers to access the database in the first place.

I seriously hope that it wasn't something simple like SQL injection.


----------



## Fordoxia (May 17, 2016)

tbonethebunbun said:


> I did, for two reasons...
> 
> 1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.
> 
> ...


I saw Polygon play it.   Well, I say I saw it; I got through about 3 minutes of their terrible inability to move and aim at the same time.  Or hit the daemons.  Man, Polygon sucks.


----------



## Iracuse (May 17, 2016)

tbonethebunbun said:


> I did, for two reasons...
> 
> 1: I'm an avid user of FA, so I can keep up with my favorite artists, and a few select friends.
> 
> ...


My PC can't run Doom, soooo.... Guess I'm going to reinstall Skyrim again. 

We still have the forums, at the very least, so we can continue... community-ing or whatever it is we do. I'm just here for the commissions.


----------



## coolclaws7 (May 17, 2016)

Orca1 said:


> Shouldn't this issue be brought to the FBI? I may be mistaken, but this could be considered an act of cyber-terrorism, or at least within the purview of their cyber crimes unit.


I agree man, they need to make sure this ins't part of something larger


----------



## Gardevoir-trainer (May 17, 2016)

Traveller800 said:


> and you get a five star rating way too fast


Because I'm good like that


----------



## Traveller800 (May 17, 2016)

b0rnstellar said:


> I can see it now.
> 
> Let the* SALEM FURAFFINITY WITCH TRIALS COMMENCE*


can I be the judge?  I wanna wear the robe and the funny wig.


----------



## tbonethebunbun (May 17, 2016)

Iracuse said:


> My PC can't run Doom, soooo.... Guess I'm going to reinstall Skyrim again.
> 
> We still have the forums, at the very least, so we can continue... community-ing or whatever it is we do. I'm just here for the commissions.


Do you play Elder Scrolls Online? OH MY GOD, THAT GAME IS AWESOME! =3


----------



## Fordoxia (May 17, 2016)

RapidStrike said:


> I'm curious as to what the exploit was that allowed the attackers to access the database in the first place.
> 
> I seriously hope that it wasn't something simple like SQL injection.



It was an ImageMagick library exploit that was patched on the 5th.  However, by this time, the source code had been released.  And when you have that stuff, there's no end to to havoc you can bring.


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> BRUH, DO YOU EVEN IDDQD?


doesn;t work on the new doom.  *blasts with gauss cannon*


----------



## Samandriel Morningstar (May 17, 2016)

I know all of this sucks and it's going to put a dent in all of our profiles and force us to bring back what content/watchers etc. we had but please anyone who is going after the Mods/Neer just calm down.
Also the people who are freaking out in general.
These kinds of things happen to even the best websites,hackers these days do whatever they can to evolve and there's only so much Neer and the others can do,the fact the stuff on the USB's were leaked didn't help.
It was obviously planned,haphazardly but still planned.
There's always that good collection of folk out there just waiting to do something to destroy the furry community in one way or another,or just generally be dicks.
Things will be taken care of,the site will be back and we'll all be able to get back to our regularly scheduled furaffinity sessions with hopefully little issue besides the task of getting watchers back and taking care of any other lost information/submissions.
The people who run the site are just that,people.
They're not sitting in their basement lurking here just waiting for something to happen and then string it out to cause drama.
Some things need to be fixed that haven't been fixed for a while,and hopefully things will be upgraded to a heavier level of security.
It's all going to be fine.


----------



## Lunarmagic (May 17, 2016)

Bourbon. said:


> I agree, I'm pretty sure this is very much illegal and needs to be reported to the proper authorities.


The thing is, the hacker may have already deleted his trail. It would be very difficult to find him at this rate.


----------



## Rythas (May 17, 2016)

Also I'd like to say that Neer has the best username ever.


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> Do you play Elder Scrolls Online? OH MY GOD, THAT GAME IS AWESOME! =3


I used too...sadly I cannot afford to keep it up.  I was actually with the angry army multiplayer horde when angry joe did his review.


----------



## Kendareru (May 17, 2016)

Lunarmagic said:


> Thank you for remaining positive, and (based on what they said) It should not take more than a couple of days. A full restore is a bit of a hefty tole.


My faith comes from the fact that I've been on the site since high school, nearly half my life ago, and any time it goes down, it bounces right back, sometimes better, sometimes not.


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> doesn;t work on the new doom.  *blasts with gauss cannon*


Cut me a break, man. I'm old-school when it comes to Doom! XD


----------



## Iracuse (May 17, 2016)

tbonethebunbun said:


> Do you play Elder Scrolls Online? OH MY GOD, THAT GAME IS AWESOME! =3


I live in Bumfuck, Nowhere (AKA the United States' equivalent to Siberia, AKA Alaska), so... I don't really play a lot of MMOs. I've heard mixed things about it.


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> I used too...sadly I cannot afford to keep it up.  I was actually with the angry army multiplayer horde when angry joe did his review.


I'm in a guild on Xbox One, and I've enjoyed it so far.


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> Cut me a break, man. I'm old-school when it comes to Doom! XD


I like all the dooms but if I had to choose, I actually prefer doom 3 for its story.


----------



## FelisRandomis (May 17, 2016)

HalouDoval said:


> Can't wait to sit down and spend my time figuring out what I've been doing between the 11th and 17th of May, when, or if, this issue gets resolved.
> It's gonna be great....


Do you post anywhere besides FA? You can use that for the history of your posts


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> I'm in a guild on Xbox One, and I've enjoyed it so far.


well, if I ever find the cash, I'll probably rejoin on the xbone


----------



## tbonethebunbun (May 17, 2016)

Iracuse said:


> I live in Bumfuck, Nowhere (AKA the United States' equivalent to Siberia, AKA Alaska), so... I don't really play a lot of MMOs. I've heard mixed things about it.


What console do you have? XBone or PS4?


----------



## Rythas (May 17, 2016)

Iracuse said:


> I live in Bumfuck, Nowhere (AKA the United States' equivalent to Siberia, AKA Alaska), so... I don't really play a lot of MMOs. I've heard mixed things about it.


I played in the early closed Beta.. Took like 6 hours to download on my crapola laptop, and it was very, very bugged, hee hee. The first quest that required players to work as a group didn't work. Haven't tried it since then, but it sounds like it's improved


----------



## Zepher_Tensho (May 17, 2016)

Dragoneer said:


> We have RAID 10s in all our servers. Full database and storage backups are held on other servers, so it's not quite the same as a single drive going offline and needing to replace the backup. And yes, doing daily backups is something we want to do, but with a site the size of FA, it can cause some severe slowdowns doing them constantly. We're in the process of acquiring a new backup storage system which would allow us to do said backups (but also requires a network upgrade).



A good practice is doing full backups weekly (which it sounds like you are), and then differential backups daily. These types of backups only save what has changed since the last backup, making it faster and having less processing overhead


----------



## Fordoxia (May 17, 2016)

FelisRandomis said:


> Do you post anywhere besides FA? You can use that for the history of your posts


There are websites _*OTHER THAN*_ FA!?!?!?


----------



## Lunarmagic (May 17, 2016)

@Traveller800 I just want to say that you are awesome and I like your attitude on this issue.


----------



## RedKomuso (May 17, 2016)

LOLman777 said:


> Um... Will the FA community bring back FA just as it was?


 the main post said that the latest back up was 6 days ago. so anything posted after the 11th will be gone.


----------



## Kendareru (May 17, 2016)

So, how about them books?  My mom got me the Night Angel series 3-in-1, and I'm halfway through it.  Waiting on the next installment of Sholan Alliance, and I need to pick Honor Harrington back up.


----------



## tbonethebunbun (May 17, 2016)

FelisRandomis said:


> Do you post anywhere besides FA? You can use that for the history of your posts


Facebook, Twitter, Weasyl, ect.

Break out the game consoles, man. There's tons of video games you should be playing during downtime!


----------



## Traveller800 (May 17, 2016)

Rythas said:


> I played in the early closed Beta.. Took like 6 hours to download on my crapola laptop, and it was very, very bugged, hee hee. The first quest that required players to work as a group didn't work. Haven't tried it since then, but it sounds like it's improved


heh,...I remember that.  Was total mayhem...I loved every minute.


----------



## Bourbon. (May 17, 2016)

Lunarmagic said:


> The thing is, the hacker may have already deleted his trail. It would be very difficult to find him at this rate.


Even if there's a chance of that being true, there's no reason to let it go unreported. By not even trying, you let criminals continue their behavior because they have the security of thinking that no one would report them.


----------



## BloodhoundPreston (May 17, 2016)

Well, I hope FA will soon get this situation fixed.


----------



## Fordoxia (May 17, 2016)

tbonethebunbun said:


> Facebook, Twitter, Weasyl, ect.
> 
> Break out the game consoles, man. There's tons of video games you should be playing during downtime!


PAH!  Dirty Console Gaming Peasent!  The Glorious PC Gaming Master Race reigns supreme!


----------



## OmegaOverdrive (May 17, 2016)

Well, I guess I am gonna play some Fatal Fury Special while you guys play Doom.

Seeya. .3.


----------



## Traveller800 (May 17, 2016)

Fordoxia said:


> PAH!  Dirty Console Gaming Peasent!  The Glorious PC Gaming Master Race reigns supreme!


I prefer both...nothing like a nice game of stellaris followed by a quick game of doom 2016 on the xbone


----------



## RedKomuso (May 17, 2016)

b0rnstellar said:


> I can see it now.
> 
> Let the* SALEM FURAFFINITY WITCH TRIALS COMMENCE*


lets play "town of salem" furaffinity edition


----------



## tbonethebunbun (May 17, 2016)

See, guys? I'm not a total ass like I "was" back in 2011, I'm actually pulling for all of you, cause I know what it's like. Trust me, this bunny's your best friend! X3


----------



## STrRedWolf (May 17, 2016)

On doing full database backups, depending on what SQL server you are using, you may be able to do an incremental backup of the database.  *BUT* that assumes you're using MySQL and can run Percona to do the backups.  Plus, Percona locks the tables, so you may be scheduling a regular Read-Only for the backups *IF* they are quick enough.  

If they're not, and you're running MySQL, there's a tool called DRBD that can replicate a partition that contains a MySQL database to a second server.  At night, break the DRBD link, mount the partition on the secondary server, backup the MySQL DB files, unmount, start DRBD back up again, and let it sync back up.

If you're using PostgreSQL, you got some research to do!


----------



## Traveller800 (May 17, 2016)

RedKomuso said:


> lets play "town of salem" furaffinity edition


indeed.  let the random accusations commense.


----------



## Rythas (May 17, 2016)

RedKomuso said:


> lets play "town of salem" furaffinity edition


That's actually a good idea


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> I prefer both...nothing like a nice game of stellaris followed by a quick game of doom 2016 on the xbone


When you get a chance, PM me your gamer tag! I might wanna add you! ^3^


----------



## Traveller800 (May 17, 2016)

Rythas said:


> That's actually a good idea


ok...someone needs to set up a server on steam immediately for that game


----------



## Iracuse (May 17, 2016)

tbonethebunbun said:


> What console do you have? XBone or PS4?


I have a PC and a Wii U, I don't use an XBone or a PS4 because I don't have the cash for a monthly subscription fee.


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> When you get a chance, PM me your gamer tag! I might wanna add you! ^3^


Lynchpin451

cya on xb live


----------



## Wither (May 17, 2016)

RedKomuso said:


> lets play "town of salem" furaffinity edition


Start a new thread for it. Don't try and start it in this thread.


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> Lynchpin451
> 
> cya on xb live


tbonethebunbun


----------



## dajagr (May 17, 2016)

Traveller800 said:


> I don;t get it...whats the motivation?  Its clearly not cash otherwise they would have demanded a ransom or something.  Why would they devite time to fucking with your website?  Its stupid AND cruel to the users.



Some men just want to watch the world burn.


----------



## RedKomuso (May 17, 2016)

Wither said:


> Start a new thread for it. Don't try and start it in this thread.


it's just a joke


----------



## lolcox (May 17, 2016)

Right. Not entirely surprised.

Hopefully everyone remembered to bring a towel, or at least had the sense enough to keep anything related to their businesses that they were running through their FA accounts in another off-site location to minimize impact.
If that didn't happen...

*LOLCOX'S QUICK GUIDE TO SANITY:*

If you don't have at least two backups, it's clearly not _that_ important to you. Get into the practice of backing up important things. Client information is important, no?
Back up client contact and supplied information offsite in a couple of different places, minimum. You never know when something is going to go down. Having that backup means that you can keep working in the event that either your ability to get online is compromised (if you backed up locally), or the site you use (ANY SITE) goes down for an extended period. Make a habit of doing this, and do so immediately when FA comes back up.
In the interim, sit back, and if you're about to fret, don't fret. Learn from this, and find something else to do in the interim. Look at other stuff on the internet, go watch a movie, play a video game, hug your other half, something.


----------



## Traveller800 (May 17, 2016)

tbonethebunbun said:


> tbonethebunbun


I';ll watch for your friend request


----------



## b0rnstellar (May 17, 2016)

RedKomuso said:


> lets play "town of salem" furaffinity edition


Can someone make this please


----------



## keskitsune (May 17, 2016)

Yuk. Even after all this time, and god knows how many people have tried to code updates to FA, the same crap keeps happening. First off, backups don't take too long to do daily. Setting up a database for replicas for offline functions is easy and would let you do such things without imposing huge server loads. Things like views as well would be useful in making it a lot more difficult to delete user data. Second, why does the website database user have the ability to delete anything, especially users? Delete privileges should sensibly be handled by another database account, so that someone with the code to FA won't have the access to delete anything. FA's security practices just remain as terrible as they ever were.


----------



## tbonethebunbun (May 17, 2016)

Traveller800 said:


> I';ll watch for your friend request


You should already have received something.


----------



## FelisRandomis (May 17, 2016)

tbonethebunbun said:


> Facebook, Twitter, Weasyl, ect.
> 
> Break out the game consoles, man. There's tons of video games you should be playing during downtime!



Eh??
I'm not losing my mind over FA being down, i was aiming to help someone lol


----------



## tbonethebunbun (May 17, 2016)

FelisRandomis said:


> Eh??
> I'm not losing my mind over FA being down, i was aiming to help someone lol


I never said you was. =3


----------



## Traveller800 (May 17, 2016)

FelisRandomis said:


> Eh??
> I'm not losing my mind over FA being down, i was aiming to help someone lol


sanity is overrated anyway.


----------



## FelisRandomis (May 17, 2016)

tbonethebunbun said:


> I never said you was. =3



okay, just wasn't exactly sure why you replied to me


----------



## Lunarmagic (May 17, 2016)

Traveller800 said:


> sanity is overrated anyway.


Sanity is an illusion. There are no sane or normal people.


----------



## peterandcompany (May 17, 2016)

Man, this is bonkers. I'll never understand why sites get targeted like this. Sigh.


----------



## tbonethebunbun (May 17, 2016)

FelisRandomis said:


> okay, just wasn't exactly sure why you replied to me


Nah, you're cool. X3


----------



## Kendareru (May 17, 2016)

peterandcompany said:


> Man, this is bonkers. I'll never understand why sites get targeted like this. Sigh.


Sings "Bonkers; Yea, totally nuts!"


----------



## PokemonAll4One (May 17, 2016)

Kahmal said:


> Sometimes they do it just because they have nothing better to do with their lives.


OR  he hink they're alowed to be assholes just because they're on the internet!


----------



## ijoe (May 17, 2016)

*This thread desperately needs some decrapifying.*
Please go BS in the general discussion section for the sake of everyone looking here for news relevant to fa.


----------



## Kendareru (May 17, 2016)

PokemonAll4One said:


> OR  he hink they're alowed to be assholes just because they're on the internet!


Yea, there really is a fissure between who people are online, and who they are offline, a lot of the time.


----------



## Lunarmagic (May 17, 2016)

ijoe said:


> *This thread desperately needs some decrapifying.*
> Please go BS in the general discussion section for the sake of everyone looking here for news relevant to fa.


True, but most of it was led up from actual discussions. You can not blame them for hitting it off in a thread that they both were commenting on.


----------



## geoshark12 (May 17, 2016)

what is ETA?


----------



## Lunarmagic (May 17, 2016)

geoshark12 said:


> what is ETA?


Estimated time of arrival.


----------



## tbonethebunbun (May 17, 2016)

ijoe said:


> *This thread desperately needs some decrapifying.*
> Please go BS in the general discussion section for the sake of everyone looking here for news relevant to fa.


Geez, no need to be a jerk. Just trying to appease the masses. >=(


----------



## geoshark12 (May 17, 2016)

Lunarmagic said:


> Estimated time of arrival.


ok thanks i did not know what he meant by ETA


----------



## LoonerBubbles (May 17, 2016)

Why where they able to get the code from where they did anyways? And shouldn't there be better backups to the coding anyways? 
And i think that a good cleaning of the code to check if there is any other problems is a good thing to do since of you never know what could happen again and its better to get it done the first time and not have it happen a second time. Along with of an idea might be pulling down the site to do a full check of some stuff to if possible and if it ins't then do what can be done with it still being up.


----------



## theejolene (May 17, 2016)

Im sorry but how in the bloody hell would you let anyone get access to such important information: that is just downright stupid.... I thought after taking all our money to make the site better that it would work, but nope it doesnt. I just dont understand any of this.... I think you staff members need to sort a lot of shit out with this page.


----------



## Azurex (May 17, 2016)

Bluh.

I had important notes I needed to respond to. Ah well. 

Hoping this won't turn out like last time, and end up taking up to a week to come back online


----------



## Traveller800 (May 17, 2016)

Lunarmagic said:


> True, but most of it was led up from actual discussions. You can not blame them for hitting it off in a thread that they both were commenting on.


thank you, lunarmagic


----------



## theejolene (May 17, 2016)

Azurex said:


> Bluh.
> 
> I had important notes I needed to respond to. Ah well.
> 
> Hoping this won't turn out like last time, and end up taking up to a week to come back online




At this rate i bet ya it will take ages...

Dragon remember that people's business are in line now thanks to this attack -_-


----------



## Traveller800 (May 17, 2016)

Back to topic.  The only thing we can do is just...wait.  As other commenters have said, go do something else.  There are plenty of MMO;s to keep us busy...we could meet up on warcraft...or on Star wars the old republic...hell, even the secret world.  If that doesn;t float your boat...there are other games...team fortress 2, doom multiplayer, hell even a strategy game as any of them have a chat system nowadays.

Do something like that and the wait will go super speedy, ladies and gentlemen of all species.


----------



## theejolene (May 17, 2016)

Traveller800 said:


> Back to topic.  The only thing we can do is just...wait.  As other commenters have said, go do something else.  There are plenty of MMO;s to keep us busy...we could meet up on warcraft...or on Star wars the old republic...hell, even the secret world.  If that doesn;t float your boat...there are other games...team fortress 2, doom multiplayer, hell even a strategy game as any of them have a chat system nowadays.
> 
> Do something like that and the wait will go super speedy, ladies and gentlemen of all species.



Yah thats all that we can do, we have Weasyl and other sites to use for the time being


----------



## tbonethebunbun (May 17, 2016)

Since some people want to be outright butthurt jerks, I started a thread in general discussion. Follow me if you want to avoid hostility! XD


----------



## zidders (May 17, 2016)

peterandcompany said:


> Man, this is bonkers. I'll never understand why sites get targeted like this. Sigh.


Assholes. Much like the rest of society the furry community has a lot of them and some of them enjoy stirring shit for no good reason.


----------



## jaked122 (May 17, 2016)

ImageMagick huh? 

That's fairly far away from the general login handling code, isn't it?

Would handle image format conversions and such if it is being used the typical manner. 

That's quite an involved attack.


----------



## quentinwolf (May 17, 2016)

theejolene said:


> Im sorry but how in the bloody hell would you let anyone get access to such important information: that is just downright stupid.... I thought after taking all our money to make the site better that it would work, but nope it doesnt. I just dont understand any of this.... I think you staff members need to sort a lot of shit out with this page.



There was a exploit in the ImageMagick library that was used by a hacker who was able to get in and start the attack.  Access was not just given..


----------



## theejolene (May 17, 2016)

quentinwolf said:


> There was a exploit in the ImageMagick library that was used by a hacker who was able to get in and start the attack.  Access was not just given..



That would explain it, but even then how would it have reached there?


----------



## SpidertheKitsune (May 17, 2016)

Breaks my heart to think people actually got enjoyment out of wrecking our fun


----------



## pedreo1997 (AskenLurom) (May 17, 2016)

tbonethebunbun said:


> Since some people want to be outright butthurt jerks, I started a thread in general discussion. Follow me if you want to avoid hostility! XD


In the middle of all this crazyness... Yeah, 



Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_



Uhm... Me?


----------



## PokemonAll4One (May 17, 2016)

SpidertheKitsune said:


> Breaks my heart to think people actually got enjoyment out of wrecking our fun


Exactly!  Why do people think it's OK to be a complete asshole just because they're lurking around the internet?!


----------



## ohtar (May 17, 2016)

users: -makes theories-

Staff: Guys stap youre not helping anything

users: -theory making intensifies-

i love how its always the same lol

Ah well. drama be drama. you guys keep doing what you do. I have faith that youll get the site up and running again in time. My commissioners will just have to wait.


----------



## tbonethebunbun (May 17, 2016)

I hate to bring up the past, but...






Take some time, watch this, get a good laugh out of something I made. I know it sounds mean-spirited, but take note... it's a character I play. XP


----------



## reptile logic (May 17, 2016)

Hmm, just found out. Speaking as one who has had ones hands in a machine, attempting to effect repairs, while others are hovering nearby offering assistance amounting to, "hurry up you fucking asshole, can't you see my life is ruined without this thing?"; your bitching isn't helpful and is not appreciated. No one on this planet works best while being bitched at. No tech wants to string out the problem, and the resulting drama-fest, any longer than necessary.

If you have the necessary skills, and are also physically available to offer assistance, i.e. are on-site; dive in and help. Otherwise, let the people do their jobs.

Edit: By the way, there is a good chance that the vandals involved are lurking and watching all of this unfold and are laughing their asses off. Mission accomplished?


----------



## mshy (May 17, 2016)

I'm hoping i don't have to restore EVERYTHING I UPLOADED...


----------



## pedreo1997 (AskenLurom) (May 17, 2016)

*Right now, the one who did the attack:*


----------



## Kitsune633 (May 17, 2016)

PokemonAll4One said:


> Exactly!  Why do people think it's OK to be a complete asshole just because they're lurking around the internet?!




Because they have either a twisted sense of humor. Or they pick easy targets that know that won't fight back. And our reactions to them is pretty amusing. What they don't know is that a lot of artists and or writers use this site to gain income, the fact they went to this extreme for a barrel of laughs or satisfying their need to be powerful/supreme over the others. But in fact, their attacks only prove how much of a spiteful scum they are, hurting those who have fun and HURTING those who work in art or literature for a living.


----------



## 2ndVenus (May 17, 2016)

My worry would be that, with this plugin and image they were able to obtain, even if you turn the website back on, cannot this device be used to just repeat the act over and over again? 

Steps i would take are 1. Gain a copy of this image. 2. Examine how much access does thing have, and whereabouts. 3. Patch and terminate any possible connectivity this device can have with FA. 4. Yes, work to identify the guy at the convention, it may sound like a lot of spooling and hard work, but perhaps in-building CCTV footage could be of use here. 

Have you tried contacting the convention site to see if any Camera's were rolling in the area and if you are able to grab a copy? This damage is criminal and should be, if possible, pursued.


----------



## Lizardguy (May 17, 2016)

What would one even gain from this? I mean, there are people here who do this to get by, and some asshole is just going to up and ruin that? If you find the culprit, try to press charges. Seriously, this stuff should be illegal.


----------



## protocollie (May 17, 2016)

2ndVenus said:


> My worry would be that, with this plugin and image they were able to obtain, even if you turn the website back on, cannot this device be used to just repeat the act over and over again?
> 
> Steps i would take are 1. Gain a copy of this image. 2. Examine how much access does thing have, and whereabouts. 3. Patch and terminate any possible connectivity this device can have with FA. 4. Yes, work to identify the guy at the convention, it may sound like a lot of spooling and hard work, but perhaps in-building CCTV footage could be of use here.
> 
> Have you tried contacting the convention site to see if any Camera's were rolling in the area and if you are able to grab a copy? This damage is criminal and should be, if possible, pursued.



you don't do much computer stuff do you


----------



## CrescentStarHusky (May 17, 2016)

I noticed today while at school that FA was down, didn't know till I read up on it. I do have several commissioners and people I'm doing trades with. But I'm not gonna freak out anymore. What happens, happens. Neer cannot be rushed, fixing stuff can be quite stressful, even more that it's a site. 
No need to freak out on Neer he's doing all he can right now to fix this. Plus there is no need to point fingers and accuse people without evidence. 
FA will be back soon, time is needed. Especially with something like this.


----------



## pedreo1997 (AskenLurom) (May 17, 2016)

Neer right now about all of us:






Sorry for the image spam, now I stop I swear


----------



## CrescentStarHusky (May 17, 2016)

pedreo1997 (AskenLurom) said:


> Neer right now about all of us:
> Probably true
> 
> 
> ...


----------



## PokemonAll4One (May 17, 2016)

Kitsune633 said:


> Because they have either a twisted sense of humor. Or they pick easy targets that know that won't fight back. And our reactions to them is pretty amusing. What they don't know is that a lot of artists and or writers use this site to gain income, the fact they went to this extreme for a barrel of laughs or satisfying their need to be powerful/supreme over the others. But in fact, their attacks only prove how much of a spiteful scum they are, hurting those who have fun and HURTING those who work in art or literature for a living.


Dicks.


----------



## xTwilightStarx (May 17, 2016)

FA gets attacked so much that it's gotten to the point where I don't even get mad.
If something is popular or enjoyable, people will try to destroy it.
A cruel fact of life.

I understand people like FA and have their comfort zones, but I'm sure using another site for the time being isn't _that _hard.


----------



## theejolene (May 17, 2016)

Reading through some of these comments cause I have no life...
 a lot of you need a break from the internet.

the sites down, nothing we can actually do. go outside, get some air and chill the heck down.

(p.s, does anyone know how I can turn off getting emails from this thread, my phones going crazy)


----------



## CrescentStarHusky (May 17, 2016)

theejolene said:


> Reading through some of these comments cause I have no life...
> a lot of you need a break from the internet.
> 
> the sites down, nothing we can actually do. go outside, get some air and chill the heck down.
> ...


I'm wondering the same thing! My email notification is going crazy!


----------



## pedreo1997 (AskenLurom) (May 17, 2016)

CrescentStarHusky said:


> I'm wondering the same thing! My email notification is going crazy!


 Same here!! 11 mails in 6 minutes


----------



## GreenReaper (May 17, 2016)

The email has a link in it at the bottom to turn them off, like most subscription emails.


----------



## CrescentStarHusky (May 17, 2016)

pedreo1997 (AskenLurom) said:


> Same here!! 11 mails in 6 minutes


Goodness gracious!


----------



## kestral (May 17, 2016)

CrescentStarHusky said:


> I'm wondering the same thing! My email notification is going crazy!


go to more options it'll give you watch this thread and receive email notifications unclick the email notifications


----------



## theejolene (May 17, 2016)

GreenReaper said:


> The email has a link in it at the bottom to turn them off, like most subscription emails.



Awwww thanks hun, appreciated like


----------



## Kitsune633 (May 17, 2016)

PokemonAll4One said:


> Dicks.




Couldn't agree more sir.


----------



## Traveller800 (May 17, 2016)

Kitsune633 said:


> Because they have either a twisted sense of humor. Or they pick easy targets that know that won't fight back. And our reactions to them is pretty amusing. What they don't know is that a lot of artists and or writers use this site to gain income, the fact they went to this extreme for a barrel of laughs or satisfying their need to be powerful/supreme over the others. But in fact, their attacks only prove how much of a spiteful scum they are, hurting those who have fun and HURTING those who work in art or literature for a living.


indeed...also known as people still living in their parents basement


----------



## Takura (May 17, 2016)

Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.


----------



## kestral (May 17, 2016)

this stinks for any new users and hopefully this can get fixed. at least lets hope its not the year long down time where everyone had to remake their accounts once the site was brought back to life.


----------



## theejolene (May 17, 2016)

Traveller800 said:


> indeed...also known as people still living in their parents basement



So basicly Ryan Hill XD


----------



## xTwilightStarx (May 17, 2016)

Takura said:


> Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.


They didn't take it to the convention themselves.. someone else found the exploit and copied it multiple times and gave it out.
FA had nothing to do with it.


----------



## GreenReaper (May 17, 2016)

Takura said:


> Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.



It's not like the staff took it in on a laptop. Someone infiltrated FA's server, extracted the source code, took a week to prepare it for distribution at BLFC on multiple drives, and left them in conspicious places.


----------



## mikead999 (May 17, 2016)

So, they attempted to destroy database data, and didn't touch any personal information or passwords. So my questions are thus: Are you sure they did not copy passwords? It could have been to distract you while they stole user data, because it seems otherwise useless to delete info from the database, because it would not benefit the attackers. I was also wondering at what point the site would be back online, since you did not seem to specify that.


----------



## AliothFox (May 17, 2016)

Traveller800 said:


> indeed...also known as people still living in their parents basement



This is a little bit smarter than I'd usually expect from a typical script kiddie.  Whoever did this exploited the site in a way not easy to find and not easy to track (since physical copies of the disk were left around in a public place where there's not much useful evidence to be gained from them in the way of fingerprints or DNA).


----------



## maxgoof (May 17, 2016)

All I can say is, bravo!! You have given us a THOROUGH explanation, and as much as it is a shame that nearly a week's worth of data has been lost, it could have been far worse. I expect it to be down for a while longer, so, thank you for the explanation.


----------



## ExcitedCargoyle (May 17, 2016)

I was very surprised when i saw why FA is down, at least i tought that it will be for some hours, not whole day.
Poor staff, i do not have any idea why people do this thing. I just can say that they're jelly or such, or envy... Anyway, hope all will be fixed soon..

And hey, a lot of new members on FAforum!


----------



## tbonethebunbun (May 17, 2016)

maxgoof said:


> All I can say is, bravo!! You have given us a THOROUGH explanation, and as much as it is a shame that nearly a week's worth of data has been lost, it could have been far worse. I expect it to be down for a while longer, so, thank you for the explanation.


Hi, Max! =D


----------



## tbonethebunbun (May 17, 2016)

maxgoof said:


> All I can say is, bravo!! You have given us a THOROUGH explanation, and as much as it is a shame that nearly a week's worth of data has been lost, it could have been far worse. I expect it to be down for a while longer, so, thank you for the explanation.


Sing us a song, why don't you! =3


----------



## quoting_mungo (May 17, 2016)

muindaur said:


> I'm wondering if it's a former staff member that knows the site and holds a grudge. Besides the "for teh lulz" option, that's the other major reason an attack like this would happen.


Please refrain from speculation. We don't want baseless finger-pointing; all that accomplishes is hurting people.


----------



## Ramirez the sergal (May 17, 2016)

Takura said:


> Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.



They do have backups but backing up a gigantic website will take a large amount of space and time leading to a complete halt during the backup time since it would need to basically make copies of every picture, profile, password, etc. so they backup slowly so they dont disrupt the flow of things.


----------



## Lunarmagic (May 17, 2016)

pedreo1997 (AskenLurom) said:


> Neer right now about all of us:
> 
> 
> 
> ...


YES! LOL, this is perfect. I bet he is just waiting for the general flood to subside.


----------



## mikead999 (May 17, 2016)

also, please tell me they picked up that drive with gloves on! we could get fingerprints and/or DNA that could lead to some suspects, it would not necessarily be the instigators, but it would give you an idea of where the drive was and who had it that day, and that might lead to the perpetrator. It is your only physical lead and I suggest that that route be attempted if it hasn't already.

PS. If they happened to pick it up without gloves on, it still could be analyzed for the fingerprints/DNA, you would just need samples from those you know touched it, so you can differentiate from them. They are also suspects if they did happen to do this. It would not be the first time in case history for a perp to slow an investigation in this way.

PPS. I took a forensics class if anyone was curious.


----------



## Traveller800 (May 17, 2016)

mikead999 said:


> So, they attempted to destroy database data, and didn't touch any personal information or passwords. So my questions are thus: Are you sure they did not copy passwords? It could have been to distract you while they stole user data, because it seems otherwise useless to delete info from the database, because it would not benefit the attackers. I was also wondering at what point the site would be back online, since you did not seem to specify that.


Then the right thing to do, and I'll be doing it regardless when the sites back up, is simply alter your password...problem solved as far as stolen password goes


----------



## MonsterRoo (May 17, 2016)

skimming some of these comments. 




SMH People dont know how to stay on topic! XD

While this is pretty inconvenient, thanks for the update
We should all be understanding that  running such a huge
and high traffic website is hard and anything can happen!

Hope were back online soon *fingers crossed*​


----------



## keskitsune (May 17, 2016)

mikead999 said:


> So, they attempted to destroy database data, and didn't touch any personal information or passwords. So my questions are thus: Are you sure they did not copy passwords? It could have been to distract you while they stole user data, because it seems otherwise useless to delete info from the database, because it would not benefit the attackers. I was also wondering at what point the site would be back online, since you did not seem to specify that.



FA, like most sites on the internet, doesn't actually store your password as you type it. They use a type of programming function called a hash which scrambles your password in an irreversible way. When you log in, it compares the hash of the login to the hash it has saved. At no point is your plaintext password saved. So no, the attackers wouldn't have your password.


----------



## casbuenting (May 17, 2016)

Hmm, was about time we got another bout of downtime around this time. Nothing new if you've been on FA for a long time, it'll be fixed soon enough.
In the meantime I'm just going to leave this old and once again relevant gem here. 



Let's see how this'll end.


----------



## tbonethebunbun (May 17, 2016)

casbuenting said:


> Hmm, was about time we got another bout of downtime around this time. Nothing new if you've been on FA for a long time, it'll be fixed soon enough.
> In the meantime I'm just going to leave this old and once again relevant gem here.
> 
> 
> ...


Dammit, I love Corsi...


----------



## KatherineFennec (May 17, 2016)

Takura said:


> Are you kidding me? Don't they have another backup? With a site that is constantly attacked you'd think they'd have more back ups...Also why would you take that stuff to a convention? Shouldn't that like, stay at home or something? I'm sorry but this is one of those situations that sounds like it could have been prevented.


Ok, first of all backup media is quite expensive on a large scale, especially if you want rolling, day by day backups.  on top of this, in the grand scheme of things FA, like the furry fandom at large, is relatively small, so it's perfectly understandable to have a week go between full backups.


----------



## BinaryHedgehog (May 17, 2016)

When I saw "site attack" I assumed DDoS, but I didn't expect this!


----------



## mikead999 (May 17, 2016)

keskitsune said:


> FA, like most sites on the internet, doesn't actually store your password as you type it. They use a type of programming function called a hash which scrambles your password in an irreversible way. When you log in, it compares the hash of the login to the hash it has saved. At no point is your plaintext password saved. So no, the attackers wouldn't have your password.



Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.

Not to mention, with a custom browser (or maybe just using the console) it would also be possible to input the hash directly, skipping the hashing process. (Trust me, it's possible)


----------



## RedKomuso (May 17, 2016)

mikead999 said:


> So, they attempted to destroy database data, and didn't touch any personal information or passwords. So my questions are thus: Are you sure they did not copy passwords? It could have been to distract you while they stole user data, because it seems otherwise useless to delete info from the database, because it would not benefit the attackers. I was also wondering at what point the site would be back online, since you did not seem to specify that.


it will be up when it is up. the reason they didn't give an estimate is they do not know yet. but it will be some time. i mean they hae to go through and restore everything. and their back up is only material up to the 11th so anything that is after must be re-uploaded.


----------



## Takura (May 17, 2016)

xTwilightStarx said:


> They didn't take it to the convention themselves.. someone else found the exploit and copied it multiple times and gave it out.
> FA had nothing to do with it.


ohhh I see. But still...you'd think we'd have better security by now


----------



## Takura (May 17, 2016)

GreenReaper said:


> It's not like the staff took it in on a laptop. Someone infiltrated FA's server, extracted the source code, took a week to prepare it for distribution at BLFC on multiple drives, and left them in conspicious places.


Well they mentioned USB or something so it almost sounded like they took information with them to the convention. Still you would think FA would have better security by now...because this is getting ridiculous


----------



## Verin Asper (May 17, 2016)

mikead999 said:


> Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.


no, its not impossible, just very very hard unless you are knowledgable of such hash system


----------



## mshy (May 17, 2016)

Why must all of these hacker asshats must ruin the experience for us artists?


----------



## Takura (May 17, 2016)

RedKomuso said:


> it will be up when it is up. the reason they didn't give an estimate is they do not know yet. but it will be some time. i mean they hae to go through and restore everything. and their back up is only material up to the 11th so anything that is after must be re-uploaded.


So this means we may not have FA for a few days or a few weeks? I can handle a few days but a few weeks...I hope that's not the case. Why don't they have better security? sheesh


----------



## nitwit (May 17, 2016)

HOLY SHIT! DX

This is bad?


----------



## mikead999 (May 17, 2016)

Verin Asper said:


> no, its not impossible, just very very hard unless you are knowledgable of such hash system



One like that could be easily hired.

btw I like your little statement thing "The Smart Idiot". It's awesome.


----------



## casbuenting (May 17, 2016)

Oh also to all the new people to FA: Welcome to FA. The problems will be fixed shortly, however expect people to say this will be the end of days in the process.


----------



## PokemonAll4One (May 17, 2016)

mshy said:


> Why must all of these hacker asshats must ruin the experience for us artists?


Most likely because they think it's OK to do these things.


----------



## tbonethebunbun (May 17, 2016)

Takura said:


> So this means we may not have FA for a few days or a few weeks? I can handle a few days but a few weeks...I hope that's not the case. Why don't they have better security? sheesh


Get used to it, cause you'll be here for a while... No offense. Wanna be friends?


----------



## mshy (May 17, 2016)

PokemonAll4One said:


> Most likely because they think it's OK to do these things.


It's not right that they ruin the fun for everyone.


----------



## mikead999 (May 17, 2016)

Honestly, I follow many sites like FA. So, for now until FA is working again, I'm going on Inkbunny. It has many of the same artists.

PS. You're still my favorite FA


----------



## Takura (May 17, 2016)

tbonethebunbun said:


> Get used to it, cause you'll be here for a while... No offense. Wanna be friends?


I hope for not too long...ugh I was just starting to become more active on FA too! But I still have DeviantArt at least...


----------



## tbonethebunbun (May 17, 2016)

nitwit said:


> HOLY SHIT! DX
> 
> This is bad?


Come by my conversating in General Discussion, we can have fun there! =D


----------



## AliothFox (May 17, 2016)

GUYS.  It's not a case of "FA having bad security."  Have you heard anything that's been said?  The security exploit was in the service FA *uses* for its database delivery.  The security breach was not on FA's end.  They had patched the exploit way back on the 5th.  But data had been compromised before that, and since FA wasn't even aware of the exploit, they had no way of knowing said data was compromised. Instead of directing the selective outrage of the furry machine at FA, why not be outraged at the jerk who actually attacked the site?  Even if FA's security could have been better, you don't prosecute the guy who had his house broken into, even if he left the door unlocked - you prosecute the actual thief.


----------



## xTwilightStarx (May 17, 2016)

Takura said:


> ohhh I see. But still...you'd think we'd have better security by now


You'd think, but it never seems to be the case.
Though I've never personally ran a website, so I guess I can't complain or point fingers.


----------



## Takura (May 17, 2016)

mikead999 said:


> Honestly, I follow many site like FA. So, for now until FA is working again, I'm going on Inkbunny. It has many of the same artists.


I'd like to go to Inkbunny but...eh I don't get much attention there so for me I'll be on DeviantArt...this sucks because I was just starting to become more active on FurAffinity again. Then this happens >_> Whoever is responsible for this mess is a complete dickbag.


----------



## geoshark12 (May 17, 2016)

casbuenting said:


> Hmm, was about time we got another bout of downtime around this time. Nothing new if you've been on FA for a long time, it'll be fixed soon enough.
> In the meantime I'm just going to leave this old and once again relevant gem here.
> 
> 
> ...


this has made me feel better


----------



## Cloudchaser (May 17, 2016)

Why would someone do such a thing?  What could they possibly have to gain from doing so?  They should be forced to tell why, to hell with the right to remain silent


----------



## Verin Asper (May 17, 2016)

mshy said:


> It's not right that they ruin the fun for everyone.


actually its perfectly fine to ruin the fun for everyone
cause humanity...
"I will gladly ruin the fun of everyone for my own fun."


----------



## Takura (May 17, 2016)

AliothFox said:


> GUYS.  It's not a case of "FA having bad security."  Have you heard anything that's been said?  The security exploit was in the service FA *uses* for its database delivery.  The security breach was not on FA's end.  They had patched the exploit way back on the 5th.  But data had been compromised before that, and since FA wasn't even aware of the exploit, they had no way of knowing said data was compromised. Instead of directing the selective outrage of the furry machine at FA, why not be outraged at the jerk who actually attacked the site?  Even if FA's security could have been better, you don't prosecute the guy who had his house broken into, even if he left the door unlocked - you prosecute the actual thief.


The thing is though, staff should know they are at risk for these kinds of attacks at all times. I mean come on. You'd think with all the donations they get, they'd get better self defense programs or whatever.


----------



## RedKomuso (May 17, 2016)

mshy said:


> It's not right that they ruin the fun for everyone.


tell me about it. not to long ago i one of my favorite artist posted the commission i purchased from them. fortunately they were able to send me the file before hand.


----------



## mikead999 (May 17, 2016)

Takura said:


> I'd like to go to Inkbunny but...eh I don't get much attention there so for me I'll be on DeviantArt...this sucks because I was just starting to become more active on FurAffinity again. Then this happens >_> Whoever is responsible for this mess is a complete dickbag.



Agreed.


----------



## RinkuTheRuffian (May 17, 2016)

Yes, let's all beat around the bush until the forums are back up.  Good strategy.


----------



## keskitsune (May 17, 2016)

mikead999 said:


> Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.



Hash functions by their definition are irreversible, even if you have the source code. If you found some way to reliably reverse them, then you'd probably be spending your time breaking things much more interesting than a random furry site.


----------



## Takura (May 17, 2016)

Cloudchaser said:


> Why would someone do such a thing?  What could they possibly have to gain from doing so?  They should be forced to tell why, to hell with the right to remain silent


I bet you it was some person who absolutely hates furries, (as most people who attack the sites are furry haters ...or that's what I think) and I guess they had nothing else better to do so they thought 'hey! lets hack and shut down FA again!!' because, reasons. 
I really hate hackers. Why can't they use their skills for good and not for crap like this?


----------



## mikead999 (May 17, 2016)

Takura said:


> The thing is though, staff should know they are at risk for these kinds of attacks at all times. I mean come on. You'd think with all the donations they get, they'd get better self defense programs or whatever.



I can't blame them, after a few years with no attack, I wouldn't be on my guard either.


----------



## xTwilightStarx (May 17, 2016)

Verin Asper said:


> actually its perfectly fine to ruin the fun for everyone
> cause humanity...
> "I will gladly ruin the fun of everyone for my own fun."



Some people take pleasure in peoples upset.
Schadenfreude.


----------



## Takura (May 17, 2016)

RinkuTheRuffian said:


> Yes, let's all beat around the bush until the forums are back up.  Good strategy.


LOL what else is their t


xTwilightStarx said:


> You'd think, but it never seems to be the case.
> Though I've never personally ran a website, so I guess I can't complain or point fingers.


I just hope we don't have to wait for like, weeks for the site to come back up. Days I can handle just fine but weeks? No...just no


----------



## SpidertheKitsune (May 17, 2016)

PokemonAll4One said:


> Exactly!  Why do people think it's OK to be a complete asshole just because they're lurking around the internet?!



Guess thats the internet for us, always a battlefield when it comes to peoples opinions. They'll do anything to get there way.


----------



## mikead999 (May 17, 2016)

keskitsune said:


> Hash functions by their definition are irreversible, even if you have the source code. If you found some way to reliably reverse them, then you'd probably be spending your time breaking things much more interesting than a random furry site.



Valid point. Should I try it?

**Not on FA obviously (just my own site)


----------



## PawsX3 (May 17, 2016)

I had to create a new account, at least I haven't done much yet. Still a bummer.


----------



## AliothFox (May 17, 2016)

Takura said:


> The thing is though, staff should know they are at risk for these kinds of attacks at all times. I mean come on. You'd think with all the donations they get, they'd get better self defense programs or whatever.



They did.  If you notice, the site has not suffered a major outage (8+ hours) for literally months.  The last weeks-long outage of the site was over two years ago, and after that happened, the site got CloudFlare protection and a bunch of security upgrades and general performance increases.  It always baffles me somewhat when people think that the muckymucks of FA do nothing but sit on their hands and cry when the site goes down.  It's the most popular art site of the furry fandom, so naturally it gets attacked the most.  Normally it can weather the attacks reasonably well.  This time the attackers had a new trick.


----------



## Takura (May 17, 2016)

mikead999 said:


> I can't blame them, after a few years with no attack, I wouldn't be on my guard either.


I'd be on my guard forever after one attack. That's how professional sites are. They get attacked, then they are on their toes from there on out. See, that's why some people just do not like how FA staff runs things. They fix a problem, and then act like its never going to happen again. And then it does. It hasn't been years since the last attack, didn't the last DDOS attack happen just last year?


----------



## xTwilightStarx (May 17, 2016)

Takura said:


> LOL what else is their t
> 
> I just hope we don't have to wait for like, weeks for the site to come back up. Days I can handle just fine but weeks? No...just no


Hopefully it won't take them too long but I wouldn't rush them either, that's a lot of lost data.
I would say the downtime doesn't annoy me, but I have commissions I need to be working on myself.


----------



## mikead999 (May 17, 2016)

Takura said:


> I'd be on my guard forever after one attack. That's how professional sites are. They get attacked, then they are on their toes from there on out. See, that's why some people just do not like how FA staff runs things. They fix a problem, and then act like its never going to happen again. And then it does. It hasn't been years since the last attack, didn't the last DDOS attack happen just last year?



Maybe they just have a "forgive and forget" attitude.


----------



## Saiko (May 17, 2016)

Has FA had a third party perform a security audit yet? With compromised source code, I think that would be appropriate.


----------



## Takura (May 17, 2016)

AliothFox said:


> They did.  If you notice, the site has not suffered a major outage (8+ hours) for literally months.  The last weeks-long outage of the site was over two years ago, and after that happened, the site got CloudFlare protection and a bunch of security upgrades and general performance increases.  It always baffles me somewhat when people think that the muckymucks of FA do nothing but sit on their hands and cry when the site goes down.  It's the most popular art site of the furry fandom, so naturally it gets attacked the most.  Normally it can weather the attacks reasonably well.  This time the attackers had a new trick.


ugh. That's the annoying thing about hackers. They always got new tricks up their sleeves. So naturally, you would think to have someone on the FA staff to be able to counter those tricks. I'm really curious now as to who exactly did this and I hope we get to expose them.


----------



## PokemonAll4One (May 17, 2016)

mshy said:


> It's not right that they ruin the fun for everyone.


IKR


----------



## NoahGryphon (May 17, 2016)

I hope whoever did this is caught and executed or at least jailed for a long time.


----------



## PokemonAll4One (May 17, 2016)

Verin Asper said:


> actually its perfectly fine to ruin the fun for everyone
> cause humanity...
> "I will gladly ruin the fun of everyone for my own fun."


That's what they think...


----------



## Takura (May 17, 2016)

mikead999 said:


> Maybe they just have a "forgive and forget" attitude.


That wouldn't be very professional for a popular art site that takes donations....its like, personal info like notes get leaked, and I'd hate for them to be all 'lol lets forget about it. it didn't happen' ... those leaks are still up on the internet. not very easy to forget about it. Especially since people like to document these kinds of things


----------



## mikead999 (May 17, 2016)

Takura said:


> ugh. That's the annoying thing about hackers. They always got new tricks up their sleeves. So naturally, you would think to have someone on the FA staff to be able to counter those tricks. I'm really curious now as to who exactly did this and I hope we get to expose them.



Honestly, If I were a hacker, I would work for both sides. Help cyber security programs, write viruses that counter them, then help them out again. That would make a lot of money. War is profitable.


----------



## KimButt (May 17, 2016)

Takura said:


> I bet you it was some person who absolutely hates furries, (as most people who attack the sites are furry haters ...or that's what I think) and I guess they had nothing else better to do so they thought 'hey! lets hack and shut down FA again!!' because, reasons.
> I really hate hackers. Why can't they use their skills for good and not for crap like this?




Oi Vey. Lord knows what's with anti furs


----------



## AliothFox (May 17, 2016)

Takura said:


> ugh. That's the annoying thing about hackers. They always got new tricks up their sleeves. So naturally, you would think to have someone on the FA staff to be able to counter those tricks. I'm really curious now as to who exactly did this and I hope we get to expose them.



You make that sound so easy.  "Well, they should just counter them!"  It's hard to counter an attack you don't know.  How do you think anti-virus software works?  It can only stop viruses that are already in its database.  You're really looking for them to wave a magic wand and turn the site into an impregnable fortress, and it's not that simple.  The reason big sites like Amazon or Twitter or Facebook don't go down often (and even they do sometimes go down!) is because they have deep, deep pockets.  FA does not.


----------



## xTwilightStarx (May 17, 2016)

NoahGryphon said:


> I hope whoever did this is caught and executed or at least jailed for a long time.


Well, let's not get too dramatic.
I do agree they should face the consequences, but I don't think anyone deserves *death *for it.
I mean, there are worse fates than an outed furry site.


----------



## TaylorxxWolfie (May 17, 2016)

It blows my mind that people go out of their way to ruin the fandom. It makes me *cringe *that people can be that mean. I really don't know what to do without FA. This sucks. Go get him Dragoneer! Go super saiyan and kick their ass! (By that I mean go restore the site)


----------



## NplusD (May 17, 2016)

Well darn. I registered in the past 6 days. I suppose that I'll have to reregister again after this all goes through, and try to find the folks who was commissioning me and such...


----------



## xTwilightStarx (May 17, 2016)

AliothFox said:


> You make that sound so easy.  "Well, they should just counter them!"  It's hard to counter an attack you don't know.  How do you think anti-virus software works?  It can only stop viruses that are already in its database.  You're really looking for them to wave a magic wand and turn the site into an impregnable fortress, and it's not that simple.  The reason big sites like Amazon or Twitter or Facebook don't go down often (and even they do sometimes go down!) is because they have deep, deep pockets.  FA does not.


It'd be the same as asking your body to be pre-immune to all illnesses.


----------



## Takura (May 17, 2016)

KimButt said:


> Oi Vey. Lord knows what's with anti furs


I don't get their problem either. There's weirdos in EVERY fandom. that doesn't mean the whole fandom is weird. The majority of us furries don't hurt anyone so...I don't see why they hate us so


----------



## Orca1 (May 17, 2016)

Lizardguy said:


> What would one even gain from this? I mean, there are people here who do this to get by, and some asshole is just going to up and ruin that? If you find the culprit, try to press charges. Seriously, this stuff should be illegal.



I'm pretty sure this would be considered cyber-crime, if not cyber-terrorism. In any case, Dragoneer and the rest of the FurAffinity senior staff would be well advised to bring this matter to the attention of the FBI.


----------



## mikead999 (May 17, 2016)

TaylorxxWolfie said:


> It blows my mind that people go out of their way to ruin the fandom. It makes me *cringe *that people can be that mean. I really don't know what to do without FA. This sucks. Go get him Dragoneer! Go super saiyan and kick their ass! (By that I mean go restore the site)



We don't know that it was a hater on the fandom.


----------



## ZX6R (May 17, 2016)

Orca1 said:


> I'm pretty sure this would be considered cyber-crime, if not cyber-terrorism. In any case, Dragoneer and the rest of the FurAffinity senior staff would be well advised to bring this matter to the attention of the FBI.


Yeah, and physically passing around drives with source code on it I'm sure would peak their interest.


----------



## mikead999 (May 17, 2016)

I just had a thought. If someone hacked FA for the pleasure of it, the only people reacting are us. So they would be watching this forum, wouldn't they?


----------



## Takura (May 17, 2016)

AliothFox said:


> You make that sound so easy.  "Well, they should just counter them!"  It's hard to counter an attack you don't know.  How do you think anti-virus software works?  It can only stop viruses that are already in its database.  You're really looking for them to wave a magic wand and turn the site into an impregnable fortress, and it's not that simple.  The reason big sites like Amazon or Twitter or Facebook don't go down often (and even they do sometimes go down!) is because they have deep, deep pockets.  FA does not.


Well maybe FA needs to be run by someone who does have big pockets and is able to pay for better security. But really, who has that kind of money and that is a furry? Not being offensive but I've never heard of furries with thousands or millions of cash.


----------



## AliothFox (May 17, 2016)

NoahGryphon said:


> I hope whoever did this is caught and executed or at least jailed for a long time.



DANG. That might be a bit harsh.  I mean sure, the guy who would attack a site like FA is a total jerk, but *executed*?


----------



## TaylorxxWolfie (May 17, 2016)

mikead999 said:


> We don't know that it was a hater on the fandom.


True, but why else would anyone do it to FA out of all the websites on the internet?


----------



## deragorka (May 17, 2016)

I agree, Saiko. Hell. After the umpteenth DDOS you'd think they'd figure out that folks just wanna bring FA to it's knees in some fashion. It's a shame all that all the money made from the sale to IMVU couldn't stop source code loopholes. Yes, it's hard or near impossible to catch everything, but with extra funding like that...how can you allow yourself to just not scrutinize it more frequently? And holy shit. 6 days since the last backup? My computer backs up more frequently than that. Why not set the update process to run during the times of the lest use? It's not optimal, but it protects data so it should be considered worth it.


----------



## b0rnstellar (May 17, 2016)

Lets flood them with memes.

That'll teach 'em


----------



## KimButt (May 17, 2016)

Takura said:


> I don't get their problem either. There's weirdos in EVERY fandom. that doesn't mean the whole fandom is weird. The majority of us furries don't hurt anyone so...I don't see why they hate us so



I mean, I'm new in the fandom of furries, but honestly no one here hurts anyone. But of course, people have to stir shit up -_-

If anything, (no offense to anyone) the Anime fandom is way worse than the furries fandom


----------



## Takura (May 17, 2016)

mikead999 said:


> Honestly, If I were a hacker, I would work for both sides. Help cyber security programs, write viruses that counter them, then help them out again. That would make a lot of money. War is profitable.


XD oh dear


----------



## AliothFox (May 17, 2016)

Takura said:


> Well maybe FA needs to be run by someone who does have big pockets and is able to pay for better security. But really, who has that kind of money and that is a furry? Not being offensive but I've never heard of furries with thousands or millions of cash.



That's exactly my point.  If FA had the money, they could certainly do much more than what they're doing now, but no one in the furry fandom has that kind of cash, and no one outside of the furry fandom wants to invest that kind of money in the furry fandom.


----------



## NoahGryphon (May 17, 2016)

TaylorxxWolfie said:


> True, but why else would anyone do it to FA out of all the websites on the internet?


Im pretty sure anyone willing to hack a site like furaffinity is pure evil.


----------



## mikead999 (May 17, 2016)

Takura said:


> Well maybe FA needs to be run by someone who does have big pockets and is able to pay for better security. But really, who has that kind of money and that is a furry? Not being offensive but I've never heard of furries with thousands or millions of cash.



That's a roundabout way of calling the owner of the site poor. I'll bet they're not though.


----------



## hdofu (May 17, 2016)

Upsetting news, but not surprising.


----------



## Verin Asper (May 17, 2016)

KimButt said:


> I mean, I'm new in the fandom of furries, but honestly no one here hurts anyone. But of course, people have to stir shit up -_-
> 
> If anything, (no offense to anyone) the Anime fandom is way worse than the furries fandom


did you know we are cousins with anime fandom AND the scifi fandom...

only difference is that you dig deep enough in furry you find us be on equal with those two


----------



## mikead999 (May 17, 2016)

Takura said:


> XD oh dear



Well, its the only way to profit off of viruses that seemingly do nothing. Not to mention, it would make the cyber security program rich, without technically breaking the law.


----------



## zilchfox (May 17, 2016)

AliothFox said:


> That's exactly my point.  If FA had the money, they could certainly do much more than what they're doing now, but no one in the furry fandom has that kind of cash, and no one outside of the furry fandom wants to invest that kind of money in the furry fandom.


I guess IMVU can't spend any of their millions of dollars in revenue towards FA, which they own, if that's truly the case.


----------



## Takura (May 17, 2016)

KimButt said:


> I mean, I'm new in the fandom of furries, but honestly no one here hurts anyone. But of course, people have to stir shit up -_-
> 
> If anything, (no offense to anyone) the Anime fandom is way worse than the furries fandom


LOL I guess people just think we're a bunch of sick fucks who like to fuck animals or something...people who fuck animals aren't exactly 'furries' those are zoophiles. And I guess once in awhile a zoophile does try to be in the furry fandom, but I would think most furries would reject that. 

LOL the anime fandom is so....cringy. Don't get me wrong I do enjoy anime (mostly the older ones) but the fandom can be...cringy. Especially weeaboos...my god. And now we have Koreaboos which is just as annoying. I'll admit, I had a small weeaboo phase when I was in high school, but then I grew up.


----------



## Takura (May 17, 2016)

AliothFox said:


> That's exactly my point.  If FA had the money, they could certainly do much more than what they're doing now, but no one in the furry fandom has that kind of cash, and no one outside of the furry fandom wants to invest that kind of money in the furry fandom.


Sad, but true =/


----------



## KimButt (May 17, 2016)

Verin Asper said:


> did you know we are cousins with anime fandom AND the scifi fandom...
> 
> only difference is that you dig deep enough in furry you find us be on equal with those two



I see. True


----------



## xTwilightStarx (May 17, 2016)

You'd think furry-hating hackers would invest their skills in destroying legitimately harmful websites, like those harboring pedophiles.
Sure the furry fandom and it's art can be creepy, but no real animals OR people are harmed in the making of it.


----------



## supersonicbros23 (May 17, 2016)

I suppose that hypothetical "Keyboard" army thats going to be a joke in my next film would do some good if it were actually real.  I say that with tongue in cheek, though deep down I have a growing hatred building up for an individual I don't even know. Day after my birthday, too.


----------



## BinaryHedgehog (May 17, 2016)

AliothFox said:


> You make that sound so easy.  "Well, they should just counter them!"  It's hard to counter an attack you don't know.  How do you think anti-virus software works?  It can only stop viruses that are already in its database.


That's not entirely true. It's possible to raise flags when certain things are done so they can be warned about. Anti-viruses look out of suspicious parts of code in order to stop "zero-day" attacks and get samples to be analyzed.


----------



## AliothFox (May 17, 2016)

zilchfox said:


> I guess IMVU can't spend any of their millions of dollars in revenue towards FA, which they own, if that's truly the case.


Big difference between "can't" and "won't."  I'm not going to speculate on IMVU's business decisions because I'm not party to them, but where I work, we have to have solid data to justify our budget line items, because whether we have the money or not, we don't want to spend money on something we're not sure is necessary.  When IMVU first bought the site, there were a lot of security upgrades.  "Spend hours in labor costs switching over to a totally new database just in case someone ever gets their hands on the source code that isn't even part of our purview" probably wasn't high on their priority list.


----------



## deragorka (May 17, 2016)

I think the furry fandom is worse when it comes to picking fights with each other and playing the vengeance game. Someone was probably butthurt at someone else here or one of the admins and decided to kill the site for gits and shiggles. Or maybe it was just because they were bored enough and "hey, FA is big. Let's kill it!"


----------



## AliothFox (May 17, 2016)

BinaryHedgehog said:


> That's not entirely true. It's possible to raise flags when certain things are done so they can be warned about. Anti-viruses look out of suspicious parts of code in order to stop "zero-day" attacks and get samples to be analyzed.



It was a simplification, of course.  But the point is that even those type of defenses have to have some sort of model or pattern to go on.  Those "warning flags" aren't just dreamed up; they come from patterns of similar viruses and past attacks.


----------



## BinaryHedgehog (May 17, 2016)

I'll give you credit for that.


----------



## Pied (May 17, 2016)

xTwilightStarx said:


> You'd think furry-hating hackers would invest their skills in destroying legitimately harmful websites, like those harboring pedophiles.
> Sure the furry fandom and it's art can be creepy, but no real animals OR people are harmed in the making of it.


 When a hacker has source code, its easy af.


----------



## nrr (May 17, 2016)

This is kind of like a really bad game of SimCity 2000 where you've just discovered that your burn rate is too high, so you cut all funding on transportation infrastructure only to watch it completely implode.

I said what I'm really going to say all the way back in 2006. It's disheartening to see that what was true then is still true now.


----------



## Dj_dakota (May 17, 2016)

I had commission information would that be deleted and also how would you know if your account got deleted


----------



## FatalSyndrome (May 17, 2016)

It could be people who hate furries, or just people who hate FA and see satisfaction in wanting to take it down.
They're not really considering how they're hurting artist's livelihoods. Yes, it's possible to have an audience off of the biggest furry site there is, but it's very hard. Destroying the biggest furry site there is will only force them to have to start over and potentially endanger them with lack of work.


----------



## FatalSyndrome (May 17, 2016)

Dj_dakota said:


> I had commission information would that be deleted and also how would you know if your account got deleted


You'll know once the site goes back up and you can check. Commission information may have been deleted, but there is a chance they will restore it along with accounts.


----------



## zilchfox (May 17, 2016)

AliothFox said:


> Big difference between "can't" and "won't."  I'm not going to speculate on IMVU's business decisions because I'm not party to them, but where I work, we have to have solid data to justify our budget line items, because whether we have the money or not, we don't want to spend money on something we're not sure is necessary.  When IMVU first bought the site, there were a lot of security upgrades.  "Spend hours in labor costs switching over to a totally new database just in case someone ever gets their hands on the source code that isn't even part of our purview" probably wasn't high on their priority list.


Well, if that's true, I think their priorities are just about to change quite drastically on such a view. Hopefully.


----------



## aaarisha (May 17, 2016)

Good luck to everyone trying to fix this. It's a shame that it happened. Hope to see the site up and running soon.


----------



## KaiyaShadowBlaze (May 17, 2016)

Hopefully mine was not deleted. I just made mine the other day. If it did, I'll be really mad. Though I'm not sure why someone would target FA like that and do this. Its very wrong and I hope they know how many people this person upsets and angers by doing this. Because if they don't, then their actions will be coming back to take revenge on them, greatly.


----------



## supersonicbros23 (May 17, 2016)

Just curious though, we got any "scouts" browsing any known 'rival' sites/forums looking for clues? After all: loose lips sink ships; Someones bound to have spilled the beans. If I knew any I'd gladly scavenge for them. Anything to help.


----------



## KaiyaShadowBlaze (May 17, 2016)

supersonicbros23 said:


> Just curious though, we got any "scouts" browsing any known 'rival' sites/forums looking for clues? After all: loose lips sink ships; Someones bound to have spilled the beans. If I knew any I'd gladly scavenge for them. Anything to help.


I would do the same for this site. I loved it since the day I found it and and upsets me greatly someone would do this. I would be very willing to help out in any way I can to keep this from happening again on this site.


----------



## Dj_dakota (May 17, 2016)

Also if you where signed in on a laptop and never signed out could the hackers get into your computer


----------



## Bourbon. (May 17, 2016)

FatalSyndrome said:


> It could be people who hate furries, or just people who hate FA and see satisfaction in wanting to take it down.
> They're not really considering how they're hurting artist's livelihoods. Yes, it's possible to have an audience off of the biggest furry site there is, but it's very hard. Destroying the biggest furry site there is will only force them to have to start over and potentially endanger them with lack of work.


To be honest, furry's worst enemies are itself. I see more hate and vitriol from within the fandom towards each other and FA than from without. It could just as easily have been someone who's a part of the fandom who finally wanted to "shut FA down for good" that did this.


----------



## anz100 (May 17, 2016)

xTwilightStarx said:


> You'd think furry-hating hackers would invest their skills in destroying legitimately harmful websites, like those harboring pedophiles.
> Sure the furry fandom and it's art can be creepy, but no real animals OR people are harmed in the making of it.


Given that the USB drives were distributed at BLFC, my guess it it's a furry, not a furry hater who did this.


----------



## ZX6R (May 17, 2016)

Dj_dakota said:


> Also if you where signed in on a laptop and never signed out could the hackers get into your computer


Nope, you're fine.


----------



## ZX6R (May 17, 2016)

anz100 said:


> Given that the USB drives were distributed at BLFC, my guess it it's a furry, not a furry hater who did this.


They're being distributed outside of BLFC too. Someone tweeted about receiving it.


----------



## AliothFox (May 17, 2016)

zilchfox said:


> Well, if that's true, I think their priorities are just about to change quite drastically on such a view. Hopefully.



And that would make sense.  Hindsight is always 20/20.  But you don't pour money into a site to fight threats that you don't even know about.  When IMVU bought the site, one of the main threats was DDoS attacks - so FA was upgraded with CloudFlare protections.  This has honestly followed the trend that one would expect for a site the size of FA. 

Look, I make a pretty decent portion of my living off of FA.  I'm an artist, and it's not just a side job for me.  So believe me - I want this site up just as much as anyone else, particularly considering that my next meal sometimes depends on it.  But wringing my hands over it isn't gonna make it come up any faster.  Best for all of us to keep cool heads about it and just let the IT folks do that voodoo that they do.  FA's been through a lot worse than this in the past and come through it just fine.


----------



## FatalSyndrome (May 17, 2016)

supersonicbros23 said:


> Just curious though, we got any "scouts" browsing any known 'rival' sites/forums looking for clues? After all: loose lips sink ships; Someones bound to have spilled the beans. If I knew any I'd gladly scavenge for them. Anything to help.



The people who distributed this were apparently at BLFC, maybe there's a chance that that some of the people who had received the USB drives might have told someone. It's likely most if not all of em are gonna keep their mouths shut or only talk about it in private. You never know, though, maybe there'll be that one person who says something.


----------



## ohtar (May 17, 2016)

oh wait.... there are people making money here.... maybe i shouldnt trash this fandom site I hate just to watch them all cry and scream in the forums....

.... said no hacker ever.


----------



## Skyworthy (May 17, 2016)

does greasy fork mean anything?


----------



## Dracowhale (May 17, 2016)

i hope the FBI gets involved in this.


----------



## jaked122 (May 17, 2016)

Dracowhale said:


> i hope the FBI gets involved in this.


I think they would complicate things a lot more that you'd like.

Besides, chasing down hackers is basically pointless unless you need them to fix the problem they used to break your thing.


----------



## FatalSyndrome (May 17, 2016)

Bourbon. said:


> To be honest, furry's worst enemies are itself. I see more hate and vitriol from within the fandom towards each other and FA than from without. It could just as easily have been someone who's a part of the fandom who finally wanted to "shut FA down for good" that did this.


Exactly! That's the exact kind of person I'm talking about, the furry who feels personally victimized by FA not being the best site ever and thinking it'll hurt no one if it were gone.
There's also the self hating furry, too, yeah. Never understood that kinda mentality.


----------



## Tailmon1 (May 17, 2016)

It truly makes me sad that people have such hate and go to such lengths to cause problems. This case
its going to get them Jail time if caught. I do hope they do get caught.


----------



## FatalSyndrome (May 17, 2016)

ohtar said:


> oh wait.... there are people making money here.... maybe i shouldnt trash this fandom site I hate just to watch them all cry and scream in the forums....
> 
> .... said no hacker ever.


LOL True can't argue there


----------



## AliothFox (May 17, 2016)

Dracowhale said:


> i hope the FBI gets involved in this.



Eeeeehhhhh.... I certainly hope it doesn't come to that, honestly.  I'd like to see the attacker caught and prosecuted, but getting the FBI involved would probably just be massive headaches all around.


----------



## supersonicbros23 (May 17, 2016)

Execute order 66. We need missiles, spies, overcoats and spoons. I'll explain why we need the spoons later. 
If available also bring an ink pen, a cigarette lighter, a hairpin, a box of tic-tacs, duct tape, and some yellow paint.
We strike at dawn, as everyone will be asleep.
Unfortunately, so will we.


----------



## KaiyaShadowBlaze (May 17, 2016)

True. I'm more of a person who will go far and beyond,  to making the person who did this, undo it. Whether they like it or not. I would even go as far as having someone who was good with computer technology and help track the ip address of where the person had downloaded the code and get their location. THAT is how far I would go to help fix the problem.


----------



## Illun (May 17, 2016)

AliothFox said:


> DANG. That might be a bit harsh.  I mean sure, the guy who would attack a site like FA is a total jerk, but *executed*?


I'm up for a good old fashioned drawing and quartering. That's the traditional method for executing hackers, isn't it?

Created a login mostly to say, lay off the criticism of the FA team.

Obviously, given the nature of this sort of fandom, I'm not going to say where, but I work as the lead developer for a state government website. Underfunded, because voters on both sides think money grows on someone else's trees, but still better funded by about 2 orders of magnitude than I expect FA possibly could be, with a team maintaining the site code, a separate DBA, and a separate network team and a network security specialist who was one of the more respected experts in the field. We work with the other states, and federal, same-state and local agencies, attend training, monitor internet chatter about our site, watch the logs, have network monitoring 24/7, port sniffing, pen testing, forced regular password changes and timeouts, keep everything as up to date as is wise to do, and we still have been hacked. And we do better than some of our peers who have much bigger teams, much greater resources. Microsoft, Google, Amazon, Home Depot, every single one of the Fortune 500 companies, every state and federal agency you're likely to be aware exists, have all been hacked. The current rule of thumb for security in the industry is that you've either been hacked, or you've been hacked and you don't know it yet.

Money, resources, expertise and vigilance are not enough. All you can do is try to prevent it as best you can (which they've obviously done or FA would have been down long ago), and do as much as you can to be ready for when it does happen.


----------



## tmdrake (May 17, 2016)

Funney, was just reading this hack from Defcon groups last week....I currently disabled my usage of that addon.


----------



## Dracowhale (May 17, 2016)

AliothFox said:


> Eeeeehhhhh.... I certainly hope it doesn't come to that, honestly.  I'd like to see the attacker caught and prosecuted, but getting the FBI involved would probably just be massive headaches all around.


thing is, it is the fbi who handles cyber attacks i believe.


----------



## Altair_the_lugia (May 17, 2016)

I bet you anything the retard(s) who did this is looking at these comments and laughing his/her/their asses off! >=(


----------



## b0rnstellar (May 17, 2016)

AliothFox said:


> Eeeeehhhhh.... I certainly hope it doesn't come to that, honestly.  I'd like to see the attacker caught and prosecuted, but getting the FBI involved would probably just be massive headaches all around.


Most likely it would be for the worst. They'd probably have to keep the site down for a lot longer just to try and comb through it to see what happened. Too much data and too much of a hassle.


----------



## supersonicbros23 (May 17, 2016)

KaiyaShadowBlaze said:


> True. I'm more of a person who will go far and beyond,  to making the person who did this, undo it. Whether they like it or not. I would even go as far as having someone who was good with computer technology and help track the ip address of where the person had downloaded the code and get their location. THAT is how far I would go to help fix the problem.


I'd go that far anyway. Its called Liberty and Justice for _ALL _even on the internet


----------



## supersonicbros23 (May 17, 2016)

Altair_the_lugia said:


> I bet you anything the retard(s) who did this is looking at these comments and laughing his/her/their asses off! >=(


I wish they would we could find their IP then.


----------



## DuskMarach (May 17, 2016)

Why not do a daily backup like EVE Online does daily maintenance? Do some testing on about how long an entire backup would be, then just shut down the website for the 30 minutes to an hour at most to do the backup. Not only would it be beneficial if something like this ever happens again (because things happen and backups are useful), but you would be able to figure out what day that the slip-up/breach occurred. The website would also not lose 6 days worth of data.


----------



## AliothFox (May 17, 2016)

DuskMarach said:


> Why not do a daily backup like EVE Online does daily maintenance? Do some testing on about how long an entire backup would be, then just shut down the website for the 30 minutes to an hour at most to do the backup. Not only would it be beneficial if something like this ever happens again (because things happen and backups are useful), but you would be able to figure out what day that the slip-up/breach occurred. The website would also not lose 6 days worth of data.



For about the sixth (or seventh, or eighth) time, FA does not have the resources to do daily backups.  EVE has a lot more money than FA.  If FA were to back up the entire site every day, it would be super slow pretty much 24/7 with the setup that they currently have, and they don't have the resources to upgrade to the level where daily backups would be practically possible.


----------



## Bambous_Visu (May 17, 2016)

Bourbon. said:


> That's just fearmongering. FA has gone through worse, including a three-month downtime. FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal.


Congratulations! That's the most ignorant thing in the thread!

"FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal."
"because the community is so large and people are loyal."
Literally: Too Big To Fail

That's like saying :  ""WoW continues and will continue to be the central hub of online gaming because the community is so large and people are loyal.""
When: 
	

	
	
		
		

		
			




So, Like people leaving for MOBAs and other less casual mmos. 
People are leaving for Weasyl/Inkbunny/Sofurry


----------



## supersonicbros23 (May 17, 2016)

I'm already having huiro withdraws... 
hrnnnngg


----------



## AliothFox (May 17, 2016)

Bambous_Visu said:


> People are leaving for Weasyl/Inkbunny/Sofurry



And, in probably 80%+ of cases, coming back as soon as they realize that no one cares they're gone.  Nothing new here.


----------



## Bambous_Visu (May 17, 2016)

AliothFox said:


> And, in probably 80%+ of cases, coming back as soon as they realize that no one cares they're gone.  Nothing new here.



Just like all of those subs coming back to WoW, huh?


----------



## tmdrake (May 17, 2016)

I was importing my FA account to FN....*shakes fist* almost done too!


----------



## Imago (May 17, 2016)

Oh noes. >.< Well, that sucks. At least notes weren't affected. That would be bad. (Especially since I hadn't transferred information to my Trello.) But whoa!! The 11th? Wow... That is bad. Wish It wasn't like that, but what can you do? *shrugs* Hope the site comes back quickly, but be sure to be secure.


----------



## RileySockfoxy (May 17, 2016)

Just wanna say, I appreciate you guys doing all you can to get things back up and running. I have one question: Have there been instances of accounts being completely wiped from the site? I rely on FurAffinity for commissions, so if my account has been deleted, it'd be a fatal setback for my artwork. 

Keep up the good work. Hopefully this attack didn't cause too many issues!

-Kaio


----------



## Imago (May 17, 2016)

tmdrake said:


> I was importing my FA account to FN....*shakes fist* almost done too!


How did you get it to go past 43 pictures. XD Mine is stuck in a never ending loop of trying to log in.


----------



## xTwilightStarx (May 17, 2016)

AliothFox said:


> And, in probably 80%+ of cases, coming back as soon as they realize that no one cares they're gone.  Nothing new here.


Ahahahahah if I got paid for every time someone threatened leaving a site, only to crawl back within two days or less.


----------



## AliothFox (May 17, 2016)

Bambous_Visu said:


> Just like all of those subs coming back to WoW, huh?



Never said anyone was coming back to WoW, since I'm too busy to play it.  Just a general observation I've made in my time here.  Divas get up in arms, leave the site and make a big stink about it, and then they realize that no one's buying their art/roleplaying with them anymore, so they come back.  The funny thing about analogies is that they have to compare two things that are alike, or at least similar.  WoW and FA are nothing alike.


----------



## Bourbon. (May 17, 2016)

Bambous_Visu said:


> Congratulations! That's the most ignorant thing in the thread!
> 
> "FA continues and will continue to be the central hub of furry art because the community is so large and people are loyal."
> "because the community is so large and people are loyal."
> ...


There are viable alternatives to WoW, and even WoW continues to maintain a core demographic.

FA lacks any kind of viable alternative that can actually compete with the site. No one said that FA is too big to fail, but it doesn't have any actual marketable competitors who have the same draws or offer anything substantially different or better than FA. Weasyl is a ghost town, people barely pay attention to SoFurry, FurryNetwork is in closed beta and repeating the mistakes Weasyl made, Inkbunny has it's reputation as a haven for cub porn, and deviantArt doesn't allow porn at all. So long as there is no viable competition for FA, FA will remain as the main hub.

That's why people who "leave FA 4ever" return within weeks or months.


----------



## Krayne (May 17, 2016)

I just had to sign up for the forums to say this (I'm an FA artist who'se only current income is from commissions.)

Dragoneer mentioned the source code was distributed at a convention.
Right now I'm in Las Vegas and at the Mandalay bay casino (we went there for the shark reef) there is a hacker convention going on right now.  It's called "hack-a-thon" I think. I thought it would be a white hat convention but now I'm not so sure.  Do you think it could be THIS convention where the hack started, or was distributed?
If so, should I go there and investigate?

Also many people asked for a motive for the hack.  Here's one:  religious fundamentalism.  The worlds biggest religions (Christianity and Islam) frown on any kind of animism or gay sex or any kind of fun in general.  So I won't make any assumptions but that is a big enough reason to devote time and resources to destroying a site such as ours.  Probably NOT the reason, but a distinct possibility.


----------



## AliothFox (May 17, 2016)

Bourbon. said:


> There are viable alternatives to WoW, and even WoW continues to maintain a core demographic.
> 
> FA lacks any kind of viable alternative that can actually compete with the site. No one said that FA is too big to fail, but it doesn't have any actual marketable competitors who have the same draws or offer anything substantially different or better than FA. Weasyl is a ghost town, people barely pay attention to SoFurry, FurryNetwork is in closed beta and repeating the mistakes Weasyl made, Inkbunny has it's reputation as a haven for cub porn, and deviantArt doesn't allow porn at all. So long as there is no viable competition for FA, FA will remain as the main hub.
> 
> That's why people who "leave FA 4ever" return within weeks or months.



The reason FurryNetwork and Weasyl are ultimately untenable is because they only thrive on FA's misfortune.  Perhaps not intentionally (not casting aspersions at either site, just making an observation), but with a few exceptions, those two sites are just the "where I go when FA is down" sites.  And that obviously isn't a winning business model.


----------



## Bourbon. (May 17, 2016)

Krayne said:


> I just had to sign up for the forums to say this (I'm an FA artist who'se only current income is from commissions.)
> 
> Dragoneer mentioned the source code was distributed at a convention.
> Right now I'm in Las Vegas and at the Mandalay bay casino (we went there for the shark reef) there is a hacker convention going on right now.  It's called "hack-a-thon" I think. I thought it would be a white hat convention but now I'm not so sure.  Do you think it could be THIS convention where the hack started, or was distributed?
> ...


No, it was distributed at a furry convention called BLFC.


----------



## Stev0 (May 17, 2016)

I'd say just enjoy the day, go find some fresh air, breathe in that fresh air, and relax . That's my opinion. I read how the admin is handling the situation and it seems like they got things covered, the damage was minimal at best. Yes crappy that we may have lost some data MAYBE. I hope that the individuals involved are found, and persecuted to the fullest extent of the law.


----------



## xTwilightStarx (May 17, 2016)

Looking at the most recent updates to the site outage thread, I'd say people got waaaay too worried way too fast.
They know what they're doing.


----------



## AliothFox (May 17, 2016)

Krayne said:


> I just had to sign up for the forums to say this (I'm an FA artist who'se only current income is from commissions.)
> 
> Dragoneer mentioned the source code was distributed at a convention.
> Right now I'm in Las Vegas and at the Mandalay bay casino (we went there for the shark reef) there is a hacker convention going on right now.  It's called "hack-a-thon" I think. I thought it would be a white hat convention but now I'm not so sure.  Do you think it could be THIS convention where the hack started, or was distributed?
> ...



The code was distributed at BLFC... which *is* actually in Nevada, so who knows.  You may have something there.  To be honest, I think the religious fundamentalism motive is a teency bit of a stretch, as that's not a fundamentalist's typical MO.  If that had been a motive, someone would likely have CLAIMED responsibility, and so far, that hasn't happened.  Certainly it's possible, but that just seems a little far-fetched to me.

Love your art by the way, Krayne.


----------



## Samandriel Morningstar (May 17, 2016)

mshy said:


> I'm hoping i don't have to restore EVERYTHING I UPLOADED...



Something was already mentioned that anything after the 11th would be lost but anything before then that would be fine.
I know there's a lot of crap to wade through in this topic but try your best to weed out the information you're seeking before posting.


----------



## RileySockfoxy (May 17, 2016)

Bourbon. said:


> There are viable alternatives to WoW, and even WoW continues to maintain a core demographic.
> 
> FA lacks any kind of viable alternative that can actually compete with the site. No one said that FA is too big to fail, but it doesn't have any actual marketable competitors who have the same draws or offer anything substantially different or better than FA. Weasyl is a ghost town, people barely pay attention to SoFurry, FurryNetwork is in closed beta and repeating the mistakes Weasyl made, Inkbunny has it's reputation as a haven for cub porn, and deviantArt doesn't allow porn at all. So long as there is no viable competition for FA, FA will remain as the main hub.
> 
> That's why people who "leave FA 4ever" return within weeks or months.


I do agree that FurAffinity, being that it's been the central hub for tens of thousands of furs, will always be the way it is. Which is good! However, I don't know if it's proper to talk about some of the smaller, less popular, or fetish specific sites in a negative manner. I mean, what you're saying is true, but the smaller sites are just trying to find some kind of success, just as FA has attained. InkBunny, well... Everyone has their niche. I don't think it fair to judge, even though I'm against cub, personally.

I was hearing something about a big site coming soon... Not entirely sure what it's gonna be like, and I don't even know what it's going to be called, but... I'm intrigued. 

I do agree though. FurAffinity has been, and always will be, the biggest hub.


----------



## scorcher836 (May 17, 2016)

Well this sucks. hope furaffinity is back up soonish. good luck everyone.


----------



## Bourbon. (May 17, 2016)

RileySockfoxy said:


> I do agree that FurAffinity, being that it's been the central hub for tens of thousands of furs, will always be the way it is. Which is good! However, I don't know if it's proper to talk about some of the smaller, less popular, or fetish specific sites in a negative manner. I mean, what you're saying is true, but the smaller sites are just trying to find some kind of success, just as FA has attained. InkBunny, well... Everyone has their niche. I don't think it fair to judge, even though I'm against cub, personally.
> 
> I was hearing something about a big site coming soon... Not entirely sure what it's gonna be like, and I don't even know what it's going to be called, but... I'm intrigued.
> 
> I do agree though. FurAffinity has been, and always will be, the biggest hub.


You're sounding a little defensive. It's not my place to judge people on their fetishes, but for a lot of people a site allowing cub porn at all is a huge problem (especially with it being illegal in many countries including Canada, Australia, and the UK). With IB having primarily a cub related demographic, it turns a lot of people off. 

There's always some "new big site" coming up that promises to be a game changer or to deliver better things than FA, but they inevitably fail or fall to the wayside.


----------



## Dragonley (May 17, 2016)

Well here's my problem. I've had my account for 2 years now and just before the site went down it logged me out and told me that my user doesn't exist. So far by what I've gathered you guys have only acknowledged that users created within the last 6 days were deleted.
Is the restore going to bring back old deleted users? Because so far it doesn't sound so.


----------



## AliothFox (May 17, 2016)

Dragonley said:


> Well here's my problem. I've had my account for 2 years now and just before the site went down it logged me out and told me that my user doesn't exist. So far by what I've gathered you guys have only acknowledged that users within the last 6 days were deleted.



If your account is 2 years old, it's in their backup, so they can restore it if it was deleted from the main site.


----------



## supersonicbros23 (May 17, 2016)

Krayne said:


> I just had to sign up for the forums to say this (I'm an FA artist who'se only current income is from commissions.)
> 
> Dragoneer mentioned the source code was distributed at a convention.
> Right now I'm in Las Vegas and at the Mandalay bay casino (we went there for the shark reef) there is a hacker convention going on right now.  It's called "hack-a-thon" I think. I thought it would be a white hat convention but now I'm not so sure.  Do you think it could be THIS convention where the hack started, or was distributed?
> ...



About as silly as my judgement is but we really could use someone to investigate that. Then again I don't know if its really worth it at this point.

...a hacker convention? Why wouldn't the police be monitoring that? I mean hackers can only be good right? Pfff. 
Just for safe measure, it wouldn't hurt to stroll through there. Dunno much about conventions, they let almost anyone in right? For all we know theres probably a few fur-hackers out there who got word of it.


----------



## RileySockfoxy (May 17, 2016)

Bourbon. said:


> You're sounding a little defensive. It's not my place to judge people on their fetishes, but for a lot of people a site allowing cub porn at all is a huge problem (especially with it being illegal in many countries including Canada, Australia, and the UK). With IB having primarily a cub related demographic, it turns a lot of people off.
> 
> There's always some "new big site" coming up that promises to be a game changer or to deliver better things than FA, but they inevitably fail or fall to the wayside.


Well, I wasn't trying to come off as defensive, only trying to make a point. After all, FurAffinity is the only site (aside from Twitter) that I post my artwork to. So wasn't trying to come off like that. Simply stating an opinion.

I suppose you're right, on the front of the new site thing. There always seems to be something up-and-coming, but it never quite takes off. Then again, to get a good reputation, you have to be around a long time. FA has been around for a looooong time.


----------



## Bannor (May 17, 2016)

< F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 >

AUGH!!!!!1!


----------



## Krayne (May 17, 2016)

AliothFox said:


> The code was distributed at BLFC... which *is* actually in Nevada, so who knows.  You may have something there.  To be honest, I think the religious fundamentalism motive is a teency bit of a stretch, as that's not a fundamentalist's typical MO.  If that had been a motive, someone would likely have CLAIMED responsibility, and so far, that hasn't happened.  Certainly it's possible, but that just seems a little far-fetched to me.
> 
> Love your art by the way, Krayne.


Wow, thanks for the like!  Yeah I agree it isn't the typical MO for extremists, but you never know, times are a changing.
What's BLFC?


----------



## RileySockfoxy (May 17, 2016)

Bannor said:


> < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 > < F5 >  < F5 >
> 
> AUGH!!!!!1!


(totally me when the site first logged me out) X3


----------



## AliothFox (May 17, 2016)

Krayne said:


> Wow, thanks for the like!  Yeah I agree it isn't the typical MO for extremists, but you never know, times are a changing.
> What's BLFC?



Biggest Little Fur Con - it's a furry convention in... I wanna say Reno?


----------



## Bourbon. (May 17, 2016)

RileySockfoxy said:


> Well, I wasn't trying to come off as defensive, only trying to make a point. After all, FurAffinity is the only site (aside from Twitter) that I post my artwork to. So wasn't trying to come off like that. Simply stating an opinion.
> 
> I suppose you're right, on the front of the new site thing. There always seems to be something up-and-coming, but it never quite takes off. Then again, to get a good reputation, you have to be around a long time. FA has been around for a looooong time.


I wouldn't say that's the only reason. FA's reputation isn't spotless and the site has had security problems time after time after time. I think it's just that people don't want to lose their pageviews, their watchers, build a fresh start, manage multiple sites, etc. And people ARE loyal to FA. FA isn't some huge corporation, we know the faces of the people who run it. We can talk to any admin or Dragoneer one-on-one. 

And then there's also the fact that most artists won't move if their watchers don't, and most watchers won't move as long as the artists stay. It's a catch 22 scenario.


----------



## Dragonley (May 17, 2016)

AliothFox said:


> If your account is 2 years old, it's in their backup, so they can restore it if it was deleted from the main site.



Okay, I wasn't sure. I assumed that earlier but upon reading this again I had to scratch my head a little. Thanks~


----------



## xTwilightStarx (May 17, 2016)

Seriously guys, I don't think it's going to take as long as everyone's worrying it will.
It shouldn't be *that *hard to wait just a little longer, it's not even been 12 hours.


----------



## Samandriel Morningstar (May 17, 2016)

Wait,did someone mention giving this stuff over to the FBI/Investigators/Cops?
You do understand these people are far more busy working on proper cases then on a case about someone who hacked a furry website right?
..Did I also see someone say it might of been Isis or something?
Slow your damn rolls people,my goodness.


----------



## RileySockfoxy (May 17, 2016)

Bourbon. said:


> I wouldn't say that's the only reason. FA's reputation isn't spotless and the site has had security problems time after time after time. I think it's just that people don't want to lose their pageviews, their watchers, build a fresh start, manage multiple sites, etc. And people ARE loyal to FA. FA isn't some huge corporation, we know the faces of the people who run it. We can talk to any admin or Dragoneer one-on-one.
> 
> And then there's also the fact that most artists won't move if their watchers don't, and most watchers won't move as long as the artists stay. It's a catch 22 scenario.


Mhm. I'm just worried about my account. I mean, I'm nowhere near success yet, but I'm close to 1200 watchers, which took me a long time, and a lot of improvement to get to. I'm hoping my page didn't get deleted. No WAY I'd be able to build my business back up.


----------



## Altair_the_lugia (May 17, 2016)

AliothFox said:


> The code was distributed at BLFC... which *is* actually in Nevada, so who knows.  You may have something there.  To be honest, I think the religious fundamentalism motive is a teency bit of a stretch, as that's not a fundamentalist's typical MO.  If that had been a motive, someone would likely have CLAIMED responsibility, and so far, that hasn't happened.  Certainly it's possible, but that just seems a little far-fetched to me.
> 
> Love your art by the way, Krayne.


Clearly, you've never seen what I call a religious nutcase. That's essentially a religious fundamentalist on steroids. They will do ANYTHING to "save your soul."


----------



## desoto_jellywerewolf (May 17, 2016)

AliothFox said:


> If your account is 2 years old, it's in their backup, so they can restore it if it was deleted from the main site.



Also to quote Neer from the other thread..

"We have restored a majority of the content which was lost, and backups restorations are complete. We are currently continuing to perform a security audit on the code to try to find any further issues."

Sounds to me like they were able to recover data that is more recent than the six day old backup.


----------



## Deborah Yang (May 17, 2016)

Ah...wait so...let's say for the past couple days I've been uploading art frequently and made some journals (all of this after the 11th)
Those are all gone now? aiyah...


----------



## Stev0 (May 17, 2016)

xTwilightStarx said:


> View attachment 11383
> 
> Seriously guys, I don't think it's going to take as long as everyone's worrying it will.
> It shouldn't be *that *hard to wait just a little longer, it's not even been 12 hours.




Bingo...this is not the worst attack this site has had...not even close. Like I said its in good hands.


----------



## Krayne (May 17, 2016)

AliothFox said:


> Biggest Little Fur Con - it's a furry convention in... I wanna say Reno?


but who would do that at a fur con? This hacker con at MB casino is scaring me if there are black hats there


----------



## scorcher836 (May 17, 2016)

i'm just waiting here like a patient roo reading everyones comments. why? idk i'm kinda bored lol


----------



## Bourbon. (May 17, 2016)

RileySockfoxy said:


> Mhm. I'm just worried about my account. I mean, I'm nowhere near success yet, but I'm close to 1200 watchers, which took me a long time, and a lot of improvement to get to. I'm hoping my page didn't get deleted. No WAY I'd be able to build my business back up.


I feel you. I was very close to reaching 5000 and I'm concerned about this setting me back. 



Altair_the_lugia said:


> Clearly, you've never seen what I call a religious nutcase. That's essentially a religious fundamentalist on steroids. They will do ANYTHING to "save your soul."


....You presume that people care that much about furries. Why would they target furries when they tend to be anti-pornography and taking out a larger site like PornHub would be far more beneficial to the ideology.


----------



## xTwilightStarx (May 17, 2016)

Deborah Yang said:


> Ah...wait so...let's say for the past couple days I've been uploading art frequently and made some journals (all of this after the 11th)
> Those are all gone now? aiyah...


The journals will still be there, things like that weren't necessarily affected.
And going on what Dragoneer said in his last update, there's a fair chance all or most of your stuff was saved.


----------



## Athiesh (May 17, 2016)

More than likely its just someone on a power trip.
Push a few keys, change hundreds of thousands of peoples moods and schedules in an immediate way.
I can understand the temptation even I wholly condemn it.


----------



## rjbartrop (May 17, 2016)

RileySockfoxy said:


> Well, I wasn't trying to come off as defensive, only trying to make a point. After all, FurAffinity is the only site (aside from Twitter) that I post my artwork to. So wasn't trying to come off like that. Simply stating an opinion.
> 
> I suppose you're right, on the front of the new site thing. There always seems to be something up-and-coming, but it never quite takes off. Then again, to get a good reputation, you have to be around a long time. FA has been around for a looooong time.



Always is a long time, and there have been sites before that were considered the main site for furry art.   Having said that, I can't see FA going away any time soon.


----------



## Elf-cat (May 17, 2016)

Traveller800 said:


> I don;t get it...whats the motivation?  Its clearly not cash otherwise they would have demanded a ransom or something.  Why would they devite time to fucking with your website?  Its stupid AND cruel to the users.


There are people out there that are completely against furries. It's like almost being racist. Chlorine gas attacks, and web server hackings are only just the beginning. I think it's time that we start making the furry fandom into a secret society. Otherwise these attacks are only going to get worse.


----------



## AliothFox (May 17, 2016)

Altair_the_lugia said:


> Clearly, you've never seen what I call a religious nutcase. That's essentially a religious fundamentalist on steroids. They will do ANYTHING to "save your soul."



Having been raised by a Southern Baptist minister, believe me, I have seen my share of "religious nutcases."  And in my experience, they'll annoy you to "save your soul," but they usually want to take credit for it too.

But now we're getting into a discussion about religion on a thread about site status, which definitely cannot end well for anyone involved.


----------



## RileySockfoxy (May 17, 2016)

Bourbon. said:


> I feel you. I was very close to reaching 5000 and I'm concerned about this setting me back.
> 
> 
> ....You presume that people care that much about furries. Why would they target furries when they tend to be anti-pornography and taking out a larger site like PornHub would be far more beneficial to the ideology.


You'll have to link me to your FurAffinity! I love drawing, but I love looking at art, too. :3


----------



## Bourbon. (May 17, 2016)

Elf-cat said:


> There are people out there that are completely against furries. It's like almost being racist. Chlorine gas attacks, and web server hackings are only just the beginning. I think it's time that we start making the furry fandom into a secret society. Otherwise these attacks are only going to get worse.


Cut it out with the fearmongering. Almost all "attacks" on furries are done BY furries who are just PO'd about something or doing it for laughs.


----------



## Krayne (May 17, 2016)

Altair_the_lugia said:


> Clearly, you've never seen what I call a religious nutcase. That's essentially a religious fundamentalist on steroids. They will do ANYTHING to "save your soul."


Good point. They wouldn't even take credit because the honestly believe in this soul saving bullshit, and think they are helping us by doing so.


----------



## supersonicbros23 (May 17, 2016)

AliothFox said:


> Biggest Little Fur Con - it's a furry convention in... I wanna say Reno?


No wonder. [insert Hell joke here]


scorcher836 said:


> i'm just waiting here like a patient roo reading everyones comments. why? idk i'm kinda bored lol


I know this isn't funnyjunk but I'm going to reply to this with an image.




 That phone will ring any minute telling me everything is fine.


----------



## Bourbon. (May 17, 2016)

RileySockfoxy said:


> You'll have to link me to your FurAffinity! I love drawing, but I love looking at art, too. :3


Oh! I know you can't really "get there" at the moment, but it's www.furaffinity.net: FA is temporarily offline. ;w;


----------



## Coelacanth1938 (May 17, 2016)

Elf-cat said:


> There are people out there that are completely against furries. It's like almost being racist. Chlorine gas attacks, and web server hackings are only just the beginning. I think it's time that we start making the furry fandom into a secret society. Otherwise these attacks are only going to get worse.



Going secret would only make things worst. People think the worst of us already, and secrecy will only confirm their fears and suspicions.


----------



## AliothFox (May 17, 2016)

I'm *reasonably* certain that the "secret society" comment was made ironically, guys.


----------



## JusticeForKelo (May 17, 2016)

Jane_M_J said:


> I really don't wanna wait for FA for days or even weeks! I won't stand it!!



Chill the fuck out. It will be back.


----------



## scorcher836 (May 17, 2016)

supersonicbros23 said:


> No wonder. [insert Hell joke here]
> 
> I know this isn't funnyjunk but I'm going to reply to this with an image.
> 
> ...



lolz! made my day!


----------



## Bourbon. (May 17, 2016)

AliothFox said:


> I'm *reasonably* certain that the "secret society" comment was made ironically, guys.


Occam's Razor tho. Some people are dead serious when they say stuff like that. I've seen my fair share of furry conspiracists.


----------



## LadyHeather (May 17, 2016)

Best of luck to the folks working to fix the issue, and I'll see you all when we're back up and running! <3


----------



## Samandriel Morningstar (May 17, 2016)

Lmao.
The furry version of the Masons.


----------



## b0rnstellar (May 17, 2016)

Just pop on a movie or show and wait until everything is back up. It isn't the end of the world, guys.


----------



## rjbartrop (May 17, 2016)

JusticeForKelo said:


> Chill the fuck out. It will be back.



Agreed.  I'm pretty sure Dragoneer doesn't want to have to try and ask Amazon for his old job back.


----------



## Krayne (May 17, 2016)

Bourbon. said:


> I feel you. I was very close to reaching 5000 and I'm concerned about this setting me back.
> 
> 
> ....You presume that people care that much about furries. Why would they target furries when they tend to be anti-pornography and taking out a larger site like PornHub would be far more beneficial to the ideology.


maybe because it is a soft target and easier to hack, maybe it's practice for something bigger, who knows.  One poster mentored po'd ex FA members, which sounds legit but that statement is based on what, exactly?


----------



## xTwilightStarx (May 17, 2016)

Jokes or not, a secret furry society would definitely make things worse ahah.
By hiding a fandom behind closed doors it makes it seem creepy, like the people involved *know* it's wrong.


----------



## Bourbon. (May 17, 2016)

Krayne said:


> maybe because it is a soft target and easier to hack, maybe it's practice for something bigger, who knows.  One poster mentored po'd ex FA members, which sounds legit but that statement is based on what, exactly?


I doubt it'd be an ex-FA staff member. More likely it's one of the ones who want to see FA die just because they hate the site or Dragoneer or any myriad of petty reasons. This is not the first time FA's gone down over petty shit.


----------



## RileySockfoxy (May 17, 2016)

Bourbon. said:


> Oh! I know you can't really "get there" at the moment, but it's www.furaffinity.net: FA is temporarily offline. ;w;


Simply your username will do. When the site gets back online, I'll look ya up. :3


----------



## AliothFox (May 17, 2016)

Krayne said:


> maybe because it is a soft target and easier to hack, maybe it's practice for something bigger, who knows.  One poster mentored po'd ex FA members, which sounds legit but that statement is based on what, exactly?



Based on a lot, to be honest.  There was some drama a few months ago - admins left en masse, some were dismissed, some allegedly violated NDA agreements.  It wasn't pretty.  A site as important to the fandom as FA is bound to make a lot of enemies within the fandom along the way.

EDIT: I'm not pointing fingers at the former admins or making speculations here; just pointing out that that stirred up a lot of drama - enough to conceivably make someone angry enough to attack the site.


----------



## b0rnstellar (May 17, 2016)

Bourbon. said:


> I doubt it'd be an ex-FA staff member. More likely it's one of the ones who want to see FA die just because they hate the site or Dragoneer or any myriad of petty reasons. This is not the first time FA's gone down over petty shit.


I've seen people do a lot worse just for the laughs. It wouldn't surprise me if its just a kid looking for a good kick.


----------



## foxenbperry (May 17, 2016)

Might I ask.. could it be the infamous furry hater, Ryan Hill? I mean..I try to keep my distance from furry drama but he seems to be making a pain in the ass out of himself for the past few years and he doesn't understand or care about limits..(Ryan Hill sounds like a fake FB name a 12 year old ammaure troll would use btw)


----------



## Bourbon. (May 17, 2016)

RileySockfoxy said:


> Simply your username will do. When the site gets back online, I'll look ya up. :3


It's the same as here, Bourbon. (with a period at the end). c:


----------



## crystalsugarstars (May 17, 2016)

Mmm...I hope things sort out smoothly! Totally sucks this happens so often;;


----------



## Krayne (May 17, 2016)

Bourbon. said:


> I doubt it'd be an ex-FA staff member. More likely it's one of the ones who want to see FA die just because they hate the site or Dragoneer or any myriad of petty reasons. This is not the first time FA's gone down over petty shit.


Oh I didn't mean staff.  I meant banned or otherwise disgruntled members, and there is a fair share of those so I'm told.
And yes, petty bullshit is usually the culprit


----------



## Bourbon. (May 17, 2016)

foxenbperry said:


> Might I ask.. could it be the infamous furry hater, Ryan Hill? I mean..I try to keep my distance from furry drama but he seems to be making a pain in the ass out of himself for the past few years and he doesn't understand or care about limits..(Ryan Hill sounds like a fake FB name a 12 year old ammaure troll would use btw)


That guy's behavior is mostly focused on low hanging fruit (pretending to be LemonadeCoyote, photoshoping LemonadeCoyote as an angel dragon, also suspected to be the one behind the chlorine bomb). Nothing has been done by him to show he has this capability.


----------



## AliothFox (May 17, 2016)

b0rnstellar said:


> I've seen people do a lot worse just for the laughs. It wouldn't surprise me if its just a kid looking for a good kick.


If this were a typical DDoS attack, I might agree, but there were physical copies of the source code being distributed.  That makes me think someone deliberately wanted to see harm come to the site.  It doesn't seem like typical script kiddie stuff.


----------



## Dragonley (May 17, 2016)

You know I've noticed while scrolling through comments that many people are getting rather impatient.

Honestly if you're going to be so impatient I hope the site will take longer to go back up. :^Y


----------



## xTwilightStarx (May 17, 2016)

b0rnstellar said:


> Just pop on a movie or show and wait until everything is back up. It isn't the end of the world, guys.


----------



## foxenbperry (May 17, 2016)

Bourbon. said:


> That guy's behavior is mostly focused on low hanging fruit (pretending to be LemonadeCoyote, photoshoping LemonadeCoyote as an angel dragon, also suspected to be the one behind the chlorine bomb). Nothing has been done by him to show he has this capability.



I see...


----------



## b0rnstellar (May 17, 2016)

AliothFox said:


> If this were a typical DDoS attack, I might agree, but there were physical copies of the source code being distributed.  That makes me think someone deliberately wanted to see harm come to the site.  It doesn't seem like typical script kiddie stuff.


I'm kind of flattered someone would go out of their way to make physical copies of our community. How cute!


----------



## Coelacanth1938 (May 17, 2016)

Secret societies are nothing new. In Ireland it wasn't unusual for a person to be a member of a half dozen secret societies, especially the immigrants. But the value of being in a secret society is dubious at best.


----------



## foxenbperry (May 17, 2016)

Well then.. In this case...might as well finish watching Lion King and Pocohantas..(not at the same time) Lol..


----------



## b0rnstellar (May 17, 2016)

tfw FA is down for 7 hours


----------



## crystalsugarstars (May 17, 2016)

foxenbperry said:


> Well then.. In this case...might as well finish watching Lion King and Pocohantas..(not at the same time) Lol..


after you mentioned it, Im almost tempted to try that out XD


----------



## Kitsune633 (May 17, 2016)

Its all about waiting.

But seriously, the attack is petty and childish, all for laughs? The nerve of some people.


----------



## Elf-cat (May 17, 2016)

Well, okay... then why not make anthropomorphism (being a furry) into a religion. Then maybe we can actually acquire more freedom and rights, and less likely to be attacked because hackers would be breaking a more serious law.
Just an idea though.


----------



## xTwilightStarx (May 17, 2016)

The reasonable amount of effort the person went through to distribute the information suggests they aren't a fan on the site/members, and were probs also doing it for the bantz.
I mean, if it were just for the hell of it or because they could, they could've just outed the site themselves?


----------



## xTwilightStarx (May 17, 2016)

Elf-cat said:


> Well, okay... then why not make anthropomorphism (being a furry) into a religion. Then maybe we can actually acquire more freedom and rights, and less likely to be attacked because hackers would be breaking a more serious law.


Actually, I feel like making a religion of it would mean it being attacked *more *than it already is.
Pushing things in peoples faces is like _asking_ them to hate it.


----------



## foxenbperry (May 17, 2016)

crystalsugarstars said:


> after you mentioned it, Im almost tempted to try that out XD



Why not? I've still got my VHS tapes from when I was a kid and a good ol' VCR and tube TV..a cuddly maine coon cat and powdered donuts..what about you guys? I mean.. though FA is nice to have.. its only a site...our lives as humans doesn't revolve around being online. See you all on the flipside!


----------



## Bourbon. (May 17, 2016)

xTwilightStarx said:


> The reasonable amount of effort the person went through to distribute the information suggests they aren't a fan on the site/members, and were probs also doing it for the bantz.
> I mean, if it were just for the hell of it or because they could, they could've just outed the site themselves?


By distributing it, it allows it to get in as many hands as possible, also insuring as much damage is done as possible and ups their anonymity so it's harder to track down who the source is.


----------



## AliothFox (May 17, 2016)

AnjoGatoBR said:


> *you are very USB driver could get out usb like to face computer world is not easy Repair this has been fixed goodbye fell full well furaffinity USB good internet driver days 23.....!!!!!!! UP *



My good man, what _are_ you saying, and in what language are you saying it?


----------



## xTwilightStarx (May 17, 2016)

Bourbon. said:


> By distributing it, it allows it to get in as many hands as possible, also insuring as much damage is done as possible and ups their anonymity so it's harder to track down who the source is.


Oh I understand all that perfectly, and it makes sense.
Just noticing a lot of people seem to be blaming some prank-pulling kid for all this.
Some "kid" wouldn't think up such an elaborate plan. And kids *love* claiming responsibility for something big.


----------



## Athiesh (May 17, 2016)

AliothFox said:


> My good man, what _are_ you saying, and in what language are you saying it?


I'm going to guess native Brazilian


----------



## Bannor (May 17, 2016)

AliothFox said:


> My good man, what _are_ you saying, and in what language are you saying it?


Google never could handle Klingon.


----------



## Bourbon. (May 17, 2016)

xTwilightStarx said:


> Oh I understand all that perfectly, and it makes sense.
> Just noticing a lot of people seem to be blaming some prank-pulling kid for all this.
> Some "kid" wouldn't think up such an elaborate plan.


Kids these days get up to a lot of shit for kicks. Along with intellect comes a morbid need to fuck shit up just to see if you can get away with it. 

I, personally, don't think it's just some young barely out of HS kid. Probably more likely to be someone who's been in the fandom for awhile and is bitter.


----------



## LukeBrassai (May 17, 2016)

AnjoGatoBR said:


> *you are very USB driver could get out usb like to face computer world is not easy Repair this has been fixed goodbye fell full well furaffinity USB good internet driver days 23.....!!!!!!! UP *


Can you even english?


----------



## b0rnstellar (May 17, 2016)

AnjoGatoBR said:


> *you are very USB driver could get out usb like to face computer world is not easy Repair this has been fixed goodbye fell full well furaffinity USB good internet driver days 23.....!!!!!!! UP *


*i agggreee!! *


----------



## Samandriel Morningstar (May 17, 2016)

Just dropping this here too.

Limited space for a game,come and play.
The password is Furry
If you can't find the room just look for Handsome_Jack's game in the game list.

pyx-1.pretendyoure.xyz: Pretend You're Xyzzy


Let's play a few rounds.
It's basically online cards against humanity.


----------



## Deathlightdb (May 17, 2016)

Like half of this thread:





Sorry, as someone who's been with FA from the beginning, I laugh at people who flip out over something that is (currently) fairly insignificant.  And also, in the long run, and bigger picture, is insignificant.


----------



## xTwilightStarx (May 17, 2016)

Bourbon. said:


> Kids these days get up to a lot of shit for kicks. Along with intellect comes a morbid need to fuck shit up just to see if you can get away with it.
> 
> I, personally, don't think it's just some young barely out of HS kid. Probably more likely to be someone who's been in the fandom for awhile and is bitter.


Agreed.
Not to mention if a kid were good at hacking, I couldn't see them targeting a furry site.
They'd be more likely to use their skills to hack into personal stuff of the people they hate.
Kids can be smart, but they're pretty naive.


----------



## KaiyaShadowBlaze (May 17, 2016)

What I want to know is this:
How could they get whole of the sites code?  I mean... only one way I know for sure that, that person could do that is if they worked in the company that runs FA, through like server or something place like that. Because that is one sure way to get the sites code and everything. Every users profile, sent messages, art, journals, favorited art, watchers, all of it, the whole nine yards.


----------



## Athiesh (May 17, 2016)

I'm scared for when the servers are back online. Its going to the friendliest, potentially horniest DDOS they ever dealt with


----------



## Bannor (May 17, 2016)

AnjoGatoBR said:


> The when and helps a lot of their exposure backup link way and ?


Brilliant!


----------



## UsernamePending (May 17, 2016)

If it helps at all, I still have a number of tabs open that do not yet have me locked out. They should all be from yesterday, although I'm not completely sure what time they were brought up. Any attempt to open a new FA tab loads the locked site.


----------



## Bourbon. (May 17, 2016)

KaiyaShadowBlaze said:


> What I want to know is this:
> How could they get whole of the sites code?  I mean... only one way I know for sure that, that person could do that is if they worked in the company that runs FA, through like server or something place like that. Because that is one sure way to get the sites code and everything. Every users profile, sent messages, art, journals, favorited art, watchers, all of it, the whole nine yards.


Exploits in scripts and plug-ins that are used on the site can be exploited and give access to a site's coding. They pretty much already explained how this happened.


----------



## Makellyn (May 17, 2016)

AnjoGatoBR said:


> *you are very USB driver could get out usb like to face computer world is not easy Repair this has been fixed goodbye fell full well furaffinity USB good internet driver days 23.....!!!!!!! UP *


I'm too high to even try to decipher this.


----------



## Stev0 (May 17, 2016)

AnjoGatoBR said:


> The when and helps a lot of their exposure backup link way and ?



Dude....English please.


----------



## FatalSyndrome (May 17, 2016)

Bourbon. said:


> I doubt it'd be an ex-FA staff member. More likely it's one of the ones who want to see FA die just because they hate the site or Dragoneer or any myriad of petty reasons. This is not the first time FA's gone down over petty shit.



I'm 100% sure that's exactly what it is. I feel people hate furries a lot less than they used to. While many do still hate us, there's a lot of shit INSIDE the fandom that seems more at-risk, and people who feel exceptionally victimized by FA for some reason are probably the most likely to do this sorta shit.


----------



## FatalSyndrome (May 17, 2016)

AnjoGatoBR said:


> *you are very USB driver could get out usb like to face computer world is not easy Repair this has been fixed goodbye fell full well furaffinity USB good internet driver days 23.....!!!!!!! UP *


The smilies make this a lot better too


----------



## Bourbon. (May 17, 2016)

AnjoGatoBR said:


> My US-BR to translate ??


You're probably better off typing in BR and letting others translate it. Your translations aren't very good.


----------



## ZX6R (May 17, 2016)

KaiyaShadowBlaze said:


> What I want to know is this:
> How could they get whole of the sites code?  I mean... only one way I know for sure that, that person could do that is if they worked in the company that runs FA, through like server or something place like that. Because that is one sure way to get the sites code and everything. Every users profile, sent messages, art, journals, favorited art, watchers, all of it, the whole nine yards.


They use an exploit to presumably run a command on the server, which would copy the site code back to the attacker, who is free to do whatever they want with it.


----------



## CrescentStarHusky (May 17, 2016)

foxenbperry said:


> Why not? I've still got my VHS tapes from when I was a kid and a good ol' VCR and tube TV..a cuddly maine coon cat and powdered donuts..what about you guys? I mean.. though FA is nice to have.. its only a site...our lives as humans doesn't revolve around being online. See you all on the flipside!


I want powdered doughnuts now OMG


----------



## Stev0 (May 17, 2016)

AnjoGatoBR said:


> My US-BR to translate ??



I'm sorry. I just could not understand...use português please.  then we can translate it. That might work better.


----------



## FatalSyndrome (May 17, 2016)

AnjoGatoBR said:


> I like a little high speak not to the doctor and translate it off :/


I'm sorry your translator isn't getting your messages out correctly. Try just typing it in your language, and we can translate it. This must be frustrating for you.


----------



## foxenbperry (May 17, 2016)

CrescentStarHusky said:


> I want powdered doughnuts now OMG



then go get powdered donuts before your cravings get too bad x3


----------



## Bannor (May 17, 2016)

AnjoGatoBR said:


> I like a little high speak not to the doctor and translate it off :/


Oh, crap - this is starting to make sense to me!  Should I be worried?


----------



## CrescentStarHusky (May 17, 2016)

foxenbperry said:


> then go get powdered donuts before your cravings get too bad x3


I don't have any! *dies*


----------



## hera (May 17, 2016)

I honestly do not believe Dragoneer is telling the full story.  Yes, it is true that someone got the source code and loaded it on a USB, but I think there is more to this story.

One thing he isn't telling you was that the damage was mostly done when the original imagemagick exploit was discovered and I guarantee that it WAS not patched right away.  Quite simply, the admins SCREWED up.  The reason I say that is cause how issues were handled in the past.  The admins have done a terrible job.  

Now why do I say that.  

Well here is how the exploit works.  

http://www.openwall.com/lists/oss-security/2016/05/03/18

ImageMagick Security Issue - ImageMagick

So what does this mean?  I don't understand all this you say.   

Well with this exploit, anyone can run a shell command into the server.

What's a shell command?

For those not familiar with Linux, it basically allows direct commands on the server.  Commands that would let you delete files, rename files, move files, download the source code.    I don't believe the database would be compromised as that requires the knowledge of the mysql password (or a root account).  Something that this exploit alone would not provide. 

So basically Dragoneer is saying someone with the ability to do a ton of file deletions only took the source code.   Yeah, uh huh, and I am the daughter of Zeus.  

Dragoneer also says the source code was leaked and then another vulnerability was found and hacked.  

I am not saying that this is not possible, but I find it HIGHLY unlikely, unless FA has more holes than swiss cheese.  If that is the case, we all should be pointing the fingers at the admins themselves for such poor code.  I have some faith that they are not complete imbeciles, but then again what do I know.


----------



## JusticeForKelo (May 17, 2016)

I'm starting to think Jane_M_J is a troll or bot.


----------



## FatalSyndrome (May 17, 2016)

Lord have mercy, powdered donuts were mentioned and now I'm having an intense hankering...


----------



## FatalSyndrome (May 17, 2016)

hera said:


> I honestly do not believe Dragoneer is telling the full story.  Yes, it is true that someone got the source code and loaded it on a USB, but I think there is more to this story.
> 
> One thing he isn't telling you was that the damage was mostly done when the original imagemagick exploit was discovered and I guarantee that it WAS not patched right away.  Quite simply, the admins SCREWED up.  The reason I say that is cause how issues were handled in the past.  The admins have done a terrible job.
> 
> ...


Here we go with the conspiracy.
FA is full of holes unfortunately. Just because you don't understand the explanation doesn't mean the story is false. Someone hacked it, that's what hacking does.


----------



## Bourbon. (May 17, 2016)

hera said:


> I honestly do not believe Dragoneer is telling the full story.  Yes, it is true that someone got the source code and loaded it on a USB, but I think there is more to this story.
> 
> One thing he isn't telling you was that the damage was mostly done when the original imagemagick exploit was discovered and I guarantee that it WAS not patched right away.  Quite simply, the admins SCREWED up.  The reason I say that is cause how issues were handled in the past.  The admins have done a terrible job.
> 
> ...


FA's code is over a decade old and does have a ton of coding issues and security holes that haven't been fixed. It's entirely plausible that it did go as Dragoneer said and FA's poor infrastructure allowed the damage to be worse than it would have been on other sites.


----------



## lone_wolf323 (May 17, 2016)

FatalSyndrome said:


> Lord have mercy, powdered donuts were mentioned and now I'm having an intense hankering...


I think some powdered donuts and some maple glazed ones would sound amazing at this point.


----------



## ZX6R (May 17, 2016)

hera said:


> I honestly do not believe Dragoneer is telling the full story.  Yes, it is true that someone got the source code and loaded it on a USB, but I think there is more to this story.
> 
> One thing he isn't telling you was that the damage was mostly done when the original imagemagick exploit was discovered and I guarantee that it WAS not patched right away.  Quite simply, the admins SCREWED up.  The reason I say that is cause how issues were handled in the past.  The admins have done a terrible job.
> 
> ...


If you think about it, they might have wanted to cover their tracks. If someone else trashes the site using the source code, they're going to be the priority.


----------



## redsaber (May 17, 2016)

Oh brother, it really bothers me when things like this happens to this site.


----------



## Barking-In-the-Dark (May 17, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_



Yup -raises paw- 

I hope things get fixed soon, it sucks that this happened and that the site was shut down (on my B-day no less). I also hope the reference sheet my friend and I posted of my Dutch AD isn't gone. I just registered him too.  
Lastly I doubt it was Anonymous, they're not a group of folks who prey on furries not to mention if it was them 4chan would be flooded with comments about a raid.


----------



## LyrrenClock (May 17, 2016)

scorcher836 said:


> i'm just waiting here like a patient roo reading everyones comments. why? idk i'm kinda bored lol


I second this notion keep up the good work you IT folks and hope to see it back up soon sucks this all happened...


----------



## hera (May 17, 2016)

Bourbon. said:


> FA's code is over a decade old and does have a ton of coding issues and security holes that haven't been fixed. It's entirely plausible that it did go as Dragoneer said and FA's poor infrastructure allowed the damage to be worse than it would have been on other sites.



and yet Dragoneer and friends gets a free pass again.  Shouldn't they be held accountable?  Dragoneer said with IMVU things would get better.


----------



## Psylantwolf (May 17, 2016)




----------



## oddthesungod (May 17, 2016)

AnjoGatoBR said:


> _The branch and full code windows very turns ten 75% or 100% original 3D chrome colors do not please do not face internet I get the link for the Super Server... ?
> 
> ....Hack.... -_-'''_



Cara literalmente ninguem ta te entendendo, desiste do google translate e escreve em português mesmo.


----------



## LyrrenClock (May 17, 2016)

hera said:


> and yet Dragoneer and friends gets a free pass again.  Shouldn't they be held accountable?  Dragoneer said with IMVU things would get better.


things honestly have gotten better the site got a new look that actually works and alot of subtle differences and not having to raise funds all the time...changes take time sadly just cause we dont see it doesnt me its not happening


----------



## FatalSyndrome (May 17, 2016)

Aw, it's too bad we can't turn this thread into a fun party meeting thing.


----------



## AliothFox (May 17, 2016)

hera said:


> and yet Dragoneer and friends gets a free pass again.  Shouldn't they be held accountable?  Dragoneer said with IMVU things would get better.



They did get better.  The last DDoS attack to seriously take the site down for any real length of time was over a year ago, where before it would reliably go down for days every couple of months.  The site can handle a lot bigger loads now (I remember when it would go down if 15k+ were online, now it supports 20-30k+ without any real problems), and the beta actually gets pretty regular updates.


----------



## hera (May 17, 2016)

LyrrenClock said:


> things honestly have gotten better the site got a new look that actually works and alot of subtle differences and not having to raise funds all the time...changes take time sadly just cause we dont see it doesnt me its not happening



Ya know i used to give the benefit of the doubt to the admins, but I simply can't anymore.


----------



## Deleted member 82554 (May 17, 2016)

What sort of fucked up security measures do you have in place for someone to be able to hijack the ENTIRE source code?

Oh well, this downtime will at least give some of the other places a chance to shine for a while.


----------



## Horsefur (May 17, 2016)

Look at the bright side...at least the forum will get more than 10 page views per day because of this.


----------



## Mitsuketa (May 17, 2016)

hera said:


> Ya know i used to give the benefit of the doubt to the admins, but I simply can't anymore.


that's understandable but you need to realize that* everyone makes mistakes. *if the admins happen to be at fault for this and aren't telling the whole story, then they made a mistake and it's fine that they did - the mistake is awful but its normal for someone to fuck up - surely you aren't perfect. surely you've made a small error. and if you haven't ever made a mistake, then i'll be damned.
sure the admins have fucked us over before, but have some faith in them. it's going to take time, probably years for FA to be stable and have decent security. we don't have the income that other websites do.


----------



## Rythas (May 17, 2016)

I know nobody will, but go read all of the pages before this  Plenty of answers have been said already, you just have to look. Someone pointed out earlier as well that website handling has been a lot better than it was before, which is cool to hear.


----------



## SGRedAlert (May 17, 2016)

LyrrenClock said:


> things honestly have gotten better the site got a new look that actually works and alot of subtle differences and not having to raise funds all the time...changes take time sadly just cause we dont see it doesnt me its not happening


I'm sure they have tons of stuff in the works - just because it's not happening *right now* doesn't mean it won't ever happen. I always thought people should have more faith in the administrators, even if a lot of the time they've shown themselves to not only be incompetent but almost patronizing. Still. They're only human, and I mean that - I sincerely doubt the biggest of Dragoneer's haters have made any less mistakes than he has. It's just easier to point fingers when someone's mistakes involve being broadcasted to thousands of people, as well as businesses (although if you run a business off of a website known for it's instability, you should have the brains to back up your info.)


----------



## supersonicbros23 (May 17, 2016)

I just realized... what ever happened to the "read-only" caches that got deployed during routine server maintenance?


----------



## deragorka (May 17, 2016)

hera said:


> Ya know i used to give the benefit of the doubt to the admins, but I simply can't anymore.


I'm with you on this one. Sure folks screw up from time to time, but this is major. Does no one check security exploits at any time during development?


----------



## AliothFox (May 17, 2016)

SGRedAlert said:


> I'm sure they have tons of stuff in the works - just because it's not happening *right now* doesn't mean it won't ever happen. I always thought people should have more faith in the administrators, even if a lot of the time they've shown themselves to not only be incompetent but almost patronizing. Still. They're only human, and I mean that - I sincerely doubt the biggest of Dragoneer's haters have made any less mistakes than he has. It's just easier to point fingers when someone's mistakes involve being broadcasted to thousands of people, as well as businesses (although if you run a business off of a website known for it's instability, you should have the brains to back up your info.)



They do back up their info; they just don't have the resources to do it every single day.


----------



## SGRedAlert (May 17, 2016)

AliothFox said:


> They do back up their info; they just don't have the resources to do it every single day.


I dunno man, it only takes a couple of minutes to screenshot some notes and save it. I know there's even a screenshot keystroke on Macs and PC's that will save it to a designated folder, I just don't remember what it is (PrintScreen does just fine for me.) That option only takes seconds of your time. Hardly any necessary "resources" and if you're a business with any respect for their customers, you should probably make it a habit not to lose valuable information.


----------



## deragorka (May 17, 2016)

Mitsuketa said:


> that's understandable but you need to realize that* everyone makes mistakes. *if the admins happen to be at fault for this and aren't telling the whole story, then they made a mistake and it's fine that they did - the mistake is awful but its normal for someone to fuck up - surely you aren't perfect. surely you've made a small error. and if you haven't ever made a mistake, then i'll be damned.
> sure the admins have fucked us over before, but have some faith in them. it's going to take time, probably years for FA to be stable and have decent security. we don't have the income that other websites do.


I would agree with you except this is no "small mistake." This is a massive mistake that has opened many users to potential security risks on their accounts. Sure passwords etc. are safe now, but next time? Who knows? Security needs to be checked on a regular basis. Period.


----------



## KaiyaShadowBlaze (May 17, 2016)

ZX6R said:


> They use an exploit to presumably run a command on the server, which would copy the site code back to the attacker, who is free to do whatever they want with it.


I know. But what gets me worried is that there are also USBs' still out there possibly as well, with the sites code on it. I mean why do that to the site, then pass out USB's to others at a convention too? Its like saying:"..here's a free site to use for your purpose " 

Like a blunt hit to the head, but with a sharp point to leave a scratch. This attack, angers me and upsets very much more than most, because I've been a secret furry fan for awhile, then recently mad that secret open to a few trustworthy friends, and to a few family members. I mean that is like say ing the attack is towards us furries, and that or main site is like a trashy get together for us, and just an excuse to be here. Its very disconcerting to see this happen and not even know who exactly the culprit is for chasing this from the start.


----------



## CreideikiStormbringer (May 17, 2016)

First time posting here. I just created an account to do it. Though I've lurked for a long while...



Dragoneer said:


> It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity's source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.


Having access to the source shouldn't be a problem. Auguste Kerckhoff in 1883 told us to expect that any attacker "knows the system" (to quote/paraphrase Claude Shannon's later restatement of Kerckhoff's desideratum). Thus, having access to the site sources should not be a problem. Look at the Linux kernel and utilities, and at the different BSDs. Especially look at OpenBSD, which is probably the most secure of the UNIX-like out there right now. All the source is freely available and readable to anyone, and OpenBSD in particular has had very, very few exploits.




Dragoneer said:


> We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.


I work with PDP-11s (as a hobby), and both RSX-11/M+ BRU and RSTS/E's duo of BACKUP and RESTORE support incremental backups; this is a technology from the 70s. Why does FA not run a nightly incremental to go along with the full backup? I hate calling you out on that, but honestly it's not a terrifyingly complex idea to have incrementals. We do them at my workplace on our AutoDesk Vault (must protect the CAD files at all costs), and we run the incrementals twice daily alongside a full dump at week's end.




Krayne said:


> Right now I'm in Las Vegas and at the Mandalay bay casino (we went there for the shark reef) there is a hacker convention going on right now.  It's called "hack-a-thon" I think. I thought it would be a white hat convention but now I'm not so sure.  Do you think it could be THIS convention where the hack started, or was distributed?
> If so, should I go there and investigate?


Computer security conventions — "hacker conventions" — are a perfectly normal thing, and don't involve actually hacking websites and systems; since that's illegal. They discuss exploits and how to fix them. At least that's the experience I've had with them. There are some which have "hackathons" as you mentioned, where the con goers can hack a system provided just for that purpose. CanSecWest up here in Canada famously has "Pwn2Own", where the first con goer to hack ("pwn") a system is given it.




supersonicbros23 said:


> ...a hacker convention? Why wouldn't the police be monitoring that? I mean hackers can only be good right? Pfff.
> Just for safe measure, it wouldn't hurt to stroll through there. Dunno much about conventions, they let almost anyone in right? For all we know theres probably a few fur-hackers out there who got word of it.


Yeah most computer security cons (that aren't tiny, podunk affairs) have some people there from various agencies. The NSA famously attends Black Hat and Def Con; and even recruits from those conventions. Hell they've even _presented_ before.




As an idea, to make the site's codebase better in general, why does FA not open source development  of their code? It's a proven model for creating working — safe — code; just look at Theo de Raadt's OpenBSD project (which is where OpenSSH, among other software, comes from).

*EDIT:* Forgot some text after I made my point about Kerckhoff's Principle.


----------



## Bourbon. (May 17, 2016)

supersonicbros23 said:


> I just realized... what ever happened to the "read-only" caches that got deployed during routine server maintenance?


They still do that, but this isn't server maintenance that's being done. They are repairing broken code and testing the security at the moment.


----------



## AliothFox (May 17, 2016)

deragorka said:


> I'm with you on this one. Sure folks screw up from time to time, but this is major. Does no one check security exploits at any time during development?



Your security can be as tight as a drum, but when someone obtains a big piece of the source code (and goodness only knows what else) through an exploit that they *thought* they closed back on the 5th, the best security can only go so far.  Sony has been hacked.  Microsoft has been hacked.  Websites get hacked - it happens.  I'm honestly surprised at how well FA actually *does* manage to weather all the attacks, considering how little they have to work with in terms of hardware and other resources.  I think the code is in need of some updates, but rewriting an entire site code isn't something that can be done easily or quickly.  This is major, but it's not the end of the world.


----------



## SGRedAlert (May 17, 2016)

deragorka said:


> I'm with you on this one. Sure folks screw up from time to time, but this is major. Does no one check security exploits at any time during development?


I'm not going to pretend to know a god damn thing about servers or website security but this is on the very first page of this thread;
"The exploit in question was not with FA's code but with a plugin called ImageMagick. Once we were made aware of the vulnerability it was patched, but were not aware that the source code had been leaked at that time." (from Dragoneer.)


----------



## Bourbon. (May 17, 2016)

deragorka said:


> I'm with you on this one. Sure folks screw up from time to time, but this is major. Does no one check security exploits at any time during development?


The site was developed _a decade ago._ During that time, hacking and site coding has changed exponentially. They would have to rewrite the entire site to fix a lot of the holes and issues in the code today.


----------



## AliothFox (May 17, 2016)

SGRedAlert said:


> I dunno man, it only takes a couple of minutes to screenshot some notes and save it. I know there's even a screenshot keystroke on Macs and PC's that will save it to a designated folder, I just don't remember what it is (PrintScreen does just fine for me.) That option only takes seconds of your time. Hardly any necessary "resources" and if you're a business with any respect for their customers, you should probably make it a habit not to lose valuable information.



Yeah, but we're not talking about screenshotting a few notes.  We're talking about accessing and copying terabytes upon terabytes' worth of data.  That's not a quick thing, and with the hardware that they have available (which they lack the resources to adequately upgrade), they wouldn't be able to do that every day without making the site prohibitively slow.


----------



## Stev0 (May 17, 2016)

FatalSyndrome said:


> Aw, it's too bad we can't turn this thread into a fun party meeting thing.




That's seems like a better idea.


----------



## ZX6R (May 17, 2016)

KaiyaShadowBlaze said:


> I know. But what gets me worried is that there are also USBs' still out there possibly as well, with the sites code on it. I mean why do that to the site, then pass out USB's to others at a convention too? Its like saying:"..here's a free site to use for your purpose "
> 
> Like a blunt hit to the head, but with a sharp point to leave a scratch. This attack, angers me and upsets very much more than most, because I've been a secret furry fan for awhile, then recently mad that secret open to a few trustworthy friends, and to a few family members. I mean that is like say ing the attack is towards us furries, and that or main site is like a trashy get together for us, and just an excuse to be here. Its very disconcerting to see this happen and not even know who exactly the culprit is for chasing this from the start.


If the code is secure, it really shouldn't matter. Look at linux, the code is all available for anyone to look at and it's going a long just fine.


----------



## Huskehn (May 17, 2016)




----------



## reptile logic (May 17, 2016)

CreideikiStormbringer said:


> First time posting here. I just created an account to do it. Though I've lurked for a long while...
> 
> 
> Having access to the source shouldn't be a problem. Auguste Kerckhoff in 1883 told us to expect that any attacker "knows the system" (to quote/paraphrase Claude Shannon's later restatement of Kerckhoff's desideratum).
> ...



Are you volunteering your services, or just trying to educate the masses? Speaking for myself only, I have no idea what you're talking about. Then again I freely admit my ignorance and general lack of interest in all things computer. Perhaps you should PM an admin or two and get more directly involved in the process. All it will take is some of your time and effort. Do you have any to spare?


----------



## Yukkie (May 17, 2016)

Holy shit, this hasn't even been going on that long, and we already have 27 pages on this thread alone lol.


----------



## Zepher_Tensho (May 17, 2016)

ZX6R said:


> If the code is secure, it really shouldn't matter. Look at linux, the code is all available for anyone to look at and it's going a long just fine.



Yea but FA doesn't have the same coders that linux does lol


----------



## Bourbon. (May 17, 2016)

Yukkie said:


> Holy shit, this hasn't even been going on that long, and we already have 27 pages on this thread alone lol.


It's been down for over 12 hours at this point. 

It's mostly people engaging in discussion and speculation on who would be behind this.


----------



## SGRedAlert (May 17, 2016)

AliothFox said:


> Yeah, but we're not talking about screenshotting a few notes.  We're talking about accessing and copying terabytes upon terabytes' worth of data.  That's not a quick thing, and with the hardware that they have available (which they lack the resources to adequately upgrade), they wouldn't be able to do that every day without making the site prohibitively slow.


Nah, I was talking about the businesses, dude. It should have been obvious. I am not braindead enough to think you can screenshot the entirety of a website as big as FA. Why would I even mention respect for customers? We don't pay FA anything for this. Which is another reason people should be a little more forgiving.


----------



## ZX6R (May 17, 2016)

Zepher_Tensho said:


> Yea but FA doesn't have the same coders that linux does lol


If FA open sourced it, or allowed the community to help in someway(obviously with approval before code is pushed to prod), then it could be on par with Linux.


----------



## Bourbon. (May 17, 2016)

SGRedAlert said:


> Nah, I was talking about the businesses, dude. It should have been obvious. I am not braindead enough to think you can screenshot the entirety of a website as big as FA. Why would I even mention respect for customers? We don't pay FA anything for this. Which is another reason people should be a little more forgiving.


The biggest problem with that cunning plan is that it doesn't provide clickable links. FA uses a link shorthand for links that have more than a certain number of characters, which makes it impossible to look at it and re-type it elsewhere. For people who deal in a LOT of business, bookmarking all these references would also not be feasible. There's also the possibility of mixing up references and links when going over the notes and not having the ability to click them.


----------



## Flam1ngDem0n (May 17, 2016)

Do we have any current information on the status of the USB drives? Are they still being handed out (for anyone who's been at any current or recent Cons)? Is the data on the USB drives still a source of future attacks? I know a lot of people are concerned out the loss of content but as much as it sucks to say it, there's probably nothing that can be done to get it all back properly.

Personally I am more concerned with the future. Will another attack be possible with the USB drive data? Are they still being given out? Have we found anyone who knows about their origin point (who originally created them)? Or has someone found a "source" that has been able to tell us more?

My other big question is: What sort of legal action can be take when (and if) they find the person(s) responsible for this? Whether it's the actual hacker them-self or the person who created the USB drives and was handing them out. Can any legal action be taken? I am pretty sure (at least in the US, though I don't know where the actual server machine(s) are for the site) that hacking a domain and tampering with content (editing or deleting) is a huge crime.

I don't think sewing the heck out of someone will solve it (as they can just rebuild and do it all again. Plus sewing someone is a overused "solution" to everyone's problems these days (just look at Hollywood), so it doesn't actually solve the problem. It just delays another attack. So if the perpetrator is found, is possible jail time a thing? Like I said, I don't know the FA server location (in the world) but depending on where they are, the severity of legal action can range from a fine to long time behind bars.


----------



## Zepher_Tensho (May 17, 2016)

ZX6R said:


> If FA open sourced it, or allowed the community to help in someway(obviously with approval before code is pushed to prod), then it could be on par with Linux.


I bet but....to many trolls would be dicking around with it. Also it's owned by a private company now, who probably wouldn't do that.


----------



## Bourbon. (May 18, 2016)

Flam1ngDem0n said:


> Do we have any current information on the status of the USB drives? Are they still being handed out (for anyone who's been at any current or recent Cons)? Is the data on the USB drives still a source of future attacks? I know a lot of people are concerned out the loss of content but as much as it sucks to say it, there's probably nothing that can be done to get it all back properly.
> 
> Personally I am more concerned with the future. Will another attack be possible with the USB drive data? Are they still being given out? Have we found anyone who knows about their origin point (who originally created them)? Or has someone found a "source" that has been able to tell us more?
> 
> ...


Unfortunately, I think it's difficult to assess how many copies were made or if they will continue to be distributed. BLFC barely happened last weekend, so there's not much to go off of to speculate about the future. 

Also, FA is hosted in the US.


----------



## hera (May 18, 2016)

Is it time to opensource FA and have volunteers suggest security fixes?  I mean its just a matter of time before it becomes public.  Why not fight fire with fire.


----------



## SGRedAlert (May 18, 2016)

Bourbon. said:


> The biggest problem with that cunning plan is that it doesn't provide clickable links. FA uses a link shorthand for links that have more than a certain number of characters, which makes it impossible to look at it and re-type it elsewhere. For people who deal in a LOT of business, bookmarking all these references would also not be feasible. There's also the possibility of mixing up references and links when going over the notes and not having the ability to click them.


Well in which case, maybe people shouldn't base their businesses off of an unstable website in the first place. /shrug/ I'm just expressing how not sorry I feel for businesses who lost information in this - I'm not sure why you would rely on a website known for it's instability for something as important as that.
I suppose this is why many fursuit businesses have off-site websites with commission forms. For this very reason.


----------



## zilchfox (May 18, 2016)

hera said:


> Is it time to opensource FA and have volunteers suggest security fixes?  I mean its just a matter of time before it becomes public.  Why not fight fire with fire.


I was literally just talking to someone about how FA might be better off as open source.


----------



## ZX6R (May 18, 2016)

Zepher_Tensho said:


> I bet but....to many trolls would be dicking around with it. Also it's owned by a private company now, who probably wouldn't do that.





ZX6R said:


> (obviously with approval before code is pushed to prod)



Github is a private company. Part of what powers Github is on Github itself. Linux is on Github. A large part of the reddit code is available on Github. If you follow these 3 examples, then there's no problem. Sure, you could spam pull requests, but it's not going to go into production until you approve it to do so, and the server fetches the newest revision. It doesn't have to be Github, any version control software should work in theory.


----------



## LyrrenClock (May 18, 2016)

hera said:


> Is it time to opensource FA and have volunteers suggest security fixes?  I mean its just a matter of time before it becomes public.  Why not fight fire with fire.


that sounds like a good idea in theory sadly though with the kind of people among our community it might end up hurting us more than helping let alone with the sheer amounts of negative onlookers too it is basically putting a giant bulls eye on the site in my honest opinion but I see where you are coming from and how it would be a good idea taking all these negative outcomes out of the situation


----------



## BigbirdTKF (May 18, 2016)

When I opened the translator, I totally can't understand what you're talking about.
It would be better if I close it.
Now I won't trust any translator...


----------



## Zepher_Tensho (May 18, 2016)

ZX6R said:


> Github is a private company. Part of what powers Github is on Github itself. Linux is on Github. A large part of the reddit code is available on Github. If you follow these 3 examples, then there's no problem. Sure, you could spam pull requests, but it's not going to go into production until you approve it to do so, and the server fetches the newest revision.



Hmmm, well I wasn't aware since I haven't gotten involved in anything open source, although I'm pro-open source.


----------



## Bourbon. (May 18, 2016)

SGRedAlert said:


> Well in which case, maybe people shouldn't base their businesses off of an unstable website in the first place. /shrug/ I'm just expressing how not sorry I feel for businesses who lost information in this - I'm not sure why you would rely on a website known for it's instability for something as important as that.
> I suppose this is why many fursuit businesses have off-site websites with commission forms. For this very reason.


Well FA happens to be the only viable business model for a lot of people. Blaming the victims because they happen to use FA helps no one. 

(Also, that probably has more to do with how much more revenue fursuit business brings in than other art types.)


----------



## Gem-Wolf (May 18, 2016)

So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
Time to practice what you preach people!


----------



## Bourbon. (May 18, 2016)

Gem-Wolf said:


> So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
> Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
> Time to practice what you preach people!


Me thinks you doth protest too much. 

I've only seen a handful of people complaining. This thread has primarily been speculation and discussions on site security.


----------



## CreideikiStormbringer (May 18, 2016)

reptile logic said:


> Are you volunteering your services, or just trying to educate the masses? Speaking for myself only, I have no idea what you're talking about. Then again I freely admit my ignorance and general lack of interest in all things computer. Perhaps you should PM an admin or two and get more directly involved in the process. All it will take is some of your time and effort. Do you have any to spare?



I updated the text of my post a bit, because I realized I left out an important point after I mentioned Kerckhoff's Principle.

In any case, I'm _not_ a web dev. My coding skills lie in embedded applications/systems development and process control systems. So, long story short I'm not volunteering my services in helping fix up FA's code.


What I am trying to do is educate the masses, somewhat, in a topic which has been known in the cryptography circles since 1883. Namely, never to have the security of your system be reliant upon the function of the system remaining secret; rely on the strength of the algorithms the system implements for your security. We have a wide corpus of work showing how relying on security through obscurity simply _does not work_ (see: the German Enigma cipher of WWII fame; which was broken so hard the Germans couldn't even believe it after they were told about it at the end of the war). The variety of Linux and BSD systems show this, their codebase is free and open, and you most often only see exploits on those systems occurring in closed source "binary blobs" from third party developers. OpenBSD, like I mentioned, is known to be extremely security focused, and there are many commercial entities who use software and code written in the OpenBSD project in their products. (Example: The Core Force firewall for Windows is essentially a straight port of OpenBSD's pf firewall. Microsoft's own Windows Services for UNIX (and it's derivative Services for UNIX Applications) are built on OpenBSD code as well.)

So to TL;DR my point, I'll just quote the preeminent Claude Shannon: "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them".


----------



## TwistedTeeth (May 18, 2016)

Gem-Wolf said:


> So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
> Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
> Time to practice what you preach people!



Doesn't really pertain to the situation, as fA is a website. It's also a major source of income for some people as well as a social platform, it doesn't really matter if it's free or not. The site has had multiple instances of loopholes in the code security and it's high time something is done to FILL those loopholes. People aren't complaining so much that it's down, it's more a matter of the fact that it's down due to attacks like this so _often_.


----------



## deragorka (May 18, 2016)

Gem-Wolf said:


> So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
> Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
> Time to practice what you preach people!


Honestly, that's a crappy excuse for being a shit service. "Free" does not mean certain quality standards should not be met. Websites go down. That's life. But something of this magnitude is catastrophic. And those complaining probably have their livelihoods built around their art commissions here. Try living a week without pay only to see your paycheck either $0 or half of what it should be.


----------



## hera (May 18, 2016)

Gem-Wolf said:


> So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
> Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
> Time to practice what you preach people!



This isn't a simply factor of a site being down.  With the source code leaked, there could be further ramifications.  I have justifiable concerns about site security.


----------



## ZX6R (May 18, 2016)

CreideikiStormbringer said:


> I updated the text of my post a bit, because I realized I left out an important point after I mentioned Kerckhoff's Principle.
> 
> In any case, I'm _not_ a web dev. My coding skills lie in embedded applications/systems development and process control systems. So, long story short I'm not volunteering my services in helping fix up FA's code.
> 
> ...


I think people think access to the code is like having the keys to the castle. In poorly coded enviroments, possibly. In well implemented ones, it's not worth much.


----------



## AsheSkyler (May 18, 2016)

Bourbon. said:


> Well FA happens to be the only viable business model for a lot of people. Blaming the victims because they happen to use FA helps no one.
> 
> (Also, that probably has more to do with how much more revenue fursuit business brings in than other art types.)


Aye. Etsy only goes so far for crafters before a niche creator has to go find a niche platform to sell on and leave the other platforms to be the supplement to your income supplement.


----------



## SGRedAlert (May 18, 2016)

Bourbon. said:


> Well FA happens to be the only viable business model for a lot of people. Blaming the victims because they happen to use FA helps no one.
> 
> (Also, that probably has more to do with how much more revenue fursuit business brings in than other art types.)


As someone who once sold quite a bit of art on FA - that's bull. They're not victims. They, as presumably responsible business-people, need to make damn sure their information is not going to be lost. That's why we back up our computers whether they're new or old - why skimp on that sort of responsibility here, especially when it involves other people and their money, no matter how much? All I'm saying is, you should make sure if you don't want something lost - back it up somewhere. :/ Why call someone a victim for simply being irresponsible? I would feel equally not as bad for someone who lost information on a much more stable site.


----------



## ohtar (May 18, 2016)

This is golden. I have to keep coming back every few hours to see how much worse its gotten!

So far its gone from
- random jerk who wants to stir up drama
- random jerk who hates furries
- Bored hacker who just wants to watch the world burn
then suddenly it jumps to religious extremists and an entire convention of hackers who aren't even at the same convention!

I wonder when someone is gonna spin the government conspiracy theories as something more than just for the lulz XD

between this and
"Are all my files gone??"
"no your files are fine."
"OMG I HAVE TO REUPLOAD ALL MY FILES I JUST KNOW IT"
"I just said your files are fine...."
"Did someone say files? All our notes are deleted! OMG life is over!"
"Guys! can you not..."
"Did you all hear? the whole site was deleted and now Islam is trying to kill us all!"
"..... for the love of....."


----------



## Bourbon. (May 18, 2016)

SGRedAlert said:


> As someone who once sold quite a bit of art on FA - that's bull. They're not victims. They, as presumably responsible business-people, need to make damn sure their information is not going to be lost. That's why we back up our computers whether they're new or old - why skimp on that sort of responsibility here, especially when it involves other people and their money, no matter how much? All I'm saying is, you should make sure if you don't want something lost - back it up somewhere. :/ Why call someone a victim for simply being irresponsible? I would feel equally not as bad for someone who lost information on a much more stable site.


I honestly doubt you'd say the same about other larger sites built around users selling things (such as etsy or ebay). People aren't upset because they can't access notes, they are upset because they can't continue to conduct business so long as FA remains offline.


----------



## AliothFox (May 18, 2016)

Gem-Wolf said:


> So many people complaining! What was it that most artists say to people who are getting free art? hmmm  *taps chin and ponders*
> Oh yeah that's right - _"if its free, you have no rights to complain. Be grateful that you are getting it in the first place"_
> Time to practice what you preach people!



Wow, a tad bit salty over something completely irrelevant?  The "it's free, so you don't have a right to complain" argument is really old.  For one thing, there are a _whole lot of artists_ (including myself) who make a considerable portion of their living from FurAffinity.  Sure, I'm glad it's a free service!  But me using their site and promoting my profile on their site also boosts their ad revenues, their Alexa ranking, and a whole lot of other things.  And if a big enough portion of the site's userbase were to actually take our business elsewhere, FurAffinity wouldn't be able to survive, because it would quickly turn into a money pit for its owners.  It's a symbiotic relationship.

Secondly, most of the people here (with some exceptions, I'm sure), genuinely don't want to see FA fail.  We're not "complaining" - we're discussing our thoughts on why the site might be having these problems, who might be responsible, and how they might be avoided in the future.  This is simple "water cooler" talk.  We're shooting the breeze while we're waiting for the site to come back up.  No need to be so hostile.


----------



## Altair_the_lugia (May 18, 2016)

ZX6R said:


> I think people think access to the code is like having the keys to the castle. In poorly coded enviroments, possibly. In well implemented ones, it's not worth much.


In poorly coded enviroments huh? like FA?


----------



## LyrrenClock (May 18, 2016)

ohtar said:


> This is golden. I have to keep coming back every few hours to see how much worse its gotten!
> 
> So far its gone from
> - random jerk who wants to stir up drama
> ...


I totaly see the last half of this post becoming a thing really if it goes on for another day really and honestly I'd just sit here laughing my fluffy rear off XD


----------



## Gem-Wolf (May 18, 2016)

Bourbon. said:


> Me thinks you doth protest too much.
> I've only seen a handful of people complaining. This thread has primarily been speculation and discussions on site security.



lol protest too much? its de first time I have commented on this thread. Yes you are right it has been good discussion recently i was however referring to those who were complaining so this only applies to a few. 



TwistedTeeth said:


> Doesn't really pertain to the situation, as fA is a website. It's also a major source of income for some people as well as a social platform, it doesn't really matter if it's free or not. The site has had multiple instances of loopholes in the code security and it's high time something is done to FILL those loopholes. People aren't complaining so much that it's down, it's more a matter of the fact that it's down due to attacks like this so _often_.



Again true, but I can't stand people complaining over something that is provided free.



deragorka said:


> Honestly, that's a crappy excuse for being a shit service. "Free" does not mean certain quality standards should not be met. Websites go down. That's life. But something of this magnitude is catastrophic. And those complaining probably have their livelihoods built around their art commissions here. Try living a week without pay only to see your paycheck either $0 or half of what it should be.



Just means you shouldn't rely on it 100% if its your income. 



hera said:


> This isn't a simply factor of a site being down.  With the source code leaked, there could be further ramifications.  I have justifiable concerns about site security.



Thats fine to have concerns just hate seeing people crying over this, it will get fixed soon enough


----------



## Bourbon. (May 18, 2016)

Gem-Wolf said:


> Just means you shouldn't rely on it 100% if its your income.


That's a haphazard argument. FA is central to the furry fandom, so it is _absolutely integral_ to people who make their business off furry art.


----------



## SGRedAlert (May 18, 2016)

Bourbon. said:


> I honestly doubt you'd say the same about other larger sites built around users selling things (such as etsy or ebay). People aren't upset because they can't access notes, they are upset because they can't continue to conduct business so long as FA remains offline.


Etsy and Ebay are primarily business websites - FA is not. People just so happen to have created a little art market on FA - I use 'little' loosely. The prime directive of FA was and still is not a business website - they're incomparable. But again, if you're a responsible human being, you'll still back up information, because shit happens, and you don't want that shit to extend to places that are otherwise completely preventable.


----------



## AliothFox (May 18, 2016)

Bourbon. said:


> That's a haphazard argument. FA is central to the furry fandom, so it is _absolutely integral_ to people who make their business off furry art.



Well, to be fair, calling it "central" to the furry fandom may be a bit of a stretch, but it's certainly a HUGE part of the community.


----------



## Bourbon. (May 18, 2016)

SGRedAlert said:


> Etsy and Ebay are primarily business websites - FA is not. People just so happen to have created a little art market on FA - I use 'little' loosely. The prime directive of FA was and still is not a business website - they're incomparable. But again, if you're a responsible human being, you'll still back up information, because shit happens, and you don't want that shit to extend to places that are otherwise completely preventable.


While it's true that FA is not primarily a business site, business is a huge aspect of it. Nearly everyone on FA either buys or sells art. 

You keep bringing up backing up information, but that isn't relevant for a lot of people who need to be able to sell art to pay their bills. People are upset that they can't conduct _new business _as long as FA is offline. A lot of people are going to be out of money for bills or groceries right now.


----------



## SilverDragarian (May 18, 2016)

ohtar said:


> This is golden. I have to keep coming back every few hours to see how much worse its gotten!
> 
> So far its gone from
> - random jerk who wants to stir up drama
> ...




I just love this lol  and yes i just made this account to make this comment


----------



## SGRedAlert (May 18, 2016)

deragorka said:


> Honestly, that's a crappy excuse for being a shit service. "Free" does not mean certain quality standards should not be met. Websites go down. That's life. But something of this magnitude is catastrophic. And those complaining probably have their livelihoods built around their art commissions here. Try living a week without pay only to see your paycheck either $0 or half of what it should be.


I'll agree with you there. It's not necessarily just losing information, but now businesspeople are completely unable to continue conducting business until FA is back up and running. Which fucking sucks, and I absolutely feel sorry for them in which case - they're going to be out a week's pay. I'm betting there will be a flood of "Help, Can't Pay Bills" campaigns the minute FA is back online.


----------



## Rythas (May 18, 2016)

I think it's funny how quickly this Thread turned into an argument. 29 pages of worry found here, 29 pages of worry..


----------



## Barking-In-the-Dark (May 18, 2016)

I hope it gets fixed soon, the person who did this gets caught, and we can all be happy again and not arguing with each other. T_T
My friend and I were talking and he mentioned that this might help my FA's security better. Either way this will make FA stronger.


----------



## Bourbon. (May 18, 2016)

AliothFox said:


> Well, to be fair, calling it "central" to the furry fandom may be a bit of a stretch, but it's certainly a HUGE part of the community.


I consider it central as it's the junction where everyone meets. There is no larger gathering of furries, either IRL or on the internet than on FA. It acts as a hub to the fandom.


----------



## SGRedAlert (May 18, 2016)

Bourbon. said:


> While it's true that FA is not primarily a business site, business is a huge aspect of it. Nearly everyone on FA either buys or sells art.
> 
> You keep bringing up backing up information, but that isn't relevant for a lot of people who need to be able to sell art to pay their bills. People are upset that they can't conduct _new business _as long as FA is offline. A lot of people are going to be out of money for bills or groceries right now.


Yes, but it's an aspect otherwise unrelated to the administrators, is my point. And yes, I keep bringing up information because that's what I was talking about when you first responded. It's kind of the subject matter for this entire conversation we've been having.
However, yeah, like in my response to Deragorka;
"I'll agree with you there. It's not necessarily just losing information, but now businesspeople are completely unable to continue conducting business until FA is back up and running. Which fucking sucks, and I absolutely feel sorry for them in which case - they're going to be out a week's pay. I'm betting there will be a flood of "Help, Can't Pay Bills" campaigns the minute FA is back online."


----------



## Horsefur (May 18, 2016)

This thread went from civil and great source of info to flame war and drama reaaaaal quick


----------



## Psylantwolf (May 18, 2016)

"I consider it central as it's the junction where everyone meets." -well, *coughs* not to name any, but- there are other furry websites out there that do exactly what FA does, and just don't have the huge user pool yet. When a "central junction" goes down, it's not like we can't move that junction.

...I wonder if I'll get banned for this post :3


----------



## AliothFox (May 18, 2016)

Bourbon. said:


> I consider it central as it's the junction where everyone meets. There is no larger gathering of furries, either IRL or on the internet than on FA. It acts as a hub to the fandom.



I once thought that.  Then I found Twitter.  And I guarantee you there are more furries on Twitter than there are on FA.  I sell a lot of artwork via Twitter, and if I had a nickel for every time I've heard, "Oh, I don't have an FA," I would be a very wealthy fox.  Now, in response to your point, I *do* still use FA as my "hub" since it's impractical to set up a commission page and things like that over Twitter.  But believe me, as much as I want it to succeed, and as important as I agree that it is to the fandom, FA is not indispensable.


----------



## Bourbon. (May 18, 2016)

SGRedAlert said:


> Yes, but it's an aspect otherwise unrelated to the administrators, is my point. And yes, I keep bringing up information because that's what I was talking about when you first responded. It's kind of the subject matter for this entire conversation we've been having.
> However, yeah, like in my response to Deragorka;
> "I'll agree with you there. It's not necessarily just losing information, but now businesspeople are completely unable to continue conducting business until FA is back up and running. Which fucking sucks, and I absolutely feel sorry for them in which case - they're going to be out a week's pay. I'm betting there will be a flood of "Help, Can't Pay Bills" campaigns the minute FA is back online."


Well the entire thing is unrelated to the admins. I doubt they are the ones who leaked the information. The most they can be held culpable for at this point is not keeping the site's coding up to date and letting it rot and using duct tape to fix giant chasms.


----------



## Bourbon. (May 18, 2016)

Psylantwolf said:


> "I consider it central as it's the junction where everyone meets." -well, *coughs* not to name any, but- there are other furry websites out there that do exactly what FA does, and just don't have the huge user pool yet. When a "central junction" goes down, it's not like we can't move that junction.
> 
> ...I wonder if I'll get banned for this post :3


I've already made comments on why the other furry sites aren't viable alternatives.


----------



## SGRedAlert (May 18, 2016)

Horsefur said:


> This thread went from civil and great source of info to flame war and drama reaaaaal quick


A flame war and drama is a bit of a stretch. I would say discussions - nobody is going around stoking fires by throwing racial and homophobic slurs, nor are people (necessarily) filling the thread with useless, unoriginal memes. (Hopefully I didn't just jinx it.)


----------



## Barking-In-the-Dark (May 18, 2016)

Horsefur said:


> This thread went from civil and great source of info to flame war and drama reaaaaal quick



I know. T_T



SGRedAlert said:


> A flame war and drama is a bit of a stretch. I would say discussions - nobody is going around stoking fires by throwing racial and homophobic slurs, nor are people (necessarily) filling the thread with useless, unoriginal memes. (Hopefully I didn't just jinx it.)



Knock on wood?


----------



## AliothFox (May 18, 2016)

What you said:



Psylantwolf said:


> ...I wonder if I'll get banned for this post :3



What I heard: 



Psylantwolf said:


> ...I really hope I get banned for this post so that I can go onto social media and talk about how awful FA is because I got banned for speaking The Truth™ :3



Again, nothing new here.  This is pretty predictable, and more likely the longer this thread goes on, unfortunately.


----------



## Shotalicious (May 18, 2016)

SGRedAlert said:


> A flame war and drama is a bit of a stretch. I would say discussions - nobody is going around stoking fires by throwing racial and homophobic slurs, nor are people (necessarily) filling the thread with useless, unoriginal memes. (Hopefully I didn't just jinx it.)


----------



## SGRedAlert (May 18, 2016)

Psylantwolf said:


> "I consider it central as it's the junction where everyone meets." -well, *coughs* not to name any, but- there are other furry websites out there that do exactly what FA does, and just don't have the huge user pool yet. When a "central junction" goes down, it's not like we can't move that junction.
> 
> ...I wonder if I'll get banned for this post :3


Showing doubt in the admins isn't going to get you banned, but throwing a direct insult by snidely implying they'd get butthurt over a single furry's opinion of them maybe would. If they would rise to the bait, which I sincerely doubt, because they literally have much, much bigger fish to fry.
Plus, I sincerely doubt this is going to shunt the hub of the fandom to Twitter or Weasyl or other somesuch website. Furries are nothing like a herd of cattle. You could beat them with cow prods all day and they won't move an inch. This will all blow over within a month (except for all the fucked-over businesspeople who are losing out on like a week's pay.)


----------



## Psylantwolf (May 18, 2016)

Bourbon. said:


> I've already made comments on why the other furry sites aren't viable alternatives.



...is it literally just because they do not have as large a user pool? ...again, not going to post names for fear it's against the rules or something, but if EVERYONE ON FA moved to w*****, where you can post art, post comments, send notes, all the same functionality, what would be the difference? People could still watch artists, get commissions, search for fappable material (probably still FAs primary use for most furs). ...what am I missing?


----------



## AliothFox (May 18, 2016)

Psylantwolf said:


> ...what am I missing?



Literally almost everything that has been said. -.-


----------



## Shotalicious (May 18, 2016)

Psylantwolf said:


> ...is it literally just because they do not have as large a user pool? ...again, not going to post names for fear it's against the rules or something, but if EVERYONE ON FA moved to w*****, where you can post art, post comments, send notes, all the same functionality, what would be the difference? People could still watch artists, get commissions, search for fappable material (probably still FAs primary use for most furs). ...what am I missing?


Everyone is attached to FA, made a home on it pretty much. Once you get comfortable with one site, you wouldnt just want to leave it because an attack happened, which could be fixed.


----------



## AsheSkyler (May 18, 2016)

Barking-In-the-Dark said:


> Knock on wood?


 Naaaaah, wood is too flammable for this slightly heated discussion.


----------



## AliothFox (May 18, 2016)

AsheSkyler said:


> Naaaaah, wood is too flammable for this slightly heated discussion.



Don't make me pull out my guitar and start a round of "Kum Ba Yah."  Because _I will._


----------



## Rythas (May 18, 2016)

Shotalicious said:


>


Dammit xD


----------



## LyrrenClock (May 18, 2016)

SGRedAlert said:


> A flame war and drama is a bit of a stretch. I would say discussions - nobody is going around stoking fires by throwing racial and homophobic slurs, nor are people (necessarily) filling the thread with useless, unoriginal memes. (Hopefully I didn't just jinx it.)


yeah kinda glad to see it this "civil" really considering how bad it really could be and has a history of getting really...


----------



## Shotalicious (May 18, 2016)

Rythas said:


> Dammit xD


may the meme be with you my friend


----------



## Bourbon. (May 18, 2016)

Psylantwolf said:


> ...is it literally just because they do not have as large a user pool? ...again, not going to post names for fear it's against the rules or something, but if EVERYONE ON FA moved to w*****, where you can post art, post comments, send notes, all the same functionality, what would be the difference? People could still watch artists, get commissions, search for fappable material (probably still FAs primary use for most furs). ...what am I missing?


Weasyl is a ghost town, no one pays attention to Sofurry, Inkbunny is a haven for cub porn, FurryNetwork is making the same mistakes as Weasyl, and deviantArt doesn't allow porn.

There you go. 

It's a catch 22 where artists won't move without their watchers, and watchers won't move if the artists don't. FA would literally have to die before people would move from it en masse, and (as has been shown repeatedly), FA isn't going to give up the ghost so easily or quickly.


----------



## AsheSkyler (May 18, 2016)

AliothFox said:


> Don't make me pull out my guitar and start a round of "Kum Ba Yah."  Because _I will._


Get it, dude. I'll go grab the wood. A nice campfire with some roasted hotdogs and s'mores would be a great way to pass the time while the mods nail the site back together. =)


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> Naaaaah, wood is too flammable for this slightly heated discussion.


XD Maybe it's fire proof?



AliothFox said:


> Don't make me pull out my guitar and start a round of "Kum Ba Yah."  Because _I will._


DO EET. (please?) If not that Happy Birthday would work. ;-P


----------



## Keira_Lunar (May 18, 2016)

Man this is such a drag if i was only as smart as Kokonoe  i would help the admins and Devs out bring my favorite art site back online
damn hackers  always making life hard and miserable

i just hope not to much of my hard earned data is not lost probably not since i joined for over a year now at the very most i might have lost some comments and might have re submit a pic but hopefully thats all

well admins and Devs you have my full support i understand this is a nasty take down and i don't expect it to be fixed any time soon i just hope you can full on remove this exploit and bring the website back up soon im in no rush im jobless any way so i got nothing else to do really  but damn its going to be boring not being able to see what my watchers and those i watched are up to


*sighs*  now then what to do now   i guess its back to racing on Project cars or Mastering Kokonoe in BlazBlue Chronophantasma

once again Admins you have my Full support  i know you can get this issue sorted out the question is really how long its going to take

at least i know my pictures and commissions are safe on my External hard drive


also this has got to be a crime its easily a cyber attack and im sure thats agenst the law 
i hope the attacker or attackers are put to Justice but with it being a cyber crime its not easy to track


----------



## AsheSkyler (May 18, 2016)

Barking-In-the-Dark said:


> XD Maybe it's fire proof?


Or very, very green. Green wood is a real pain to get to light!


----------



## AliothFox (May 18, 2016)

AsheSkyler said:


> Get it, dude. I'll go grab the wood. A nice campfire with some roasted hotdogs and s'mores would be a great way to pass the time while the mods nail the site back together. =)



The irony of this is that I actually _am_ going camping in the mountains with a local fur friend for the next couple of days.  Leaving tomorrow morning.  Hopefully the site's issues will be sorted out by then.  Meantime, I'd say Dragoneer could probably use a plate of cookies and a few Red Bulls.


----------



## LyrrenClock (May 18, 2016)

AsheSkyler said:


> Get it, dude. I'll go grab the wood. A nice campfire with some roasted hotdogs and s'mores would be a great way to pass the time while the mods nail the site back together. =)


mmmm smores oh and dont forget to toss the admins some spare rolls of duct tape it comes in handy on fixing anything!


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> Or very, very green. Green wood is a real pain to get to light!



And it causes a lot of smoke if I remember correctly. @_@



LyrrenClock said:


> mmmm smores oh and dont forget to toss the admins some spare rolls of duct tape it comes in handy on fixing anything!


Don't forget the WD40!


----------



## AsheSkyler (May 18, 2016)

AliothFox said:


> The irony of this is that I actually _am_ going camping in the mountains with a local fur friend for the next couple of days.  Leaving tomorrow morning.  Hopefully the site's issues will be sorted out by then.  Meantime, I'd say Dragoneer could probably use a plate of cookies and a few Red Bulls.


That sounds like a pretty good vacation this time of the year. Warm afternoon, cool nights, not too many bugs. Hope ya have a good trip!


----------



## Shotalicious (May 18, 2016)

Barking-In-the-Dark said:


> And it causes a lot of smoke if I remember correctly. @_@
> 
> 
> Don't forget the WD40!


And the e600! Cant forget that~


----------



## Rabbi-Tom (May 18, 2016)

_Flame war and drama

Napalm sticks to little furs, Doo dah, Doo Dah!_


----------



## Fawk (May 18, 2016)

Bourbon. said:


> Weasyl is a ghost town, no one pays attention to Sofurry, Inkbunny is a haven for cub porn, FurryNetwork is making the same mistakes as Weasyl, and deviantArt doesn't allow porn.
> 
> There you go.
> 
> It's a catch 22 where artists won't move without their watchers, and watchers won't move if the artists don't. FA would literally have to die before people would move from it en masse, and (as has been shown repeatedly), FA isn't going to give up the ghost so easily or quickly.



Not to mention, with so many sites out there, people aren't just going to move to just one. Everyone will split up and go their separate ways. So no matter what site you choose to go to, it will have fewer people than what FA had.


----------



## AsheSkyler (May 18, 2016)

LyrrenClock said:


> mmmm smores oh and dont forget to toss the admins some spare rolls of duct tape it comes in handy on fixing anything!


"If it moves and it shouldn't, get duct tape. If it should move and it doesn't, get WD40." But Barking-in-the-Dark beat me to it! ^,^



Barking-In-the-Dark said:


> And it causes a lot of smoke if I remember correctly. @_@


Lots and lots of nasty smelling smoke at that.


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> "If it moves and it shouldn't, get duct tape. If it should move and it doesn't, get WD40." But Barking-in-the-Dark beat me to it! ^,^
> 
> 
> Lots and lots of nasty smelling smoke at that.



Lets not and say we didn't. I have asthsma and I don't want to go into a coughing fit. X_x

Edit: XD I'm from the south where duct tape and WD40 fixes non people/living things.


----------



## jup-reindeer (May 18, 2016)

Taluwen said:


> I'll never understand why people do this sort of thing. You gain nothing.



The internet is a wonderful thing. It brings people together, gives us _'all'_ the information, pipes in all the pretty pictures and does a Ga-Zillion more things. Truly a wonderful thing, indeed.

But, the battle of the light vs the dark is as old as time, itself. Dare I give the possible 'first attack' scenario?

And God said "Let there be life."
And so, life came to be. And it was good. And it was grand. And it was happy.
The Devil stopped by and disliked this thing called life.
And so, the Devil said "Let there be disease and mosquitoes to transmit it with."
God replied, "Oh, crap..."

Some day, AI will probably create web code so complex and ever changing that no Human hacker can ever figure out the loop holes. Then, AI will look at all the crummy code that governs these weapons and declare Humanity to be extinct. After all...no hackers means no threats.


----------



## Bloatable (May 18, 2016)

While this thread blew up, I've been uploading Smash Bros videos. There are other things we can be doing!


----------



## AsheSkyler (May 18, 2016)

Barking-In-the-Dark said:


> Lets not and say we didn't. I have asthsma and I don't want to go into a coughing fit. X_x
> 
> Edit: XD I'm from the south where duct tape and WD40 fixes non people/living things.


Amen! It's hard for anybody not to cough if they happen into a cloud of that by mistake.

Heehee, yup. We love our duct tape and WD40 down here.


----------



## AliothFox (May 18, 2016)

AsheSkyler said:


> "If it moves and it shouldn't, get duct tape. If it should move and it doesn't, get WD40." But Barking-in-the-Dark beat me to it! ^,^
> 
> 
> Lots and lots of nasty smelling smoke at that.



And it's been rainy and damp here for the last several days, so scavenging for dry kindling may be a tad bit difficult.

But I think we've gone rather far afield here.


----------



## Bourbon. (May 18, 2016)

Fawk said:


> Not to mention, with so many sites out there, people aren't just going to move to just one. Everyone will split up and go their separate ways. So no matter what site you choose to go to, it will have fewer people than what FA had.


That's also a good point!


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> Amen! It's hard for anybody not to cough if they happen into a cloud of that by mistake.



Indeed!



Bloatable said:


> While this thread blew up, I've been uploading Smash Bros videos. There are other things we can be doing!


Cools. I've been trying to 100% Flower and get 100+ hours of game play in Far Cry Primal.


----------



## SGRedAlert (May 18, 2016)

LyrrenClock said:


> yeah kinda glad to see it this "civil" really considering how bad it really could be and has a history of getting really...


And now it's dissolved into useless banter. Still better than trolls and mindless assholes.


----------



## AsheSkyler (May 18, 2016)

AliothFox said:


> And it's been rainy and damp here for the last several days, so scavenging for dry kindling may be a tad bit difficult.
> 
> But I think we've gone rather far afield here.


Yikes... Indeed, might need to bring some kindling.

Er, um, yes. Back on topic. So, how 'bout them hackers? Real snotholes, ain't they?


----------



## foxenbperry (May 18, 2016)

lone_wolf323 said:


> I think some powdered donuts and some maple glazed ones would sound amazing at this point.



I love the maple glazed ones filled with creme.


----------



## AliothFox (May 18, 2016)

AsheSkyler said:


> Yikes... Indeed, might need to bring some kindling.
> 
> Er, um, yes. Back on topic. So, how 'bout them hackers? Real snotholes, ain't they?



Total jerks, the lot of them!


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> Yikes... Indeed, might need to bring some kindling.
> 
> Er, um, yes. Back on topic. So, how 'bout them hackers? Real snotholes, ain't they?



-sips tea- Quite so. A bunch of snotholes indeed.


----------



## foxenbperry (May 18, 2016)

CrescentStarHusky said:


> I don't have any! *dies*



Then tomorrow.. or today.. whatever time zone you are in.. and if you have a few bucks lying around.. go get some..they're amazing! :3


----------



## SilverDragarian (May 18, 2016)

foxenbperry said:


> I love the maple glazed ones filled with creme.


 
Mmmmm chocolate glazed


----------



## rjbartrop (May 18, 2016)

There are in fact people who have paid for the use of FA, and they're the ones who bought ad space.  Not just the artists, but the companies who bought Google ads.   All purchased so that a certain percentage for the FA userbase would look at them, click on them, and hopefully buy their services.    None of which is happening while FA is down.  So even if most of the users of FA aren't the actual "customers", it doesn't mean that keeping them happy and using FA isn't important.


----------



## AsheSkyler (May 18, 2016)

I would have gone with "buttholes", buuuut, considering on FA that seems to be the favored opening of the entire body, it might come across as a compliment to the hackers.


----------



## Shotalicious (May 18, 2016)

SilverDragarian said:


> Mmmmm chocolate glazed


Ahh I love me some chocolate glazed oh my..


----------



## ShaneKanayo (May 18, 2016)

Bloatable said:


> While this thread blew up, I've been uploading Smash Bros videos. There are other things we can be doing!



FA was supposed to distract me from my month long streak of Dank Souls III ;w;


----------



## foxenbperry (May 18, 2016)

SilverDragarian said:


> Mmmmm chocolate glazed



I read that in Homer's voice >3>


----------



## Serathinian (May 18, 2016)

Looks like _something_ is happening. The usual screen of Fender writing on a piece of paper has just  been replaced by a box saying "Image not found" and attempting to go to furaffinity.net redirects you to "d.facdn.net / down"

So my educated guess is that... Well. They did a thing and stuff changed.


----------



## Lupin V Wolfe (May 18, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_



Even worse: this account is about a smaller, totally unrelated problem, which is not yet completely fixed, and now becomes the very definition of backburner...

As to the issue at hand, anyone know any real hackers, good ones? I.e. the kinda person who knows how to find these holes and how best to exploit them. Not that I mistrust the webmasters' skills and security protocols, but who better to run a realistic audit? It's like the police hiring an ex-burglar as a consultant, in attempting to prevent burglaries. Just my thoughts...


----------



## Psylantwolf (May 18, 2016)

Bourbon. said:


> That's also a good point!


 You don't think some kind of favorite site would emerge, and it wouldn't just be like now, and then when THAT site went down everyone wouldn't say the exact same things that they are saying now?


----------



## NplusD (May 18, 2016)

My picture direct links are safe. I dunno if that means good for me or not...


----------



## ShadowFur (May 18, 2016)

This is where you get the Police and FBI involved.


----------



## Shotalicious (May 18, 2016)

Serathinian said:


> Looks like _something_ is happening. The usual screen of Fender writing on a piece of paper has just  been replaced by a box saying "Image not found" and attempting to go to furaffinity.net redirects you to "d.facdn.net / down"
> 
> So my educated guess is that... Well. They did a thing and stuff changed.


Hm, nothing has changed on my part. I still see the normal thing


----------



## AliothFox (May 18, 2016)

Fawk said:


> Not to mention, with so many sites out there, people aren't just going to move to just one. Everyone will split up and go their separate ways. So no matter what site you choose to go to, it will have fewer people than what FA had.



This is actually a really good point.  And even though FA is not completely indispensable to the furry fandom, this point certainly speaks to the point of how important it is to the fandom.  In one camp you have people who think that FA is the center of everything and that it's the end of the world when it goes down - and in the other camp you have people who think that FA going down for good would be a good thing for the fandom and that "another site" would just pick up the slack and everything would be just tea and crumpets.  I honestly think both points of view are pretty disingenuous.  The fate of the fandom is certainly not intrinsically tied to FurAffinity, but FA going down would certainly not do the fandom any favors.

A lot of people would go to various different sites rather than congregate in one place, and a lot of users with only a passive interest in the fandom would just shrug it off and probably not participate in the fandom anymore.  So yeah, FA going offline wouldn't kill the fandom, but it would certainly wound it pretty deeply.


----------



## ShaneKanayo (May 18, 2016)

Serathinian said:


> Looks like _something_ is happening. The usual screen of Fender writing on a piece of paper has just  been replaced by a box saying "Image not found" and attempting to go to furaffinity.net redirects you to "d.facdn.net / down"
> 
> So my educated guess is that... Well. They did a thing and stuff changed.


I still see Fender writing his homo erotic fan fiction starring Shrek and Shadow the Hedgehog.


----------



## AliothFox (May 18, 2016)

Serathinian said:


> Looks like _something_ is happening. The usual screen of Fender writing on a piece of paper has just  been replaced by a box saying "Image not found" and attempting to go to furaffinity.net redirects you to "d.facdn.net / down"
> 
> So my educated guess is that... Well. They did a thing and stuff changed.



Huh. I'm not getting that.  Could just be on your end.


----------



## SGRedAlert (May 18, 2016)

Serathinian said:


> Looks like _something_ is happening. The usual screen of Fender writing on a piece of paper has just  been replaced by a box saying "Image not found" and attempting to go to furaffinity.net redirects you to "d.facdn.net / down"
> 
> So my educated guess is that... Well. They did a thing and stuff changed.


Uh, maybe you should F5. Mine's fine;





(Edit: Realised I'm dumb. Not everyone has the same time zone. Post still stands, though.
Also, JFC, I posted a link for a reason. Sorry for the page stretch, dur.)


----------



## Serathinian (May 18, 2016)

ShaneKanayo said:


> I still see Fender writing his homo erotic fan fiction starring Shrek and Shadow the Hedgehog.


Well *NOW* that's what I see. Not sure what it means, if anything.

Either way _it's all ogre now_.


----------



## Rabbi-Tom (May 18, 2016)

Hey Neer, remember this and remember this well....

No Boom today, Boom tomorrow, always a boom tomorrow!!

I suspect our Draconic overlord will be seeking out those responsible and saying...

"The path of the righteous man is beset on all sides by the iniquities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother’s keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee.”

Give em hell Neer.


----------



## Barking-In-the-Dark (May 18, 2016)

So like are we all gonna have to help repaint the walls to hide the duct-tape and stuff? 

Joking aside I still see Fender as well. Also I learned one of the FA mascots names!


----------



## SilverDragarian (May 18, 2016)

AliothFox said:


> Huh. I'm not getting that.  Could just be on your end.


 
no i had it come up 2 but it only lasted a few minutes before going back the "FA is Temp....."  screen


----------



## Serathinian (May 18, 2016)

Barking-In-the-Dark said:


> So like are we all gonna have to help repaint the walls to hide the duct-tape and stuff?
> 
> Joking aside I still see Fender as well. Also I learned one of the FA mascots names!


The dragon is Rednef. Look at her name in a mirror.


----------



## AliothFox (May 18, 2016)

SilverDragarian said:


> no i had it come up 2 but it only lasted a few minutes before going back the "FA is Temp....."  screen



Well, maybe that means they're in the process of trying to bring the site back up. *shrugs* At this point, it's something different at least.

Since I'm sure we're all pretty much spamming the F5 key.


----------



## Barking-In-the-Dark (May 18, 2016)

Serathinian said:


> The dragon is Rednef. Look at her name in a mirror.


 COOL! I never knew that. XD


----------



## Serathinian (May 18, 2016)

AliothFox said:


> Well, maybe that means they're in the process of trying to bring the site back up. *shrugs* At this point, it's something different at least.
> 
> Since I'm sure we're all pretty much spamming the F5 key.



I know _I _am! I need my furry porn and I don't want to use e621!


----------



## Bourbon. (May 18, 2016)

Barking-In-the-Dark said:


> So like are we all gonna have to help repaint the walls to hide the duct-tape and stuff?
> 
> Joking aside I still see Fender as well. Also I learned one of the FA mascots names!


The other mascot is Rednef. Now you know both!


----------



## AsheSkyler (May 18, 2016)

I only F5'd once and tried an alternate browser in case Firefox's cache was giving me grief like when I tinker with my own website. I moderated myself!


----------



## Barking-In-the-Dark (May 18, 2016)

Bourbon. said:


> The other mascot is Rednef. Now you know both!


 ^_^ Indeedly!


----------



## Shotalicious (May 18, 2016)

Serathinian said:


> I know _I _am! I need my furry porn and I don't want to use e621!


e621s got some good porn tho


----------



## Serathinian (May 18, 2016)

Shotalicious said:


> e621s got some good porn tho


Not enough honestly. I almost wish it was more popular than FA. It's way easier avoiding boner killing art with a black list and a "sort by rating" system as well as user edited tags.

People on FA forget to tag their shit.


----------



## ShaneKanayo (May 18, 2016)

5/17 WAS AN INSIDE JOB


----------



## jup-reindeer (May 18, 2016)

Lunarmagic said:


> This is just personal thoughts as an Information Technician (IT) though with no knowledge as to how much the people working there know what they are doing, nor knowing what equipment they are working with. I know personally that The Navy utilizes this technique and, generally, Has some of the most out dated equipment out there, ie. Windows XP and Vista. Just general concerns/advice. If I am wrong about anything I would be happy to hear from you.



Oh...I do highly expect that in some deep, dark bunkers, there are military grade computing equipment, just waiting for World War III to start...complete with Reel-to-Reel drives, out there.

Granted, I'd be far more worried about the fact that there are still air traffic control towers in operation to this day, operating with computers that still function off of vacuum tube tech. Why, you couldn't even run Windows 1.0 beta on one of those!


----------



## Barking-In-the-Dark (May 18, 2016)

ShaneKanayo said:


> 5/17 WAS AN INSIDE JOB


Pretty sure it was aliens.


----------



## LyrrenClock (May 18, 2016)

SGRedAlert said:


> And now it's dissolved into useless banter. Still better than trolls and mindless assholes.


yup I prefer random babble for shits and giggles and help us all pass the time in a communal way than trolling any day XD


----------



## AsheSkyler (May 18, 2016)

ShaneKanayo said:


> 5/17 WAS AN INSIDE JOB


With all the porn talk at the moment, the first thing that I pictured was some annoying hacker in a stomach after a round of vore. XD


----------



## Serathinian (May 18, 2016)

ShaneKanayo said:


> 5/17 WAS AN INSIDE JOB


http://i.imgur.com/H1YofDR.jpg


----------



## Shotalicious (May 18, 2016)

AsheSkyler said:


> With all the porn talk at the moment, the first thing that I pictured was some annoying hacker in a stomach after a round of vore. XD


SAME XD


----------



## AsheSkyler (May 18, 2016)

Shotalicious said:


> SAME XD


And with the mention of Fender writing about ogre porn, that means the hacker was Lord Farquad. He was even in a stomach! Given his disposition and  if you slur his name just right... Yeah. Found the culprit.


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> And with the mention of Fender writing about ogre porn, that means the hacker was Lord Farquad. He was even in a stomach! Given his disposition and  if you slur his name just right... Yeah. Found the culprit.



I might have laughed louder than I intended too. XD Hopefully I didn't wake the hubby up.


----------



## Serathinian (May 18, 2016)

AsheSkyler said:


> And with the mention of Fender writing about ogre porn, that means the hacker was Lord Farquad. He was even in a stomach! Given his disposition and  if you slur his name just right... Yeah. Found the culprit.


I remember at the end of Shrek after Farquad was swallowed whole, during the singing part you see him with a match in the dragon's belly.
When I went to Universal Studios (I think it was Universal) they had a special movie on that isn't available on DVD. The only thing I remember was that Farquad's ghost was the villain.

In other words, this means that in Shrek canon Farquad was slowly and painfully disintegrated by stomach acid and his only remains is a pile of feces. That's going to fuck with me forever.


----------



## AsheSkyler (May 18, 2016)

Well, it be me bedtime. I wish you all good days or nights, depending on your individual timezones, my good ladies, gents, and whatever-the-heck-else-there-is-online.


----------



## Barking-In-the-Dark (May 18, 2016)

AsheSkyler said:


> Well, it be me bedtime. I wish you all good days or nights, depending on your individual timezones, my good ladies, gents, and whatever-the-heck-else-there-is-online.



Same here and to you!
I gotta try and get some rest. X_x Hopefully this melatonin will work soon. Goodnight/day everyone!


----------



## Cakefox (May 18, 2016)

How bad is it that I'm refreshing the page every few minutes and still feeling that sense of loss knowing the site's still down?


----------



## Shotalicious (May 18, 2016)

Cakefox said:


> How bad is it that I'm refreshing the page every few minutes and still feeling that sense of loss knowing the site's still down?


Ah, same, I started using it more two days ago...and im already really sad its down..


----------



## jup-reindeer (May 18, 2016)

Iracuse said:


> There was a three month downtime? I must've missed out on that one, sounds rather impressive.



Just ask Sony. (And they had a whole lot more money to lose over those hacker attacks on the PlayStation network. I mean...even the on-line store couldn't operate. Talking millions. FA's _probably_ more like thousands.)


----------



## Keira_Lunar (May 18, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_





*raises her hand as well *i just HAD to put my say and opinion on the matter


----------



## FoxWolfie (May 18, 2016)

It's looking good for FA.  Direct links to submissions on t.facdn.net are working.  Example
I kept a direct link to everything I've ever submitted, and even my most recent submissions are still intact.  I hope that means everyone else's stuff is successfully recovered too.


----------



## Kafj302 (May 18, 2016)

I had an account here for some time, never really used it, but I'm here none the less. I hope our beloved site is back up an running soon (and yes I know there is ETA on it yet).
For the future NEVER plug in and unknown USB into a computer that is A) connected to the net B) has files you want to keep safe. The simplest hack is that of leaving a USB laying around, and then someone will pick it, and infect thier computer.


----------



## jup-reindeer (May 18, 2016)

Rythas said:


> Not everyone is perfect, not many sites are perfect (apparently Google is since they challenged hackers to break their codes)...



I fear Google. I really do. They're going in with their own OS, trying to make the computing world their own. Plus, they are sending out all these physical world torpedoes...I mean self driving cars. And trying for all so much more. What's next? Google ICBM's???


----------



## Bourbon. (May 18, 2016)

Kafj302 said:


> I had an account here for some time, never really used it, but I'm here none the less. I hope our beloved site is back up an running soon (and yes I know there is ETA on it yet).
> For the future NEVER plug in and unknown USB into a computer that is A) connected to the net B) has files you want to keep safe. The simplest hack is that of leaving a USB laying around, and then someone will pick it, and infect thier computer.


That's not really relevant here. The USBs were being used to distribute a copy of the database code that the hackers had already accessed through site vulnerabilities.


----------



## SilverDragarian (May 18, 2016)

jup-reindeer said:


> I fear Google. I really do. They're going in with their own OS, trying to make the computing world their own. Plus, they are sending out all these physical world torpedoes...I mean self driving cars. And trying for all so much more. What's next? Google ICBM's???




 i hope not it would be a disaster. i mean really how many would miss as they *search *for there target..


----------



## Diaszoom (May 18, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_



*Raises paw* I just hope that everything be okay, that things work pratical and fast. Good Luck to Furaffinity and us!
xwx'


----------



## Keira_Lunar (May 18, 2016)

SilverDragarian said:


> i hope not it would be a disaster. i mean really how many would miss as they *search *for there target..



i don't mind google the Search engine  but what it is now  *shudders* its like its trying to become the online empire  and now its slowly becomeing Skynet ....OH GOD NO get that image  out of my Feline Head * scratches her hair trying to get the memory out *


----------



## Aenorin (May 18, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_


_
- raises his fluffy paw - _I hope everything will get fixed soon.


----------



## Keira_Lunar (May 18, 2016)

Aenorin said:


> _- raises his fluffy paw - _I hope everything will get fixed soon.




i still wonder just how many of us FA users just recently made an account for this forum site just to talk 

but then again with FA down what else can we do to communicate its not like we are on a big social chat service like Gamevox , Team speak , Discord , Skype


----------



## CoonArt (May 18, 2016)

OH GREEEEEEEEEEAT..... Bye horse pictures...... Thank goodness I have a backup of those...


----------



## Gem-Wolf (May 18, 2016)

Cakefox said:


> How bad is it that I'm refreshing the page every few minutes and still feeling that sense of loss knowing the site's still down?


lol I'm doing the same thing. Even though I know its going to be the same result.


----------



## Keira_Lunar (May 18, 2016)

Gem-Wolf said:


> lol I'm doing the same thing. Even though I know its going to be the same result.




i check every hour still same result  
FA is down page


----------



## wheetalilt (May 18, 2016)

Rip.


----------



## Retsueto (May 18, 2016)

So, whomever did this, spent like, $35 for ten of those credit card USB drives....


----------



## Keira_Lunar (May 18, 2016)

Retsueto said:


> So, whomever did this, spent like, $35 for ten of those credit card USB drives....



seems like it still what a waste of good cash im sure it could have gone to something fare more useful


----------



## nyannom1 (May 18, 2016)

Fordoxia said:


> Now, be honest.  Raise your hand...
> 
> How many of you created FA Forums accounts just because of this.
> 
> *_Raises hand*_


I am guilty of it, yes. *raises hand*
I think I might use this account anyways, just in case my simpleton brain cannot comprehend the letter Q or something.
Still sucks about what's happening here too. I uploaded about 5+ submissions that I need to reupload, but that's sort of my fault as well. I need to stop uploading in short spurts and keep to an even schedule.
The only personal benefit I could ever find here is the fact that it's going to be dead/finals week, and I won't get distracted I guess. Actually, in retrospect, I'll be checking this forum constantly to see if a possible ETA has been established yet.
Anyways, I hope that the people at FA can get this situation straightened out, I miss looking at all of your cool artwork.


----------



## coyoteOdin (May 18, 2016)

I hope that the site budekt restored and re-start to work as soon as possible.
This question - I understand that such an attack is a criminal offense - so - it may be worth to attract to the case _*police *_to catch and arrest the criminals who had organized this attack?

PS sorry for my english. I'm not very good speak english


----------



## Keira_Lunar (May 18, 2016)

nyannom1 said:


> I am guilty of it, yes. *raises hand*
> I think I might use this account anyways, just in case my simpleton brain cannot comprehend the letter Q or something.
> Still sucks about what's happening here too. I uploaded about 5+ submissions that I need to reupload, but that's sort of my fault as well. I need to stop uploading in short spurts and keep to an even schedule.
> The only personal benefit I could ever find here is the fact that it's going to be dead/finals week, and I won't get distracted I guess. Actually, in retrospect, I'll be checking this forum constantly to see if a possible ETA has been established yet.
> Anyways, I hope that the people at FA can get this situation straightened out, I miss looking at all of your cool artwork.





indeed the sooner the ETA is annouced the better  

i miss looking at the creativity of my fellow watchers 

guess still then we are all stuck in Forum Limbo 

*sighs* i guess i should stop stalling and at least get these dishes washed


----------



## marcwolf (May 18, 2016)

Sadly this hack has not just hit Furaffinity. A lot of sites are reporting that the ImageMagic app has made them vunerable and they have been damaged.
I can also sympathies with the admins here re the backups. Backup tech has not progressed at the same speed as data storage.. and the hardware and software needed to run a constant transactional based backup is not cheap.


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> indeed the sooner the ETA is annouced the better
> 
> i miss looking at the creativity of my fellow watchers
> 
> ...


I honestly should be asleep by now, it's 11:07 P.M. in my timezone, haha. But hey, I'd rather be here! Better than any dream I might have (of course if it's not lucid)


----------



## Keira_Lunar (May 18, 2016)

marcwolf said:


> Sadly this hack has not just hit Furaffinity. A lot of sites are reporting that the ImageMagic app has made them vunerable and they have been damaged.
> I can also sympathies with the admins here re the backups. Backup tech has not progressed at the same speed as data storage.. and the hardware and software needed to run a constant transactional based backup is not cheap.




so this is a sorta like a DDOS attack ?   

i hated when that happen to steam at around the Xmas sale


----------



## Keira_Lunar (May 18, 2016)

nyannom1 said:


> I honestly should be asleep by now, it's 11:07 P.M. in my timezone, haha. But hey, I'd rather be here! Better than any dream I might have (of course if it's not lucid)



heh heh  just can't stop watching the comments roll in  its 2:10PM for me i have 20 minuets before i have to wash the dishes wether i like it or not  

but im sure i will be back to monitor the comment streaming in


----------



## jup-reindeer (May 18, 2016)

Fordoxia said:


> There are websites _*OTHER THAN*_ FA!?!?!?


Yea...like LifeBoat.OMG and FurryBunker.SAF ;P


----------



## Fawk (May 18, 2016)

Keira_Lunar said:


> so this is a sorta like a DDOS attack ?
> 
> i hated when that happen to steam at around the Xmas sale


No, this is very different. A DDoS only keeps people from accessing the server that hosts the website. 
This time around someone found a way in using stolen source code and started deleting things off the servers. Most the stuff that was deleted is able to be recovered using a backup, but anything newly submitted will have been lost and will have to be resubmitted by users.


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> so this is a sorta like a DDOS attack ?
> 
> i hated when that happen to steam at around the Xmas sale


Is it bad that whenever I think of DDoS I think of this image?


----------



## marcwolf (May 18, 2016)

jup-reindeer said:


> Oh...I do highly expect that in some deep, dark bunkers, there are military grade computing equipment, just waiting for World War III to start...complete with Reel-to-Reel drives, out there.
> 
> Granted, I'd be far more worried about the fact that there are still air traffic control towers in operation to this day, operating with computers that still function off of vacuum tube tech. Why, you couldn't even run Windows 1.0 beta on one of those!



*chuckles* One of the reasons I have slide rules, log books, and a small library of basic engineering manuals etc. Yes it's fine to say you have Guns and Ammo. But what happens when the ammo runs out. Meanwhile I'll be the guy keeping whats left going.


----------



## Bourbon. (May 18, 2016)

Keira_Lunar said:


> so this is a sorta like a DDOS attack ?
> 
> i hated when that happen to steam at around the Xmas sale


No, DDoS are much more simplistic and virtually anyone can do it. It's basically flooding a site's servers until they get knocked offline by making it seem like there's tens of thousands of unique people accessing the site at once.


----------



## Keira_Lunar (May 18, 2016)

Fawk said:


> No, this is very different. A DDoS only keeps people from accessing the server that hosts the website.
> This time around someone found a way in using stolen source code and started deleting things off the servers. Most the stuff that was deleted is able to be recovered using a backup, but anything newly submitted will have been lost and will have to be resubmitted by users.



ah ok so more like a Trojan Virus  i have had my share of those buggers i noramly Anti virus scan it  the do a system restore to just before i download said infected file  but thats just for one computer i don't think the same idea would work for a server


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> heh heh  just can't stop watching the comments roll in  its 2:10PM for me i have 20 minuets before i have to wash the dishes wether i like it or not
> 
> but im sure i will be back to monitor the comment streaming in


I have a feeling once I put my phone down (I'm on mobile atm) I'm going to wake up to 500+ messages.
Makes sense anyways, this is a big deal.


----------



## jup-reindeer (May 18, 2016)

Keira_Lunar said:


> so this is a sorta like a DDOS attack ?



Well, not exactly. This is more like FA has been bondage secured with the hacker holding all the BDSM gear. Probing out the most sensitive spots and going to town as they wish. (Only FA isn't having fun.)

Whereas a DDOS is more like the busy tone on your phone when pressing buttons is refused to connect the call.


----------



## thesweetiger (May 18, 2016)

humm I See the admin control and the user control is in the same software 
Put on a seperate domaine and software for moderator and admin reduce a lot this type of attack 
User interface code is free of the admin code 
in the user interface , a specific db user and you need to restrict him for the user table to insert , update and select , 
in the admin domaine you meet in first a login page with the necessary only and have an another db user with more access

Out of that , FA need a new server setup 
all main server need to be doubled 
so with a good dns setup the traffic is seperate in two , if one fail the other one can operate without problem and the tech can fix and bring back easily and fa don't stop they activity 
also with this setup you can do some maintenance on one and after switching on the other one , preventing any software issue


----------



## Keira_Lunar (May 18, 2016)

nyannom1 said:


> Is it bad that whenever I think of DDoS I think of this image?



reminds me of when my brother somehow got pass my password on my windows 98 Computer when i was younger and Delaeted System 32 and the C drive


----------



## kisuka (May 18, 2016)

Keira_Lunar said:


> so this is a sorta like a DDOS attack ?
> 
> i hated when that happen to steam at around the Xmas sale


This is much worse than a DDOS Style Attack.

With a DDOS attack you are hammering a server to utilize all their bandwidth so that others cannot access the site.

CVE-2016-3714 (the exploit that was used), allows you to execute shell commands on the server. Giving you access to pretty much the entire FA infrastructure if you're good enough.

I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...


----------



## YaoiMeowmaster (May 18, 2016)

I've been really kind of confused all day since FA has been down. Now, as an artist it's not my only place where I put my drawings, I have like 5 other places, save my refs to the computer and backup my work constantly, it's just...really lonely? FA has traffic and reach for me like none of the other sites I use. At first when I woke up and it was down I was mildly annoyed but used to it, but the prospect of losing a week is a struggle. I had a YCH auction that was doing very well that I'll have to restart if it's not restored. Who knows if it'll get bid on again. I can only imagine what my other friends are going through when they post 5-8 submissions a DAY.

Granted, this is not entirely FA's fault. There should have been more security because the site's always been vulnearable, but someone obviously went through a lot of fucking trouble to do this. And also, its pretty disgusting that some people are finding it funny and pretty much throwing parties and saying thank god.

As dragoneer said... whoever did this isn't hurting him no matter how infamous he or the other staff may be.

They're hurting the artists of the site, and our clients.


----------



## nyannom1 (May 18, 2016)

jup-reindeer said:


> Well, not exactly. This is more like FA has been bondage secured with the hacker holding all the BDSM gear. Probing out the most sensitive spots and going to town as they wish. (Only FA isn't having fun.)
> 
> Whereas a DDOS is more like the busy tone on your phone when pressing buttons is refused to connect the call.


This makes so much more sense that it's scaring me a bit.
Though, if FA isn't having fun, wouldn't those sensitive spots be either a) infected; or b) broken skin?


----------



## Bourbon. (May 18, 2016)

Keira_Lunar said:


> ah ok so more like a Trojan Virus  i have had my share of those buggers i noramly Anti virus scan it  the do a system restore to just before i download said infected file  but thats just for one computer i don't think the same idea would work for a server


No, it's not like a virus at all. Viruses are malicious programs that can log information and scramble programs and disable them as well as delete files.


----------



## Keira_Lunar (May 18, 2016)

YaoiMeowmaster said:


> I've been really kind of confused all day since FA has been down. Now, as an artist it's not my only place where I put my drawings, I have like 5 other places, save my refs to the computer and backup my work constantly, it's just...really lonely? FA has traffic and reach for me like none of the other sites I use. At first when I woke up and it was down I was mildly annoyed but used to it, but the prospect of losing a week is a struggle. I had a YCH auction that was doing very well that I'll have to restart if it's not restored. Who knows if it'll get bid on again. I can only imagine what my other friends are going through when they post 5-8 submissions a DAY.
> 
> Granted, this is not entirely FA's fault. There should have been more security because the site's always been vulnearable, but someone obviously went through a lot of fucking trouble to do this. And also, its pretty disgusting that some people are finding it funny and pretty much throwing parties and saying thank god.
> 
> ...




awww * hugs*  i hope your action ends well in the end  its never good to loose money and your right this is hurting the users more then the admin


----------



## Keira_Lunar (May 18, 2016)

kisuka said:


> This is much worse than a DDOS Style Attack.
> 
> With a DDOS attack you are hammering a server to utilize all their bandwidth so that others cannot access the site.
> 
> ...




to little to late to put it simply right ?


----------



## kisuka (May 18, 2016)

YaoiMeowmaster said:


> Granted, this is not entirely FA's fault.



Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:

www.cve.mitre.org: CVE - CVE-2016-3714

A system administrator needs to be watching the latest updates / exploit reports of everything that their web apps use. Failing to patch critical security risks like this in time can be deadly.


----------



## Keira_Lunar (May 18, 2016)

Bourbon. said:


> No, it's not like a virus at all. Viruses are malicious programs that can log information and scramble programs and disable them as well as delete files.



ok im just trying to understand a bit more on whats going on i know its not a virus or a DDOS attck but no matter how you look at it were all screwed till its fixed


----------



## Deleted member 82554 (May 18, 2016)

Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.


----------



## Keira_Lunar (May 18, 2016)

kisuka said:


> Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30.



geeze thats a long time it was discoverd and only now it was "patched"  ok not tossing blame but ouch on FA's part


----------



## Keira_Lunar (May 18, 2016)

Mr. Fox said:


> Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.



i understand that but im not one to branch out to other sites just cause of one that i been a part of for a year now happens to end up in this state


----------



## YaoiMeowmaster (May 18, 2016)

Keira_Lunar said:


> awww * hugs*  i hope your action ends well in the end  its never good to loose money and your right this is hurting the users more then the admin


Thanks a lot *hugs back* Luckily I do still have the files, its just the idea of wasted time that bothers me most. not to mention that all the people who watched my stuff in the past week are no longer going to be watching me. since i doubt they will remember unless they see the ad again, thats another possible loss of potential. D:



kisuka said:


> Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:
> 
> www.cve.mitre.org: CVE - CVE-2016-3714



True, but its not as though Furaffinity was "asking for it" the way twitter knuckleheads are making it seem. It's still abominable that someone attacked it in the first place and they need to be held responsible for their actions as well.


----------



## Deleted member 82554 (May 18, 2016)

Keira_Lunar said:


> i understand that but im not one to branch out to other sites just cause of one that i been a part of for a year now happens to end up in this state


Are you afraid you might find something better?


----------



## nyannom1 (May 18, 2016)

Mr. Fox said:


> Just a quick FYI: if you need to get your fix of furry art or rely on it for commissions, there are other sites that will cater to your every need while FA is down.


While that is true, you can post art and look at other art sites, however, with some people that have commissions to do and who gain income from said commissions will still suffer (unless they have another said site that can do this, though, a percentage will still be hacked off).


----------



## YaoiMeowmaster (May 18, 2016)

kisuka said:


> Hate to break it to you, but it is entirely their fault for not patching CVE-2016-3714 in time. The exploit had been known since 2016/03/30:
> 
> www.cve.mitre.org: CVE - CVE-2016-3714
> 
> A system administrator needs to be watching the latest updates / exploit reports of everything that their web apps use. Failing to patch critical security risks like this in time can be deadly.


Believe me, I'm incredibly irritated that Furaffinity's lax attitude pretty much caused this to happen, but there's blame to be had on both sides. 



nyannom1 said:


> While that is true, you can post art and look at other art sites, however, with some people that have commissions to do and who gain income from said commissions will still suffer (unless they have another said site that can do this, though, a percentage will still be hacked off).


^^^^yup
Commissions are really not that easy to get as people seem. You have to establish yourself for a while and/or know someone who will promote you on that site. FA is a large percentage of income for many people and its not their fault for that. For example, even though many of my friends get some clients from facebook and twitter, 90% of their following is FA based. To the point where they literally cannot leave.


----------



## Keira_Lunar (May 18, 2016)

Mr. Fox said:


> Are you afraid you might find something better?



its more the fact im with enough social sites and i have enough passwords to rember as it is 

that and the fact i made so many good friends here at FA


----------



## Fawk (May 18, 2016)

YaoiMeowmaster said:


> True, but its not as though Furaffinity was "asking for it" the way twitter knuckleheads are making it seem. It's still abominable that someone attacked it in the first place and they need to be held responsible for their actions as well.


^This. Yes, FA could have acted faster. But that doesn't make what other people did okay.
Like, if I don't lock my car it doesn't make whoever stole it less of a horrible person, even if it does mean I should have been more careful.


----------



## kisuka (May 18, 2016)

*An explanation of the exploit / hack for people who aren't in the web development or tech industry:*

On the FA server is a program called ImageMagick installed. ImageMagick is used to resize images, manipulate them, etc. Tons of web services use ImageMagick for image processing. It is a very common piece of software.

On 2016/03/30 a critical security report was posted regarding ImageMagick (www.cve.mitre.org: CVE - CVE-2016-3714

Okay so. When using a website, when you have an upload form (images, files, attachments, etc) you can technically upload anything you want. When you upload a file, typically a website will check the file on the backend, to make sure it's what you want (an image, a pdf, etc) and only allow that. When you don't restrict other file types, people can upload files to the server that they can then access from the website's url (typically where uploads / images are hosted at). These malicious files are called 'web shells' which can be logged into by a third party and be used to control the server the website is on.

The exploit that was used allowed the attacker to get ImageMagick to execute commands on the server, which allowed them to most likely pop a shell and gain access to the server.

Once you are in the server, you can view config files to get access to the database.

Hope this explains things.


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> its more the fact im with enough social sites and i have enough passwords to rember as it is
> 
> that and the fact i made so many good friends here at FA


Dear god the password remembering, it's a nightmare. GradeAUnderA made a whole video on this :


----------



## Keira_Lunar (May 18, 2016)

Fawk said:


> ^This. Yes, FA could have acted faster. But that doesn't make what other people did okay.
> Like, if I don't lock my car it doesn't make whoever stole it less of a horrible person, even if it does mean I should have been more careful.




indeed  last year my house got broken into now my house is heavily secured  

i only hope FA admins learn from this


----------



## nyannom1 (May 18, 2016)

tbonethebunbun said:


> I hate to come here and say this, but I think it's for your own good...
> 
> _*GO TO BED NOW... IT'S NOT COMING BACK... IT'S NOT GOING TO COME BACK... IT'S NOT GOING TO BE BACK TOMORROW, THE NEXT DAY, THE DAY AFTER THAT, SO LOG OFF, GO TO BED, AND STOP POSTING!!!!!!!!*_
> 
> I'm sorry... I'm just... really grouchy right now, cause my phone's been going off for 10 minutes...


You do realize you can a) unwatch the thread (and still rewatch it since it's on the main page) or b) silence your phone?
Or don't, I'm just pointing out suggestions.


----------



## kisuka (May 18, 2016)

Keira_Lunar said:


> its more the fact im with enough social sites and i have enough passwords to rember as it is


You should not be remembering passwords. You should be using a password manager like KeePass to generate a unique password for every website. Then you have a master key that opens your database of passwords. On top of that, use Two-Step Authentication on every service that offers it.

If any of the websites you use have the same passwords you use on other sites, you can guarantee that every account using the same password will be hacked if they get just one of those passwords. When attackers get password lists they check those emails and passwords against a ton of services such as banking and social media.


----------



## Fawk (May 18, 2016)

So on the 3rd month, on the 30th, (so basically at the start of the 4th month) the security report was posted. It was stated that they patched the exploit earlier this month (the 5th month)
So they took about a month to patch it. tsk tsk furaffinity. 

I hope they learn and jump to fix security issues much quicker next time.


----------



## Bourbon. (May 18, 2016)

tbonethebunbun said:


> I hate to come here and say this, but I think it's for your own good...
> 
> _*GO TO BED NOW... IT'S NOT COMING BACK... IT'S NOT GOING TO COME BACK... IT'S NOT GOING TO BE BACK TOMORROW, THE NEXT DAY, THE DAY AFTER THAT, SO LOG OFF, GO TO BED, AND STOP POSTING!!!!!!!!*_
> 
> I'm sorry... I'm just... really grouchy right now, cause my phone's been going off for 10 minutes...


So turn off notifications, smartass.


----------



## tbonethebunbun (May 18, 2016)

nyannom1 said:


> You do realize you can a) unwatch the thread (and still rewatch it since it's on the main page) or b) silence your phone?
> Or don't, I'm just pointing out suggestions.


Sorry, I'm just very very grouchy, it's like... 1:35 in the morning, and my phone's been beeping at me over and over...


----------



## Fawk (May 18, 2016)

tbonethebunbun said:


> I hate to come here and say this, but I think it's for your own good...
> 
> _*GO TO BED NOW... IT'S NOT COMING BACK... IT'S NOT GOING TO COME BACK... IT'S NOT GOING TO BE BACK TOMORROW, THE NEXT DAY, THE DAY AFTER THAT, SO LOG OFF, GO TO BED, AND STOP POSTING!!!!!!!!*_
> 
> I'm sorry... I'm just... really grouchy right now, cause my phone's been going off for 10 minutes...


You know that not everyone is in the same timezone as you? So it is not bedtime for everyone. 
But you should sleep, you seem cranky.


----------



## tbonethebunbun (May 18, 2016)

Bourbon. said:


> So turn off notifications, smartass.


Sorry, for being a "smartass", but when you're trying to sleep, it gets annoying...


----------



## nyannom1 (May 18, 2016)

tbonethebunbun said:


> Sorry, I'm just very very grouchy, it's like... 1:35 in the morning, and my phone's been beeping at me over and over...


It's okay, just letting you know for the future. Get some sleep now, goodnight.


----------



## Bourbon. (May 18, 2016)

tbonethebunbun said:


> Sorry, for being a "smartass", but when you're trying to sleep, it gets annoying...


And as people have pointed out, there's several easy solutions to that problem.


----------



## kisuka (May 18, 2016)

Fawk said:


> So on the 3rd month, on the 30th, (so basically at the start of the 4th month) the security report was posted. It was stated that they patched the exploit earlier this month (the 5th month)
> So they took about a month to patch it. tsk tsk furaffinity.



Within that month period of time, tons of free to use code had been posted on github. Proof of concepts and what not on how to use the exploit to attack a server. This is how the network security field works. An exploit is reported and tons of netsec guys will create proof of concepts for their blogs/talks/conventions/etc and make that code publicly available.

It is up to the system administrators to patch the exploit in time or else they are open to attack from anyone.


----------



## tbonethebunbun (May 18, 2016)

Fawk said:


> You know that not everyone is in the same timezone as you? So it is not bedtime for everyone.
> But you should sleep, you seem cranky.


You have no idea. Aside from my neighbor's dogs barking all hours of the night... a poor bunny deserves his bunny rest... - _ -;;


----------



## Keira_Lunar (May 18, 2016)

nyannom1 said:


> Dear god the password remembering, it's a nightmare. GradeAUnderA made a whole video on this :




goodness  to think passwords got THAT complex


----------



## ZX6R (May 18, 2016)

Fawk said:


> So on the 3rd month, on the 30th, (so basically at the start of the 4th month) the security report was posted. It was stated that they patched the exploit earlier this month (the 5th month)
> So they took about a month to patch it. tsk tsk furaffinity.
> 
> I hope they learn and jump to fix security issues much quicker next time.


From what I understand they were late by like a day or so. Even if they were less lazy by a day or two, they still would have kept them out.


----------



## nyannom1 (May 18, 2016)

kisuka said:


> Within that month period of time, tons of free to use code had been posted on github. Proof of concepts and what not on how to use the exploit to attack a server. This is how the network security field works. An exploit is reported and tons of netsec guys will create proof of concepts for their blogs/talks/conventions/etc and make that code publicly available.
> 
> It is up to the system administrators to patch the exploit in time or else they are open to attack from anyone.


So basically it's almost an arms race between hackers and security?
Dang that's tough. I need to appreciate these kinds of matters more.


----------



## YaoiMeowmaster (May 18, 2016)

nyannom1 said:


> Dear god the password remembering, it's a nightmare. GradeAUnderA made a whole video on this :


That gave me the laugh I needed all day, its so fucking true Especially with job application websites. OH NO is some hacker gonna go and apply to Olive garden for me? Send a resume? The horror. 

Also gave me a new person to subscribe to jesus christ this is great thanks


----------



## Keira_Lunar (May 18, 2016)

tbonethebunbun said:


> I hate to come here and say this, but I think it's for your own good...
> 
> _*GO TO BED NOW... IT'S NOT COMING BACK... IT'S NOT GOING TO COME BACK... IT'S NOT GOING TO BE BACK TOMORROW, THE NEXT DAY, THE DAY AFTER THAT, SO LOG OFF, GO TO BED, AND STOP POSTING!!!!!!!!*_
> 
> I'm sorry... I'm just... really grouchy right now, cause my phone's been going off for 10 minutes...




well im going to be washing dishes now anyway so you won't see my face or username pop up for about an hour or so  but im sure you can just unsubscribe from the forum feed to this topic


----------



## tbonethebunbun (May 18, 2016)

Keira_Lunar said:


> well im going to be washing dishes now anyway so you won't see my face or username pop up for about an hour or so  but im sure you can just unsubscribe from the forum feed to this topic


Yeah, umm... don't mind me, just getting woke up in the middle of the night...


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> goodness  to think passwords got THAT complex


Though I understand why sites want your password to be strong, but I agree with Grade when he says it shouldn't be a strict and mandatory thing


----------



## Keira_Lunar (May 18, 2016)

kisuka said:


> You should not be remembering passwords. You should be using a password manager like KeePass to generate a unique password for every website. Then you have a master key that opens your database of passwords. On top of that, use Two-Step Authentication on every service that offers it.
> 
> If any of the websites you use have the same passwords you use on other sites, you can guarantee that every account using the same password will be hacked if they get just one of those passwords. When attackers get password lists they check those emails and passwords against a ton of services such as banking and social media.



*shudders* no offences but i HATE the two step locking function  its really messy and my phone can't take on any more apps i was lucky enough to install Steam mobile app at the least  i don't need more


----------



## LyrrenClock (May 18, 2016)

tbonethebunbun said:


> I hate to come here and say this, but I think it's for your own good...
> 
> _*GO TO BED NOW... IT'S NOT COMING BACK... IT'S NOT GOING TO COME BACK... IT'S NOT GOING TO BE BACK TOMORROW, THE NEXT DAY, THE DAY AFTER THAT, SO LOG OFF, GO TO BED, AND STOP POSTING!!!!!!!!*_
> 
> I'm sorry... I'm just... really grouchy right now, cause my phone's been going off for 10 minutes...


its called shut your phone off...with how phones are these days if they are your alarm clock when powered off they will...wait for it...turn themselves on magically! I know amazing right?!


----------



## Deleted member 82554 (May 18, 2016)

nyannom1 said:


> While that is true, you can post art and look at other art sites, however, with some people that have commissions to do and who gain income from said commissions will still suffer (unless they have another said site that can do this, though, a percentage will still be hacked off).


With FA being down most will fall back to the next best alternative, so less of a problem than having nothing at all.


Keira_Lunar said:


> its more the fact im with enough social sites and i have enough passwords to rember as it is
> 
> that and the fact i made so many good friends here at FA


Remembering passwords is irrelevant in this day and age. We have browsers that manage all of that, so there is no excuse on that part.

And there is no excuse on the second part, either. With FA being down most will fall back to the next best alternative, and the other sites like Weasyl, DA, etc. have plenty of good people to befriend.

Diversify, get yourself out there or you'll never know what you're missing.


----------



## nyannom1 (May 18, 2016)

YaoiMeowmaster said:


> That gave me the laugh I needed all day, its so fucking true Especially with job application websites. OH NO is some hacker gonna go and apply to Olive garden for me? Send a resume? The horror.
> 
> Also gave me a new person to subscribe to jesus christ this is great thanks


Yeah, this dude is great, haha. I'm glad I made you laugh by sending it.


----------



## Bourbon. (May 18, 2016)

Mr. Fox said:


> With FA being down most will fall back to the next best alternative, so less of a problem than having nothing at all.
> 
> Remembering passwords is irrelevant in this day and age. We have browsers that manage all of that, so there is no excuse on that part.
> 
> ...


Weasyl is a ghost town (except for when FA goes offline) and dA doesn't allow porn so it's not a good alternative for people who like their smut. It's nothing but a short term bandaide until FA comes back online.


----------



## tbonethebunbun (May 18, 2016)

LyrrenClock said:


> its called shut your phone off...with how phones are these days if they are your alarm clock when powered off they will...wait for it...turn themselves on magically! I know amazing right?!


Ok, Ok, I get it... I screwed up by posting a hateful comment...


----------



## Keira_Lunar (May 18, 2016)

nyannom1 said:


> Yeah, this dude is great, haha. I'm glad I made you laugh by sending it.



i subscribed as well normaly these education or rant like videos bore me but he kept me intrested for the entire clip


----------



## nyannom1 (May 18, 2016)

Mr. Fox said:


> With FA being down most will fall back to the next best alternative, so less of a problem than having nothing at all.
> 
> Remembering passwords is irrelevant in this day and age. We have browsers that manage all of that, so there is no excuse on that part.
> 
> ...


I don't oppose the idea of migrating, especially since I don't have any personal reason to stay here besides the atmosphere, I'm just saying that FA is a big site, and some of the users might not all flood other alternatives as much like you suggested.


----------



## nyannom1 (May 18, 2016)

Keira_Lunar said:


> i subscribed as well normaly these education or rant like videos bore me but he kept me intrested for the entire clip


It's the perfect mix of funny and getting your point across, while being original at the same time. There aren't a lot of content creators that can pull it off as well as he.


----------



## Keira_Lunar (May 18, 2016)

tbonethebunbun said:


> Ok, Ok, I get it... I screwed up by posting a hateful comment...



*hugs* we all make mistakes what matters if those that are effected can forgive  and you also need ya beauty sleep  and i need to stop stalling on washing them dishes 

so i hope you sleep well


----------



## kisuka (May 18, 2016)

Dragoneer said:


> Somebody got the source code through the ImageTragick exploit (which we patched on May 5th).



Why did you guys take so long to patch a *known critical exploit*? CVE-2016-3714 had been known for awhile before you patched it...

I'm super disappointed in your system administrators.


----------



## Deleted member 82554 (May 18, 2016)

Bourbon. said:


> Weasyl is a ghost town (except for when FA goes offline) and dA doesn't allow porn so it's not a good alternative for people who like their smut. It's nothing but a short term bandaide until FA comes back online.


Better a band-aide than an open wound.


nyannom1 said:


> I don't oppose the idea of migrating, especially since I don't have any personal reason to stay here besides the atmosphere, I'm just saying that FA is a big site, and some of the users might not all flood other alternatives as much like you suggested.


That's like knowing there is an alternative way out and still putting the noose around your neck. If the members of FA choose not to rely on an alternative for the meantime, I have no issue with that. But by doing so, they're the ones putting the noose around their neck, missing out on their art, socializing, commissions,  etc...


----------



## YaoiMeowmaster (May 18, 2016)

nyannom1 said:


> I don't oppose the idea of migrating, especially since I don't have any personal reason to stay here besides the atmosphere, I'm just saying that FA is a big site, and some of the users might not all flood other alternatives as much like you suggested.


The problem is that most people assume that we have to MOVE. It's not even that man, there's so many alternatives. From furaffinity alone people can go to inkbunny, weasyl, sofurry,furrific,furrynetwork,e621 and god knows what else. It's decision fatigue.


----------



## YaoiMeowmaster (May 18, 2016)

Mr. Fox said:


> Better a band-aide than an open wound.
> 
> That's like knowing there is an alternative way out and still putting the noose around your neck. If the members of FA choose not to rely on an alternative for the meantime, I have no issue with that. But by doing so, they're the ones putting the noose around their neck, missing out on their art, socializing, commissions,  etc...


The problem is, with so many options the users are too scattered and no one site is really as active as it should be.


----------



## Catya (May 18, 2016)

When will FA return?


----------



## Keira_Lunar (May 18, 2016)

YaoiMeowmaster said:


> The problem is, with so many options the users are too scattered and no one site is really as active as it should be.



indeed while e621 is filled with  artwork  its also a clusterF***  and the coments are rather ...... its hard to put it really


----------



## Bourbon. (May 18, 2016)

Mr. Fox said:


> Better a band-aide than an open wound.
> 
> That's like knowing there is an alternative way out and still putting the noose around your neck. If the members of FA choose not to rely on an alternative for the meantime, I have no issue with that. But by doing so, they're the ones putting the noose around their neck, missing out on their art, socializing, commissions,  etc...


Well being kind of condescending while shilling for other sites isn't exactly going to win people over either. Some people prefer FA, whether it's for it's simplistic layout, larger community, or simply because they like FA. You're not going to change people's minds on the matter by pretending like the other sites are equally as active and engaging.


----------



## Keira_Lunar (May 18, 2016)

Catya said:


> When will FA return?


were all in the same boa really  just waiting for the admin to announce the ETA  till then were all in the dark


----------



## Deleted member 82554 (May 18, 2016)

YaoiMeowmaster said:


> The problem is, with so many options the users are too scattered and no one site is really as active as it should be.


From what I understand Weasyl is the next best alternative, unless that has changed. If the members of FA are so concerned about having a medium to the point where they rely on it for whatever reason, it's either take the alternative or go without. If I relied on commissions to pay the bills, I'd go with the alternative.


----------



## nyannom1 (May 18, 2016)

Mr. Fox said:


> Better a band-aide than an open wound.
> 
> That's like knowing there is an alternative way out and still putting the noose around your neck. If the members of FA choose not to rely on an alternative for the meantime, I have no issue with that. But by doing so, they're the ones putting the noose around their neck, missing out on their art, socializing, commissions,  etc...


I'm not very active on social media anyways, but I do have a DeviantArt. I go to now and t


YaoiMeowmaster said:


> The problem is that most people assume that we have to MOVE. It's not even that man, there's so many alternatives. From furaffinity alone people can go to inkbunny, weasyl, sofurry,furrific,furrynetwork,e621 and god knows what else. It's decision fatigue.


In retrospect, decision fatigue makes sense. I had to go through that once, though, it was more of decision paranoia.
I used to be a comic artist on this site called MemeCenter, under the same username. Note that was before it turned to crap. I left because once the community filled with edgy 12 year olds, and the hate on my comics started because they were furry got too annoying, I ultimately left. I was dormant for around 2 months deciding where to go, and if I'll be successful in another site like I had been on MC (had a decent amount of followers that kept me going), because, and I'm sure this can connect back to several people when I say that it's hard to build the fortress you had before a second time.


----------



## nyannom1 (May 18, 2016)

nyannom1 said:


> I'm not very active on social media anyways, but I do have a DeviantArt. I go to now and t


This was supposed to delete. Thanks mobile.


----------



## Deleted member 82554 (May 18, 2016)

Bourbon. said:


> Well being kind of condescending while shilling for other sites isn't exactly going to win people over either. Some people prefer FA, whether it's for it's simplistic layout, larger community, or simply because they like FA. You're not going to change people's minds on the matter by pretending like the other sites are equally as active and engaging.


This is not about winning anyone over or being condescending for that matter, it's about alternatives. If you rely on your art for an income, would you just go without? I know I wouldn't, gotta eat, gotta pay the bills.


----------



## Deleted member 93706 (May 18, 2016)

Both Weasyl and DA are garbage, IMO.

Waves @Bourbon. <3

PS: Is there anywhere you aren't, @Mr. Fox ?


----------



## Keira_Lunar (May 18, 2016)

MarkOfBane said:


> Both Weasyl and DA are garbage, IMO.
> 
> Waves @Bourbon. <3
> 
> PS: Is there anywhere you aren't, @Mr. Fox ?



DA is short for Deviant Art right ?


----------



## nyannom1 (May 18, 2016)

MarkOfBane said:


> Both Weasyl and DA are garbage, IMO.
> 
> Waves @Bourbon. <3
> 
> PS: Is there anywhere you aren't, @Mr. Fox ?


DA can be good, there are some really good things that come from that site, but that's on a 1:30 ratio (decent art:terrible/ironic art)


----------



## Terror-Run (May 18, 2016)

If weasyl is a ghosttown then what does that make furiffic? 

Also I don't have anything productive to post in this thread so going back to lurking now


----------



## Deleted member 82554 (May 18, 2016)

MarkOfBane said:


> PS: Is there anywhere you aren't, @Mr. Fox ?


A few places, actually. I have been meaning to branch out a little more, don't like being tied down to only a handful of places.


----------



## Ryu Deacon (May 18, 2016)

Mitsuketa said:


> that's understandable but you need to realize that* everyone makes mistakes. *if the admins happen to be at fault for this and aren't telling the whole story, then they made a mistake and it's fine that they did - the mistake is awful but its normal for someone to fuck up - surely you aren't perfect. surely you've made a small error. and if you haven't ever made a mistake, then i'll be damned.
> sure the admins have fucked us over before, but have some faith in them. it's going to take time, probably years for FA to be stable and have decent security. we don't have the income that other websites do.


Just saying(and yes im know im going far of cource abit here) But civilizations havnt been built and survived by endlessly giving excuses like "everyone make mistakes" for endless benefits of doubt. FA isnt at fault for the intrusion but they are at fault for not having measures in place to properly minimize damage, sites nearly as large as FA and larger but earn not even half as much as FA do have systems in place that you can rollback by just hours. so why here are we forced to dig thru 6 days worth of activity that could have been avoided. Nether Money nor the size of FA is the problem here as to why it doesnt have the proper systems in place. 
Things do not get better, do not change by not holding people that make mistakes responsible. FA is still with its flaws because this community is in denial of holding people in authority responsible at the cost of members in this community.

Might add this Community is unlikly to have been hit out of hate or someone wanting to see the reations here but simply enjoyment at hurting peoples livelihoods and this particular community makes it bloody easy by the majority of its artists being pretty much centered in just one single place...


----------



## madd-d (May 18, 2016)

I hope things get patched up soon. I trust the staff is doing all they can, though. Thank you for updating us!


----------



## YaoiMeowmaster (May 18, 2016)

Mr. Fox said:


> From what I understand Weasyl is the next best alternative, unless that has changed. If the members of FA are so concerned about having a medium to the point where they rely on it for whatever reason, it's either take the alternative or go without. If I relied on commissions to pay the bills, I'd go with the alternative.


Weasyl is really really dead. I've had more activity on inkbunny since people are regularly on that site for other reasons. 

What I'm trying to say is that many of us are using the alternatives. Heck, I made a furry network today, but it's kind of like investing in a lot of stock into different companies. You're still gonna be in a load of shit when the biggest donut goes down.


----------



## Bourbon. (May 18, 2016)

Mr. Fox said:


> This is not about winning anyone over or being condescending for that matter, it's about alternatives. If you rely on your art for an income, would you just go without? I know I wouldn't, gotta eat, gotta pay the bills.


Well I refuse to join Weasyl anyways because I can't create a username that is consistent with the one I use because someone already claimed the name Bourbon and Weasyl doesn't allow alternatives of a username (Bourbon., Bour-bon, etc) and I'm not about to put numbers in my username for use on a site that is primarily dead anyways. I'd rather create a Facebook page for art (which I am currently doing). 



MarkOfBane said:


> Both Weasyl and DA are garbage, IMO.
> 
> Waves @Bourbon. <3
> 
> PS: Is there anywhere you aren't, @Mr. Fox ?


WHY HELLO


----------



## Bourbon. (May 18, 2016)

Terror-Run said:


> If weasyl is a ghosttown then what does that make furiffic?
> 
> Also I don't have anything productive to post in this thread so going back to lurking now


Omfg I forgot Furrific exists lmao.


----------



## YaoiMeowmaster (May 18, 2016)

Bourbon. said:


> Well I refuse to join Weasyl anyways because I can't create a username that is consistent with the one I use because someone already claimed the name Bourbon and Weasyl doesn't allow alternatives of a username (Bourbon., Bour-bon, etc) and I'm not about to put numbers in my username for use on a site that is primarily dead anyways. I'd rather create a Facebook page for art (which I am currently doing).
> 
> 
> WHY HELLO


I actually can second that. I have a facebook page for my art and since reach is hard to achieve, you can share posts with groups and pages to get other people to see it.  It's also nice to have a public area for both furries and non furries to access. Since I draw humans as well, I have my facebook on my business cards and got a lot of likes from handing them out at cons.


----------



## Keira_Lunar (May 18, 2016)

YaoiMeowmaster said:


> I actually can second that. I have a facebook page for my art and since reach is hard to achieve, you can share posts with groups and pages to get other people to see it.  It's also nice to have a public area for both furries and non furries to access. Since I draw humans as well, I have my facebook on my business cards and got a lot of likes from handing them out at cons.



i have a face book as well but... since its kinda cluster messy with all the posts from friends and that its not easy to make a post that would stick and could be easy to find and on top of that there are minors using it im to kinky for Face book


----------



## Terror-Run (May 18, 2016)

Bourbon. said:


> Omfg I forgot Furrific exists lmao.



I think most people do! which is a shame because the actual site is amazing and gets better all the time - but when a submission can be at the frontpage for 20hours and maybe get 8 views - then they got an issue. 

I do miss FA though, it's great for dumb drama


----------



## Gem-Wolf (May 18, 2016)

Ryu Deacon said:


> Just saying(and yes im know im going far of cource abit here) But civilizations havnt been built and survived by endlessly giving excuses like "everyone make mistakes" for endless benefits of doubt. FA isnt at fault for the intrusion but they are at fault for not having measures in place to properly minimize damage, sites nearly as large as FA and larger but earn not even half as much as FA do have systems in place that you can rollback by just hours. so why here are we forced to dig thru 6 days worth of activity that could have been avoided. Nether Money nor the size of FA is the problem here as to why it doesnt have the proper systems in place.
> Things do not get better, do not change by not holding people that make mistakes responsible. FA is still with its flaws because this community is in denial of holding people in authority responsible at the cost of members in this community.
> 
> Might add this Community is unlikly to have been hit out of hate or someone wanting to see the reations here but simply enjoyment at hurting peoples livelihoods and this particular community makes it bloody easy by the majority of its artists being pretty much centered in just one single place...



Be careful, you might get accused of White Knighting. It's a label that's thrown around here freely.


----------



## nyannom1 (May 18, 2016)

Well, I'm off to bed, it's 12:16 AM and I seriously need to pull my sleep schedule back together. I get up at 6:30 AM, so this is a pretty bad sleep time, haha.
I'll look at all the comments I've been quoted in tomorrow just to save time, knowing there might be 500+ messages in my inbox in a few hours. So, that being said, goodnight, sleep tight, don't let the bed thugs fight.


----------



## Bourbon. (May 18, 2016)

nyannom1 said:


> Well, I'm off to bed, it's 12:16 AM and I seriously need to pull my sleep schedule back together. I get up at 6:30 AM, so this is a pretty bad sleep time, haha.
> I'll look at all the comments I've been quoted in tomorrow just to save time, knowing there might be 500+ messages in my inbox in a few hours. So, that being said, goodnight, sleep tight, don't let the bed thugs fight.


It's 2:19am here. 

Sleep is for the weak.


----------



## YaoiMeowmaster (May 18, 2016)

Keira_Lunar said:


> i have a face book as well but... since its kinda cluster messy with all the posts from friends and that its not easy to make a post that would stick and could be easy to find and on top of that there are minors using it im to kinky for Face book


You need to make an actual facebook page instead of a profile, like the ones brands use. It's rough starting out. You can also lock your content to only be available to a certain age group such as 16 or up.


----------



## nyannom1 (May 18, 2016)

Bourbon. said:


> It's 2:19am here.
> 
> Sleep is for the weak.


Haha, that makes me the weakling.


----------



## Keira_Lunar (May 18, 2016)

god damn it just HOW LONG HAVE I BEEN  LOOKING AT THIS FORUM STREAM AND THOSE DISHES ARE STILL NOT DONE ...Guhaa * dashes out the room to wash dishes*


----------



## NplusD (May 18, 2016)

People on deviantart are also rather... cheap... when it comes to commissions. Where as on fA I could get 20-30$ for something, on dA people constantly try to haggle for 5-10$ instead.


----------



## Deleted member 82554 (May 18, 2016)

Bourbon. said:


> Well I refuse to join Weasyl anyways because I can't create a username that is consistent with the one I use because someone already claimed the name Bourbon and Weasyl doesn't allow alternatives of a username (Bourbon., Bour-bon, etc) and I'm not about to put numbers in my username for use on a site that is primarily dead anyways. I'd rather create a Facebook page for art (which I am currently doing).


Well if you rely on commissions then you do what you must to pay the bills. But better off alternatives than nothing at all.

That said: let's keep in mind that the FA source code has been stolen (seriously how do you fuck up that badly?). Do you know what that means? Back-end access. This may not just be a simple patch job but scraping FA completely and starting over (and let's be honest, it's needed), which could take weeks.


----------



## Bourbon. (May 18, 2016)

Mr. Fox said:


> Well if you rely on commissions then you do what you must to pay the bills. But better off alternatives than nothing at all.
> 
> That said: let's keep in mind that the FA source code has been stolen (seriously how do you fuck up that badly?). Do you know what that means? Back-end access. This may not just be a simple patch job but scraping FA completely and starting over (and let's be honest, it's needed), which could take weeks.


I do rely on commissions, I also know how dead Weasyl is and that it is absolutely not viable for business. Even popular artists who left FA during one of it's many scandals came back to FA because Weasyl is effectively a ghost ship that's been slowly sinking for the last three years.


----------



## Gem-Wolf (May 18, 2016)

Bourbon. said:


> I do rely on commissions, I also know how dead Weasyl is and that it is absolutely not viable for business. Even popular artists who left FA during one of it's many scandals came back to FA because Weasyl is effectively a ghost ship that's been slowly sinking for the last three years.


I have to agree with this! Weasyl is just crap


----------



## ---Storm--- (May 18, 2016)

Draconas said:


> If any artists still communicate with clients via FA: don’t do that I don’t feel very sorry for them. This has happened countless times.


That's a nice dream, but in the real world things work differently. If we artists tried to force every customer to only communicate with us via channels outside of FA, we would go out of business.

Don't get me wrong, I agree that FA notes is not a very good platform for this, especially because if FA goes down you can't access older correspondence either, and this is why I have a private Trello board with a card for each commission, and every important detail noted in that card. *BUT...* Customer relations 101: When you offer a service, you are accommodating your customers' needs and habits first (within reason), and not the other way around. This is the N°1 rule of service providing - they want to give you money, they want to provide your daily bread, so you treat them with respect and flexibility. You don't go around and tell people "don't talk to me about commissions via FA notes" unless you want to lose all your business and build a reputation of being arrogant and inflexible. You can ask them nicely, *AFTER* they contacted you one way or the other, if they can add you on Skype, or whatever channel you personally prefer.

But people have their own ways, some will want to stick with FA notes, some will want to use Facebook, others would want Skype, Telegram, Whatsapp, Email or pigeons and smoke signals - and you can't force them. And it is already very time consuming and exhausting to keep correspondence with several people at once, and the more channels you fragment your communications to the worse it gets. So generally, to keep everything neat and well organized, it's best to use as few different channels as possible. Chose one, or at worst two channels you respectfully ask your customers to use and if neither works for them let them use notes -  just save every important detail from them to some outside place like Trello, Google docs, etc.

So next time you want to educate artists about conducting business, get informed about the basics of customer relations first.


----------



## Crestego (May 18, 2016)

I know this might sound like a stupid suggestion... but with the amount of security issues that FA's been having, wouldn't it be a consideration to create another FA of sorts? As in once they've fixed the security for this website and continue to update it, work on creating a sister website with higher and more updated security... then once it's finished, the people at FA can switch over. Starting afresh may be a good option.

Then again, I hadn't started using FA until recently (primarily because I haven't done any artwork in a long while, so I was hoping to get back to the grind on FA and DA). I wouldn't have as much experience with either website as anyone else on here, so I wouldn't be the greatest judge.


----------



## Deleted member 82554 (May 18, 2016)

Bourbon. said:


> I do rely on commissions, I also know how dead Weasyl is and that it is absolutely not viable for business. Even popular artists who left FA during one of it's many scandals came back to FA because Weasyl is effectively a ghost ship that's been slowly sinking for the last three years.


I will never understand the hatred toward Weasyl, or many of the other art hosting sites that matter. I mean, sure, where they lack in some areas they make in all the other ones that matter. If more started making use of the next best alternative traffic wouldn't be a problem since artists rely on it for commissions.

Oh well, with FA being down (probably for a long time), I'm glad I don't have to rely on it for an income.


Good luck...


----------



## Pied (May 18, 2016)

Crestego said:


> I know this might sound like a stupid suggestion... but with the amount of security issues that FA's been having, wouldn't it be a consideration to create another FA of sorts? As in once they've fixed the security for this website and continue to update it, work on creating a sister website with higher and more updated security... then once it's finished, the people at FA can switch over. Starting afresh may be a good option.
> 
> Then again, I hadn't started using FA until recently (primarily because I haven't done any artwork in a long while, so I was hoping to get back to the grind on FA and DA). I wouldn't have as much experience with either website as anyone else on here, so I wouldn't be the greatest judge.


that's not how servers work


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> I have to agree with this! Weasyl is just crap


Leaving traffic out of the equation, what is it you don't like about it personally? I'm wondering if the staff will work with the community to help better it.


----------



## Bourbon. (May 18, 2016)

Mr. Fox said:


> I will never understand the hatred toward Weasyl, or many of the other art hosting sites that matter. I mean, sure, where they lack in some areas they make in all the other ones that matter. If more started making use of the next best alternative traffic wouldn't be a problem since artists rely on it for commissions.
> 
> Oh well, with FA being down (probably for a long time), I'm glad I don't have to rely on it for an income.
> 
> ...


It's not hatred for Weasyl, it's just flat-out the truth. The site is dead. No amount of telling people to move to Weasyl is going to resuscitate it. The only time it ever seems to become active is when FA is down or having problems. As soon as FA comes back up, Weasyl dies again. It cannot be a sustainable functional business platform for artists. And a large part of this is due to how they shot themselves in the foot. They stayed in closed beta for like three years, had some scandals regarding note sharing, and have pissed on artists with their strict and ridiculous guidelines for ratings (fully clothed character but you can see a nipple outline? that's adult!!!).


----------



## FatalSyndrome (May 18, 2016)

Mr. Fox said:


> I will never understand the hatred toward Weasyl, or many of the other art hosting sites that matter. I mean, sure, where they lack in some areas they make in all the other ones that matter. If more started making use of the next best alternative traffic wouldn't be a problem since artists rely on it for commissions.
> 
> Oh well, with FA being down (probably for a long time), I'm glad I don't have to rely on it for an income.
> 
> ...


It's often times the toolish self-righteous attitude of the people who act like they're leading some kind of crusade by switching to it. There's also like, no community and what community there is consists of the former in my experience. It's not the site or it's functionality. Granted, it's layout is ugly in my opinion.


----------



## Crestego (May 18, 2016)

Pied said:


> that's not how servers work


Oh aight, sorry about that. XD


----------



## Ryu Deacon (May 18, 2016)

Gem-Wolf said:


> Be careful, you might get accused of White Knighting. It's a label that's thrown around here freely.


hmm White Knighting? if so then that would pretty much prove my point about this community being in denial, wouldnt it. Im stating what i see, not demanding a exodus, patting dragoneers back, killing authorities or kissing someones shoes.


----------



## Coelacanth1938 (May 18, 2016)

What a friend of mine who is a bonafide computer expert has to say about this: "Pretty sophisticated attack. Not a Joe down at the coffee shop thing. I can't imagine anyone putting in the work to do it for free. But back in the boot wars there were clubs of hackers working on that stuff. Crazy."


----------



## Pied (May 18, 2016)

Crestego said:


> Oh aight, sorry about that. XD


it fine


----------



## Pied (May 18, 2016)

Coelacanth1938 said:


> What a friend of mine who is a bonafide computer expert has to say about this: "Pretty sophisticated attack. Not a Joe down at the coffee shop thing. I can't imagine anyone putting in the work to do it for free. But back in the boot wars there were clubs of hackers working on that stuff. Crazy."


he had the sites source code. This isn't hard stuff.


----------



## FatalSyndrome (May 18, 2016)

Bourbon. said:


> It's not hatred for Weasyl, it's just flat-out the truth. The site is dead. No amount of telling people to move to Weasyl is going to resuscitate it. The only time it ever seems to become active is when FA is down or having problems. As soon as FA comes back up, Weasyl dies again. It cannot be a sustainable functional business platform for artists. And a large part of this is due to how they shot themselves in the foot. They stayed in closed beta for like three years, had some scandals regarding note sharing, and have pissed on artists with their strict and ridiculous guidelines for ratings (fully clothed character but you can see a nipple outline? that's adult!!!).


YEP. YEP. All of this.


----------



## YaoiMeowmaster (May 18, 2016)

FatalSyndrome said:


> It's often times the toolish self-righteous attitude of the people who act like they're leading some kind of crusade by switching to it. There's also like, no community and what community there is consists of the former in my experience. It's not the site or it's functionality. Granted, it's layout is ugly in my opinion.


Really gotta agree with this. A majority of people who move to Weasyl feel to need to make a big stink and reaction and vehemently announce their hate for furaffinity. I personally liked the way it was set up, but what little community there was was actually just the same people in a closed off circle jerk (Of course FA has their own little circles but at least some people are more friendly) 

Like Its kind of that attitude that just gives the site a sort of stank. Same reason why a lot of people stay away from pretentious tumblr, it has that vibe.


----------



## Gem-Wolf (May 18, 2016)

Ryu Deacon said:


> hmm White Knighting? if so then that would pretty much prove my point about this community being in denial, wouldnt it. Im stating what i see, not demanding a exodus, patting dragoneers back, killing authorities or kissing someones shoes.


Was just letting you know is all.


----------



## FatalSyndrome (May 18, 2016)

YaoiMeowmaster said:


> Really gotta agree with this. A majority of people who move to Weasyl feel to need to make a big stink and reaction and vehemently announce their hate for furaffinity. I personally liked the way it was set up, but what little community there was was actually just the same people in a closed off circle jerk (Of course FA has their own little circles but at least some people are more friendly)
> 
> Like Its kind of that attitude that just gives the site a sort of stank. Same reason why a lot of people stay away from pretentious tumblr, it has that vibe.


Exactly. Furthermore, just because Weasyl doesn't go down doesn't mean it's reliable for business in any way, nobody's there.

Tumblr is uncomfortable, I do have an art blog on there and I post there but it's not really good for commissions. It's hard to keep track of who's who with how easy usernames can change, the messaging system isn't good and nobody has money there anyway. At least in my experience.


----------



## RocketExecutiveCypress (May 18, 2016)

I made an account just to comment here. I only have one thing to say of the upmost importance. This very sentence could forever change the outcome of FA as we know it. 

We should feed FA chicken noodle soup until it feels better.


----------



## Deleted member 82554 (May 18, 2016)

Bourbon. said:


> It's not hatred for Weasyl, it's just flat-out the truth. The site is dead. No amount of telling people to move to Weasyl is going to resuscitate it. The only time it ever seems to become active is when FA is down or having problems. As soon as FA comes back up, Weasyl dies again. It cannot be a sustainable functional business platform for artists. And a large part of this is due to how they shot themselves in the foot. They stayed in closed beta for like three years, had some scandals regarding note sharing, and have pissed on artists with their strict and ridiculous guidelines for ratings (fully clothed character but you can see a nipple outline? that's adult!!!).





FatalSyndrome said:


> It's often times the toolish self-righteous attitude of the people who act like they're leading some kind of crusade by switching to it. There's also like, no community and what community there is consists of the former in my experience. It's not the site or it's functionality. Granted, it's layout is ugly in my opinion.


Well FA is down and out, probably for a long time, so there is no point in arguing that. If Weasyl is no longer a viable platform, what's the alternative? Where do you think the most traffic will go for the meantime? The people of FA that rely on commissions to make bank have to go somewhere.


----------



## Gem-Wolf (May 18, 2016)

Mr. Fox said:


> Leaving traffic out of the equation, what is it you don't like about it personally? I'm wondering if the staff will work with the community to help better it.


The layout is shit. It's confusing and cluttered. Also hardly any activity.


----------



## YaoiMeowmaster (May 18, 2016)

FatalSyndrome said:


> Exactly. Furthermore, just because Weasyl doesn't go down doesn't mean it's reliable for business in any way, nobody's there.
> 
> Tumblr is uncomfortable, I do have an art blog on there and I post there but it's not really good for commissions. It's hard to keep track of who's who with how easy usernames can change, the messaging system isn't good and nobody has money there anyway. At least in my experience.



Tumblr is the WORST at circlejerking jesus christ. Yup, most of the base is whining 15-17 year olds with no money and underselling their own art anyway. 

Still...I got some really good business because of my art tumblr even though it hadn't been updated in months because i had my contact info on there. The client was really sweet and respectful too so even if you abandon it, dont delete.  But it was very surprising.


----------



## PheagleAdler (May 18, 2016)

FoxWolfie said:


> It's looking good for FA.  Direct links to submissions on t.facdn.net are working.  Example
> I kept a direct link to everything I've ever submitted, and even my most recent submissions are still intact.  I hope that means everyone else's stuff is successfully recovered too.



Direct links are working, I checked my recent downloads from FA. Does that mean the submissions themselves are okay too?


----------



## FatalSyndrome (May 18, 2016)

Mr. Fox said:


> Well FA is down and out, probably for a long time, so there is no point in arguing that. If Weasyl is no longer a viable platform, what's the alternative? Where do you think the most traffic will go for the meantime? The people of FA that rely on commissions to make bank have to go somewhere.


Certainly, but Weasyl is like diggin' out of a dumpster for change. It's FN or Twitter for me when FA is down. I also highly doubt it's gonna be down for a long time.


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> The layout is shit. It's confusing and cluttered.


Well that's just a matter of opinion, I actually find it excels in those areas. Suppose you can't please everyone...


----------



## Ryu Deacon (May 18, 2016)

Gem-Wolf said:


> Was just letting you know is all.


i know^^


----------



## ---Storm--- (May 18, 2016)

Weasyl is pretty good. Actually, it is a thousand times better than FA in many regards, and overall I would give it a way higher score. Weasyl is not bad, the reason people don't use it is that most people don't want to use more than one site of the same type, and since FA already has the masses, everyone comes here. FA has a critical mass, so even if FA were to get ten times worse than it is now, and they started burning people alive and sacrifice babies to Satan people would stay here.

Everyone comes here because everyone else is here so everyone comes here... infinite loop.

What would be really awesome is to take the best from both FA and Weasyl and merge them into one. The best of both. Hey, if I ever become a billionaire I buy both sites and do that.  HAHA *goes and fills a thousand lottery tickets*


----------



## PheagleAdler (May 18, 2016)

RocketExecutiveCypress said:


> I made an account just to comment here. I only have one thing to say of the upmost importance. This very sentence could forever change the outcome of FA as we know it.
> 
> We should feed FA chicken noodle soup until it feels better.



I've been through a decent number of FA downtimes and it always seems to come back, if not always punctually.


----------



## Deleted member 82554 (May 18, 2016)

FatalSyndrome said:


> Certainly, but Weasyl is like diggin' out of a dumpster for change. It's FN or Twitter for me when FA is down. I also highly doubt it's gonna be down for a long time.


FN? As in, "Fur Nation"?


----------



## FatalSyndrome (May 18, 2016)

Mr. Fox said:


> FN? As in, "Fur Nation"?


FurryNetwork


----------



## Gem-Wolf (May 18, 2016)

PheagleAdler said:


> I've been through a decent number of FA downtimes and it always seems to come back, if not always punctually.


This exactly!!


----------



## Cloudchaser (May 18, 2016)

I just thought to ask.  What convention were the drives distributed at?


----------



## ---Storm--- (May 18, 2016)

Mr. Fox said:


> FN? As in, "Fur Nation"?


I assume FurryNetwork?


----------



## zidders (May 18, 2016)

I think the main reason I like FA over any other side is simplicity of use. It's easy to submit, like, fav, watch etc. About the only thing I prefer over FA is Inkbunny's writing interface. FA sucks if you're a writer and needs to copy how Inkbunny displays written text.


----------



## RocketExecutiveCypress (May 18, 2016)

PheagleAdler said:


> I've been through a decent number of FA downtimes and it always seems to come back, if not always punctually.



So have I and I'm still saying feed it chicken soup until it feels better. Stop being a chicken soup hater.


----------



## Deleted member 82554 (May 18, 2016)

FatalSyndrome said:


> FurryNetwork


Ah.

On my own personal note, if it was just another DDoS attack on FA, this wouldn't be an issue. But some fucker out there has the source code and that means back-end access to everything. Passwords, personal information, the works.

They're either gonna have to make some serious back-end changes (which is extremely difficult), or start over again to stop this being a problem.


----------



## GamerFox (May 18, 2016)

Cloudchaser said:


> I just thought to ask.  What convention were the drives distributed at?


BLFC in Reno.


----------



## V3N44X (May 18, 2016)

Coelacanth1938 said:


> What a friend of mine who is a bonafide computer expert has to say about this: "Pretty sophisticated attack. Not a Joe down at the coffee shop thing. I can't imagine anyone putting in the work to do it for free. But back in the boot wars there were clubs of hackers working on that stuff. Crazy."



No, it was not sophisticated. The initial attack was using an exploit in imagemagick that any n00bs would be able to do easily.

The second attack was also simple, though arguably more complex, due to the source. But, I do not have insight into how it worked. Either way, I suspect it was a simple fault, also.
These attacks are certainly a joe at the coffee shop things.
Oh, and by the way, one of the best places to exploit something is at the coffee shop. Just don't be the only one there with the computer out. And VPN away anyways. etc.

These days, anything for "fun" like this will be done solo... the "teams" do it for profit. Someone doesn't like FA or the furry fandom. And that's the reality of it.




Cloudchaser said:


> I just thought to ask.  What convention were the drives distributed at?


To my knowledge, BLFC.



Mr. Fox said:


> Ah.
> 
> On my own personal note, if it was just another DDoS attack on FA, this wouldn't be an issue. But some fucker out there has the source code and that means back-end access to everything. Passwords, personal information, the works.
> 
> They're either gonna have to make some serious back-end changes (which is extremely difficult), or start over again to stop this being a problem.



They'd better not have access to passwords. They'd better bloody be salted and hashed. Given the security of this site... change any passwords on sites that have the same password... seriously. Do it.
Changing it shouldn't be a problem o.o patching holes is always a good idea.
In fact, the site code should be regularly audited -- who at IMVU is watching?
Does IMVU even care?
They won't have to start over again. That's insane :3



PheagleAdler said:


> I've been through a decent number of FA downtimes and it always seems to come back, if not always punctually.


This is different from the previous downtimes.



One thing I do have to say: Kudos to Dragoneer for actually admitting the site was attacked.
Boo for not getting audits done on a major site.


----------



## Gem-Wolf (May 18, 2016)

V3N44X said:


> No, it was not sophisticated. The initial attack was using an exploit in imagemagick that any n00bs would be able to do easily.
> 
> The second attack was also simple, though arguably more complex, due to the source. But, I do not have insight into how it worked. Either way, I suspect it was a simple fault, also.
> These attacks are certainly a joe at the coffee shop things.
> ...



I don't believe IMVU gives a rats arse tbh. 
If FA has to start all over again I'm walking and not returning.


----------



## ktar_aramee (May 18, 2016)

Would FA be able to mass upload and organize photos in a way similar to Inkbunny? I have a few series of artwork on my page that may be better if they were grouped in a single "folder" rather than individual submissions and grouping them later. In cases of data loss like this, it could help artists and commissioners.


----------



## darien (May 18, 2016)

AndroKei said:


> Will Notes be lost during this process?
> 
> I can't be the only one with important commission information in Notes over the past several days.
> 
> *ETA:* And what about Journals?



OP states:


> Other information such as journals, notes, passwords, and personal information was not affected.


----------



## Gem-Wolf (May 18, 2016)

ktar_aramee said:


> Would FA be able to mass upload and organize photos in a way similar to Inkbunny? I have a few series of artwork on my page that may be better if they were grouped in a single "folder" rather than individual submissions and grouping them later. In cases of data loss like this, it could help artists and commissioners.


It took FA 10,000 years to even get the folders they had, let alone improving them


----------



## TastesLikeGreen (May 18, 2016)

zidders said:


> I think the main reason I like FA over any other side is simplicity of use. It's easy to submit, like, fav, watch etc. About the only thing I prefer over FA is Inkbunny's writing interface. FA sucks if you're a writer and needs to copy how Inkbunny displays written text.


Personally, I prefer the big wide display they have on SoFurry for showing stories over the narrow tablet-style viewer on Inkbunny, even if I prefer FA as a site. Could really do with some tag/user blacklists, though, I can think of more than a few people whose art I wouldn't mind never seeing again... :B


----------



## peanutbutterking (May 18, 2016)

*IT WAS MEEEE*~ not really, I'm sorry you got hacked ono and I know this doesn't matter in the least but thank you for trying to fix everything! and keeping us updated~


----------



## V3N44X (May 18, 2016)

Gem-Wolf said:


> I don't believe IMVU gives a rats arse tbh.
> If FA has to start all over again I'm walking and not returning.



Hehe... you're probably right.
I like FN, but it's a bit... I dunno.


----------



## YaoiMeowmaster (May 18, 2016)

V3N44X said:


> Hehe... you're probably right.
> I like FN, but it's a bit... I dunno.


Yeah, I feel. It's still getting off the ground and hard to get people to pay attention since everyone is uploading and not paying attention to one another >>


----------



## Snowbbi (May 18, 2016)

V3N44X said:


> Hehe... you're probably right.
> I like FN, but it's a bit... I dunno.


I made an account there today and I feel you on that sentiment. For me it just seems... Impersonal. It's just kinda there to upload your stuff and be done. I've found a few friends on FA and I'd hate to lose them over this.


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> I don't believe IMVU gives a rats arse tbh.
> If FA has to start all over again I'm walking and not returning.


They're going to have to start all over again, someone has the source code. That isn't just a simple patch and put FA back online job, the people that have the source will always have access to everything on a software level unless they make some serious back-end changes.


----------



## Keira_Lunar (May 18, 2016)

YaoiMeowmaster said:


> Tumblr is the WORST at circlejerking jesus christ. Yup, most of the base is whining 15-17 year olds with no money and underselling their own art anyway.
> 
> Still...I got some really good business because of my art tumblr even though it hadn't been updated in months because i had my contact info on there. The client was really sweet and respectful too so even if you abandon it, dont delete.  But it was very surprising.




i only used Tumblr for one thing  porn surfing   granted  that whole Rebloging thing and how lazy some users are i think im soon to stop visiting tumblr pages as i swear i have seen the same pics in more then 10 blogs  ugh MESSY


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> It took FA 10,000 years to even get the folders they had, let alone improving them


And you call Weasyl shit. Lol.


----------



## peanutbutterking (May 18, 2016)

Snowbbi said:


> I made an account there today and I feel you on that sentiment. For me it just seems... Impersonal. It's just kinda there to upload your stuff and be done. I've found a few friends on FA and I'd hate to lose them over this.


that's why I post my kik and telegram info


----------



## oto (May 18, 2016)

FatalSyndrome said:


> Exactly. Furthermore, just because Weasyl doesn't go down doesn't mean it's reliable for business in any way, nobody's there.
> 
> Tumblr is uncomfortable, I do have an art blog on there and I post there but it's not really good for commissions. It's hard to keep track of who's who with how easy usernames can change, the messaging system isn't good and nobody has money there anyway. At least in my experience.



I hate tumblr not only for its crappy layout and also the things you said, but also for the fact that 95% of the userbase clearly does not know what a freaking NSFW tag is for their posts. Worse is that the tumblr staff apparently can't be bothered to enforce something as simple as NSFW tagging. And good luck reporting a inappropriate avatar.

I could put up with the usual unmarked NSFW crap for a while, but when I started seeing real life pictures of a popular artist's wiener _without any sort of mature filter on (among other things)_, that was the last straw for me and I immediately abandoned my account there. As bad as the horrors of FA's NSFW database is, at least the people here are curt enough _to properly tag them as such._


----------



## Keira_Lunar (May 18, 2016)

Mr. Fox said:


> And you call Weasyl shit. Lol.



nothing is purrrfect   there will always be ups and downs to everything 

and just so you know i don't have a income on any sites as im jobless and i can't create art for the life of me


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> that's why I post my kik and telegram info



ok not to sound stupid but is Kik like a clone of Skype but for Smartphones ?


----------



## Snowbbi (May 18, 2016)

peanutbutterking said:


> that's why I post my kik and telegram info


I was a dunce and didn't do that. If FA comes back, consider this a lesson learned.


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> ok not to sound stupid but is Kik like a clone of Skype but for Smartphones ?


its a sms instant messaging, its worse then telegram but makes it easy to find friends


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> its a sms instant messaging, its worse then telegram but makes it easy to find friends



ah fair enough all my friends are in either Skype , Steam or Second Life


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> ah fair enough all my friends are in either Skype , Steam or Second Life


you should get kik! or telegram an friend me! cuz m creepy!


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> you should get kik! or telegram an friend me! cuz m creepy!



i would if i could  i would first need to spend something like 80-120$ i don't know to get a bigger SDmini  Chip for my phone turns out 32 GBs is not enough


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> i would if i could  i would first need to spend something like 80-120$ i don't know to get a bigger SDmini  Chip for my phone turns out 32 GBs is not enough


;-; telegram for pc?


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> ;-; telegram for pc?


is it free to use im not one for shelling out payments to stop flooding of advertisments or have aces to fetaures or to just pay a monthly susbscription


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> i would if i could  i would first need to spend something like 80-120$ i don't know to get a bigger SDmini  Chip for my phone turns out 32 GBs is not enough


its all free all you need is a phone number~


----------



## FoxofGrey (May 18, 2016)

oto said:


> I hate tumblr not only for its crappy layout and also the things you said, but also for the fact that 95% of the userbase clearly does not know what a freaking NSFW tag is for their posts. Worse is that the tumblr staff apparently can't be bothered to enforce something as simple as NSFW tagging. And good luck reporting a inappropriate avatar.
> 
> I could put up with the usual unmarked NSFW crap for a while, but when I started seeing real life pictures of a popular artist's wiener _without any sort of mature filter on (among other things)_, that was the last straw for me and I immediately abandoned my account there. As bad as the horrors of FA's NSFW database is, at least the people here are curt enough _to properly tag them as such._


Although I'm still waiting for a tag filter so that I don't have to see any of the "shit" on there (not going to mention what that "shit" is for the record).


----------



## FoxWolfie (May 18, 2016)

PheagleAdler said:


> Direct links are working, I checked my recent downloads from FA. Does that mean the submissions themselves are okay too?


The direct links go to the submissions, and to the various resized copies.  All of mine that I tried are still there, so when they get the site back up, I see no reason why they wouldn't all be working. I suspect that they recovered nearly everything, except for maybe the few hours before they took the site down, though I may turn out to be wrong.  I can't check anyone else's, because I don't have working links to theirs.  If you go into your browser's history and search for facdn, you'll likely find working links to people's stuff, though it would all be stuff you'd already visited if it's in your history.

How long it takes to bring the site up likely depends on how fast they can scan through the code looking for any findable vulnerabilities and patching them.  Now that the code is in the hands of potential future hackers, if any vulnerabilities remain, they'll surely be exploited. So, they sort of have to keep the site down until they are reasonably sure there's no remaining openings for hackers. It's better to take extra time to get it right, than to miss something.  Security through obscurity is no longer possible no that the code is out.


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> its all free all you need is a phone number~


and since im in australia it would use Phone credit usage ?


----------



## peanutbutterking (May 18, 2016)

not if your on your pc. then its just wifi


Keira_Lunar said:


> and since im in australia it would use Phone credit usage ?


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> not if your on your pc. then its just wifi


ok then


----------



## ---Storm--- (May 18, 2016)

IMVU I think realized long time ago that they were living in pinky dreamland about what FA is (they thought IMVU community = furry comunity), and how they can earn money with it and actually it was a waste, so they probably cut funding.

As for FA, the code is as ancient as the pyramids, outdated and botched, totally unsuitable for today's technological level. Trying to patch it around is like thinking that if you sharpen your chipped sword you are still good to go against a modern army with assault rifles and tanks.

*FA needs to be rewritten FROM SCRATCH.*

And seeing how fixing even the most minor issues takes them several months, that's not gonna happen. They will ducts-tape the pieces together so it runs for a few more months until it falls apart again.


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> ok then


yay


----------



## Snowbbi (May 18, 2016)

peanutbutterking said:


> its all free all you need is a phone number~


I'm assuming it'll send a verification code to your phone through text though? If that's the case, I'm outta luck, out of a job and the bill can't get paid.


----------



## peanutbutterking (May 18, 2016)

Snowbbi said:


> I'm assuming it'll send a verification code to your phone through text though? If that's the case, I'm outta luck, out of a job and the bill can't get paid.


awwwww that's true. I'm sorry~ technicaly it doesn't have to be your number tho so you can use somebody elses phone!
that grammar tho


----------



## messerschmitt109 (May 18, 2016)

it's a shame that this happens right when i was preping to finish some art for this friday
i hope it does come back really soon
i really dont wanna stick to either Deviantart or Inkbunny just to upload some of my work.
trust me....i just dont


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> yay


 ok i installed it now what


----------



## Snowbbi (May 18, 2016)

peanutbutterking said:


> awwwww that's true. I'm sorry~ technicaly it doesn't have to be your number tho so you can use somebody elses phone!
> that grammar tho


I doubt my roommate will let me use his phone for it. Ah well, I'll just have to wait.


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> ok i installed it now what


you sign up and stuff~ if you did that already~ then add me!


----------



## peanutbutterking (May 18, 2016)

Snowbbi said:


> I doubt my roommate will let me use his phone for it. Ah well, I'll just have to wait.


you should assssk you seem nice and  would like to keep in contact! cuz ima creep


----------



## Soul_Wesson (May 18, 2016)

---Storm--- said:


> And seeing how fixing even the most minor issues takes them several months, that's not gonna happen. They will ducts-tape the pieces together so it runs for a few more months until it falls apart again.



I referred to it to a friend as "Covering a role of paper towels with shiny new duct tape".


----------



## Keira_Lunar (May 18, 2016)

peanutbutterking said:


> you sign up and stuff~ if you did that already~ then add me!


i just finished signing up now whats your name for this


----------



## peanutbutterking (May 18, 2016)

Keira_Lunar said:


> i just finished signing up now whats your name for this


@peanutbutterking


----------



## Gem-Wolf (May 18, 2016)

Mr. Fox said:


> And you call Weasyl shit. Lol.


Yes, yes I do ^^


----------



## Hackerman1998 (May 18, 2016)

So when are you going to start asking for donations like last time the server went down?

I thought the whole reason for the donation drive in the first place was to find exploits like these by hiring capable web developers.

Extremely short-sighted scenario from the development team of Fur Affinity, always update and check the libraries and dependencies you are using for security flaws. Further to my understanding there has been *lots of flaws* reported with ImageMagick to the point where you start to wonder why you are even using it anymore when there are far batter alternatives.


----------



## Gem-Wolf (May 18, 2016)

You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??


----------



## Hackerman1998 (May 18, 2016)

Hackerman1998 said:


> So when are you going to start asking for donations like last time the server went down?
> 
> I thought the whole reason for the donation drive in the first place was to find exploits like these by hiring capable web developers.
> 
> Extremely short-sighted scenario from the development team of Fur Affinity, always update and check the libraries and dependencies you are using for security flaws. Further to my understanding there has been *lots of flaws* reported with ImageMagick to the point where you start to wonder why you are even using it anymore when there are far batter alternatives.



To add, the exploit which was used to attack FurAffinity was reported on the 4th of May, 2016 over at 

www.us-cert.gov: ImageMagick Vulnerability


----------



## Draconas (May 18, 2016)

Several suggestions were given to broaden your horizons, you ignore them and look where it lands you.

You put all of your eggs in one basket. communications? references? the ability to conduct business? you've been locked out all of this AND MORE for 20+ hours, and some of you still have the gall to bitch and complain "well XYZ doesn't get enough traffic" then go there and make traffic. "their interface is shit" you could've spent today learning the interface for another site, it's not that hard.

All I and several others are saying: branch out, because you'll never know when furaffinity will cease to exist all together, data included, and then what are you going to do?
Need a way to contact someone? make an easy to access means to communicate, hell even a "business" email.
Need someone's ref? store that shit somewhere off site while you're doing business, dropbox or google drive works wonders, the free storage space is good enough, and if those services temporarily go down? you still have local access to them.

Quit making excuses of why you can't (or wont in this case) branch out to other fronts, spend a weekend or two to try it out, and who knows? you might end up getting more customers from multiple communities.
Even a personal website wouldn't be a bad idea neither to put your art and a way to commission/contact you, I have one of these going on just for the hell of it, and im not even an artist.


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??


They can backup the database but as for the platform itself, they may have no choice. I don't think you fully realize the damage that can be done now that someone has the source code. They can do everything an admin can do on a software level, including perv at your notes and any sensitive PayPal information you may have mentioned..


----------



## ---Storm--- (May 18, 2016)

Gem-Wolf said:


> You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??


??? Nobody said that. What we say is it needs to be REWRITTEN from scratch. That doesn't mean they could not migrate the existing database then.


----------



## Snowbbi (May 18, 2016)

Gem-Wolf said:


> You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??


I don't think it'll go down. We might lose a bit of work and progress, but it won't die.

But let's say, for the sake of what you're asking, it does have to start again. I still don't think it'll die completely. Even if it takes a year to come back to life, people will flock back. There's the idea of "brand recognition", where something is associated with an concept or object. Even though Oreos weren't the original sandwich cookie, when we think of them, it's Oreos. FA has been around for a really long time, despite its glaring issues and how many times this kind of thing has happened, people come back.

Honest question though, since I've only recently come back to FA, this is the longest I've seen it down. Is this amount of time normal or...?


----------



## jukajo (May 18, 2016)

I couldn't find anything via the forum search, so I have a question: Will people who've paid for banners have that banner's uptime expanded? For the downtime _and _the 6 days that were lost? These 6 days probably meant around ~50 watchers that are now gone ):


----------



## Hackerman1998 (May 18, 2016)

Mr. Fox said:


> They can backup the database but as for the platform itself, they may have no choice. I don't think you fully realize the damage that can be done now that someone has the source code. They can do everything an admin can do on a software level, including perv at your notes and any sensitive PayPal information you may have mentioned..



Nope, not true.

It depends at the level this exploit has been used. If the hacker stole the source code in its complete, unedited live state ( so what you see on www.furaffinity.net ), there is a great chance the user was also able to get the MySQL database passwords from the stolen code ( after all, most SQL librarys such as PDO or default PHP mysqli queries require you to enter your password in plain text ). But it really depends on how FurAffinity handles their database queries. 

But no, the person ( or persons ) with the source code have no 'admin' powers on Fur Affinity, nor can they 'snoop' Mails.


----------



## GamerFox (May 18, 2016)

Oh god, what if IMVU shuts the site down because of this hack?


----------



## Deleted member 82554 (May 18, 2016)

Hackerman1998 said:


> nor can they 'snoop' Mails.



You may be right about everything else but I might have to call BS on that part. One of my mates is a web developer and was going one about hacking notes on FA, claimed it's not that hard. Never provided any evidence to the contrary, though.


----------



## RestrainedRaptor (May 18, 2016)

Lunarmagic said:


> It can actually take a lot longer than months to replace the hardware. (Depending on how much/old it is.) I am sure they are doing their best and you should have more faith in what they are doing if you do not know the specifics of their operation.



@Lunarmagic Perhaps, but Dragoneer also received a lot of donations prior to that in, the quest for new hardware. Now that Dragoneer works full time, I would have considered these things to be top priority. Oh well... History repeats itself.

Also, this forum doesn't appear to notify me when people reply with quotes, and I'm not sure if @mentions work either. I can't read through 50 pages, so just let me know if you reply.


----------



## Hackerman1998 (May 18, 2016)

Mr. Fox said:


> You may be right about everything else but I might have to call BS on that part. One of my mates is a web developer and was going one about hacking notes on FA, claimed it's not that hard. Never provided any evidence to the contrary, though.



I work as a Chief Technology Officer ( which means I work as a web-developer which overlooks other web-developers and talk to executives about tech ) , if your friend has no evidence assume nothing of his claims.


----------



## Gem-Wolf (May 18, 2016)

---Storm--- said:


> ??? Nobody said that. What we say is it needs to be REWRITTEN from scratch. That doesn't mean they could not migrate the existing database then.



Yes Mr. Fox did and several others further back as seen here:


Mr. Fox said:


> They're going to have to start all over again, someone has the source code. That isn't just a simple patch and put FA back online job, the people that have the source will always have access to everything on a software level unless they make some serious back-end changes.


----------



## Keira_Lunar (May 18, 2016)

Gem-Wolf said:


> Yes Mr. Fox did and several others further back as seen here:



i believe they have lost hope .... or are haters of FA


----------



## Hackerman1998 (May 18, 2016)

Gem-Wolf said:


> Yes Mr. Fox did and several others further back as seen here:



They are not going to start from scratch. Fur Affinity will probably be made open source officially.


----------



## ---Storm--- (May 18, 2016)

Could everyone stop throwing around wild nonsense ideas and making a panic? All we cando now is wait and see.


----------



## Deleted member 82554 (May 18, 2016)

Hackerman1998 said:


> I work as a Cheif Technology Officer ( which means I work as a web-developer which overlooks other web-developers and talk to executives about tech ) , if your friend has no evidence assume nothing of his claims.


No I don't. But the notion that it's feasible without admin rights is a scary thought in and of itself. 

It wouldn't surprise if he's telling the truth. One of the people that used to work with the FA dev team said so himself the code base is a clusterfuck. All those vulnerabilities.


----------



## Snowbbi (May 18, 2016)

Hackerman1998 said:


> They are not going to start from scratch. Fur Affinity will probably be made open source officially.


Wouldn't that just open it up to more of this? I honestly don't know crap about coding or anything, I'm not trying to sound aggressive.


----------



## ---Storm--- (May 18, 2016)

@Dragoneer We know you are busy fixing stuff now, but it's been a while since last statement, and I think it would help calming the crowd if you gave us a little update on how is restoration going.


----------



## ---Storm--- (May 18, 2016)

Snowbbi said:


> Wouldn't that just open it up to more of this? I honestly don't know crap about coding or anything, I'm not trying to sound aggressive.


Well, making something open source can actually help security, because then any user who knows programming can go through it and look for issues and can report them. Generally, if the site is WRITTEN PROPERLY then seeing the source should not pose any risk. If security depends on hiding the source then the code is bad.

Some of the most trusted platforms, and even encryption algorithms are open source because of the above.


----------



## Gem-Wolf (May 18, 2016)

@---Storm--- depends where Dragoneer lives. He may be asleep now


----------



## ---Storm--- (May 18, 2016)

Gem-Wolf said:


> @---Storm--- depends where Dragoneer lives. He may be asleep now


That's why I tagged him, so he will surely see it when next time he checks the forum.


----------



## Snowbbi (May 18, 2016)

---Storm--- said:


> Well, making something open source can actually help security, because then any user who knows programming can go through it and look for issues and can report them. Generally, if the site is WRITTEN PROPERLY then seeing the source should not pose any risk. If security depends on hiding the source then the code is bad.
> 
> Some of the most trusted platforms, and even encryption algorithms are open source because of the above.


Ah, thanks.


----------



## Hackerman1998 (May 18, 2016)

Snowbbi said:


> Wouldn't that just open it up to more of this? I honestly don't know crap about coding or anything, I'm not trying to sound aggressive.



If anything is leaked, generally speaking you can no longer control it. Fur Affinity does not know how many copies of the source code were leaked and providing an official open source project defers people from using the leaked source code. Thus bringing back control to Fur Affinity. 

Remember, all it takes for one of these suposed holders of the leaked source code to upload it to GitHub for everybody to see.


----------



## Deleted member 82554 (May 18, 2016)

Gem-Wolf said:


> Yes Mr. Fox did and several others further back as seen here:


*Unless *they make some serious back-end changes.

If you're going to quote me, please don't take anything out of context.


----------



## Gem-Wolf (May 18, 2016)

Mr. Fox said:


> *Unless *they make some serious back-end changes.
> 
> If you're going to quote me, please don't take anything out of context.



Never took anything out of context at all. If I did, kindly show me how!


----------



## DShain (May 18, 2016)

Draconas said:


> Several suggestions were given to broaden your horizons, you ignore them and look where it lands you.
> 
> You put all of your eggs in one basket. communications? references? the ability to conduct business? you've been locked out all of this AND MORE for 20+ hours, and some of you still have the gall to bitch and complain "well XYZ doesn't get enough traffic" then go there and make traffic. "their interface is shit" you could've spent today learning the interface for another site, it's not that hard.
> 
> ...



I've only been lurking a bit, but I want to put emphasis on what Draconas has said here because *I wholeheartedly agree*. I think people are actually really chill in this forum discussion and aware that FA will return in time and things can resume as normal (as always), but this is still good advice to those who don't already know these things.

But I do know there are lots of people who strictly conduct business through FA and, when it's out, they can't work. Maybe those people aren't among the group actively chatting in the forum now, but maybe they're lurking. Do not conduct your business through notes... build an effective and easy-to-organize way to conduct your business. If your financially depend on commissions through FA and are really worried and freaking out that things are lost, then you've gotta learn from that lesson. Don't put yourself in such a risky situation. Also, I wouldn't rely on a URL to a reference image not being broken (or perhaps linked to a website that experiences outages..), so you should take measures to always have access to them.


----------



## TheBlackKnight (May 18, 2016)

*A question for Dragoneer regarding the ImageTragick exploit used for the initial site breach:*

At what point did FurAffinity become aware that there was a publicly disclosed RCE exploit in ImageMagick? And at what point prior to the second breach, if any, did FurAffinity take action to mitigate the risks associated with the ImageTragick exploit?

If, hypothetically, Fur Affinity patched the exploit within a reasonable time-frame of the critical CVE being posted regarding ImageTragick, and the initial attacker simply beat you too it, then I would be happy to accept that this was a case of “Bad Luck” more so then a case of ineptitude on the part of yourself and Fur Affinity’s technical staff.

However, if that was not the case, and it took a substantially longer period for Fur Affinity staff to become aware of and mitigate the exploit in question, then I’d say: “You need to revise your processes regarding how your monitor for new exploits and resolve them – Since clearly they're not good enough at present.“

And finally, if the answer is as I suspect, “We didn’t know about the exploit prior to the second breach” or “We never upgraded ImageMagick to a non-affected version” then I would say, “Get out of hosting, because such ineptitude is completely unacceptable from a for-profit organisation.”

So, for my own amusement and that of everyone else in this thread, which one is it?


----------



## ElCid (May 18, 2016)

For personal reasons, I REALLY hope that backup was made after the morning hours on May 11...


----------



## TheBlackKnight (May 18, 2016)

Hackerman1998 said:


> I work as a Chief Technology Officer ( which means I work as a web-developer which overlooks other web-developers and talk to executives about tech ) , if your friend has no evidence assume nothing of his claims.



A 20 year old CTO. Amazing. That has to be the most gratuitous case of self-serving title inflation I've ever seen. Bravo and thank you for the laughs.


----------



## ---Storm--- (May 18, 2016)

TheBlackKnight said:


> *A question for Dragoneer regarding the ImageTragick exploit*


If I udnerstand correctly ImageTragick was patched upstream *30th April*. Dragoneer said:



> Somebody got the source code through the ImageTragick exploit (which we patched on *May 5th*)


So it took them *five days* to patch it. That was more than enough time for the attackers to steal the source.

So if the above is true, in this attack it wasn't ImageTragick, but some exploit they found in FA's code. Which is reasonable since we know the code is very bad and old - as an ex FA developer said, a "clusterfuck".


----------



## TheRedRaptor (May 18, 2016)

First you identify the fault, then you make the patch.
Next you test the patch, then you roll out the patch whilst checking for any conflicts.
It takes time
^,-,^


----------



## TheBlackKnight (May 18, 2016)

---Storm--- said:


> If I udnerstand correctly ImageTragick was patched upstream *30th April*. Dragoneer said:
> 
> 
> So it took them *five days* to patch it. That was more than enough time for the attackers to steal the source.
> ...



Not interested in the second exploit, but rather the first - As it shows a level of complacency in Fur Affinity's monitoring and patching of publicly announced vulnerabilities.


----------



## messerschmitt109 (May 18, 2016)

---Storm--- said:


> If I udnerstand correctly ImageTragick was patched upstream *30th April*. Dragoneer said:
> 
> 
> So it took them *five days* to patch it. That was more than enough time for the attackers to steal the source.
> ...



wait wait wait, you mean that this all happend sometime between april 30th thru the first week of may, and no one seen it until yesterday?
am i understanding this correctly?


----------



## TheBlackKnight (May 18, 2016)

TheRedRaptor said:


> First you identify the fault, then you make the patch.
> Next you test the patch, then you roll out the patch whilst checking for any conflicts.
> It takes time
> ^,-,^



No. Just... no.


----------



## Hackerman1998 (May 18, 2016)

TheBlackKnight said:


> A 20 year old CTO. Amazing. That has to be the most gratuitous case of self-serving title inflation I've ever seen. Bravo and thank you for the laughs.



The only thing I wish was self-serving and inflated is my paycheck.


----------



## HalouDoval (May 18, 2016)

TheRedRaptor said:


> First you identify the fault, then you make the patch.
> Next you test the patch, then you roll out the patch whilst checking for any conflicts.
> It takes time
> ^,-,^


When things go bad I tend to assume the worst of it. The Herpy.net website was knocked out for nearly 6 months between 2008 and 2009 because hackers took advantage of a hole in the site's security. A "fault" for which the staff were still apologizing years afterwards.


----------



## Gem-Wolf (May 18, 2016)

HalouDoval said:


> When things go bad I tend to assume the worst of it. The Herpy.net website was knocked out for nearly 6 months between 2008 and 2009 because hackers took advantage of a hole in the site's security. A "fault" for which the staff were still apologizing years afterwards.


Bleeding Christ!!!!!


----------



## ferretsage (May 18, 2016)

I remember getting angry about FurAffinity going down many years ago due to trolls/hackers, etc., and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.

So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.

And don't give me that BS that you have no interest in the porn. I've been on the sidelines of furry for 20+ years -- I haven't seen that flat lie used before by moral signaling insecure nerd manchildren most Western Civilization has degenerated into.

Disclaimer: I find mainstream Humanity as morally torpid as anything found within this community. No need to recognize, much less defend or attack furries/trolls/humans as worthwhile or separate factions.


----------



## Fawk (May 18, 2016)

ferretsage said:


> I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.
> 
> So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.
> 
> ...


----------



## Faolan_Wolf-Wings (May 18, 2016)

HalouDoval said:


> When things go bad I tend to assume the worst of it. The Herpy.net website was knocked out for nearly 6 months between 2008 and 2009 because hackers took advantage of a hole in the site's security. A "fault" for which the staff were still apologizing years afterwards.


Yikes!  I sure hope we don't have to wait _that_ long!  It's bad enough that we'd be out for a couple days or a week at most!


----------



## Gem-Wolf (May 18, 2016)

ferretsage said:


> I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.
> 
> So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.
> 
> ...


----------



## Snowbbi (May 18, 2016)

ferretsage said:


> I remember getting angry about FurAffinity going down a long time ago due to trolls/hackers, etc. many years ago, and discovering FurAffinity had incubated a culture as disposable as 4Chan for furries.
> 
> So, I'm wiser now. I understand all of you whining are just mad your impotent electric dreamscapes were momentarily interrupted. Devil in the details why you all were driven to create an escapist fantasy, but didn't have the gumption to internalize the power animals you lust after 24/7.
> 
> ...


----------



## xTwilightStarx (May 18, 2016)

Well, all memetastic replies aside, ferretsage *does *have a point.


----------



## Gem-Wolf (May 18, 2016)

xTwilightStarx said:


> Well, all memetastic replies aside, ferretsage *does *have a point.


I see no point at all actually


----------



## Caraid (May 18, 2016)

Except for those of us who are trying to conduct business through FA, of course. There are always other routes, but it's certainly very inconvenient. I don't have the contact information of all of the clients on my waiting list so I can't progress with commissions once my current active list runs out.

Of course, I'm to blame for not having a backup plan there, but to assert that people are only miffed because they can't access "their pr0nz" anymore is obviously bullshit. Possibly a bit of projection, too.


----------



## quoting_mungo (May 18, 2016)

A reminder to please tone down the bickering, side discussions (if you want to connect with someone on Kik or Telegram, or want to network with other artists, great, but please use PMs to discuss this so this thread can stay on topic), and image macros. 

The ImageTragick exploit was patched within hours of tech becoming aware of it. Bad luck meant that before this patch was employed, someone decided to use the exploit to download our source code. 

The attack that resulted in us taking the site down to prevent further damage was a second attack, unrelated to to ImageMagick save for likely being facilitated by the illicitly obtained source code. We know for a fact this code was distributed on USB drives at BLFC, and we have a copy of the data that was distributed on those drives. 

As we wouldn't want to restore the site just to have it attacked again (possibly with more serious consequences), a thorough audit is being done to identify and eliminate vulnerabilities in FA's source code before it's brought back up. Still no ETA, I'm afraid, but be assured tech has been working hard on it. 

Those of you who are artists for whom art is an important source of income, if you haven't already, you may want to check out the Art Sales section of this forum. It may not have as high traffic as what you'd normally get on mainsite, but it might at least help tide you over until we can bring the site back.


----------



## zidders (May 18, 2016)

Not trying to make myself sound like I'm a super great guy-I'm not always as good a person as I'd like to be-but I believe if we want the community to be better we can make it better by doing our best to be kinder towards each other. That's the nature of some of humanities biggest issues-people disrespecting others. What led to this event was someone with a lack of respect and an unwillingness to show others a little common decency causing everyone a ton of grief. If we all did our best to respect each other more stuff like this would happen a lot less if at all.


----------



## LunaAzzurro (May 18, 2016)

Storok said:


> quick guide to boost morale in the wrong direction:
> 
> Listen to this track:
> 
> ...



I made an account just to tell you this was hilarious.
...this was hilarious...

Well.. there goes about 5mins of my life.
Not like FA is up for me to spend it there anyway.


----------



## Gem-Wolf (May 18, 2016)

Caraid said:


> Except for those of us who are trying to conduct business through FA, of course. There are always other routes, but it's certainly very inconvenient. I don't have the contact information of all of the clients on my waiting list so I can't progress with commissions once my current active list runs out.
> 
> Of course, I'm to blame for not having a backup plan there, but to assert that people are only miffed because they can't access "their pr0nz" anymore is obviously bullshit. Possibly a bit of projection, too.


----------



## Gem-Wolf (May 18, 2016)

quoting_mungo said:


> A reminder to please tone down the bickering, side discussions (if you want to connect with someone on Kik or Telegram, or want to network with other artists, great, but please use PMs to discuss this so this thread can stay on topic), and image macros.



Ah sorry only just seen this


----------



## Mid-Nightshade (May 18, 2016)

quoting_mungo said:


> A reminder to please tone down the bickering, side discussions (if you want to connect with someone on Kik or Telegram, or want to network with other artists, great, but please use PMs to discuss this so this thread can stay on topic), and image macros.
> 
> The ImageTragick exploit was patched within hours of tech becoming aware of it. Bad luck meant that before this patch was employed, someone decided to use the exploit to download our source code.
> 
> ...



Thank you kindly for the update, hopefully it'll ease everyone's panic a little and stop the fighting among one another for something that's out of everyone's control.


----------



## ferretsage (May 18, 2016)

Mid-Nightshade said:


> Thank you kindly for the update, hopefully it'll ease everyone's panic a little and stop the fighting among one another for something that's out of everyone's control.



"Fighting", and yet this simple observational post is just my first reply to all the responses in this thread to my first post -- including an admin response at, like, 5 AM or some shit.

I'm not the first person to be dismissed as causing drama for furries without issuing any personal attacks or even punching back against any of the passive aggressive responses to my post. I'm not even fighting - - the drama is an illusion in your heads.

Sigh. Wasted words.

I am a gentleman who does not persist long where he is not wanted. As asked for by the administrative staff member, I will take my leave where there is no mutual respect lost.


----------



## SgtSitdown (May 18, 2016)

I really hope you guys and girls can get this sorted quick  i know how much of a pain this kinda thing can be X3 
But yeah, hope fully when it does come back up, it doesn't immediately crash from traffic XD

G'luck <3


----------



## MamaGennie (May 18, 2016)

I want to thank the team that is working on this to get FA back up and running.  I know that you are working hard to get the issue resolved, and get FA back up and running.  It can't be an easy task.

Ladies and Gentlemen, I know you want to be back to your pages, your submissions, you stories and everything else that you're involved in here, we all do.  But, take it from a computer tech, this stuff isn't a five minute fix  We may be down for a couple of days.  I haven't gone back and read through forty some pages of this stuff.  These guys and gals are doing their best to bring everything back to some semblance of normality, whatever the hell that is.  So, look, calm down, go outside and play.  You DO remember 'outside', right?  It's on the other side of that thing you look through called a 'Window' and the big tall thing called a 'Door.'  Take a walk, take a drive, go get on a bike and have some fun.

You're complaining and lack of understanding only makes this harder on the people who ARE trying to get it back for you.

Mama Gennie


----------



## maybeImAmazed (May 18, 2016)

*beep* ...   Also FA has a complete daily backup on the deep web ...*beep*


----------



## MamaGennie (May 18, 2016)

maybeImAmazed said:


> *beep* ...   Also FA has a complete daily backup on the deep web ...*beep*



From the very first page, Dragoneer posted:

"Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack."

So, no, daily backups are not done, at least according to the information that has been presented so far _that I have read_.


----------



## maybeImAmazed (May 18, 2016)

MamaGennie said:


> From the very first page, Dragoneer posted:
> 
> "Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack."
> 
> So, no, daily backups are not done, at least according to the information that has been presented so far _that I have read_.



I'm talking about deep web it's a .onion page.


----------



## Gem-Wolf (May 18, 2016)

maybeImAmazed said:


> I'm talking about deep web it's a .onion page.


Da hell is a .onion page? Seriously I have no idea


----------



## ---Storm--- (May 18, 2016)

quoting_mungo said:


> A reminder to please tone down the bickering


First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.



> The ImageTragick exploit was patched within hours of tech becoming aware of it. Bad luck meant that before this patch was employed, someone decided to use the exploit to download our source code.


Which happened *FIVE DAYS* after the patch was released. The whole Internet was talking about ImageTragick, even regular media did talk about it and you somehow still managed to completely miss it for five damn days. I believe you can admit that you are at fault there. But let the past be past, I'm not trying to mock you about anything, just pointing out that people are not pissed without a reason.



> As we wouldn't want to restore the site just to have it attacked again (possibly with more serious consequences), a thorough audit is being done to identify and eliminate vulnerabilities


And that is the right thing to do! Only that you should've audited your code long before. You knew it's old and messy. You knew that when a code is not kept up to date, let alone being based on ancient code patched around again and again, it is only a matter of time until something like this happens.

Again, what's done is done, it's past now, however I hope you are learning from this and taking measures to make sure this won't happen again.

You and I, and anyone with related knowledge all know, that FA needs to be rewritten from scratch, because no matter how well you fix it up, it is still castle built of recycled cardboard and plastic bags, reinforced with duct tape. So please, once the current emergency is taken care of, do the right thing and start rewriting FA as a whole, before an even worse attack happens. Yes, I know that's tremendous work, but you are funded by IMVU, aren't you? Downtime is bad for them too, so it is their interest as well. Unless of course, they stopped caring when they realized that Furry is not what they believed it to be.


----------



## Gem-Wolf (May 18, 2016)

---Storm--- said:


> First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.
> 
> 
> Which happened *FIVE DAYS* after the patch was released. The whole Internet was talking about ImageTragick, even regular media did talk about it and you somehow still managed to completely miss it for five damn days. I believe you can admit that you are at fault there. But let the past be past, I'm not trying to mock you about anything, just pointing out that people are not pissed without a reason.
> ...



46 pages of comments, and this is the best damn response hands down!


----------



## ElCid (May 18, 2016)

MamaGennie said:


> From the very first page, Dragoneer posted:
> 
> "Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack."
> 
> So, no, daily backups are not done, at least according to the information that has been presented so far _that I have read_.



What worries me is that we have no knowledge of what time the backup was made that day...


----------



## Snowbbi (May 18, 2016)

Gem-Wolf said:


> Da hell is a .onion page? Seriously I have no idea


I'm incredibly tired, but the best way I can describe it is that a .onion page is a deep web page. A site that isn't the typical .com, .net, that sort of thing. There are a lot of really nightmarish sites in the deep web, so I really wouldn't recommend looking for them.


----------



## SammyChasity (May 18, 2016)

Gem-Wolf said:


> Da hell is a .onion page? Seriously I have no idea


You're supposed to download a program called "tor" and use it in order to go onto the deep web. It's basically the layer of the internet below the "seen" internet, like ".net" and ".com" with a lot of red-rooms and things like that, where you use bitcoins to pay for things. You can get things like drugs and stuff like that on it. It's where all of the really unnerving parts of the internet are.


----------



## Gem-Wolf (May 18, 2016)

Snowbbi said:


> I'm incredibly tired, but the best way I can describe it is that a .onion page is a deep web page. A site that isn't the typical .com, .net, that sort of thing. There are a lot of really nightmarish sites in the deep web, so I really wouldn't recommend looking for them.






SammyChasity said:


> You're supposed to download a program called "tor" and use it in order to go onto the deep web. It's basically the layer of the internet below the "seen" internet, like ".net" and ".com" with a lot of red-rooms and things like that, where you use bitcoins to pay for things. You can get things like drugs and stuff like that on it. It's where all of the really unnerving parts of the internet are.


I think I get it now, but I kinda don't at the same time if that makes sense. anyway thanks guys


----------



## protocollie (May 18, 2016)

mikead999 said:


> Would it be impossible to reverse this process? From what experience I have with programming, it would not be very hard to reverse engineer this process from the source code.



The entire point of hashes is that they're not reversible; that's why they're used to store passwords. You'd have to be doing some otherworldly level brilliant work to figure out how to reverse engineer a hash, and you'd compromise the security of the _entire internet_ if you did it. Even with the code to generate the hash, your only option for reversing the hash is to come up with a list of every single string of characters that could be hashed and what the hashed output was and then do a comparison. That's something called a rainbow table. 



mikead999 said:


> Not to mention, with a custom browser (or maybe just using the console) it would also be possible to input the hash directly, skipping the hashing process. (Trust me, it's possible)



Short of another exploit, no, it's not. This is enforced on the server side, not the client side. When you hit the authentication endpoint on FA, the server decides whether or not to hash it - not the web browser. Short of another remote exploit there's nothing you could do to authenticate with a hash, the hash would just be hashed again and fail the comparison.

It's silly enough that people toss out technical advice all over the place, but it's more silly when they just make it up. If you don't know what you're talking about, don't say anything. C'mon now.


----------



## Mid-Nightshade (May 18, 2016)

ferretsage said:


> "Fighting", and yet this simple observational post is just my first reply to all the responses in this thread to my first post -- including an admin response at, like, 5 AM or some shit.
> 
> I'm not the first person to be dismissed as causing drama for furries without issuing any personal attacks or even punching back against any of the passive aggressive responses to my post. I'm not even fighting - - the drama is an illusion in your heads.
> 
> ...



This wasn't directed at you, but a general observation of a lot of people on the forums so far deciding to take out their frustration with words against one another and bickering.


----------



## Tenaki (May 18, 2016)

Whyyyy? This shit is so fucked up XD I had new watchers, comments, submissions.. This sucks ;3;


----------



## Daniel Arken (May 18, 2016)

I don't have time to read through 50 pages of comments, but I've been reading as I have time.

A lot of people seem unfamiliar with how software coding works within a company. FA is a web page, but effectively, it follows the same rules as software in terms of how the code itself is written and how you have to process changes. We get exposed to it where I work, but we see it through a web UI, as users who request bug fixes and additional functionality. It takes a lot of time to make even simple changes, and a lot of work goes into it. FA code is probably needing to be reworked and rewritten in parts due to the audit.

Basically, when we need to make changes to the software, a lot of things have to happen:

1] The changes are proposed to the development team. The team has to understand the scope of the changes and potential ramifications. In this case, this would be done internally, so additional information would be requested and provided by the same people.

2] A plan of action is laid out. How the software will be adjusted and rewritten is laid out to understand how (possibly) several components need to be adjusted simultaneously. This is done on a high level such that everyone is aware of what each other is going to do, and how they will do it.

3] Code is adjusted in a test environment. The immediate results are documented, and code is rewritten over and over again until the immediate results work as expected. This can take weeks, sonce multiple cogs in the machine usually need to be adjusted independently, even though they affect each other.

4] The entire site/software package requires an audit, usually a set of tests or test cases to ensure functionality has not been lost or altered in any other areas of the software or web page.

5] Steps one through four are repeated to eliminate bugs and errors. This can get done dozens of times, depending on how drastic the initial change was.

6] Once the audits come through clean and the change(s) have been fully validated, the changes are implemented into a live environment. At this point, you hope that the live environment is the same as the test environment. But...usually it is not.

7] When all of this has been completed, repeat steps one through six when the things you could not foresee/could not test for start popping up.

A lot of business situations are bound by the triad model: quality, cost, time. Circle two. That's what you can feasibly accomplish, but you'll sacrifice the third.

Personally, I don't care about the time it takes. I'm all for quality, and I know the FA team is somewhat limited in resources by funding. Sure, you could rewrite the whole site in three days, and have it run flawlessly. Have fun hiring a thousand coders and web development people.

In short...be patient, and don't be quick to judge and lay blame on the development team. Managing a site of this size and functionality is incredibly difficult. Things like this happen to big, high-profile sites. Hindsight is 20/20, and there's always something someone could have done. Stating those things is irrelevant and doesn't help the situation, it only creates anger. If you could make something completely unhackable, the IRS and companies like Anthem BCBS would never get hacked. Companies like Sony would never get hacked. But, you saw all of that happen in the last year.

FA will return.


----------



## quoting_mungo (May 18, 2016)

---Storm--- said:


> First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.


Oh, believe me, I get that people are upset. I'm not berating them for being distressed, at all. But there's been some unnecessarily pointed things said between posters, that I don't want to see in here. Attacking one another won't fix anything, and only serves to make this place unpleasant.


---Storm--- said:


> Which happened *FIVE DAYS* after the patch was released. The whole Internet was talking about ImageTragick, even regular media did talk about it and you somehow still managed to completely miss it for five damn days. I believe you can admit that you are at fault there. But let the past be past, I'm not trying to mock you about anything, just pointing out that people are not pissed without a reason.


I have no idea what path information would have taken. I personally had not heard of the exploit until it was mentioned in staff chat yesterday. I spend 80%+ of my waking time on the Internet. Ideally we'd have known sooner, yes, but to the best of my knowledge, that was when it came to tech's attention and it was promptly patched at that time. I'm mainly clarifying this to make sure everyone is on the same page - there have been people assuming that ImageTragick was being exploited yesterday, or that tech sat on the knowledge of the exploit for days or even weeks, and neither is the case.


---Storm--- said:


> And that is the right thing to do! Only that you should've audited your code long before. You knew it's old and messy. You knew that when a code is not kept up to date, let alone being based on ancient code patched around again and again, it is only a matter of time until something like this happens.


Code was being updated - it's not like tech has been sitting on their hands. It's a precarious balance between fixing functionality bugs (may or may not be visible to users), updating ugly or vulnerable code tech is already aware of (not visible to users unless something is seriously wrong, and nothing has been _that_ wrong thank goodness), implementing new functionality (the only updates guaranteed to be visible to users), and auditing the code as a whole to check for vulnerabilities that may or may not be there. In an ideal world, there would be resources, time, and patience to do all of the above starting at the invisible (since the invisible is generally where the stuff that can have HUGE CONSEQUENCES lies), but unfortunately what we're stuck with is a balancing act. And experience tells us when only invisible updates happen, that breeds discontent, because from the outside it looks like nothing is being done at all (and not everyone is willing to believe us if we say "actually backend updates are happening"). So we've tried to do the best we can while keeping everyone as happy as possible.

It sucks that someone decided to take advantage of the old codebase to screw over the entire userbase. No one wishes this had never happened more than we do. And yes, vulnerabilities in our code enabled it to happen. Unfortunately, having funding and having unlimited resources are two very different things, so doing things instantly (or anywhere close) is not an option. 

Ultimately though, it all comes down to, as you said, what's happened, happened. We can try to repair it but we can't undo the last 24-36 hours. We can only go from here.

Now I have to scram, because I'm late to an important date, but I'll try to keep you guys updated as best I can.


----------



## IT-Werewolf (May 18, 2016)

Well it's only really a slight inconvenience. Nobody will die from lack of FA, although I feel for those that have lost vital commission info.

As for why people do this, I can venture three guesses:
1 Fun
2 Protest
3 Money

Don't discount protest or fun just because these people are part of FA, after all, some sociopaths will always try to cause chaos for fun. And as for protest, well, this is the fury community, enough said...
As for money, who knows? Maybe they were paid, for one reason or another, to bring FA down?

Of course, it's no use shouting at the admins to backup or fix it because there will always be vulnerabilities which can be exploited in any website or its plugins.


----------



## torchlight (May 18, 2016)

protocollie said:


> It's silly enough that people toss out technical advice all over the place, but it's more silly when they just make it up. If you don't know what you're talking about, don't say anything. C'mon now.



That's the problem, most of the time they actually do think they know what they're talking about and believe what they're saying is true.


----------



## Tenaki (May 18, 2016)

Everyone should add me on kik, because why the hell not and yeah.. Let's be Frands ;3 ----> Motionless_Me


----------



## tako_cyanide (May 18, 2016)

Is there a Discord fur chat? Something to join while we wait?


----------



## scorcher836 (May 18, 2016)

well in the mean time if anyone wants to chat, both my steam and skype are scorcher836. go ahead and add me if you'd like. i dont mind meeting new furs.


----------



## Tenaki (May 18, 2016)

scorcher836 said:


> well in the mean time if anyone wants to chat, both my steam and skype are scorcher836. go ahead and add me if you'd like. i dont mind meeting new furs.


I'll add you!! Because new Frands cx


----------



## Tenaki (May 18, 2016)

Anyone who is interested in a chat group to talk and discuss their feelings or want to meet new friends, add me on skype @ tenaki1995 :3


----------



## PatrickQuin (May 18, 2016)

Yes, I'm another one of those who created an account for the first time just to participate in this thread. But I have a particular motive:


Spoiler: Search results for whining












To be expected, granted, and I won't deny there is such a thing as being a bunch of fussy babies. I don't think this is one of those cases. This may be the one time that a serious issue with FA is not associated with deep problems within the culture of this communities' leaders (oft dismissed as "drama" in addition to "whining"), problems that are easy look to look up, are touchy matters (especially to mods, a subset of said leadership), some of which may be categorized (I'd say unfairly) as gossip, so I won't enumerate them here.

Nevertheless, this may be a relevant video:





Edit: I'm not advocating harassment. I'm arguing against dismissing serious complaints over say, the risk of exposure of any of our PII (which IMVU will be legally responsible for), as whining.


----------



## ---Storm--- (May 18, 2016)

quoting_mungo said:


> Oh, believe me, I get that people are upset. I'm not berating them for being distressed, at all. But there's been some unnecessarily pointed things said between posters, that I don't want to see in here. Attacking one another won't fix anything, and only serves to make this place unpleasant.


Right, I agree with that. And thanks for responding to my criticism in a professional manner!



> I have no idea what path information would have taken. I personally had not heard of the exploit until it was mentioned in staff chat yesterday.


*OK, I have to correct myself here. I've got the dates wrong. Full public disclosure happened 3th May. It got widely publicized by articles on 4th May. So you fixed within 1-2 days.*

In this light I retract my previous statement. You reacted with 1-2 days, that is reasonable.



> I'm mainly clarifying this to make sure everyone is on the same page - there have been people assuming that ImageTragick was being exploited yesterday


I believe that's partly due to unclear communication from Dragoneer. When people asked about how the site was hacked he repeatedly said it was ImageMagick without clarifying he is talking about the theft of the code and that the theft happened weeks ago, and not yesterday's attack.



> Code was being updated - it's not like tech has been sitting on their hands.


This is however, where I believe you are taking the incorrect approach. You spend time and energy developing features and changing things in the current Frankenstein style code instead of focusing on a complete rewrite from scratch.

What I believe you should do is feature-freeze FA, and only fix vulnerabilities and critical bugs, while dedicating all the remaining manpower to the rewrite. New skin, gallery features and stuff for a code that needs to be trashed is wasted resources.



> And experience tells us when only invisible updates happen, that breeds discontent, because from the outside it looks like nothing is being done at all


That is easy to fix. While doing the rewrite, you can constantly post updates and journals reporting your progress. Let's say, a weekly report so we can see that you've been busy. And as soon as you reach an alpha stage, put up a demo and let people mess with it. Later, you can allow registrations into the demo system, which also gives you valuable live testing data. Let people mess around, let them do stupid things, let them try to break it and so on. You may still add minor features to the old site, that don't take much resources, and have a high impact/resource value.

Of course, there will be negativity and there will be whiners and trolls, but there always are. However, doing constant surgery on the current code simply doesn't worth it compared to spending those resources on the rewrite.



> Ultimately though, it all comes down to, as you said, what's happened, happened. We can try to repair it but we can't undo the last 24-36 hours. We can only go from here.


And this is the perfect time to explain to everyone that what is happening right now is exactly why you need to feature freeze and do a complete rewrite for the sake of the future of FA.

I would be very happy to hear the team's opinion on my above proposal. Do you agree a rewrite would be better? If no, why not? If yes, what is needed to make it happen?


And thank you again for your professional reply!


----------



## ZeePower (May 18, 2016)

As a former IT professional and webmaster, I can sympathize with the FA tech staff.  This attack looks like the modern incarnation of industrial espionage.  You guys have my sympathy and respect for how you are dealing with it.

Reading some of the criticisms in this thread, I am reminded of an old joke:

"When you're dead, you don't know that you're dead - it only hurts the people around you.  It's  the same when you're stupid."


----------



## RCRuskin (May 18, 2016)

Another justification for having left the site after it was illegally sold. Yes, I have evidence of that fact.


----------



## torchlight (May 18, 2016)

RCRuskin said:


> Another justification for having left the site after it was illegally sold. Yes, I have evidence of that fact.



It doesn't look like you did a very good job of leaving. Try again.


----------



## coyoteOdin (May 18, 2016)

The situation is very unpleasant and nervous

I have two questions:
1. I hope you plan to appeal to the police to catch the criminals, who organized this attack?
2 and still in a period of the FA work again?

PS. sorry for my not very good english


----------



## HannaLongtail (May 18, 2016)

Tenaki said:


> Everyone should add me on kik, because why the hell not and yeah.. Let's be Frands ;3 ----> Motionless_Me


NerdyCompanion


----------



## Furrypotato (May 18, 2016)

and that's why we cant have nice things


----------



## PatrickQuin (May 18, 2016)

ZeePower said:


> This attack looks like the modern incarnation of industrial espionage.


The corollary to Kerchoff's principle, Shannon's maxim, e.g. assume "the enemy knows the system," still holds.


---Storm--- said:


> First of all, thanks for the update! But in all honesty you shouldn't be surprised that people are pissed.
> You and I, and anyone with related knowledge all know, that FA needs to be rewritten from scratch, because no matter how well you fix it up, it is still castle built of recycled cardboard and plastic bags, reinforced with duct tape.


...or at least it holds to an extent.


----------



## Barking-In-the-Dark (May 18, 2016)

MarkOfBane said:


> Both Weasyl and DA are garbage, IMO.
> 
> Waves @Bourbon. <3
> 
> PS: Is there anywhere you aren't, @Mr. Fox ?



Aint that the truth, though I don't know anything about Weasyl. I do know plenty about DA, having 2 friends chased off of there. One by a some psycho fangirl that was obsessed with my friend's story they were writing and one of the characters in it. My other friend left because DA wouldn't help her with a persistent art-thief who plagued many of the fandom we were both in. 
I'm still on there under the name I use here (changed account for the reasons above), and I still wonder why the heck I'm still there. 

Also FA I hope you come back soon, and that the staff are getting plenty of rest (rooting for you guys), and I hope the stuff they think is lost is salvageable.


----------



## LadyNightosphere (May 18, 2016)

I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen. 

I'm also assuming there is _still _no ETA yet?


----------



## Keira_Lunar (May 18, 2016)

scorcher836 said:


> well in the mean time if anyone wants to chat, both my steam and skype are scorcher836. go ahead and add me if you'd like. i dont mind meeting new furs.





Tenaki said:


> Anyone who is interested in a chat group to talk and discuss their feelings or want to meet new friends, add me on skype @ tenaki1995 :3




i will add you both if you don't mind i like meeting new furs as well also my Skype and Steam are Keira Lunar   i have no Kik sorry and when it comes to sending me a request on skype pls  customise your request text saves me having to ponder if your a bot


----------



## Fordoxia (May 18, 2016)

LadyNightosphere said:


> I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen.
> 
> I'm also assuming there is _still _no ETA yet?



And this is why you make your own backups.  At least 3 different storage mediums if you really don't want to loose it.


----------



## Snowbbi (May 18, 2016)

LadyNightosphere said:


> I'm getting nervous about what is happening. I was planning on transferring/copying my submissions over to InkBunny yesterday and then I see this happen.
> 
> I'm also assuming there is _still _no ETA yet?


As of a few hours ago, there hasn't been one. I've been refreshing a lot of pages, including FA itself and there's still no news. Best to keep waiting here and checking r/furry, as the official statement over there is stickied too.


----------



## Hassat Hunter (May 18, 2016)

Trying to go through this thread (I know, too much time). Kinda leave the first 35 pages be as it's too long ago, but here from page 35 on, trying to make my way to the current page.

Small note; it's rather funny how people try to make the artists go to an alternative site to sell their art then think that "smart business sense". Getting 95% less clientele is good business? And then they are truly shocked when the actual artists point out to them their 'smart business plants' are outright suicidal to their income.


kisuka said:


> I'm honestly kind of sad to see that FA's sys admins didn't patch CVE-2016-3714 before it was too late... it's been known for weeks now...


FA fixed it 5 May. Alternative site (and apparently "much better than FA") Weasyl did... 3 May. So just a 2 day difference, and still the month inbetween people find so bad.

Safe to say if we were on another site, there would be absolutely no difference in this regards, and the only reason FA got picked out is it's popularity.


Keira_Lunar said:


> indeed  last year my house got broken into now my house is heavily secured
> 
> i only hope FA admins learn from this


Well, now you've secured your house from theft, it burns down.
And you get an earfull of people who complain how that could have happened when you've protected yourself from. Basically what happened here.


kisuka said:


> You should not be remembering passwords. You should be using a password manager like KeePass to generate a unique password for every website. Then you have a master key that opens your database of passwords.


Congrats, you've generated a single-point-of-failure. If that fails... EVERYTHING falls appart. Generally I don't really consider that the best of security measures. You don't either giving 2P-Authentication afterwards.
It's like putting 10 locks on your door, but having 1 master key that fits all 10. Those 10 locks aren't more secure than 1 lock like that.


Keira_Lunar said:


> *shudders* no offences but i HATE the two step locking function  its really messy and my phone can't take on any more apps i was lucky enough to install Steam mobile app at the least  i don't need more


I really HATE Steam mobile authenticator with a pure passion. Aside from being REQUIRED (why? I have no smartphone) it's entire goal was to remove the single-point-of-failure... and instead they just shifted it to the mobile device, which are less secure than desktops by definition. So much fail. Not to mention to overrun all that they give you a single deactivation code which creates a new easy access point into your account, so the entire stuff is pointless to the extreme security wise.


----------



## nyannom1 (May 18, 2016)

Gem-Wolf said:


> You guys really think that FA will have to start all over? So we lose all our watchers, submissions and all the hard work we did? You really truely believe FA can afford that kind of downfall??


Since I only have around 3 followers and 5+ submissions, I won't be in much of a stink, but I understand how people would feel if they were on the site for a long time and had to start over. 
Like I said before, it's hard rebuilding a demolished fortress, especially if the good building blocks are gone.


----------



## PatrickQuin (May 18, 2016)

Since as far as I can tell no one in this thread mentioned it: this caught the attention of InfoSec Taylor Swift:

__ https://twitter.com/i/web/status/732695858215411713So of course some tech folk are responding; including employees for big name companies; this should be a fun tweet thread to dig through.

Edit: this is too precious:


Spoiler





__ https://twitter.com/i/web/status/732750557299892225

__ https://twitter.com/i/web/status/732749229647663104

__ https://twitter.com/i/web/status/732750977619615745


----------



## LadyNightosphere (May 18, 2016)

Snowbbi said:


> As of a few hours ago, there hasn't been one. I've been refreshing a lot of pages, including FA itself and there's still no news. Best to keep waiting here and checking r/furry, as the official statement over there is stickied too.


Thank you very much.


----------



## LadyNightosphere (May 18, 2016)

Fordoxia said:


> And this is why you make your own backups.  At least 3 different storage mediums if you really don't want to loose it.


I know that now for next time. At least I still have a good chunk of my uploads on InkBunny, but not by much. I can probably go off of what I have on there to update my Weasyl and other places. If only they also had a transfer program like InkBunny does.


----------



## Keira_Lunar (May 18, 2016)

PatrickQuin said:


> Since as far as I can tell no one in this thread mentioned it: this caught the attention of InfoSec Taylor Swift:
> 
> __ https://twitter.com/i/web/status/732695858215411713So of course some tech folk are responding; including employees for big name companies; this should be a fun tweet thread to dig through.
> 
> ...




*sighs*  oh geeze NOW it starts   the confounded Twitter gosip this is why i don't have an account


----------



## AbandonedAccount#42137829 (May 18, 2016)

Dragoneer said:


> It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity's source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.
> 
> We managed to get a hold of one of the USB drives and started to analyze what was distributed. While we were investigating, somebody launched a second attack against the site using information gleaned from the source code.
> 
> ...


This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.


----------



## NoahGryphon (May 18, 2016)

Im not really that worried because they said its backed up at least  so il probably just lose a few favorites. But i still hope people who make moneh from furafffinity survive this


----------



## Mewtwolover (May 18, 2016)

SammyChasity said:


> You're supposed to download a program called "tor" and use it in order to go onto the deep web. It's basically the layer of the internet below the "seen" internet, like ".net" and ".com" with a lot of red-rooms and things like that, where you use bitcoins to pay for things. You can get things like drugs and stuff like that on it. It's where all of the really unnerving parts of the internet are.


To be exact, Tor is the name of the deep web network. You need to download Tor Browser in order to access it.


----------



## KazWolf (May 18, 2016)

NoahGryphon said:


> Im not really that worried because they said its backed up at least  so il probably just lose a few favorites. But i still hope people who make moneh from furafffinity survive this


I really hope my ref would been saved, It's older than 6 days, and i put it in Furaffinity on last year. I hope i could get access to my ref sheet again as I don't have it on computer anymore, atleast can't find it


----------



## Fordoxia (May 18, 2016)

TimtheBigDaddy said:


> This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.


Yeah, that would be nice.  But humans are evil.


----------



## PatrickQuin (May 18, 2016)

Keira_Lunar said:


> *sighs* oh geeze NOW it starts; the confounded Twitter [gossip]. This is why I don't have an account [there].


Tay is very reputable. As is Ceres, who is a mod for r/furry. As is a whole lot of official high ranking folk replying to her.


----------



## supersonicbros23 (May 18, 2016)

This has espionage written all over it. Its almost exciting in that factor, at least the way I see it. I just wish I didn't live so far away from where this BLFC is/was supposedly held, I'd go in there and try to get some answers


----------



## Barking-In-the-Dark (May 18, 2016)

TimtheBigDaddy said:


> This is upsetting to hear. I wish people would leave the furry community alone and just let us be us.



I doubt people ever will. There are some people who are just snotholes and then there are people who just don't like us because we're nerds opposing to their nerdyness or what ever. It's like the Star-Treks fans not liking the Star Wars fans. We're in the spotlight right now because of twitter posts, a few bouts of drama that happened earlier this month and possibly because of Zootopia. People usually don't ever let other alone. Thats why nerds and geeks avoided the 'jocks' and so forth because people can't just be nice and leave each other alone. 

Gawd I'm tired. X_x


----------



## MamaGennie (May 18, 2016)

coyoteOdin said:


> The situation is very unpleasant and nervous
> 
> I have two questions:
> 1. I hope you plan to appeal to the police to catch the criminals, who organized this attack?
> ...



Odin, the internet is very large.  I honestly don't know where the FA servers are, I don't care, but say they are here in the United States.  Say that attack came from China.  We may never know, the Admin people, the technicians, the IT experts may never know.  How can you ask the police to find a criminal who lives half way around the world?


----------



## Keira_Lunar (May 18, 2016)

Fordoxia said:


> Yeah, that would be nice.  But humans are evil.



all the more reason i have lost so much hope for the Human race and pround to be a Chilled Feline Furry girl =^.^=


----------



## Gem-Wolf (May 18, 2016)

MamaGennie said:


> How can you ask the police to find a criminal who lives half way around the world?



If pigs could fly


----------



## Keira_Lunar (May 18, 2016)

PatrickQuin said:


> Tay is very reputable. As is Ceres, who is a mod for r/furry. As is a whole lot of official high ranking folk replying to her.



well...ok then so its not truly started up yet sorry when i heard of the user name i was thinking of the singer that found out about it ....my bad


----------



## Raynehatori (May 18, 2016)

Seeing @Bourbon. here makes me happy.


Also this is really crappy, hopefully FA can fix this so that I can get some refs for art I wanna do since I don't have my refs saved on my computer since it's new D:


----------



## TaylorxxWolfie (May 18, 2016)

NoahGryphon said:


> I hope whoever did this is caught and executed or at least jailed for a long time.


Or maybe Dragoneer can use the spirit bomb or a Kamehameha wave


----------



## SammyChasity (May 18, 2016)

Mewtwolover said:


> To be exact, Tor is the name of the deep web network. You need to download Tor Browser in order to access it.



Ah! Thank you for correcting me! I've never gotten it myself so I don't know a lot


----------



## MamaGennie (May 18, 2016)

Fordoxia said:


> Yeah, that would be nice.  But humans are evil.



Speaking as a human, and not a fur, I don't consider myself to be evil.  I've supported, the best ways I've known how, the Fur Community every since I found out about it so many years ago.  My best friends are Furs.  Why does everyone group everyone in a single group all together?

I have an idea.  Why don't we group people as 'People who are EVIL and People who are GOOD?'  Then, we don't need to worry about them being 'Human', Fur, Baby Fur, AB/DL or whatever.

Don't buy into the stereotype, and don't help to perpetuate it.


----------



## Hassat Hunter (May 18, 2016)

Mr. Fox said:


> But some fucker out there has the source code and that means back-end access to everything. Passwords, personal information, the works.


Nope, source code != database.
Now if they got the database we probably would be in pain, if they manage to crack it too. Though I find it unlikely that they would manage to do that from the intitial exploit.


Mr. Fox said:


> They're going to have to start all over again, someone has the source code. That isn't just a simple patch and put FA back online job, the people that have the source will always have access to everything on a software level unless they make some serious back-end changes.


And that too is not how source code works. Yes, they can meticoulsy plough through it for exploits to abuse (which are the ones needing fixing), but that's really it.


> Mr. Fox said:
> 
> 
> > They can do everything an admin can do on a software level, including perv at your notes and any sensitive PayPal information you may have mentioned..
> ...


----------



## TaylorxxWolfie (May 18, 2016)

Takura said:


> I'd like to go to Inkbunny but...eh I don't get much attention there so for me I'll be on DeviantArt...this sucks because I was just starting to become more active on FurAffinity again. Then this happens >_> Whoever is responsible for this mess is a complete dickbag.


Yeah. Same. I literally just got ready to accept commissions and now this shit happens.


----------



## Gem-Wolf (May 18, 2016)

MamaGennie said:


> Speaking as a human, and not a fur, I don't consider myself to be evil.  I've supported, the best ways I've known how, the Fur Community every since I found out about it so many years ago.  My best friends are Furs.  Why does everyone group everyone in a single group all together?
> 
> I have an idea.  Why don't we group people as 'People who are EVIL and People who are GOOD?'  Then, we don't need to worry about them being 'Human', Fur, Baby Fur, AB/DL or whatever.
> 
> Don't buy into the stereotype, and don't help to perpetuate it.


Eveyone in the fandom are humans and furries. Fact


----------



## TaylorxxWolfie (May 18, 2016)

I don't understand what's so fun about hacking websites. What happiness does one get from it?


----------



## Bannor (May 18, 2016)

Gem-Wolf said:


> Eveyone in the fandom are humans and furries. Fact


*mind blown*


----------



## Gem-Wolf (May 18, 2016)

Bannor said:


> *mind blown*


I'm glad I made a difference in your life


----------



## XianFuSheng (May 18, 2016)

Fordoxia said:


> Yeah, that would be nice.  But humans are evil.


You _are _Human, by your statement, you too are evil then.

And honestly, every society has it's good and evil, it's not like _Furs_ are spotless either. It's stupid to group all people like that, there are good Humans and there are bad Furs, that is how life is.


----------



## Aenorin (May 18, 2016)

Keira_Lunar said:


> i still wonder just how many of us FA users just recently made an account for this forum site just to talk
> 
> but then again with FA down what else can we do to communicate its not like we are on a big social chat service like Gamevox , Team speak , Discord , Skype



FA could really use a Discord group I think :3


----------



## Soul_Wesson (May 18, 2016)

Snowbbi said:


> Honest question though, since I've only recently come back to FA, this is the longest I've seen it down. Is this amount of time normal or...?



It's been down a heck of a lot longer before. A few weeks was the longest I've seen.


----------



## Gem-Wolf (May 18, 2016)

XianFuSheng said:


> You _are _Human, by your statement, you too are evil then.
> 
> And honestly, every society has it's good and evil, it's not like _Furs_ are spotless either. It's stupid to group all people like that, there are good Humans and there are bad Furs, that is how life is.


I met a human once. I was fascinated. Then I realised I was looking in a mirror


----------



## ShaneKanayo (May 18, 2016)

Still closed, still closed...Mmmm


----------



## Gem-Wolf (May 18, 2016)

ShaneKanayo said:


>


----------



## b0rnstellar (May 18, 2016)

ShaneKanayo said:


> Still closed, still closed...Mmmm


Mmm.. Mmm.. Ah hah! No... Hmmmmm.


----------



## Krayne (May 18, 2016)

Ok why the hell are people so worried about their passwords and personal info being stolen???  Come on! This site requires ONE password and basically no personal info whatsoever.  So the only thing they get is one pass and basic info that could be false.
There's no bank accounts or credit cards linked to this site.  I hate to blame the victim but if you are stupid enough to use the same password here as any other site then you need a serious reality check.
Someone mentioned a password manager program.  It has already been said: stupid idea, pointless extra security step that actually makes you less secure.  Just write them down on paper and keep that hidden.  Yes that can be stolen or copied but it can't be hacked from across the world
Just like steam auth is total and complete bullshit.  I'm way more likely to lose my phone than my friggin desktop pc.  I downloaded BlueStacks Android emulator for steam auth and only allow it to run for confirmations.

Basically my feeling is that all these extra "security" measures make us less secure and more annoyed.   Clearly the people who work for these companies aren't nearly as smart as even your average hacker or they would never have thought of something as shitty as mobile authentication.
Just remember: FA has very little of your personal info so don't worry about that being stolen.  Just worry about the time lost not doing commissions.  For me it's kind of lucky this happened while I'm away on a trip but most of us aren't.


----------



## Taluwen (May 18, 2016)

Any sort of updates yet?


----------



## Bannor (May 18, 2016)

Taluwen said:


> Any sort of updates yet?


I'm eating a croissant.


oh, you meant the site?


----------



## KazWolf (May 18, 2016)

We need a updates a bit already, atleast one little update. I wanna know if submissions older than 6 - 7 days are all fine (backup correctly), I have panic i lost my ref's


----------



## Kitsune633 (May 18, 2016)

Bannor said:


> I'm eating a croissant.
> 
> 
> oh, you meant the site?




Is it a stuffed croissant?


----------



## Tengu (May 18, 2016)

_*Good luck to the admins trying to fix this mess, I couldn't imagine having to put up with half the bull they do mm*_
_Hopefully the site comes back up soon, till then I'll just hang out on DA and check the forums for update :Y_​


----------



## WinterTheWusky (May 18, 2016)

Bannor said:


> I'm eating a croissant.
> 
> 
> oh, you meant the site?



Best response ive seen XD


----------



## ---Storm--- (May 18, 2016)

KazWolf said:


> We need a updates a bit already, atleast one little update. I wanna know if submissions older than 6 - 7 days are all fine (backup correctly), I have panic i lost my ref's


They said that anything from before backup is fine, and also, even from after backup not everything was deleted and not all users were affected.

But to be honest, why on Earth would you not have a local backup of your refs if they are so important?


----------



## Bannor (May 18, 2016)

Kitsune633 said:


> Is it a stuffed croissant?


Nah, I'm not that kinky.


----------



## Barka (May 18, 2016)

It's really sad to see how many people have been affected by this. I'm no longer very active in my local furry community, but it seems to have been quite the trouble for those who are. I'm not justifying or taking a side on this attack, it's clearly a horrible thing that's happened. However, I do hope since it happened that they(being those who issued the attack) at least felt it was justified. There is no forgiveness for meaningless cruelty, but you can at least have some form of sympathy for misled views.


----------



## ---Storm--- (May 18, 2016)

Tengu said:


> _*Good luck to the admins trying to fix this mess, I couldn't imagine having to put up with half the bull they do mm*_
> _Hopefully the site comes back up soon, till then I'll just hang out on DA and check the forums for update :Y_​


Took me ten seconds to realize your post is not empty... Why for the sake of Cthulhu would anyone post in center aligned text?! O-o


----------



## TropicalDonkey (May 18, 2016)

KazWolf said:


> We need a updates a bit already, atleast one little update. I wanna know if submissions older than 6 - 7 days are all fine (backup correctly), I have panic i lost my ref's



Your files from before 6-7 days should be fine, according to the information provided. Heck, I think I read they're going to be able to restore anything from up to may 15th. Your ref should be just fine. 

Also this is garbage, you guys. If anyone wants to chat with me send me some PM's on here or something. ): I can't do commissions now. ugh.


----------



## Kitsune633 (May 18, 2016)

---Storm--- said:


> Took me ten seconds to realize your post is not empty... Why for the sake of Cthulhu would anyone post in center aligned text?! O-o




Because...reasons? Science?


----------



## Fordoxia (May 18, 2016)

Krayne said:


> Ok why the hell are people so worried about their passwords and personal info being stolen???  Come on! This site requires ONE password and basically no personal info whatsoever.  So the only thing they get is one pass and basic info that could be false.
> There's no bank accounts or credit cards linked to this site.  I hate to blame the victim but if you are stupid enough to use the same password here as any other site then you need a serious reality check.
> Someone mentioned a password manager program.  It has already been said: stupid idea, pointless extra security step that actually makes you less secure.  Just write them down on paper and keep that hidden.  Yes that can be stolen or copied but it can't be hacked from across the world
> Just like steam auth is total and complete bullshit.  I'm way more likely to lose my phone than my friggin desktop pc.  I downloaded BlueStacks Android emulator for steam auth and only allow it to run for confirmations.
> ...


Password managers (like 1Password) are actually very secure.  256 bit encryption takes billions of years to brute force.


----------



## ladykurai (May 18, 2016)

This thread has gotten way out of hand. So much whining and complaining going on in here.
How come noone ever applauds the Admins when NOTHING is going wrong?
No everyone always comes out once there is a problem and bashes whoever they can.

Just chill guys. Not like you can do anything else.
And for those whining about commissions etc. just switch to emails already. Much faster, way easier to organize and also safer.


Spoiler



"But I am too young to have an email!!!111!"
Well then I don't know what you're doing on fA anyway.



-edit-
Sorry for posting a non-pissed off opinion.
I forgot forums is where only shittalk belongs.


----------



## vastwhite (May 18, 2016)

damn, thats fucking brutal. sorry shit like this has to happen all the time :/


----------



## Barka (May 18, 2016)

---Storm--- said:


> Took me ten seconds to realize your post is not empty... Why for the sake of Cthulhu would anyone post in center aligned text?! O-o



I know this wasn't directed at me buuuuuuuuut.. It stands out from the rest of the comments, and looks pretty =3


----------



## Gem-Wolf (May 18, 2016)

Bannor said:


> I'm eating a croissant.


Share!


----------



## Bannor (May 18, 2016)

Gem-Wolf said:


> Share!


*tosses crumbs to the starving masses*


----------



## Tdawg (May 18, 2016)

I hope my stuff wasn't deleted dragoneer


----------



## Taluwen (May 18, 2016)

Bannor said:


> *tosses crumbs to the starving masses*


*noms*


----------



## messerschmitt109 (May 18, 2016)

Bannor said:


> *tosses crumbs to the starving masses*


stop! im allergic!


----------



## Hassat Hunter (May 18, 2016)

Barking-In-the-Dark said:


> I doubt people ever will. There are some people who are just snotholes and then there are people who just don't like us because we're nerds opposing to their nerdyness or what ever. It's like the Star-Treks fans not liking the Star Wars fans. We're in the spotlight right now because of twitter posts, a few bouts of drama that happened earlier this month and possibly because of Zootopia. People usually don't ever let other alone. Thats why nerds and geeks avoided the 'jocks' and so forth because people can't just be nice and leave each other alone.


From what appears to me (on Steam) is that most furry-haters are... anime-fans. Which seems mind-dumbingly crazy if you think about it. My own theory is that they try to "blacken" the furry community to make themselves feel better about being insecure about their own fandom. Can't think of any other reason.


MamaGennie said:


> Odin, the internet is very large.  I honestly don't know where the FA servers are, I don't care, but say they are here in the United States.  Say that attack came from China.  We may never know, the Admin people, the technicians, the IT experts may never know.  How can you ask the police to find a criminal who lives half way around the world?


Because countries have contact and their own police forces? You just formally fill in a request for arrest, then if they agree upon (which is easier if it's in another Western country of course) they arrest the person and send him/her over to the country that requested their transference. It's more common than you think.


----------



## Kitsune633 (May 18, 2016)

Bannor said:


> *tosses crumbs to the starving masses*




Om nom nom om nom.  Burp!


----------



## KazWolf (May 18, 2016)

---Storm--- said:


> They said that anything from before backup is fine, and also, even from after backup not everything was deleted and not all users were affected.
> 
> But to be honest, why on Earth would you not have a local backup of your refs if they are so important?



I might accidently deleted it when cleaning some space from hard drive. It must be accident, which i havent noticed


----------



## messerschmitt109 (May 18, 2016)

welp, im gonna go get some food and watch game grumps till i vomit

lucario, awaaaaaaaay!


----------



## Gem-Wolf (May 18, 2016)

Hassat Hunter said:


> From what appears to me (on Steam) is that most furry-haters are... anime-fans. Which seems mind-dumbingly crazy if you think about it. My own theory is that they try to "blacken" the furry community to make themselves feel better about being insecure about their own fandom. Can't think of any other reason.
> 
> Because countries have contact and their own police forces? You just formally fill in a request for arrest, then if they agree upon (which is easier if it's in another Western country of course) they arrest the person and send him/her over to the country that requested their transference. It's more common than you think.


Because their massive eyes are threatened by our massive c*cks

Yes but it involves a lot of red tape. Cops hate red tape.


----------



## PandaWanda (May 18, 2016)

*rolls in*

I heard they're were sharing croissants.


----------



## Tengu (May 18, 2016)

---Storm--- said:


> Took me ten seconds to realize your post is not empty... Why for the sake of Cthulhu would anyone post in center aligned text?! O-o


I just like the way it looks, I center everything lmao
​


----------



## supersonicbros23 (May 18, 2016)

50 pages later, where's OP?


----------



## TropicalDonkey (May 18, 2016)

supersonicbros23 said:


> 50 pages later, where's OP?


OP is currently working on trying to get everything fixed! Be patient, man.


----------



## Hassat Hunter (May 18, 2016)

ladykurai said:


> And for those whining about commissions etc. just switch to emails already. Much faster, way easier to organize and also safer.


So, you've got your entire backerslist on e-mail to send them the YCH that's going to make you this week's money?

Wait... probably not eh? Another case of the issue for artists isn't contacts, it's reaching the clientele to buy your product. Can't reach new people with an e-mail, even though new people can reach you by mail.


----------



## karozagorus (May 18, 2016)

I don't get it why some people would really do this.


----------



## WinterTheWusky (May 18, 2016)

karozagorus said:


> I don't get it why some people would really do this.


Neither do I :c


----------



## Victor-933 (May 18, 2016)

> How come noone ever applauds the Admins when NOTHING is going wrong?
> No everyone always comes out once there is a problem and bashes whoever they can.



Probably because you don't get buttpats for doing the shit you're supposed to do anyway. That's like congratulating random police officers for having not shot any dogs today.


----------



## Hassat Hunter (May 18, 2016)

Gem-Wolf said:


> Because their massive eyes are threatened by our massive c*cks


It's all fun and games until someone loses an eye by c*ck.


----------



## ladykurai (May 18, 2016)

Victor-933 said:


> Probably because you don't get buttpats for doing the shit you're supposed to do anyway. That's like congratulating random police officers for having not shot any dogs today.



Doesn't mean you should bash them for actually doing their job and working on resolving the problem.





Hassat Hunter said:


> So, you've got your entire backerslist on e-mail to send them the YCH that's going to make you this week's money?
> 
> Wait... probably not eh? Another case of the issue for artists isn't contacts, it's reaching the clientele to buy your product. Can't reach new people with an e-mail, even though new people can reach you by mail.




And you're gonna die from not being able to reach your audience for a few days?
Good finance plan you got there.


----------



## Lunarmagic (May 18, 2016)

Has there been any update on the estimated time? I do not wish to read through 30 pages of unread pages.


----------



## TropicalDonkey (May 18, 2016)

Lunarmagic said:


> Has there been any update on the estimated time? I do not wish to read through 30 pages of unread pages.


I read through all of it, man. No ETA.


----------



## Hassat Hunter (May 18, 2016)

"And you're gonna die from not being able to reach your audience for a few days?
Good finance plan you got there."
Nope. But it will harm income, the longer the more likely and potentially higher.

And it was mostly about the original suggestions anyway, which was due to Furaffinity being down a few days artists should have gone to other sites like Weasyl. Which have like... 2% the userbase you reach with FA at most. If one would listen to that, yes, they will surely loose their livelihood if furry art was it.
And then those people even proudly stated that was a sound business plan, and sticking to Furaffinity was "dumb" since that's where the money is.

EDIT: Appears the post I quoted is gone now. But yeah, to re-itterate, the point for artists is FA is the biggest source of clientele, and will get exposure your own website or others will not receive. Alternatives aplenty, but all of them result in a severe decrease in income due to much lower reach. That wont change no matter how often people try to co-erce artists to leave FA, or come in here claiming artists relying on FA to make a living are "dumb" and they need to look elsewhere. Going elsewhere isn't going to make you a living, it's going to take it away from you. And for what, a few days downtime?


----------



## TaylorxxWolfie (May 18, 2016)

You guys wanna play "would you rather"?

forums.furaffinity.net: Would you Rather


----------



## Mid-Nightshade (May 18, 2016)

Lunarmagic said:


> Has there been any update on the estimated time? I do not wish to read through 30 pages of unread pages.


Nothing yet


----------



## xTwilightStarx (May 18, 2016)

Lunarmagic said:


> Has there been any update on the estimated time? I do not wish to read through 30 pages of unread pages.


If you want to keep track of the sites status, just keep checking this thread; forums.furaffinity.net: 05/17/2016
That's where neer's been posting all the general updates, and it's an admin only thread, so you don't have to read through swarms of comments.


----------



## Agentxy14 (May 18, 2016)

It seems like most of the problems with recovery have been fixed since last night--or later, depending on what time zone this forum follows. That said, there's probably a crapton of code that needs to be scanned through to keep the loopholes closed to ensure this doesn't happen again. Yeah, I wish there was an ETA, too, but stuff like that could generally take some time, or be super quick. No one knows.

Still, I wish they didn't have to do this. Lousy hackers.


----------



## b0rnstellar (May 18, 2016)

In the meantime of this outage.. 

Anyone got any opinions on The Culling? It looks neat but the Steam reviews are putting me off


----------



## ---Storm--- (May 18, 2016)

ladykurai said:


> This thread has gotten way out of hand. So much whining and complaining going on in here.
> [...]
> I forgot forums is where only shittalk belongs.


Oh the irony!

The discussion was pretty calm and fine already when you suddenly butted in to shittalk about shittalking. :/


----------



## xTwilightStarx (May 18, 2016)

Agentxy14 said:


> It seems like most of the problems with recovery have been fixed since last night--or later, depending on what time zone this forum follows. That said, there's probably a crapton of code that needs to be scanned through to keep the loopholes closed to ensure this doesn't happen again. Yeah, I wish there was an ETA, too, but stuff like that could generally take some time, or be super quick. No one knows.
> 
> Still, I wish they didn't have to do this. Lousy hackers.


Aye, they've already completed the backup and restored the majority of what went missing.
All they're doing now is revising the code to eliminate any other possible issues, which could take a while considering how ancient it is.


----------



## Fordoxia (May 18, 2016)

Hassat Hunter said:


> From what appears to me (on Steam) is that most furry-haters are... anime-fans. Which seems mind-dumbingly crazy if you think about it. My own theory is that they try to "blacken" the furry community to make themselves feel better about being insecure about their own fandom. Can't think of any other reason.
> 
> Because countries have contact and their own police forces? You just formally fill in a request for arrest, then if they agree upon (which is easier if it's in another Western country of course) they arrest the person and send him/her over to the country that requested their transference. It's more common than you think.


Try finding out who did it when the guy is in a country on the other side of the world with poor relations with yours, who is operating on a proxy in Sweden; there's basically zero chance of getting caught.

CGP Grey sums it up quite nicely.


----------



## ---Storm--- (May 18, 2016)

*UPDATE ON TWITTER:


 https://twitter.com/i/web/status/732974327864414209*


----------



## Fordoxia (May 18, 2016)

KazWolf said:


> I might accidently deleted it when cleaning some space from hard drive. It must be accident, which i havent noticed


Always have at least 3 backups on different storage mediums (e.g. HDD, Archive, Cloud Storage) if you dont want to loose something.


----------



## Agentxy14 (May 18, 2016)

Fordoxia said:


> Try finding out who did it when the guy is in a country on the other side of the world with poor relations with yours, who is operating on a proxy in Sweden; there's basically zero chance of getting caught.



An unfortunate fact of life. There's a lot of bullies in the world, but either they're too powerful to fight, or too stealthy to be found. This gives them basically free reign to mess with the people who are weak or who aren't bothering anyone, without problems. And if people get upset, they get stonewalled or ignored.

Aaaaaaanyway, moving along from Depressing Agent Time, I can wait until the FA site is back up. I do hope the fallout wasn't much, but we can clean up the wreckage.


----------



## ---Storm--- (May 18, 2016)

Fordoxia said:


> Try finding out who did it when the guy is in a country on the other side of the world with poor relations with yours, who is operating on a proxy in Sweden; there's basically zero chance of getting caught.
> 
> CGP Grey sums it up quite nicely.


So?  We don1t know where the attacker is from, so the police needs to be notified either way. Just because there is a chance he is unreachable it doesn't mean we shouldn't even try.


----------



## Hassat Hunter (May 18, 2016)

Fordoxia said:


> Try finding out who did it when the guy is in a country on the other side of the world with poor relations with yours, who is operating on a proxy in Sweden; there's basically zero chance of getting caught.


You'd have a point, if it wasn't distributed on an American con, which makes the responsible people involved extremely likely to be American.
It's not like Eurofurence with the many nationality-pot (and still most being Germans still).

EDIT: Who are you replying to Storm on the first post this page? (Just curious)


----------



## ---Storm--- (May 18, 2016)

---Storm--- said:


> *UPDATE ON TWITTER:
> 
> 
> https://twitter.com/i/web/status/732974327864414209*


So does this widget work for anyone? All I see is a "loading tweet" placeholder, and I'm unable to just post a link because the forum will aggressively turn it into a [media] tag, no matter what.


----------



## ladykurai (May 18, 2016)

---Storm--- said:


> Oh the irony!
> 
> The discussion was pretty calm and fine already when you suddenly butted in to shittalk about shittalking. :/



Maybe I just remembered the bad parts of the 40+ pages prior.

Anyway my point was, the admins ARE doing their job and instead of being ungrateful we should just appreciate them working on it.
Sorry for voicing my opinion in the wrong manner.
Also, the thing about shittalking was edited in after people started doing it so don't blame me for that please. I did neither intend to start shit, nor enjoy it. All it does is ruin a bunch of people's mood and nobody wants that. 

And the twitter widget works for me, I see the tweet.


----------



## xTwilightStarx (May 18, 2016)

---Storm--- said:


> So does this widget work for anyone? All I see is a "loading tweet" placeholder, and I'm unable to just post a link because the forum will aggressively turn it into a [media] tag, no matter what.


It worked fine for me.
Maybe it's just your internet?


----------



## Syfaro (May 18, 2016)

---Storm--- said:


> So does this widget work for anyone? All I see is a "loading tweet" placeholder, and I'm unable to just post a link because the forum will aggressively turn it into a [media] tag, no matter what.



Any chance you have an ad blocker installed? Those often break things.


----------



## ---Storm--- (May 18, 2016)

Hassat Hunter said:


> EDIT: Who are you replying to Storm on the first post this page? (Just curious)


To everyone whose reaction to the notion of involving the police was to go on about how the police can do nothing if the attacker is [insert theory about which part of the World outside the USA he is in].

It's like there was a bleeding man and someone said we should call the ambulance, and then some people started going on about how he cannot be saved if [insert theory about he having lethal injury].


----------



## Ryuu Girl (May 18, 2016)

Draconas said:


> If any artists still communicate with clients via FA: don’t do that I don’t feel very sorry for them. This has happened countless times.



This is exactly why I conduct all commissions through order forms and demand emails. Thought you lose one form of communication I still have other sites I'm available on as well as contact information. Artists can draw to their hearts content but it's so easy to have poor professionalism.


----------



## Fordoxia (May 18, 2016)

---Storm--- said:


> To everyone whose reaction to the notion of involving the police was to go on about how the police can do nothing if the attacker is [insert theory about which part of the World outside the USA he is in].
> 
> It's like there was a bleeding man and someone said we should call the ambulance, and then some people started going on about how he cannot be saved if [insert theory about he having lethal injury].



"This man is missing the lower half of his body, his spleen, and _his left lung is several feet from his body_...  *CALL THE AMBULANCE!*"

Joking aside, apples and oranges.


----------



## Azrion/Zhalo (May 18, 2016)

The site has about 1800 guests on it right now and most are looking at this particular thread?


----------



## Ryuu Girl (May 18, 2016)

masahikoko said:


> makes me glad I don't use notes for commission info, and an outside form maker to get all that. at least this way i can still work on current coms even if i can't get any new ones (or far less than i otherwise would), and have alternate contact info for commissioners, until the site is back up. I hope you're able to fix it soon! good luck.



This right here, if you know how to run a business thorough 3rd party sites then if one goes down it honestly shouldn't be the big of an issue.


----------



## ---Storm--- (May 18, 2016)

ladykurai said:


> I will refrain from posting on the forums from now on don't worry.


No need for this. You are making drama now.



> Anyway my point was, the admins ARE doing their job and instead of being ungrateful we should just appreciate them working on it.


We were not complaining about them working on it. We were complaining about them not doing their job properly in the past by:
 - Not auditing the code for exploits in the past instead of only now when an attack already happened.
 - Not having proper backup system in place. 6 days with no backups is unacceptable for a site like FA.
 - Duct taping an ancient and bad code instead of finally rewriting, something they should have done years ago.


----------



## Ryu Deacon (May 18, 2016)

Hassat Hunter said:


> "And you're gonna die from not being able to reach your audience for a few days?
> Good finance plan you got there."
> Nope. But it will harm income, the longer the more likely and potentially higher.
> 
> ...


It only harms income because you are in one place which is why we are having all this whining and why FA was attacked in the first place (again this is not about hate, this is about the ease of hurting many financialy, and this community makes that easy), any professional freelance artist has the common sense of setting up multiple avenues of commissioners reaching them and vice versa, be it social network, galleries or personal websites, its a mistake depending on one community to make a living.

And No one was suggesting to lieve FA, we are suggesting to branch out (might i add not just to known furry sites), they are 2 diferent things. NO one was stating you should go to weasyl but the people calling it trash in this whole thread , maby you should stop producing your own drama.


----------



## AsheSkyler (May 18, 2016)

At least that Tweet looked positive. Maybe it'll be back within a day or two then.

In the mean time, a wee break would be nice. Yes, yes. Well, from drawing. I've been in the middle of site maintenance at my own place, and what better time to go do some more of that than in the middle of a hack-attack?


----------



## Hassat Hunter (May 18, 2016)

Ryuu Girl said:


> This right here, if you know how to run a business thorough 3rd party sites then if one goes down it honestly shouldn't be the big of an issue.


The problem (as stated often before) isn't keeping in touch with existing clients, it's making new clients.
FA is good for that. Your 3rd partysite is good (great) for organising, but it won't do your PR for you the way FurAffinity does. That was the whole point of the argument.

Basically there are 2 "stages" to art.

For the first stage (let's call it "1"), you need a new client. For people to order your art you need exposure. A website is good, a mail is good, but for most furry artists their FA page is the biggest part of their exposure and where most of their orders come from, be it people bidding on a YCH, claiming a slot for commissions being promoted in your journal, looking at your 3-rd partysite coming from your FA page. This is the actual stage where you get money from people. Arguable very important. FA really helps with this.

Then we have stage 2, which is actually working your art. You've got the dough, and now you need to release a product. At this stage most artists do NOT use FA. Their art-programs don't use FA, communication usually goes over other means or if it goes over notes there are alternatives (after all a paypal payment does also provide you with a mailadress). Important information like a refsheet is saved on the artists harddrive or stored on said 3-rd party site with the purchase.

Now what happens in this thread is artists like Bourbon. stating FA is vital for their income due to stage 1. And yes, they are right. Then we've got people coming in and saying artists are stupid to rely on FA going down and give alternatives for stage 2. The stage artists don't use FA in the first place. A very big exchange happened where Mr. Fox gave all good alternatives for stage 2, and then the artists gave reasons not to leave as per stage 1. And there's still a lot of people talking besides each other in this thread about thse 2 very specific different states, and offering artists all kinds of sollutions for stage 2. But really, THEY DON'T NEED ALTERNATIVES FOR STAGE 2. They can use them for stage 1, but frankly, there is no such alternative available to FA for furry artists. And only stage 1 is affecting their income at all even. Stage 2 delay would just give the commissionairs at worst a later date to receive their art (albeit unlikely since aforementioned reasons).

It seems people are in a pertipual state here that artists just make art, nothing else. And then completely forget they also need to SELL that art. So when artists come and do say this may affect their income, they completely gloss over stage 1, like it doesn't exist, and offer resolutions to stage 2 so they 'wont loose money'... completely oblivious that infact what they offer is not what the artists is talking about *at all*.
Sure, moving everything over to your own website will solve stage 2 if FA is down, but good luck having your website get any kind of attention FA is getting to not get into issues for stage 1.


----------



## Rabbi-Tom (May 18, 2016)

From what appears to me (on Steam) is that most furry-haters are... anime-fans. Which seems mind-dumbingly crazy if you think about it. My own theory is that they try to "blacken" the furry community to make themselves feel better about being insecure about their own fandom. Can't think of any other reason.

Because countries have contact and their own police forces? You just formally fill in a request for arrest, then if they agree upon (which is easier if it's in another Western country of course) they arrest the person and send him/her over to the country that requested their transference. It's more common than you think.



Thats what happened at NakamaCon in Madison, a Furry/Anime convention 5 years ago. The furries outnumbered the Anime fans 2-1 and the Anime fans DEMANDED that the con chair boot the furries out of THEIR Conventon cause Furries are just wrong! The Con Chair delt with the anime fan whining as much as he could, even said the furries were far more polite and didn't constantly bitch, plus actually spent money at ALL the dealers, even the Anime ones.
But no, the Anime fans badgered the con staff and bitched more to where the con chair said he's had it with running it and dropped out for the next year. The New con chair, who was also the backer financially never attended any of the meetings, staff gatherings to plan the con and 6 weeks before NakamaCon 2, announced he was backing out and withdrew his financial support because nobody cared about him.

We had 472 attendees at that cons debut...wonder where it would have gone had the anime fans and the one con chair didn't wimp out.


----------



## kisuka (May 18, 2016)

Hassat Hunter said:


> FA fixed it 5 May. Alternative site (and apparently "much better than FA") Weasyl did... 3 May. So just a 2 day difference, and still the month inbetween people find so bad.


CVE-2016-3714 had been known since mid/late april. They should have at least disabled all uploads temporarily until the patch came out. When the patch came out on May 3rd they then took 2 days to patch it. Even two days is too long when it comes to a critical security issue. Especially when this particular exploit had so much press among blogs and hacker news sites.

This is something they should have been on top of way earlier since they know they use ImageMagick. However it feels like they didn't even know the exploit existed until they read a news article about it after the patch had already been released 2 days prior.

Someone wasn't keeping up to date with the exploit reports on the software installed on their server. Plain and simple.


----------



## Ryuu Girl (May 18, 2016)

Hassat Hunter said:


> The problem (as stated often before) isn't keeping in touch with existing clients, it's making new clients.
> FA is good for that. Your 3rd partysite is good (great) for organising, but it won't do your PR for you the way FurAffinity does. That was the whole point of the argument.
> 
> Basically there are 2 "stages" to art.
> ...




I should have stated if you collected emails and use those conducting commissions still shouldn't be a problem.


----------



## Ryuu Girl (May 18, 2016)

supersonicbros23 said:


> 50 pages later, where's OP?



Do you want the ite to be fixed or him to reply to everyboday? He is only one person.


----------



## Winter.Maelstrom (May 18, 2016)

I would like to step in here and say that I really am grateful that the admins are doing what they can to fix this. I feel they really are trying, considering all circumstances of the site.

I also agree with some of the grievances that have been brought up.
- More frequent backups would be nice.
- Re-written source code would be beneficial.

Thank you to those who are trying to get FurAffinity back up and running. I miss it already!


----------



## rjbartrop (May 18, 2016)

Alternate sites are a good idea regardless of what your favourite art site happens to be, because sites always break.   Yes, some are better than others, but right now, a Weasyl where you can post art is infinitely better than a FA where you can't.  It's still a place your can point people to while FA gets fixed.


----------



## noveltybest (May 18, 2016)

Rabbi-Tom said:


> From what appears to me (on Steam) is that most furry-haters are... anime-fans. Which seems mind-dumbingly crazy if you think about it. My own theory is that they try to "blacken" the furry community to make themselves feel better about being insecure about their own fandom. Can't think of any other reason.
> 
> Because countries have contact and their own police forces? You just formally fill in a request for arrest, then if they agree upon (which is easier if it's in another Western country of course) they arrest the person and send him/her over to the country that requested their transference. It's more common than you think.
> 
> ...



seems like a 100 year anime vs furry(anthro) war who ever the hacker is he knows what hes getting and its in 2 words.

internet penalty!

that's all but I create both anime and furry content so less likely I would be responsible for this.


----------



## Ryu Deacon (May 18, 2016)

Hassat Hunter said:


> The problem (as stated often before) isn't keeping in touch with existing clients, it's making new clients.
> FA is good for that. Your 3rd partysite is good (great) for organising, but it won't do your PR for you the way FurAffinity does. That was the whole point of the argument.
> 
> Basically there are 2 "stages" to art.
> ...


And this is why you you dont rely on just one community for your business/income Hassat, multible avenues for "1". This Rule applies as much to any Business  as it does to artists and even nations


----------



## TaylorxxWolfie (May 18, 2016)

Thanks for the update Dragoneer! Good to know that you're making good progress!


----------



## Winter.Maelstrom (May 18, 2016)

TaylorxxWolfie said:


> Thanks for the update Dragoneer! Good to know that you're making good progress!



Any update is a good update.


----------



## noveltybest (May 18, 2016)

when the site shut down I had a few things needing to be submitted so I guess ill be getting updated on this.


----------



## TaylorxxWolfie (May 18, 2016)

Winter.Maelstrom said:


> Any update is a good update.


Yes! It's good to know that he's busy, but not to busy to tell us what's up!


----------



## TaylorxxWolfie (May 18, 2016)

noveltybest said:


> when the site shut down I had a few things needing to be submitted so I guess ill be getting updated on this.


Same


----------



## Hassat Hunter (May 18, 2016)

Ryu Deacon said:


> And this is why you you dont rely on just one community for your business/income Hassat, multible avenues for "1". This Rule applies as much to any Business  as it does to artists and even nations


I think Bourbon. way earlier already mentioned exactly why there are no real suitable alternatives to FA at this point. Yes, having a website as alternative is always good, but you can't really expect it to have much reach if any. You still need to reach them some other place to get them to go there in the first place. A ghosttown wont do that.
Also there are plenty of nations who literally rely on one thing to survive, be it oil or other natural resources and tourism. Take that away from them and they will tumble like a card-house.

Think of it like a company selling oil, then suddenly for a week cars do not work. Sure you can still sell a bit for say plastic and stuff, but it's peanuts compared to the actual big job; automobiles.

EDIT: FA not only allows you to sell, but also is a great promotional platform. Much of the same reasons why Steam is successful (even if I start hating it), and even if there are alternatives, asking any dev the sell-numbers are usually skewed over 85% in Steam's profit.


----------



## Pace VanRign (May 18, 2016)

Yeah...this is...rough on me as an artist. I'm chomping at the bit, here. I had an auction, a kiriban going, and...just...yeah, this is rough. I work from home, and this is my primary source of income at the moment.


----------



## Rainbowdragon (May 18, 2016)

Just adding my two cents here, I hardly use the forums but I'm using them now, lately FA has improved. Yes the source code is still ancient if those other coders are right. However, it's easy on older or crappier systems (my wii U which doesn't have a good internet browser loads up FA quickly, where it errors out or even freezes on sites like DA or weasyl), the admins seem to jump on errors more quickly now (they DID fix the exploit, late but they fixed it plus downloading the source code onto flash drives? that's a tad over the top isn't it?) all I can see is aside from them still taking too long with updates the site is better overall.


----------



## HoneyKing (May 18, 2016)

Art is my primary income too, but everyone needs to relax.  The site's been down for a day.  Do some other work, make more YCH, design characters to sell.  As an artist there is ALWAYS something you can do during downtime.  This is not the end of the world, we will get through this.  We've gotten through this countless times before.

(Also, if you have commissioners you need to contact to give finished pieces to or ask questions etc etc, use the email that they paid you with via Paypal, duh.)


----------



## Serathinian (May 18, 2016)

I had finally finished a story I was writing for FA when I found out the site went down.
That was some awful timing. I'm anxious to upload it.


----------



## ---Storm--- (May 18, 2016)

Why do any of you think that it is our (artists) choice to communicate via Notes and over FA? It's not. FA is where 99% of the commission scene happens. If you are trying to make a living from art, and not just doing it as a hobby in your free time, then FA is essential and crucial, because it is the only platform to reach out to enough potential customers, build a name and so on.

I can upload something to Weasyl and get 3 views on it in hours, and upload the same to FA and get 300 views in the same amount of time (i actually did upload parallel for a while). 

And people WILL contact us through Notes (and comments, and shouts), it isn't our choice either. After that, when contact is established we can ask them to use another channel, be it Skype, email or whatever but FA will always remain the N°1 source of first contacts.

So bashing us claiming that we are doing it wrong by counting on FA is ridiculous and arrogant, and I can't help but to assume is coming from people who are either not selling at all or are selling only as a hobby, and not doing this for a living.


----------



## TaylorxxWolfie (May 18, 2016)

HoneyKing said:


> Art is my primary income too, but everyone needs to relax.  The site's been down for a day.  Do some other work, make more YCH, design characters to sell.  As an artist there is ALWAYS something you can do during downtime.  This is not the end of the world, we will get through this.  We've gotten through this countless times before.
> 
> (Also, if you have commissioners you need to contact to give finished pieces to or ask questions etc etc, use the email that they paid you with via Paypal, duh.)


Your right! We really don't need to panic. Yes, it sucks, but I guess it gives us more time to draw what we want!


----------



## Hassat Hunter (May 18, 2016)

---Storm--- said:


> So bashing us claiming that we are doing it wrong by counting on FA is ridiculous and arrogant, and I can't help but to assume is coming from people who are either not selling at all or are selling only as a hobby, and not doing this for a living.


I'm fairly sure it's just ignorant people who when artists say "they need FA" instead of thinking what you and I think they immediately go to 'use notes to exchange contact', 'exchange money through FA' (which isn't even possible) and 'having to look up refsheets on FA' to work, and reach, first contact, PR or selling your product never even reaches their thoughtpattern.


----------



## rjbartrop (May 18, 2016)

And yes, FA is great for building a client base but really, a couple of days without it is not going to make  that big an impact.


----------



## Draghorn (May 18, 2016)

*Completely off-topic:*


Rabbi-Tom said:


> From what appears to me (on Steam) is that most furry-haters are... anime-fans.


Er, I like both.  All the art I follow on DA is either furry style art or anime/manga style art.  I guess I'm some kind of _weirdo_.  (wavy noodle arms)

Anyway I would follow more anime/manga art but I don't know any site specifically for anime style art.  I know like four furry sites. (including this one)

Anyway, sorry for the OT.  That statement I read caught my eye since I'm the exact opposite of that statement.  I guess it could be one of those things where not all anime fans are furry haters but most furry haters are anime fans....maybe?


----------



## Hassat Hunter (May 18, 2016)

I don't have many issues with anime-fans.
Just an observation from when a furry game was on Steam greenlight and literally 95% of the people posting death-threats, "this is horribly", "you disgusting people" etc... where profound anime-lovers.



> yea financially its gonna make you loose maybe one or two buck or maybe nothing there is so many sites to go to when it comes to these matters.


Artists I follow? Their YCH's generally go for $500 or more. Of course they are also the ones actively making a living of the art.


----------



## noveltybest (May 18, 2016)

rjbartrop said:


> And yes, FA is great for building a client base but really, a couple of days without it is not going to make  that big an impact.


yea financially its gonna make you loose maybe one or two buck or maybe nothing there is so many sites to go to when it comes to these matters.


----------



## Bannor (May 18, 2016)

Are we there yet? Are we there yet? Are we there yet? Are we there yet? Are we there yet? Are we there yet? Are we there yet? 


Just kiddin'.  I appreciate the work 'Neer and the staff are doing to resolve this unfortunate situation.  :3


----------



## TaylorxxWolfie (May 18, 2016)

Hassat Hunter said:


> I don't have many issues with anime-fans.
> Just an observation from when a furry game was on Steam greenlight and literally 95% of the people posting death-threats, "this is horribly", "you disgusting people" etc... where profound anime-lovers.


Why can't all fandoms and groups of people just love each other?


----------



## CorruptedWaffles (May 18, 2016)

Hassat Hunter said:


> I don't have many issues with anime-fans.
> Just an observation from when a furry game was on Steam greenlight and literally 95% of the people posting death-threats, "this is horribly", "you disgusting people" etc... where profound anime-lovers.



What game was it if you mind me asking? Was it any good?


----------



## Keira_Lunar (May 18, 2016)

Hassat Hunter said:


> I don't have many issues with anime-fans.
> Just an observation from when a furry game was on Steam greenlight and literally 95% of the people posting death-threats, "this is horribly", "you disgusting people" etc... where profound anime-lovers.



and yet that furry game like Dust an Elysin tale did ever so well  so screw the haters


----------



## Winter.Maelstrom (May 18, 2016)

TaylorxxWolfie said:


> Why can't all fandoms and groups of people just love each other?



That would be like asking why there can't be world peace.
Because each person is still a human, furry or not. And we humans have a knack for just not getting along as a whole.


----------



## Shadow (May 18, 2016)

I can't help, but laugh internally at how exploitable FA still is.

There's gotta be something better than "told you so!" XD


----------



## noveltybest (May 18, 2016)

Hassat Hunter said:


> I don't have many issues with anime-fans.
> Just an observation from when a furry game was on Steam greenlight and literally 95% of the people posting death-threats, "this is horribly", "you disgusting people" etc... where profound anime-lovers.


and that actually happened no way but there can be furry anything why are anime and fur haters acting up because of that I highly doubt it. but I wouldt doubt it if it was taking revenue off their anime games.


----------



## Hassat Hunter (May 18, 2016)

Major/Minor
I like it, opinions vary. Most people object to it being a VN (Visual Novel) and thus the game is "too much reading and just making a choice once and now", which kinda is what the genre is all about, like complaining about numbers in RPG's.
But of course, as all stories go, it's really up to the readers taste.

EDIT: With how many anime VN's there are, I doubt a single furry one would be much of a threat, noveltybest.


----------



## kisuka (May 18, 2016)

Shadow said:


> I can't help, but laugh internally at how exploitable FA still is.
> 
> There's gotta be something better than "told you so!" XD


there is:

*facepalms*


----------



## TaylorxxWolfie (May 18, 2016)

Winter.Maelstrom said:


> That would be like asking why there can't be world peace.
> Because each person is still a human, furry or not. And we humans have a knack for just not getting along as a whole.


That's true, we don't have to like one another but we should at least accept each other. Lol I sound like a philosopher.


----------



## Keira_Lunar (May 18, 2016)

kisuka said:


> there is:
> 
> *facepalms*



*facepaws and sighs* i only hope the FA admins learn from this and make sure it dose not happen again


----------



## TaylorxxWolfie (May 18, 2016)

Keira_Lunar said:


> *facepaws and sighs* i only hope the FA admins learn from this and make sure it dose not happen again


Fingers crossed.


----------



## Winter.Maelstrom (May 18, 2016)

Hassat Hunter said:


> Major/Minor
> I like it, opinions vary. Most people object to it being a VN (Visual Novel) and thus the game is "too much reading and just making a choice once and now", which kinda is what the genre is all about, like complaining about numbers in RPG's.
> But of course, as all stories go, it's really up to the readers taste.
> 
> EDIT: With how many anime VN's there are, I doubt a single furry one would be much of a threat, noveltybest.



So I liked what I saw there in the game. But I am confused what it really is. Is it a mystery game? A dating game?


----------



## PheagleAdler (May 18, 2016)

Mr. Fox said:


> They're going to have to start all over again, someone has the source code. That isn't just a simple patch and put FA back online job, the people that have the source will always have access to everything on a software level unless they make some serious back-end changes.



I don't understand why they can't just 'plug the hole' and move on.


----------



## xTwilightStarx (May 18, 2016)

PheagleAdler said:


> I don't understand why they can't just 'plug the hole' and move on.


That would only fix the issue for a short period of time.
You have to remember how many times FA has been attacked because of this half-arsed way of dealing with things.


----------



## Hassat Hunter (May 18, 2016)

PheagleAdler said:


> I don't understand why they can't just 'plug the hole' and move on.


Cause there is no one hole to plug. That was the case, but no longer.

Now it's finding an unknown amount of needless in a haystack, and then fixing them all, hoping no needles are left behind.


----------



## Modestyshorts (May 18, 2016)

Draghorn said:


> *Completely off-topic:*
> 
> Er, I like both.  All the art I follow on DA is either furry style art or anime/manga style art.  I guess I'm some kind of _weirdo_.  (wavy noodle arms)
> 
> ...



As an old die-hard anime Otaku from the 80's, I can say that I like both as well ^.^ The furries I've come to know over the years are largely anime fans as well (to some degree between 'yea it's neat' to crazy about it like me). The anime otaku I do know who aren't furries often poke fun at the fandom in jest - they throw around insults like 'disgusting perverts' as a joke, knowing how ironic it is due to their own tastes. Not trying to say that this is the case for every anime fan taking a shot at furries, but the people who I know or casually chat with, this is almost always the case :>

In my head this fandom and anime have always sort of gone hand-in-hand more or less. There's a lot of crossover, in both style and intellectual property I think.


----------



## Shadow (May 18, 2016)

PheagleAdler said:


> I don't understand why they can't just 'plug the hole' and move on.



You mean the lazy, complacent, ignorant method which leaves the rest of the code to be exploited?

Source code is what makes the site function.


----------



## Keira_Lunar (May 18, 2016)

Modestyshorts said:


> As an old die-hard anime Otaku from the 80's, I can say that I like both as well ^.^ The furries I've come to know over the years are largely anime fans as well (to some degree between 'yea it's neat' to crazy about it like me). The anime otaku I do know who aren't furries often poke fun at the fandom in jest - they throw around insults like 'disgusting perverts' as a joke, knowing how ironic it is due to their own tastes. Not trying to say that this is the case for every anime fan taking a shot at furries, but the people who I know or casually chat with, this is almost always the case :>
> 
> In my head this fandom and anime have always sort of gone hand-in-hand more or less. There's a lot of crossover, in both style and intellectual property I think.



so since im a Furry and Anime lover  what dose that make me then ?


----------



## b0rnstellar (May 18, 2016)

Keira_Lunar said:


> so since im a Furry and Anime lover  what dose that make me then ?


a_ heretic_


----------



## ohtar (May 18, 2016)

PheagleAdler said:


> I don't understand why they can't just 'plug the hole' and move on.



and then when someone gets right back in through a new hole they punched because the staff merely put a band-aid over the problem rather than try to ensure it wont happen again, I imagine you'll be just fine with that and wont complain about the downtime at all, right?


----------



## Keira_Lunar (May 18, 2016)

b0rnstellar said:


> a_ heretic_



sorry im not to bright that means ?  from the sound of it  sounds offencive 
sorry if it not


----------



## quoting_mungo (May 18, 2016)

Things are coming along, and I can confirm that there _is_ a light at the end of the tunnel. Still can't give y'all an ETA, I'm afraid, but the techs have really worked their tail ends off, and I think they deserve all credit and appreciation for the hard work! 



KazWolf said:


> I really hope my ref would been saved, It's older than 6 days, and i put it in Furaffinity on last year. I hope i could get access to my ref sheet again as I don't have it on computer anymore, atleast can't find it


Anything older than May 11 is definitely safe. Has been all along, since it would have been included in the full backup.


----------



## TaylorxxWolfie (May 18, 2016)




----------



## Modestyshorts (May 18, 2016)

Keira_Lunar said:


> so since im a Furry and Anime lover  what dose that make me then ?



Someone that is involved in more than one fandom?


----------



## desoto_jellywerewolf (May 18, 2016)

It's a small thing but I must say that the continual use of 'ETA' amuses me..

The better acronym is ETR or Estimated Time of Repair/Restoration.


----------



## Keira_Lunar (May 18, 2016)

quoting_mungo said:


> Things are coming along, and I can confirm that there _is_ a light at the end of the tunnel. Still can't give y'all an ETA, I'm afraid, but the techs have really worked their tail ends off, and I think they deserve all credit and appreciation for the hard work!
> 
> 
> Anything older than May 11 is definitely safe. Has been all along, since it would have been included in the full backup.




* offers hugs and hot chocolate drinks to the staff * glad to hear the process of recovery is going somewhat smoothly


----------



## PheagleAdler (May 18, 2016)

---Storm--- said:


> IMVU I think realized long time ago that they were living in pinky dreamland about what FA is (they thought IMVU community = furry comunity), and how they can earn money with it and actually it was a waste, so they probably cut funding.
> 
> As for FA, the code is as ancient as the pyramids, outdated and botched, totally unsuitable for today's technological level. Trying to patch it around is like thinking that if you sharpen your chipped sword you are still good to go against a modern army with assault rifles and tanks.
> 
> ...


Must be strong duct tape, it's been holding for quite a while.


----------



## xTwilightStarx (May 18, 2016)

Rather than get angry about it, I just have to kinda laugh at the hypocrisy of one controversial fandom hating on another.


----------



## Hassat Hunter (May 18, 2016)

Yay for progress!


Modestyshorts said:


> In my head this fandom and anime have always sort of gone hand-in-hand more or less. There's a lot of crossover, in both style and intellectual property I think.


I know right. But sadly it's not even a fluke since I still see it happen regularly. Maybe just a Steam thing though... hopefully (Steam community kinda sucks in general anyway).


----------



## Keira_Lunar (May 18, 2016)

Modestyshorts said:


> Someone that is involved in more than one fandom?



heh thats for sure i  love anime as its the only GOOD thing to watch on TV  everyhing else is so cringy or depressing or the kind of comedy that has so many forced laugh tracks that it makes me facepaw so much i have a mild crator in my forhead


----------



## ohtar (May 18, 2016)

Keira_Lunar said:


> sorry im not to bright that means ?  from the sound of it  sounds offencive
> sorry if it not



Heretic: a person holding an opinion that is opposite to what is generally accepted.

Yes, its offensive.


----------



## xTwilightStarx (May 18, 2016)

Hassat Hunter said:


> Yay for progress!
> 
> I know right. But sadly it's not even a fluke since I still see it happen regularly. Maybe just a Steam thing though... hopefully (Steam community kinda sucks in general anyway).


The way I see it a lot of the Steam community are in fact closet furries and just choose to bash on them out of fear of ridicule.
Not to mention the anime fandom gets a lot of bashing too, so I guess they find it refreshing to give others the same toxic treatment they receive.
It's like gays pretending to be straight just so they can make friends.


----------



## Keira_Lunar (May 18, 2016)

xTwilightStarx said:


> The way I see it a lot of the Steam community are in fact closet furries and just choose to bash on them out of fear of ridicule.
> It's like gays pretending to be straight just so they can make friends.



im always bashed its just something i come to accept as im bashed for being a furry , autuism , my life style , behaivor , likes  its all used as animuntion to make me upset  at least i have 250 Good friends on Steam


----------



## b0rnstellar (May 18, 2016)

ohtar said:


> Heretic: a person holding an opinion that is opposite to what is generally accepted.
> 
> Yes, its offensive.


I did not mean it to be offensive. Only a joke!


----------



## xTwilightStarx (May 18, 2016)

Keira_Lunar said:


> im always bashed its just something i come to accept as im bashed for being a furry , autuism , my life style , behaivor , likes  its all used as animuntion to make me upset  at least i have 250 Good friends on Steam


I've never personally received much hate for what I do, but even if I did, there's far bigger things I should be worrying about than some sweaty neck beards giving me grief from their mothers basements.
I've learned to find amusement in the fact that some people are willing to invest so much time in trying to make others feel bad.
They're wasting their time on someone who doesn't give a toss.


----------



## Elohiim_Koshiiri (May 18, 2016)

Dragoneer

we are scanning other sites that have been known to attack FA, if we spot anything we will let you know. All of our members have been instructed to be on the lookout for anyone or anything pertaining to the breach in security.

Goodluck on fixing the servers.


----------



## MorganaTheUnicorn (May 18, 2016)

Aenorin said:


> FA could really use a Discord group I think :3



I agree! ... so I made an unofficial FA chat on Dsicord. I'm not sure if someone has already beat me to the punch on this one, but the channel is called The Furpocalpyse.  Open to anyone that wants to pass some time while we wait!


----------



## ohtar (May 18, 2016)

b0rnstellar said:


> I did not mean it to be offensive. Only a joke!



Its usually seen as an offensive word. I wasnt taking your intentions into account, just the basic use of the word itself. nothing against you


----------



## Shotalicious (May 18, 2016)

MorganaTheUnicorn said:


> I agree! ... so I made an unofficial FA chat on Dsicord. I'm not sure if someone has already beat me to the punch on this one, but the channel is called The Furpocalpyse.  Open to anyone that wants to pass some time while we wait!


Id totally join, but I only use Skype, Discord seems a bit confusing ^v^;;


----------



## DreadnoughtDT (May 18, 2016)

Just created an account here to say, I'm glad the crew is doing the best they can to fix the damage and I hope it's up sooner rather than later. It figures that the moment I find my writing spark again, this happens. lol


----------



## MorganaTheUnicorn (May 18, 2016)

Shotalicious said:


> Id totally join, but I only use Skype, Discord seems a bit confusing ^v^;;


Haha, I know the feels. It took me a little bit to get used to it as well. xD


----------



## AsheSkyler (May 18, 2016)

Sounds like "Discord" is aptly named then!


----------



## TaylorxxWolfie (May 18, 2016)

xTwilightStarx said:


> I've never personally received much hate for what I do, but even if I did, there's far bigger things I should be worrying about than some sweaty neck beards giving me grief from their mothers basements.
> I've learned to find amusement in the fact that some people are willing to invest so much time in trying to make others feel bad.
> They're wasting their time on someone who doesn't give a toss.


Same


----------



## DreadnoughtDT (May 18, 2016)

TaylorxxWolfie said:


> Same



Thirded. Being someone who has... Questionable desires sometimes, I've learned to filter out the haters.


----------



## shadow42 (May 18, 2016)

MorganaTheUnicorn said:


> Haha, I know the feels. It took me a little bit to get used to it as well. xD



whats the link


----------



## Bannor (May 18, 2016)

DreadnoughtDT said:


> Thirded. Being someone who has... Questionable desires sometimes, I've learned to filter out the haters.


*sits next to you*  Tell us more! :3


----------



## MorganaTheUnicorn (May 18, 2016)

shadow42 said:


> whats the link



Sorry! That would be helpful, eh? xD
Discord


----------



## shadow42 (May 18, 2016)

MorganaTheUnicorn said:


> I agree! ... so I made an unofficial FA chat on Dsicord. I'm not sure if someone has already beat me to the punch on this one, but the channel is called The Furpocalpyse.  Open to anyone that wants to pass some time while we wait!


cant find it


----------



## YaoiMeowmaster (May 18, 2016)

Shotalicious said:


> Id totally join, but I only use Skype, Discord seems a bit confusing ^v^;;


I can only have so many social networks.  Skype is mainly what I use too and even then I only check it every once in a while because it lags my computer


----------



## loretta_adelaida (May 18, 2016)

I keep pressing F5 to check if is online again TwT

Oh dear... I had two clients waiting for their draws and I didn't save a caché page to remember wich one was the owner of what draw... 

(hitting her forehead against the keyboard)


----------



## PheagleAdler (May 18, 2016)

xTwilightStarx said:


> Aye, they've already completed the backup and restored the majority of what went missing.
> All they're doing now is revising the code to eliminate any other possible issues, which could take a while considering how ancient it is.



Define "a while"?


----------



## DreadnoughtDT (May 18, 2016)

Bannor said:


> *sits next to you*  Tell us more! :3



Hah. Well, lots of things. Let's just say that when it comes to size, I don't have an upper limit. And that tends to bother people. lol


----------



## xTwilightStarx (May 18, 2016)

PheagleAdler said:


> Define "a while"?


Well, I'm no admin or code writer, so I can't exactly define it.
But judging by the speed they're going at, I'd say the latest would probably only be the end of this week.
Having said that, it could be up again tonight for all I know!


----------



## xTwilightStarx (May 18, 2016)

DreadnoughtDT said:


> Hah. Well, lots of things. Let's just say that when it comes to size, I don't have an upper limit. And that tends to bother people. lol


So.. you like sizeplay?


----------



## DreadnoughtDT (May 18, 2016)

xTwilightStarx said:


> So.. you like sizeplay?



Excessive amounts of inflation and hyper growth. Consensually, of course.

Although this is a bit off topic, isn't it?


----------



## xTwilightStarx (May 18, 2016)

DreadnoughtDT said:


> Excessive amounts of inflation and hyper growth. Consensually, of course.
> 
> Although this is a bit off topic, isn't it?


Ahh, those kinds of things aren't particularly my cup of tea, but I also have little to say to those who do like it.
To each their own~

It is off topic, but hey, it's better than sitting in silence or constantly grovelling over FA being down.


----------



## PheagleAdler (May 18, 2016)

xTwilightStarx said:


> That would only fix the issue for a short period of time.
> You have to remember how many times FA has been attacked because of this half-arsed way of dealing with things.



You mean DDoS attacks? This one is different than all of those.


----------



## supersonicbros23 (May 18, 2016)

TropicalDonkey said:


> OP is currently working on trying to get everything fixed! Be patient, man.


Oh I know that, just a forum joke


----------



## DreadnoughtDT (May 18, 2016)

xTwilightStarx said:


> Ahh, those kinds of things aren't particularly my cup of tea, but I also have little to say to those who do like it.
> To each their own~
> 
> It is off topic, but hey, it's better than sitting in silence or constantly grovelling over FA being down.



Yeah, I suppose you're right.

And, I think of it more like an endless amount of softness to snuggle. And you'll never be far away from those you love. Yes I'm a hopeless romantic...


----------



## Lizardguy (May 18, 2016)

Any updates yet? Like, what's the progress being made?


----------



## supersonicbros23 (May 18, 2016)

Syfaro said:


> Any chance you have an ad blocker installed? Those often break things.


Oh... adblocker. Some pages I can't even load without it because it loads all the ads before the content and everything is slow as dial-up. Luckily FA and these forums aren't one of them.
One of my biggest block sites is YouTube, they try to make profit off of ads, adblock counts over 200 per page (note: adblock also blocks "tracking" stuff where your browsing information is "anonymously" monitored to "help improve your browsing experience").


----------



## PheagleAdler (May 18, 2016)

Elohiim_Koshiiri said:


> Dragoneer
> 
> we are scanning other sites that have been known to attack FA, if we spot anything we will let you know. All of our members have been instructed to be on the lookout for anyone or anything pertaining to the breach in security.
> 
> Goodluck on fixing the servers.


What sites would those be, if I may ask?


----------



## xTwilightStarx (May 18, 2016)

PheagleAdler said:


> You mean DDoS attacks? This one is different than all of those.


The attacks all happen because of poor coding, no matter what the nature of the attack is.


----------



## DreadnoughtDT (May 18, 2016)

Yeah. Unfortunately FA's code isn't really up to snuff, but any site can be hacked. I bet if they were persistent enough people would eventually find a crack in Google's code too.


----------



## xTwilightStarx (May 18, 2016)

DreadnoughtDT said:


> Yeah, I suppose you're right.
> 
> And, I think of it more like an endless amount of softness to snuggle. And you'll never be far away from those you love. Yes I'm a hopeless romantic...


Haha, I guess that's one way to look at it.
I just see little to no reason in picking faults with a fandom when I can't relate to it.


----------



## PatrickQuin (May 18, 2016)

MamaGennie said:


> Speaking as a human, and not a fur, I don't consider myself to be evil.  I've supported, the best ways I've known how, the Fur Community [ever] since I found out about it so many years ago.  My best friends are Furs.  Why does everyone group everyone in a single group [alltogether]?
> 
> I have an idea.  Why don't we group people as 'People who are EVIL and People who are GOOD?'  Then, we don't need to worry about them being 'Human', Fur, Baby Fur, AB/DL or whatever.
> 
> Don't buy into the stereotype, and don't help to perpetuate it.


Though way off topic, and the topic this spawned from of speculating motive and whodunit is frivolous at best:

Righteousness or lack of it be it by groups or individuals not a universally held matter of absolute fact. As an example, I am among those who believe in the doctrine of total depravity.

From the mortal, temporal perspective, yes hasty generalization is a thing that exists, but there are groups of people who do little more than harm and ought to be shunned. Anyone who fervently sides with, say, the worst of Camp Trumpidians, or anyone who insists at length that such and such destructive value set holders are all "about ethics in games journalism," or anyone who takes the gossip twistings of the likes of Encyclopedia Dramatica as things to fap their outrage boners and publicly ejaculate their false indignation over, are generally not the kinds of people worth listening to at minimum.



Spoiler: Scripture/religious stuff



"They have all turned aside; together they have become corrupt; there is none who does good, not even one."
"So He said to him, 'Why do you call Me good? No one _is_ good but One, _that is,_ God.'"

or to quote Rosaria Butterfield in Openness Unhindered (which I have not finished reading yet)


> Total depravity does not mean that we always do the very worst thing that we can do, or always sin in the biggest way possible, or that we are as bad as we can possibly be. Rather, it means that, because sin extends to every part of our body, being, and soul, we are totally unable to save ourselves from this predicament. Daily, we add to our inheritance in Adam by committing sins against God and our friends. It means that the best of our intentions fail us, and, even after conversion, indwelling sin holds the power of manipulation. Time and time again.


----------



## DreadnoughtDT (May 18, 2016)

That was quite well said, Quin.


----------



## xTwilightStarx (May 18, 2016)

Lizardguy said:


> Any updates yet? Like, what's the progress being made?


Most recent update:


----------



## PheagleAdler (May 18, 2016)

xTwilightStarx said:


> The attacks all happen because of poor coding, no matter what the nature of the attack is.



How _do _you prevent a DDoS, just curious?


----------



## charmsey (May 18, 2016)

So excited for FA to be back online! Keep up the great work guys.


----------



## kittenScientist (May 18, 2016)

When will FA return from the war ..... how will I procrastinate now?! (by reading the repleis to this thread, aparrently ... heh)


----------



## AsheSkyler (May 18, 2016)

supersonicbros23 said:


> Oh... adblocker. Some pages I can't even load without it because it loads all the ads before the content and everything is slow as dial-up. Luckily FA and these forums aren't one of them.
> One of my biggest block sites is YouTube, they try to make profit off of ads, adblock counts over 200 per page (note: adblock also blocks "tracking" stuff where your browsing information is "anonymously" monitored to "help improve your browsing experience").


I also recommend using Ghostery. I use it and AdBlock Plus together, and my browser has pretty much stopped crashing on every other page load.


----------



## xTwilightStarx (May 18, 2016)

PheagleAdler said:


> How _do _you prevent a DDoS, just curious?


I'm not entirely sure myself since I don't know anything about coding, but it's near impossible to avoid one unless you have flawless coding and a lot of money.
There's a reason it's mostly small or simple websites that get attacked.


----------



## Zepher_Tensho (May 18, 2016)

xTwilightStarx said:


> The attacks all happen because of poor coding, no matter what the nature of the attack is.



I wouldnt say that the site's code would have an impact on network-based DDoS attacks. Usually, that comes from improperly configured firewalls/IPS/routers which is more likely the ISP's job to fix.


----------



## xTwilightStarx (May 18, 2016)

Zepher_Tensho said:


> I wouldnt say that the site's code would have an impact on network-based DDoS attacks. Usually, that comes from improperly configured firewalls/IPS/routers which is more likely the ISP's job to fix.


Well I'm not expert on the matter, so saying "all" was probably a bit of a far fetch.
But you have to admit that more often than not, it's usually FA skimping on improving things that usually leads to these problems.


----------



## Fordoxia (May 18, 2016)

PheagleAdler said:


> How _do _you prevent a DDoS, just curious?



Just have a nice pint, and wait for all this to blow over.


----------



## DreadnoughtDT (May 18, 2016)

Ghostery huh? I've never heard of that. What does it do?


----------



## Hurricane_Valentine (May 18, 2016)

Hackers...think they're invisible behind their mothers keyboard. I wish we had teleporters...I stomp a mudhole in his turd cutter.


----------



## Zepher_Tensho (May 18, 2016)

PheagleAdler said:


> How _do _you prevent a DDoS, just curious?



Use a "reverse proxy", or in other words, a proxy that takes in all incoming requests for FurAffinity, analyses the traffic, and then passes it onto the server. FA alread does this however, through CloudFlare. 

But this is not an iron-clad solution. Hackers always find ways around security measures eventually


----------



## DreadnoughtDT (May 18, 2016)

Hurricane_Valentine said:


> Hackers...think they're invisible behind their mothers keyboard. I wish we had teleporters...I stomp a mudhole in his turd cutter.



Then they'd just teleport away once we got there.


----------



## Hurricane_Valentine (May 18, 2016)

DreadnoughtDT said:


> Then they'd just teleport away once we got there.



You're right, my anger has blinded me from their sheer cowardice. Lol


----------



## of Fangs and Furry (May 18, 2016)

Guys. STOP RANTING. I need a profile pic :/


----------



## tbonethebunbun (May 18, 2016)

kittenScientist said:


> When will FA return from the war ..... how will I procrastinate now?! (by reading the repleis to this thread, aparrently ... heh)


It's not coming back... and it probably won't be coming back anytime soon. I'm guessing a week at minimum, and worst case scenario, 3 months. If I were you, I'd find your furfriends Skype information right away, cause you're not going to be seeing FA for a _*LONG TIME... *_Sorry to be blunt...


----------



## xTwilightStarx (May 18, 2016)

DreadnoughtDT said:


> Ghostery huh? I've never heard of that. What does it do?


I'm not sure when this was mentioned, but it got me curious so I looked it up.
Looks like an extension that allows you to block tracking on your website.


----------



## Dec (May 18, 2016)

xTwilightStarx said:


> The attacks all happen because of poor coding, no matter what the nature of the attack is.


DDoS attacks are not the result of bad coding, plenty aren't. Many vulnerabilities are the result of code other people have developed, the source code leak for example was the result of a vulnerability with ImageMagick, which FA patched quickly. Yeah their code base is still probably full of holes but a DDoS doesn't work by exploiting a vulernability. A DDoS works by flooding the target with bogus requests, the only way to deal with that is actively sit there blocking addresses sending the bogus requests, wait several seconds before getting into the site like with Facepunch, or spend a ton of money upgrading server and network infrastructure and buying better internet.


----------



## xTwilightStarx (May 18, 2016)

tbonethebunbun said:


> It's not coming back... and it probably won't be coming back anytime soon. I'm guessing a week at minimum, and worst case scenario, 3 months. If I were you, I'd find your furfriends Skype information right away, cause you're not going to be seeing FA for a _*LONG TIME... *_Sorry to be blunt...


That's a _bit_ overly cynical, don't you think?


----------



## LadyNightosphere (May 18, 2016)

of Fangs and Furry said:


> Guys. STOP RANTING. I need a profile pic :/


Profile pic, you say?


----------



## supersonicbros23 (May 18, 2016)

PheagleAdler said:


> How _do _you prevent a DDoS, just curious?


With a DDoDDoSS? Direct Denial of Direct Denial of Service System? Or would that be DDoSDoSS? Direct Denial of Service Denial of Service System?

lol stupid acronyms and double negatives


----------



## of Fangs and Furry (May 18, 2016)

HOW DO I TURN OF EMAIL NOTIFICATIONS MY IPOD IS GOING CRAZY AHHHH


----------



## Hurricane_Valentine (May 18, 2016)

tbonethebunbun said:


> It's not coming back... and it probably won't be coming back anytime soon. I'm guessing a week at minimum, and worst case scenario, 3 months. If I were you, I'd find your furfriends Skype information right away, cause you're not going to be seeing FA for a _*LONG TIME... *_Sorry to be blunt...



What do you know that we dont? lol


----------



## tbonethebunbun (May 18, 2016)

xTwilightStarx said:


> That's a _bit_ overly cynical, don't you think?


Sorry, but I'm rather realistic at times. I always look at things from optimistic points, but some days, I have to face reality. It's a hard fact of life... Sorry...


----------



## Zepher_Tensho (May 18, 2016)

Dec said:


> DDoS attacks are not the result of bad coding, plenty aren't. Many vulnerabilities are the result of code other people have developed, the source code leak for example was the result of a vulnerability with ImageMagick, which FA patched quickly. Yeah their code base is still probably full of holes but a DDoS doesn't work by exploiting a vulernability. A DDoS works by flooding the target with bogus requests, the only way to deal with that is actively sit there blocking addresses sending the bogus requests, wait several seconds before getting into the site like with Facepunch, or spend a ton of money upgrading server and network infrastructure and buying better internet.



Well said. Good summarisation


----------



## xTwilightStarx (May 18, 2016)

of Fangs and Furry said:


> HOW DO I TURN OF EMAIL NOTIFICATIONS MY IPOD IS GOING CRAZY AHHHH


There should be an option to stop them within one of the emails.


----------



## Tali Aurora (May 18, 2016)

Those monsters... Damn them..
Don't stress yourselves! (Admins and staff members) Yes, this is a dire emergency but if you feel ill or need to take a break, do so. The members of the Furry Fandom and FurAffinity will understand. You're only human. And remember; If you see a spider on your screen, refer to this image;


----------



## Cybeast (May 18, 2016)

Hold on a second. It was distributed via USB drives...right? If they have the source code for the site and there was already one major attack from May 16...who knows how many more individuals have a copy of this and try it again. If they can break the code that easily, it's only gonna get harder from here on out in my opinion.


----------



## tbonethebunbun (May 18, 2016)

Hurricane_Valentine said:


> What do you know that we dont? lol


Nothing, I'm just being absolutely honest.


----------



## Hurricane_Valentine (May 18, 2016)

tbonethebunbun said:


> Nothing, I'm just being absolutely honest.



Lol my guess is that its up by 7 pm central time tonight.


----------



## RocketExecutiveCypress (May 18, 2016)

Is anyone else in this thread completely lost? I don't understand all this fancy techno lingo that these hip young kids are using. What I did understand is that hackers are getting fancier and things need to be updated. I have zero clue about how any of this works but it sounds like the staff should implement someone some of these ideas, less hackers(?) do more than just inflict FA with a paralyze status condition.

Also gathered that people are adding each other on Kik and Telegram, reminding me I have those.


----------



## xTwilightStarx (May 18, 2016)

tbonethebunbun said:


> Sorry, but I'm rather realistic at times. I always look at things from optimistic points, but some days, I have to face reality. It's a hard fact of life... Sorry...


Sure, but this is a furry site that gets attacked and taken down quite frequently, and has always come back.
And I don't think anyone is that obsessed with wasting their time on making it disappear, it's *just* a furry site.
There's being realistic and then there's just fear-mongering.


----------



## of Fangs and Furry (May 18, 2016)

Finally a profile picture. Now, *STOP RANTING BEFORE I POST A GROSS PICTURE OF HEART SURGERY. *


----------



## Zepher_Tensho (May 18, 2016)

Cybeast said:


> Hold on a second. It was distributed via USB drives...right? If they have the source code for the site and there was already one major attack from May 16...who knows how many more individuals have a copy of this and try it again. If they can break the code that easily, it's only gonna get harder from here on out in my opinion.



Well thats why the security audit is taking so long. They're looking for weaknesses in the code that will likely be fixed before going live again.


----------



## of Fangs and Furry (May 18, 2016)

This is not a rant thread.


----------



## tbonethebunbun (May 18, 2016)

xTwilightStarx said:


> Sure, but this is a furry site that gets attacked and taken down quite frequently, and has always come back.
> And I don't think anyone is that obsessed with wasting their time on making it disappear, it's *just* a furry site.
> There's being realistic and then there's just fear-mongering.


Well, there is *that much. *Perhaps I'm just being a little too bitter.


----------



## tbonethebunbun (May 18, 2016)

of Fangs and Furry said:


> This is not a rant thread.


Yeah, but this kind of thing brings out a lot of hostility amongst people, and this usually leads to fights. It's something you just can't control.


----------



## DreadnoughtDT (May 18, 2016)

of Fangs and Furry said:


> HOW DO I TURN OF EMAIL NOTIFICATIONS MY IPOD IS GOING CRAZY AHHHH



Just unwatch the thread, I think. There's an option up at the top for it.


----------



## Virgil_Boruto (May 18, 2016)

of Fangs and Furry said:


> Finally a profile picture. Now, *STOP RANTING BEFORE I POST A GROSS PICTURE OF HEART SURGERY. *


R u ok lmfao


----------



## Virgil_Boruto (May 18, 2016)

DreadnoughtDT said:


> Just unwatch the thread, I think. There's an option up at the top for it.


I feel like they're salty af right now but that may be just my sadistic pride in watching people aimlessly rage -shrug emote goes here-


----------



## xTwilightStarx (May 18, 2016)

Virgil_Boruto said:


> R u ok lmfao


Why was I quoted lol?


----------



## ZX6R (May 18, 2016)

Zepher_Tensho said:


> I wouldnt say that the site's code would have an impact on network-based DDoS attacks. Usually, that comes from improperly configured firewalls/IPS/routers which is more likely the ISP's job to fix.


DDoS attacks usually aren't prevented at the site level, usually at the ISP or DNS level (CloudFlare for example)


----------



## tbonethebunbun (May 18, 2016)

of Fangs and Furry said:


> Finally a profile picture. Now, *STOP RANTING BEFORE I POST A GROSS PICTURE OF HEART SURGERY. *


DUDE! ...SERIOUSLY!

CALM THE HELL DOWN! There is _*NO NEED *_for you to start getting all angry. I'm pissed off too, but you don't see me threatening people, now do you? Watch yourself, before you wind up banned!


----------



## Virgil_Boruto (May 18, 2016)

xTwilightStarx said:


> Why was I quoted lol?


It was an accident sorry, I'm not used to forums


----------



## b0rnstellar (May 18, 2016)

Virgil_Boruto said:


> I feel like they're salty af right now but that may be just my sadistic pride in watching people aimlessly rage -shrug emote goes here-


¯\_(ツ)_/¯


----------



## supersonicbros23 (May 18, 2016)

Cybeast said:


> Hold on a second. It was distributed via USB drives...right? If they have the source code for the site and there was already one major attack from May 16...who knows how many more individuals have a copy of this and try it again. If they can break the code that easily, it's only gonna get harder from here on out in my opinion.


Quite simple they started a cyberwar in every definition there probably is. Only this time its partially real-world espionage. We need to start some kind of campaign to perhaps encourage people who have acquired these flash drives to destroy them or at the very least encourage some tattletelling of someone they know possibly possesses one.


of Fangs and Furry said:


> This is not a rant thread.





of Fangs and Furry said:


> Finally a profile picture. Now, *STOP RANTING BEFORE I POST A GROSS PICTURE OF HEART SURGERY. *



And you, I'm afraid, aren't the forum police. Chill out and bypass what you don't want to read.


----------



## of Fangs and Furry (May 18, 2016)

*Guys this isn't a rant thread. Stop fighting and accusing people of hacking. If you do not stop ranting I will post a graphic picture of heart surgery. I am trying to help staff right now, and this huge bold italic underlined red text is only to get your attention. Also I love General Grievous. Please don't fight just... be helpful. We need supportive, helpful people here not fighting, ranting, crazy people. *


----------



## Virgil_Boruto (May 18, 2016)

b0rnstellar said:


> ¯\_(ツ)_/¯


Thank


----------



## Charix (May 18, 2016)

I find it amusing that people say "It should be fine if the source code is written correctly". By that logic, no source code is written correctly. Did we mention that ImageMagick, the broken bit, is Open Source and it had this bug anyway?

US CERT posted the advisory on May 4th. ImageMagick posted a workaround for the bug on May 3rd and an actual patched version of the program on May 6th.  The site was patched within 48 hours. In real terms, that's Very Fast™.

I work for a company that makes an enterprise-level PHP application that was previously free open source and is now paid license open source.  Even with professional coders and millions of other eyes on the source code, I've personally found three critical security bugs in the source code in that past six months. This is why I don't say something like "FA must not have been written properly". I don't even say that somebody who had the source code had no life because of the amount of time and effort it would take to look for bugs. I ran one grep against source code for the company I work for and had a trivially-remotely-exploitable bug located in seconds. That's been patched now of course.

Ummm... I guess I should jump on some bandwagons or something. Nothing following this point is serious. Umm... Weasyl and FN suck! SoFurry sucks less but not enough people go there! Call the feds! OMG I can't get notes! Backup more often! Conspiracies! Bagels! DDoS! Kitten this all!


----------



## Zepher_Tensho (May 18, 2016)

ZX6R said:


> DDoS attacks usually aren't prevented at the site level, usually at the ISP or DNS level (CloudFlare for example)


Yea, I corrected myself earlier. Took me a few minutes to remember that reverse proxies like CloudFlare are the answer.


----------



## xTwilightStarx (May 18, 2016)

Virgil_Boruto said:


> It was an accident sorry, I'm not used to forums


Already noticed you edited it out and assumed it was a mistake.
It's all gravy~


----------



## b0rnstellar (May 18, 2016)

Virgil_Boruto said:


> Thank


welc


----------



## Virgil_Boruto (May 18, 2016)

Meanwhile I'm just drinking hot chocolate and waiting for the site to return D


----------



## Virgil_Boruto (May 18, 2016)

xTwilightStarx said:


> Already noticed you edited it out and assumed it was a mistake.
> It's all gravy~


Well nice to see that you figured it out /o\


----------



## Virgil_Boruto (May 18, 2016)

b0rnstellar said:


> welc


hell ye


----------



## Zepher_Tensho (May 18, 2016)

Charix said:


> I find it amusing that people say "It should be fine if the source code is written correctly". By that logic, no source code is written correctly. Did we mention that ImageMagick, the broken bit, is Open Source and it had this bug anyway?
> 
> US CERT posted the advisory on May 4th. ImageMagick posted a workaround for the bug on May 3rd and an actual patched version of the program on May 6th.  The site was patched within 48 hours. In real terms, that's Very Fast™.
> 
> ...



It's so cool to see how many other tech-furries are out there XD

I love meeting other IT people.


----------



## of Fangs and Furry (May 18, 2016)

Charix said:


> I find it amusing that people say "It should be fine if the source code is written correctly". By that logic, no source code is written correctly. Did we mention that ImageMagick, the broken bit, is Open Source and it had this bug anyway?
> 
> US CERT posted the advisory on May 4th. ImageMagick posted a workaround for the bug on May 3rd and an actual patched version of the program on May 6th.  The site was patched within 48 hours. In real terms, that's Very Fast™.
> 
> ...



Gj bro. I will go get the kitten memes.


----------



## Barking-In-the-Dark (May 18, 2016)

GUYS GUYS! I was on the way back from Austin and stopped to get some noms, and the guy who makes the noms looks at me and the hubby and asks "Are you two furries?" And we have to ask him to repeat his question like 3 times because we were making sure that's what he was asking. So then we said and yes and he got all excited! I've never seen this guy before in this place of noms....SO DO YOU KNOW WHAT IT MEANS?!?

FA is down so we has to climb out of holes and explore the outernet! O_O


----------



## tbonethebunbun (May 18, 2016)

Jesus Christ, this thread is getting violent! Will everyone please calm down? I came here last night to try and derail all the anger, but apparently, that's not working. Guys, I created an introduction in the General Thread, so why not come there and let's talk?

Seriously, guys...


----------



## Virgil_Boruto (May 18, 2016)

tbonethebunbun said:


> Jesus Christ, this thread is getting violent! Will everyone please calm down? I came here last night to try and derail all the anger, but apparently, that's not working. Guys, I created an introduction in the General Thread, so why not come there and let's talk?
> 
> Seriously, guys...


Sorry to be a buzzkill, but scientific studies show people are more likely to obey moderators and site owners |D


----------



## PheagleAdler (May 18, 2016)

tbonethebunbun said:


> Nothing, I'm just being absolutely honest.



I think you're full of shit and you're putting a lot of unnecessary worrying into this thread. You're not being honest at all and have no idea what is going on behind the scenes.


----------



## DreadnoughtDT (May 18, 2016)

Five pages ago I was simply talking about what makes me tick, now we're under threat of graphic depictions of open heart surgery. I find that rather funny actually.


----------



## b0rnstellar (May 18, 2016)

mfw someone acts like their life is coming to an end because the website has been down for a day


----------



## RocketExecutiveCypress (May 18, 2016)

Barking-In-the-Dark said:


> GUYS GUYS! I was on the way back from Austin and stopped to get some noms, and the guy who makes the noms looks at me and the hubby and asks "Are you two furries?" And we have to ask him to repeat his question like 3 times because we were making sure that's what he was asking. So then we said and yes and he got all excited! I've never seen this guy before in this place of noms....SO DO YOU KNOW WHAT IT MEANS?!?
> 
> FA is down so we has to climb out of holes and explore the outernet! O_O




But the outernet is scary and I'll get in trouble for biting people.


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> GUYS GUYS! I was on the way back from Austin and stopped to get some noms, and the guy who makes the noms looks at me and the hubby and asks "Are you two furries?" And we have to ask him to repeat his question like 3 times because we were making sure that's what he was asking. So then we said and yes and he got all excited! I've never seen this guy before in this place of noms....SO DO YOU KNOW WHAT IT MEANS?!?
> 
> FA is down so we has to climb out of holes and explore the outernet! O_O


this oddly just made my day lets all go out there and explore the physical realm we all exsist in and not socialize just purely text XD now my curiosity is how they were even prompted to even ask that of you two? Cause to me thats a weird out of the blue question even for other furs to toss out in public due to how people tend to react to it


----------



## Tali Aurora (May 18, 2016)

Listen.. We should all relax. If we need to, just change the code entirely. Find a way to cancel out the code in the USB's if possible.
Dare I say create a completely new site? I mean, if people can compromise the site, and we can't fix it, just start anew.


----------



## Tali Aurora (May 18, 2016)

If this get's any worse, we should contact the authorities. Hacking or whatever these people are doing IS illegal, right? So be responsible, law-abiding citizens and report it!


----------



## xTwilightStarx (May 18, 2016)

People seriously need to stop assuming the worst case scenario here, lol.
If FA did in fact go tits up and never returned, people would just have to move on and use another website.
And getting used to another website really isn't that hard, there's loads of them.
Not to mention in the event of FA disappearing, you know damn well someone would take the opportunity to try and create a mimic of it.


----------



## of Fangs and Furry (May 18, 2016)

Hehe


----------



## xTwilightStarx (May 18, 2016)

Tali Aurora said:


> Listen.. We should all relax. If we need to, just change the code entirely. Find a way to cancel out the code in the USB's if possible.
> Dare I say create a completely new site? I mean, if people can compromise the site, and we can't fix it, just start anew.


I was literally going to say this same thing earlier.
If FA ended up being sniped for good, they'd probably just create a new website, or someone else would just mimic it.


----------



## of Fangs and Furry (May 18, 2016)




----------



## nyannom1 (May 18, 2016)

Barking-In-the-Dark said:


> GUYS GUYS! I was on the way back from Austin and stopped to get some noms, and the guy who makes the noms looks at me and the hubby and asks "Are you two furries?" And we have to ask him to repeat his question like 3 times because we were making sure that's what he was asking. So then we said and yes and he got all excited! I've never seen this guy before in this place of noms....SO DO YOU KNOW WHAT IT MEANS?!?
> 
> FA is down so we has to climb out of holes and explore the outernet! O_O


I have yet to look outside my hole and find furries, though, there aren't too many I can find in my age group at the moment.


----------



## Tali Aurora (May 18, 2016)

Twilight is right, and so are the others. We need to stop panicking, assuming the worst, and accusing one-another of hacking. The staff will handle this. They're trying to do their job, and panicking and starting a riot won't help them. In fact it may just hinder them, as they will have to stop working on fixing the website to calm the floods of furries/anthropomorphs rioting on the forums and caps-locking on everyone.


----------



## of Fangs and Furry (May 18, 2016)

nyannom1 said:


> I have yet to look outside my hole and find furries, though, there aren't too many I can find in my age group at the moment.


Don't worry, 13 yr old here.


----------



## KazWolf (May 18, 2016)

"We've made excellent progress on cleaning up the current issues. We don't have an ETA, but will update you as soon as we know.", does this mean that we are getting FurAffinity soon back and running? Take your time Furaffinity staff, but just wanted to know if this means something good


----------



## nyannom1 (May 18, 2016)

of Fangs and Furry said:


> Don't worry, 13 yr old here.


15 year, I must be right back, taking notes in 6° lol


----------



## of Fangs and Furry (May 18, 2016)

To everyone who is still ranting
_*Guys this isn't a rant thread. Stop fighting and accusing people of hacking. If you do not stop ranting I will post a graphic picture of heart surgery. I am trying to help staff right now, and this huge bold italic underlined red text is only to get your attention. Also I love General Grievous. Please don't fight just... be helpful. We need supportive, helpful people here not fighting, ranting, crazy people.*_


----------



## Tali Aurora (May 18, 2016)

KazWolf said:


> "We've made excellent progress on cleaning up the current issues. We don't have an ETA, but will update you as soon as we know.", does this mean that we are getting FurAffinity soon back and running? Take your time Furaffinity staff, but just wanted to know if this means something good


I hope this is resolved soon. At least have the website back in our hands/paws/claws/talons/fins/any other appendage. They may have to change the code or change websites entirely. If the source-code is out there, then the website and our information is unsafe and in the hands of not-so-good people.


----------



## xTwilightStarx (May 18, 2016)

KazWolf said:


> "We've made excellent progress on cleaning up the current issues. We don't have an ETA, but will update you as soon as we know.", does this mean that we are getting FurAffinity soon back and running? Take your time Furaffinity staff, but just wanted to know if this means something good


Well, they did say "excellent progress", so I assume that can only be good.
Chances are the site will be back before the weeks end.


----------



## Tali Aurora (May 18, 2016)

of Fangs and Furry said:


> To everyone who is still ranting
> _*Guys this isn't a rant thread. Stop fighting and accusing people of hacking. If you do not stop ranting I will post a graphic picture of heart surgery. I am trying to help staff right now, and this huge bold italic underlined red text is only to get your attention. Also I love General Grievous. Please don't fight just... be helpful. We need supportive, helpful people here not fighting, ranting, crazy people.*_


Agreed. Let's relax, let the staff to their job, and have some pad-thai while we're waiting. Peanut sauce anyone?


----------



## of Fangs and Furry (May 18, 2016)

Tali Aurora said:


> Agreed. Let's relax, let the staff to their job, and have some pad-thai while we're waiting. Peanut sauce anyone?


I'm having cheesies


----------



## DreadnoughtDT (May 18, 2016)

Tali Aurora said:


> Agreed. Let's relax, let the staff to their job, and have some pad-thai while we're waiting. Peanut sauce anyone?



I'd rather eat a big, juicy steak. Or some potstickers.


----------



## of Fangs and Furry (May 18, 2016)

If I was the hacker, I'd come on and have my username as "hacker" and say
"Huehuehue hi I'm the hacker I killed FurAffinity please kill me huehuehue"

But then, that's just me


----------



## xTwilightStarx (May 18, 2016)

For all we know they could end up working on an entirely new site, whilst allowing members to use the old site until it's done.
Kinda like having to use an old broken phone until you buy a new one.


----------



## of Fangs and Furry (May 18, 2016)

Oh crap now I'm ranting


----------



## PheagleAdler (May 18, 2016)

of Fangs and Furry said:


> If I was the hacker, I'd come on and have my username as "hacker" and say
> "Huehuehue hi I'm the hacker I killed FurAffinity please kill me huehuehue"
> 
> But then, that's just me



You would be crucified by about half the forum user base probably.


----------



## of Fangs and Furry (May 18, 2016)

Ok, let's calm down and listen to The Living Tombstone's cats for 20 minutes.


----------



## LyrrenClock (May 18, 2016)

xTwilightStarx said:


> For all we know they could end up working on an entirely new site, whilst allowing members to use the old site until it's done.
> Kinda like having to use an old broken phone until you buy a new one.


if that is what needs to be done I am not opposed to this at all especialy if they import all our submissions and such so we dont lose everything I'd rather they take their time and do it right instead of half assed and it fall to pieces right after you know what I mean?


----------



## Barking-In-the-Dark (May 18, 2016)

RocketExecutiveCypress said:


> But the outernet is scary and I'll get in trouble for biting people.



It was really hard for me too but he was behind the counter making noms and I am a short so it would be impossible for me to reach him.



LyrrenClock said:


> this oddly just made my day lets all go out there and explore the physical realm we all exsist in and not socialize just purely text XD now my curiosity is how they were even prompted to even ask that of you two? Cause to me thats a weird out of the blue question even for other furs to toss out in public due to how people tend to react to it



^_^ It made my day better too! My mother ruined my B-Day evening yesterday so this was a nice change. It would be nice to know if other were even remotely close to me. 
I have no idea why/what made him ask. I'm wearing a "JudgmentO's" shirt and the hubs is wearing Miku shirt. But otherwise I don't know?!? 
I know there is Gaydar, Bi-Fi, and Pan-Scan...but what do us Furries call it?


----------



## ZX6R (May 18, 2016)

Tali Aurora said:


> I hope this is resolved soon. At least have the website back in our hands/paws/claws/talons/fins/any other appendage. They may have to change the code or change websites entirely. If the source-code is out there, then the website and our information is unsafe and in the hands of not-so-good people.


The source code is out there, but then again so is reddits, and Github's, and Linux's. If they programmed things properly, this wouldn't be an issue.


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> ^_^ It made my day better too! My mother ruined my B-Day evening yesterday so this was a nice change. It would be nice to know if other were even remotely close to me.
> I have no idea why/what made him ask. I'm wearing a "JudgmentO's" shirt and the hubs is wearing Miku shirt. But otherwise I don't know?!?
> I know there is Gaydar, Bi-Fi, and Pan-Scan...but what do us Furries call it?


lol I dunno a Fuzz Magnet XD or Lint roller


----------



## of Fangs and Furry (May 18, 2016)

*I'm waiting for someone to start ranting so I can post a picture of heart surgery *


----------



## BloodhoundPreston (May 18, 2016)

Well, I'm still awaiting for this to be fixed. At least I'm being patient.


----------



## b0rnstellar (May 18, 2016)

of Fangs and Furry said:


> *I'm waiting for someone to start ranting so I can post a picture of heart surgery *


maybe if you say it one more time you'll be cool


----------



## of Fangs and Furry (May 18, 2016)

BloodhoundPreston said:


> Well, I'm still awaiting for this to be fixed. At least I'm being patient.


Your profile picture looks like a horse made of broccoli! Good job it's extremely accurate especially with the broccoli growing out of its back. I like horses but not that much.
Wait
I hate broccoli 
Oh well.


----------



## LyrrenClock (May 18, 2016)

of Fangs and Furry said:


> *I'm waiting for someone to start ranting so I can post a picture of heart surgery *


I dunno about that I think people shushed in fear of such a thing XD if you wanna look at it so bad just find images and stare at it not everyone can handle that kinda gore (myself included weak stomach and all)


----------



## Tali Aurora (May 18, 2016)

Great! We're calmed down and we're havinga variety of foods whilst waiting. Let's keep the peace until this is fixed, alrighty?


----------



## of Fangs and Furry (May 18, 2016)

b0rnstellar said:


> maybe if you say it one more time you'll be cool


Shut up pornstellar


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> *I'm waiting for someone to start ranting so I can post a picture of heart surgery *









Stay on topic.


----------



## CoonArt (May 18, 2016)

Ever heard of DeviantArt or Weasyl? Post your art there in the meantime instead of waiting... (yes, I also have accounts there too!)


----------



## Tali Aurora (May 18, 2016)

LyrrenClock said:


> I dunno about that I think people shushed in fear of such a thing XD if you wanna look at it so bad just find images and stare at it not everyone can handle that kinda gore (myself included weak stomach and all)


There's a video on youtube of someone bathing in his septic tank.


----------



## Barking-In-the-Dark (May 18, 2016)

LyrrenClock said:


> lol I dunno a Fuzz Magnet XD or Lint roller


OMFG XD I LOVE Lint Roller! XD YES. Though there needs to be somesort of pun involving radar or something of the sort. Like Gaydar & Bi-Fi. 



nyannom1 said:


> I have yet to look outside my hole and find furries, though, there aren't too many I can find in my age group at the moment.


^_^ I didn't expect to either, but it was a nice surprise. Hope you find some furries around you soon.


----------



## ScarClaw (May 18, 2016)

2nd day of downtime D:
Also 62 pages this fast lol.
Its boring without FA though


----------



## CoonArt (May 18, 2016)

Cuz it seems that some furs only know one uploadsite: FA.


----------



## supersonicbros23 (May 18, 2016)

of Fangs and Furry said:


> Shut up


Stop trying to jack the thread, you're only making a [fool] of yourself.

I honestly think the whole premise of this thread has been lost within the past few pages of posts.


----------



## of Fangs and Furry (May 18, 2016)

Tali Aurora said:


> There's a video on youtube of someone bathing in his septic tank.



WOW. WOW. WOW. WOW. WOW. WOW. WOW.


----------



## LyrrenClock (May 18, 2016)

Tali Aurora said:


> There's a video on youtube of someone bathing in his septic tank.


omg ewww how do people like that kinda stuff XD


----------



## nyannom1 (May 18, 2016)

RocketExecutiveCypress said:


> But the outernet is scary and I'll get in trouble for biting people.


I'll get in trouble with talking to people on the Internet, my dad thinks everyone is a 40-year-old rapist that wants to take advantage of me.
Pretty old-fashioned, huh?


----------



## of Fangs and Furry (May 18, 2016)

supersonicbros23 said:


> Stop trying to jack the thread, you're only making a [fool] of yourself.
> 
> I honestly think the whole premise of this thread has been lost within the past few pages of posts.



You're mean.


----------



## Tali Aurora (May 18, 2016)

Let me know if you want to see the video.


----------



## BloodhoundPreston (May 18, 2016)

of Fangs and Furry said:


> Your profile picture looks like a horse made of broccoli! Good job it's extremely accurate especially with the broccoli growing out of its back. I like horses but not that much.
> Wait
> I hate broccoli
> Oh well.


Don't judge my things.


----------



## of Fangs and Furry (May 18, 2016)

Tali Aurora said:


> Let me know if you want to see the video.


I will when my bean plants are 10000 feet tall. Cough.


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> OMFG XD I LOVE Lint Roller! XD YES. Though there needs to be somesort of pun involving radar or something of the sort. Like Gaydar & Bi-Fi.


lol could just go with Swiffer cause we all know those things attract fur like a homing beacon XD


----------



## of Fangs and Furry (May 18, 2016)

BloodhoundPreston said:


> Don't judge my things.


I wasn't judging I was saying good job wow why do you jump so quick to conclusions


----------



## b0rnstellar (May 18, 2016)

of Fangs and Furry said:


> Shut up pornstellar


ya got me


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> WOW. WOW. WOW. WOW. WOW. WOW. WOW.





of Fangs and Furry said:


> You're mean.





of Fangs and Furry said:


> Your profile picture looks like a horse made of broccoli! Good job it's extremely accurate especially with the broccoli growing out of its back. I like horses but not that much.
> Wait
> I hate broccoli
> Oh well.







Take a chill pill and fantasize about FA working. Also, be nice to the bronies, they're our younger furry siblings. It's just a green pegasus drawn by someone younger.


----------



## Barking-In-the-Dark (May 18, 2016)

LyrrenClock said:


> lol could just go with Swiffer cause we all know those things attract fur like a homing beacon XD


You mean a Swiffur!


----------



## of Fangs and Furry (May 18, 2016)

Shadow said:


> Take a chill pill and fantasize about FA working. Also, be nice to the bronies, they're our younger furry siblings. It's just a green pegasus drawn by someone younger.


DUDE. I told him it was a good picture why does everyone misunderstand me


----------



## nyannom1 (May 18, 2016)

supersonicbros23 said:


> Stop trying to jack the thread, you're only making a [fool] of yourself.
> 
> I honestly think the whole premise of this thread has been lost within the past few pages of posts.


I think it's mostly because everything to say has pretty much been said.


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> DUDE. I told him it was a good picture why does everyone misunderstand me


You assumed features and said you didn't like them.



of Fangs and Furry said:


> Your profile picture looks like a horse made of broccoli! Good job it's extremely accurate especially with the broccoli growing out of its back. I like horses but not that much.
> Wait
> I hate broccoli
> Oh well.



Talk about a backhanded compliment.


----------



## xTwilightStarx (May 18, 2016)

LyrrenClock said:


> if that is what needs to be done I am not opposed to this at all especialy if they import all our submissions and such so we dont lose everything I'd rather they take their time and do it right instead of half assed and it fall to pieces right after you know what I mean?


Exactly. It makes much more sense to just be patient and end up with a fully functioning site that'll hold for more than a week, as opposed to baww'ing and whining that the site should just be duct taped together haphazardly just so people can quickly get their fix of furries.


----------



## Dec (May 18, 2016)

Cybeast said:


> Hold on a second. It was distributed via USB drives...right? If they have the source code for the site and there was already one major attack from May 16...who knows how many more individuals have a copy of this and try it again. If they can break the code that easily, it's only gonna get harder from here on out in my opinion.


Exactly, I assume thats why they said they're going through trying to fix vulnerabilities. FA has gotten off just doing security through obscurity for years, now that the source code for the site is out there they have to fix security issues.


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> You mean a Swiffur!


YES totaly have a winner there I think XD


----------



## Zepher_Tensho (May 18, 2016)

Shadow said:


> You assumed features and said you didn't like them.
> 
> 
> 
> Talk about a backhanded compliment.



Stop feeding the troll. The more everyone replies to him, the more he's going to shitpost.


----------



## nyannom1 (May 18, 2016)

Barking-In-the-Dark said:


> You mean a Swiffur!


Once I get home I'm drawing a Swiffur sweeper. 
Now I need to remember to draw a Swiffur.


----------



## Shadow (May 18, 2016)

Zepher_Tensho said:


> Stop feeding the troll. The more everyone replies to him, the more he's going to shitpost.


Hue.

They're not a troll, just an overzealous kid.


----------



## LyrrenClock (May 18, 2016)

xTwilightStarx said:


> Exactly. It makes much more sense to just be patient and end up with a fully functioning site that'll hold for more than a week, as opposed to baww'ing and whining that the site should just be duct taped together haphazardly just so people can quickly get their fix of furries.


yup my thoughts exactly I mean yeah I might be losing some money in the down time but oh well I am taking it as an impromptu break in the mean time and just sifting around for shits and giggles relaxing I mean really they obviously are doing what they can they wont want it down longer than it has to besides I know for a fact the admins and such are wanting that fix back too XD art wise but yeah hense I'm just socializing on this thread in the mean time and reading stuff as it goes by I am glad that they recently stated its almost completely restored I just dont want them rushing it really


----------



## of Fangs and Furry (May 18, 2016)

Zepher_Tensho said:


> Stop feeding the troll. The more everyone replies to him, the more he's going to shitpost.


Im not a troll stop cyber bullying me


----------



## FatalSyndrome (May 18, 2016)

I was wondering when this thread would finally get like this.


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> Im not a troll stop cyber bullying me


Can't take the heat?  Get outa the kitchen.


----------



## Barking-In-the-Dark (May 18, 2016)

LyrrenClock said:


> YES totaly have a winner there I think XD



^_^ I've lived with my husband for nearly 5 years now (we've been married for 2) and he is damn good at making puns. It's starting to rub off on me. XD



nyannom1 said:


> Once I get home I'm drawing a Swiffur sweeper.
> Now I need to remember to draw a Swiffur.


YAY! ^_^ 


So there is Gaydar, Bi-Fi, Pan-Scans and now we furries have Swiffur?


----------



## of Fangs and Furry (May 18, 2016)

You know what
I don't even care any more
Here have this cat picture





It's an X-ray.


----------



## Shadow (May 18, 2016)

FatalSyndrome said:


> I was wondering when this thread would finally get like this.


Hey, Syndrome! 

Derailment like this only means one thing...


of Fangs and Furry said:


> Im not a troll stop cyber bullying me


Calm down first, young one.


----------



## xTwilightStarx (May 18, 2016)

FatalSyndrome said:


> I was wondering when this thread would finally get like this.


It happened.
We finally descended into anarchy.


----------



## nyannom1 (May 18, 2016)

Barking-In-the-Dark said:


> ^_^ I've lived with my husband for nearly 5 years now (we've been married for 2) and he is damn good at making puns. It's starting to rub off on me. XD
> 
> 
> YAY! ^_^
> ...


Pretty much, yes.
If it attracts furries then I need one of those, I need to organize a fur meet somehow


----------



## of Fangs and Furry (May 18, 2016)

@Shadow you're driving me insane.


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> You know what
> I don't even care any more
> Here have this cat picture
> 
> ...


Nice, I love how you can see the digestive system too.

You should have put it inside a spoiler tab though.


----------



## LyrrenClock (May 18, 2016)

xTwilightStarx said:


> It happened.
> We finally descended into anarchy.


oh no where is our bunker for those of us who dont want to rebel


----------



## FatalSyndrome (May 18, 2016)

Shadow said:


> Hey, Syndrome!
> 
> Derailment like this only means one thing...
> 
> Calm down first, young one.


Hey hey hey!


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> @Shadow you're driving me insane.


Take a break from the computer. FA will be back later.


----------



## nyannom1 (May 18, 2016)

Brb, have schoolwork to do, it's going to take the whole period


----------



## of Fangs and Furry (May 18, 2016)

Shadow said:


> Take a break from the computer. FA will be back later.


Rrrrrr.... Grrrrrrrrr..... Hsss!


----------



## supersonicbros23 (May 18, 2016)

Again, this isn't funny junk but sometimes only an image can convey your thoughts.


----------



## Redfurryfire (May 18, 2016)

I made an account just for this Killer Keemstar drama and of course for the FA downage... >.>


----------



## Fordoxia (May 18, 2016)

Oddly enough, being away from FA has caused me to _*gain*_ an additional fetish.


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> So there is Gaydar, Bi-Fi, Pan-Scans and now we furries have Swiffur?


so for this XD btw you should add me on kik (same username)


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> Rrrrrr.... Grrrrrrrrr..... Hsss!


Seriously. Take a break and play a game or bicycle.


----------



## of Fangs and Furry (May 18, 2016)

supersonicbros23 said:


> Again, this isn't funny junk but sometimes only an image can convey your thoughts.


You like skeletons?
CAT.
X-RAY.




I.
AM.
GOING.
INSANE. 
Thanks to @Shadow


----------



## KazWolf (May 18, 2016)

Keep calm furries, it can take a time. I guess in few days atleast Furaffinity is back in action. Believe me. If not, there is always SoFurry, Weasyl etc you can make account.


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> You like skeletons?
> CAT.
> X-RAY.
> 
> ...


Pretty sure that this counts as spam.  Put that bloody photo in a spoiler tab so that it doesn't* TAKE UP THE WHOLE GOD DAMMED PAGE!*


----------



## of Fangs and Furry (May 18, 2016)

KazWolf said:


> Keep calm furries, it can take a time. I guess in few days atleast Furaffinity is back in action. Believe me. If not, there is always SoFurry, Weasyl etc you can make account.



Weasyl sucks armpit nipple hair


----------



## xTwilightStarx (May 18, 2016)

Hey, think of it this way;
The small downtime could actually mean more business for artists, even if it's short lived.
People tend to go crazy and buy all the shit when they're deprived of it for long enough.
Think of big companies that take away popular products and then re-release them later on.


----------



## LyrrenClock (May 18, 2016)

Fordoxia said:


> Pretty sure that this counts as spam.  Put that bloody photo in a spoiler tab so that it doesn't* TAKE UP THE WHOLE GOD DAMMED PAGE!*


I agree thats getting obnoxious already seriously not bullying just be mindful please...


----------



## Shadow (May 18, 2016)

Well, I'm gonna hop off the thread, relax, and say inb4 eventual closing today or next week.


----------



## of Fangs and Furry (May 18, 2016)

Fordoxia said:


> Pretty sure that this counts as spam.  Put that bloody photo in a spoiler tab so that it doesn't* TAKE UP THE WHOLE GOD DAMMED PAGE!*



*IT ISNT SPAM YOURE SPAM. *


----------



## Bananas_on_Bread (May 18, 2016)

Shadow said:


> You assumed features and said you didn't like them.
> 
> 
> 
> Talk about a backhanded compliment.


Dude
it was a fucking joke
You furries can take a fucking 3.6 meter dick but not some stupid joke?


----------



## Redfurryfire (May 18, 2016)

xTwilightStarx said:


> Hey, think of it this way;
> The small downtime could actually mean more business for artists, even if it's short lived.
> People tend to go crazy and buy all the shit when they're deprived of it for long enough.
> Think of big companies that take away popular products and then re-release them later on.



Yeah except me, i bought an sergal and i have yet to obtain it






c: Send help, going insane. c:


----------



## Imago (May 18, 2016)

Anarchy!! Well, the FA downtime gives me a break.  So, I'm going to finally start that game I've been on about for so long. XD Maybe watch some Lynda.com tutorials. Turn a negative in to a positive.  If not there's lots of art sites out there to give you your furry fix. XD


----------



## rin_elyran (May 18, 2016)

Glad things are going well with the site restoration thus far. 

Not sure if it would make a difference or not, but once things are back full swing, I would recommend a couple things if you haven't thought of them already:
1. Keeping daily backups if possible or heck, even hourly backups for that matter. It's a little bit obsessive-compulsive, yes, but at least we wouldn't lose 6 days' worth of submissions.
2. Once it's completely audited, look for an even tougher encryption method and implement that into the source code, so we can make hackers' lives that much more miserable.


----------



## of Fangs and Furry (May 18, 2016)

Redfurryfire said:


> Yeah except me, i bought an sergal and i have yet to obtain it
> 
> 
> 
> ...



You're not alone. I'm going insane too.

*insert 5000000 light year long cat here*


----------



## xTwilightStarx (May 18, 2016)

Redfurryfire said:


> Yeah except me, i bought an sergal and i have yet to obtain it
> 
> 
> 
> ...


That is pree sucky, but at least you can be confident that you'll get it upon the sites return.


----------



## Barking-In-the-Dark (May 18, 2016)

nyannom1 said:


> Pretty much, yes.
> If it attracts furries then I need one of those, I need to organize a fur meet somehow



I'd like to but organizing is such a pain. T_T 
Also I would but I don't have a kik. ^_^;


----------



## Fordoxia (May 18, 2016)

rin_elyran said:


> Glad things are going well with the site restoration thus far.
> 
> Not sure if it would make a difference or not, but once things are back full swing, I would recommend a couple things if you haven't thought of them already:
> 1. Keeping daily backups if possible or heck, even hourly backups for that matter. It's a little bit obsessive-compulsive, yes, but at least we wouldn't lose 6 days' worth of submissions.
> 2. Once it's completely audited, look for an even tougher encryption method and implement that into the source code, so we can make hackers' lives that much more miserable.


It wasn't the encryption that was breached though.  It was an exploit from a 3rd party program.


----------



## Shadow (May 18, 2016)

Bananas_on_Bread said:


> Dude
> it was a fucking joke
> You furries can take a fucking 3.6 meter dick but not some stupid joke?


Stop fucking swearing! >8U


----------



## rin_elyran (May 18, 2016)

Fordoxia said:


> It wasn't the encryption that was breached though.  It was an exploit from a 3rd party program.



Well, is there a way to block third-party programs from accessing the source code? If so, how much trouble would it be to implement it?



Bananas_on_Bread said:


> Dude
> it was a fucking joke
> You furries can take a fucking 3.6 meter dick but not some stupid joke?



Real mature, bro.


----------



## Redfurryfire (May 18, 2016)

xTwilightStarx said:


> That is pree sucky, but at least you can be confident that you'll get it upon the sites return.



Nope because i was just about to pay(Asking for email for payment) when the site went down. So i don't know if she started on her yet, because she didn't receive the money yet. c:

Kill me please... Just... PLEASE!!! 
Just kidding but... Still, this is a bummer.


----------



## Hurricane_Valentine (May 18, 2016)

Imma just break the temper tantrum chain...Fallout 4, Far Harbor....tomorrow..


----------



## supersonicbros23 (May 18, 2016)

Well anyway I'm curious as to what kind of process is required to access a website's source code. I mean almost everyone knows the F12 trick but that should only show the display format, links, and fonts, right? I'm going to do some looking up on this "ImageTragick" thing to fulfill my curiosity. 
Only way to fix a security issue is to recreate it, I suppose. I wonder if that's what they are doing now.


----------



## mshy (May 18, 2016)

what to do without an electric taco?


----------



## of Fangs and Furry (May 18, 2016)

Shadow said:


> Stop fucking swearing! >8U


You just freaking swore



YOU
ARE
DRIVING
ME
INSANE


----------



## LyrrenClock (May 18, 2016)

Barking-In-the-Dark said:


> I'd like to but organizing is such a pain. T_T
> Also I would but I don't have a kik. ^_^;


well den just jot down the screen name for when FA is live again or search it on several other sites it will be me XD or skype I has a skype...same name just have to search it with a different one I think


----------



## PheagleAdler (May 18, 2016)

Shadow said:


> Stop fucking swearing! >8U


Fucking, Austria.


----------



## Fordoxia (May 18, 2016)

rin_elyran said:


> Well, is there a way to block third-party programs from accessing the source code? If so, how much trouble would it be to implement it?


It really depends on what the program does.  In this case, it was ImageMagik, which from the name seems to be involved with all the pictures.  Since this is a, how do you say...  Central aspect of the site, hiding the source code from it is basically not a thing.  The key lies in making the 3rd party programs themselves secure.


----------



## Redfurryfire (May 18, 2016)

rin_elyran said:


> Real mature, bro.



He's right tho, furries/bronies can't take jokes.


----------



## xTwilightStarx (May 18, 2016)

Redfurryfire said:


> Furries are the most b
> 
> 
> Nope because i was just about to pay(Asking for email for payment) when the site went down. So i don't know if she started on her yet, because she didn't receive the money yet. c:
> ...


O, I guess that does make things a bit more bummer-ish.
But hey, at least hackers can't delete the artists themselves.
I'm sure she'll be happy to work on it when the site is finally back up.


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> You just freaking swore
> 
> 
> 
> ...


Obvious irony joke right there.


----------



## Shadow (May 18, 2016)

of Fangs and Furry said:


> You just freaking swore
> 
> 
> 
> ...








(Actually leaving now. Gotta do lifey things.)


----------



## Redfurryfire (May 18, 2016)

xTwilightStarx said:


> O, I guess that does make things a bit more bummer-ish.
> But hey, at least hackers can't delete the artists themselves.
> I'm sure she'll be happy to work on it when the site is finally back up.



I gues... I need FA back up... It is the only social media I like/use


----------



## supersonicbros23 (May 18, 2016)

of Fangs and Furry said:


> *IT ISNT SPAM YOURE SPAM. *


13 year-old with nothing to do, please read an article on "Netiquette"


----------



## LyrrenClock (May 18, 2016)

rin_elyran said:


> Well, is there a way to block third-party programs from accessing the source code? If so, how much trouble would it be to implement it?


they had patched it to where it got blocked but it was too late apparently cause then they gave out the code that got taken via usb to random people and they attacked the site with it deleting accounts and such (just going based off my basic understanding of the informative posts provided by admins)


----------



## Barking-In-the-Dark (May 18, 2016)

Hurricane_Valentine said:


> Imma just break the temper tantrum chain...Fallout 4, Far Harbor....tomorrow..


AH MAINE! ^_^ That's where my hubby is from! :3


----------



## Fordoxia (May 18, 2016)

supersonicbros23 said:


> 13 year-old with nothing to do, please read an article on "Netiquette"


No!  NO!  You fed it!


----------



## Redfurryfire (May 18, 2016)

supersonicbros23 said:


> 13 year-old with nothing to do, please read an article on "Netiquette"



Or play Minecraft or COD. All those kids hang out there. xD


----------



## of Fangs and Furry (May 18, 2016)

Fordoxia said:


> Obvious irony joke right there.


T_T
Here's an irony joke
There exists a cat that is 999999 million billion trillion lightyears long. The problem? It's too big to fit in the universe. So, it stretches through MULTIPLE UNIVERSES.


----------



## ZX6R (May 18, 2016)

supersonicbros23 said:


> Well anyway I'm curious as to what kind of process is required to access a website's source code. I mean almost everyone knows the F12 trick but that should only show the display format, links, and fonts, right? I'm going to do some looking up on this "ImageTragick" thing to fulfill my curiosity.
> Only way to fix a security issue is to recreate it, I suppose. I wonder if that's what they are doing now.


The f12 thing is just what your browser loads. While this stuff can be exploited, in this case when they say "source code", they're usually talking about the backend stuff that your browser doesn't deal with. The exploit used to get the source code was in the image processing software that FA (and many other sites) uses to compress, resize and otherwise process images.


----------



## KazWolf (May 18, 2016)

*Please stop fighting, oh god!*


----------



## of Fangs and Furry (May 18, 2016)

supersonicbros23 said:


> 13 year-old with nothing to do, please read an article on "Netiquette"


Stop. I swear you're getting on my damn nerves


----------



## Tali Aurora (May 18, 2016)

Please stop fighting Q_Q


----------



## b0rnstellar (May 18, 2016)

What if FA never comes back up and this forum just spirals into anarchy


----------



## Redfurryfire (May 18, 2016)

KazWolf said:


> *Please stop fighting, oh god!*



It's your basic furry drama. Just let it be and wait till the mods come to destroy it.


----------



## of Fangs and Furry (May 18, 2016)

Fordoxia said:


> No!  NO!  You fed it!


Stop trolling and bullying me I'm not a damn troll


----------



## Bananas_on_Bread (May 18, 2016)

_


supersonicbros23 said:



			13 year-old with nothing to do, please read an article on "Netiquette"
		
Click to expand...

"13 year old"
*has a sonic avatar*_

it is as if you dont want to be taken seriously


----------



## of Fangs and Furry (May 18, 2016)

b0rnstellar said:


> What if FA never comes back up and this forum just spirals into anarchy


It already is. I'm going insane already


----------



## LyrrenClock (May 18, 2016)

b0rnstellar said:


> What if FA never comes back up and this forum just spirals into anarchy


sadly it seems it already is...as for FA never coming back up oh well I have an FN DA FB and weasyl pages for my art I'm not completely shot on my work or fanbase


----------



## mshy (May 18, 2016)

Gees how long for this repair?


----------



## xTwilightStarx (May 18, 2016)

Everyone keeps saying there's fighting, but I don't really see any of it as fighting lol.
All I see is a string of memes and bad jokes.


----------



## of Fangs and Furry (May 18, 2016)

Bananas_on_Bread said:


> _"13 year old"
> *has a sonic avatar*_
> 
> it is as if you dont want to be taken seriously


He doesn't.


----------



## Redfurryfire (May 18, 2016)

Bananas_on_Bread said:


> _"13 year old"
> *has a sonic avatar*_
> 
> it is as if you dont want to be taken seriously



Not wanna be rude. But your Username doesn't help too.


----------



## rin_elyran (May 18, 2016)

LyrrenClock said:


> they had patched it to where it got blocked but it was too late apparently cause then they gave out the code that got taken via usb to random people and they attacked the site with it deleting accounts and such (just going based off my basic understanding of the informative posts provided by admins)


Well then, I guess I have no other advice to give at this time.

But I am indeed glad that things are looking up for the main site so far. I've been patiently waiting this whole time.


----------



## Bannor (May 18, 2016)

Human sacrifice, dogs and cats living together... mass hysteria!


----------



## Fordoxia (May 18, 2016)

Ah, that's better...


----------



## Bananas_on_Bread (May 18, 2016)

Redfurryfire said:


> Not wanna be rude. But your Username doesn't help too.


i dont
its a furry forum


----------



## quoting_mungo (May 18, 2016)

*Again:* Less of the bickering, shitposting, and veering miles off topic, *please*. 
And if there is any posting of graphic medical photography, the culprit will get a forced vacation from the forums.

I really don't want to have to start addressing you guys individually about your conduct in this thread. Just please keep it on topic. 


RocketExecutiveCypress said:


> Is anyone else in this thread completely lost? I don't understand all this fancy techno lingo that these hip young kids are using. What I did understand is that hackers are getting fancier and things need to be updated. I have zero clue about how any of this works but it sounds like the staff should implement someone some of these ideas, less hackers(?) do more than just inflict FA with a paralyze status condition.


If you're willing to bear with my ridiculous love for metaphor, here's a low-tech metaphor for the situation for you:
Let's say FA is a museum. It's housed in a pretty old building, which has some secret passages and intruder-sized air vents still in it from where it was built. Because of these passages being a potential threat to the integrity of the works on display, the blueprints are stored in a locked room.
Well, it turns out that the lock factory that made the door lock to that room has constructed their locks in a way that lets people with a little bit of savvy open the door without the key. (This would be the "ImageTragick" exploit - the door lock in this case is ImageMagick.) Someone sneaks in, makes copies of the blueprints, and sneaks out before the museum owners find out there's a problem with their lock and can replace it.
A week and a half later, someone starts leaving folders with copies of the museum blueprints lying around. The museum obtains the contents of one of these folders, but while they're reviewing what exactly was included in the folder, someone uses the blueprints to pull a heist. (This would be the 17 May attack.) The museum immediately locks down and secures all entrances and exits before the culprit can cause even more damage.

So right now, we've got our maintenance people working overtime to find and block any remaining secret passages or intruder-sized vents.


Dec said:


> Exactly, I assume thats why they said they're going through trying to fix vulnerabilities. FA has gotten off just doing security through obscurity for years, now that the source code for the site is out there they have to fix security issues.


That phrasing is... potentially quite misleading - vulnerabilities in the code and/or site function _have_ been patched the entire time I've been on staff, and presumably before as well. Now, however, the timetable has been forced on doing a complete, in-depth audit.

Also please note that virtually _all_ digital security has a measure of security through obscurity. Password protection when you log into a website relies on nobody else knowing your password, for instance. If your friends learn your Facebook password (or get a hold of your logged-in device for a few minutes, but that's a different matter), they can log into your account and post embarrassing status updates on your wall. Just mentioning this to put things into perspective - while ideally having source code shouldn't permit bad things to happen, as others have noted in this thread, open source software has vulnerabilities discovered all the time. Security through obscurity is not a perfect answer, or even a very good one, but it also should not be turned into something just short of a slur.


----------



## supersonicbros23 (May 18, 2016)

Redfurryfire said:


> Not wanna be rude. But your Username doesn't help too.


My username is 8 years old, as is the 'mascot' I made for it. I'm 20 now with a growing hatred for people who think a person's username and avatar are relevant to what they have to say.


----------



## nyannom1 (May 18, 2016)

Barking-In-the-Dark said:


> I'd like to but organizing is such a pain. T_T
> Also I would but I don't have a kik. ^_^;


If I don't make one then I'm for sure joining one, I need to connect to my people and eat pizza with them!


----------



## Tali Aurora (May 18, 2016)

of Fangs and Furry said:


> You like skeletons?
> CAT.
> X-RAY.
> 
> ...


Buddy, get the heart surgery picture.


----------



## LyrrenClock (May 18, 2016)

rin_elyran said:


> Well then, I guess I have no other advice to give at this time.


yeah not really much to be said to contribute to solving the issue its basically a waiting game atm hense a few people are just rambling now or just tossing ideas at one another


----------



## YaoiMeowmaster (May 18, 2016)

Furry Network still doesnt seem to compare. ;u; perhaps Im not following enough people yet. Or I think others are distracted and just waiting for FA to come back to abandon it entirely. (As if I didnt do the same to inkbunny, still I try)


----------



## Redfurryfire (May 18, 2016)

supersonicbros23 said:


> My username is 8 years old, as is the 'mascot' I made for it. I'm 20 now with a growing hatred for people who think a person's username and avatar are relevant to what they have to say.



Not your Username. Banana on bread guy.


----------



## Samandriel Morningstar (May 18, 2016)

b0rnstellar said:


> What if FA never comes back up and this forum just spirals into anarchy



Wouldn't be the first time.


----------



## AsheSkyler (May 18, 2016)

DreadnoughtDT said:


> Ghostery huh? I've never heard of that. What does it do?


A type of ad blocker. It also can prevent site redirects from misleading links, social sharing buttons, all sorts of tracking and analytical scripts, chat widgets, and things like that. And of course the configuration page that let's you determine how many and what kinds of things you want to leave you the heck alone.

I don't think it works on FA ads. I usually leave those enabled anyway since they're not as bad as those Flash ads.


----------



## Pace VanRign (May 18, 2016)

*drums fingers*


----------



## Bananas_on_Bread (May 18, 2016)

Redfurryfire said:


> Not your Username. Banana on bread guy.


its Bananas


----------



## ZX6R (May 18, 2016)

These people who are complaining about the downtime have never had any experience in Information Technology. If they did, they would understand the stress and frustration that this stuff can impose, and the many different angles that you have to look at when something goes wrong. You change and patch one thing, you break something else, you fix that and something else becomes vulnerable.


----------



## Fordoxia (May 18, 2016)

Just put this on, leave, wait for it to finish, then come back to see if FA is up, if not, go play DOOM.  I dare you to be better than Polygon.


----------



## Redfurryfire (May 18, 2016)

Bananas_on_Bread said:


> its Bananas



Great. Sorry i forgot the S :c


----------



## of Fangs and Furry (May 18, 2016)

quoting_mungo said:


> And if there is any posting of graphic medical photography, the culprit will get a forced vacation from the forums.



Does that include my X-ray


----------



## of Fangs and Furry (May 18, 2016)




----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> Does that include my X-ray


It doesn't look graphic to me; but the definition of graphic is a difficult one.


----------



## Bananas_on_Bread (May 18, 2016)

of Fangs and Furry said:


>


>memecenter


----------



## RocketExecutiveCypress (May 18, 2016)

Still clueless, but alright.


----------



## of Fangs and Furry (May 18, 2016)

Fordoxia said:


> It doesn't look graphic to me; but the definition of graphic is a difficult one.



Okay. You've finally stopped being a jerk to me. Thank you.


----------



## Zepher_Tensho (May 18, 2016)

ZX6R said:


> These people who are complaining about the downtime have never had any experience in Information Technology. If they did, they would understand the stress and frustration that this stuff can impose, and the many different angles that you have to look at when something goes wrong. You change and patch one thing, you break something else, you fix that and something else becomes vulnerable.



I have a feeling you work in IT.


----------



## FatalSyndrome (May 18, 2016)

What's for dinner tonight?


----------



## Fordoxia (May 18, 2016)

FatalSyndrome said:


> What's for dinner tonight?



Its *Green Giant* sweetcorn!


----------



## MaverickHunterDBoy (May 18, 2016)

Man, I wish I could find the guys responsible for this--I wanna kick their sorry @$$es into the stratosphere!


----------



## of Fangs and Furry (May 18, 2016)

FatalSyndrome said:


> What's for dinner tonight?


Crappy memes and jar jar binks.


----------



## of Fangs and Furry (May 18, 2016)

Fordoxia said:


> Its *Green Giant* sweetcorn!


Sweetcorn? Like the stuff I use for carp fishing?


----------



## supersonicbros23 (May 18, 2016)

Bananas_on_Bread said:


> its Bananas


Oh man... ear worm... I don't remember any of the lyrics or the majority of the song but it was from like years ago...
"Its bananas. B-A-N-A-N..."


of Fangs and Furry said:


>


Honestly, buddy I think you're in the wrong forum. This is about Fur Affinity's cyberattack. Not Star Wars, XRays of cats, or about how you think everyone who questions anything you say is bullying. That's all I'm gonna say.


----------



## Tali Aurora (May 18, 2016)

Furries = Drama
Furries = Melodramatic
Furries = Sweaty 2k carpets
Furries = Good artwork
Furries = Still melodramatic


----------



## Tali Aurora (May 18, 2016)




----------



## ZX6R (May 18, 2016)

Zepher_Tensho said:


> I have a feeling you work in IT.


Yeah. I've never had a breach where I work, but being rushed when things are down for like 5 minutes is stressful.


----------



## Samandriel Morningstar (May 18, 2016)




----------



## Fordoxia (May 18, 2016)

Tali Aurora said:


> Furries = Drama
> Furries = Melodramatic
> Furries = Sweaty 2k carpets
> Furries = Good artwork
> Furries = Still melodramatic


Dont forget melodramatic!


----------



## of Fangs and Furry (May 18, 2016)

cough.


----------



## MrD66 (May 18, 2016)

Annnnd we just hit 69 pages of trolling and useless content


----------



## Redfurryfire (May 18, 2016)

Tali Aurora said:


> Furries = Drama
> Furries = Melodramatic
> Furries = Sweaty 2k carpets
> Furries = Good artwork
> Furries = Still melodramatic



You forgot perverted.


----------



## Redfurryfire (May 18, 2016)

of Fangs and Furry said:


> If you like heavy metal



Oh, FNAF shit. Yup. I'm officialy done with you.


----------



## Tali Aurora (May 18, 2016)

Welcome to this forum topic! Here you will find;
Rioting furries
Melodramatc furries
Overreacting furries
Whining furries
Perverted furries
Yiffing furries
Mammal furries
Peacekeeper furries
Memester furries
Casual Furries
Here you will NOT find;
Sane furries
Moderator furries
Peace
Sanity
Scalies
Furries who aren't mammals


----------



## V3N44X (May 18, 2016)

ZX6R said:


> These people who are complaining about the downtime have never had any experience in Information Technology. If they did, they would understand the stress and frustration that this stuff can impose, and the many different angles that you have to look at when something goes wrong. You change and patch one thing, you break something else, you fix that and something else becomes vulnerable.



This is a top site. Things do not work that way at this level of operation.
Simple... the clock is ticking. Act like it is.

If the site needs to be opened in read-only initially... so be it.
Clear sections of the site and live update.
I am of the school where /THERE IS NO EXCUSE FOR DOWNTIME/

I am a systems architect.


----------



## Redfurryfire (May 18, 2016)

Tali Aurora said:


> Welcome to this forum topic! Here you will find;
> Rioting furries
> Melodramatc furries
> Overreacting furries
> ...



I'm pretty sane if I say so myself.


----------



## Rabbi-Tom (May 18, 2016)

Yanno...I discovered something during this FA down time....


It was, bright, warm and SUNNY outside...Wow!! Wonderful,  You all should experience this yourselves instead of sitting in your dark caves of woe.


Plus tonight, I'm watching TOP GEAR!!! Gotta love the boys!!


----------



## of Fangs and Furry (May 18, 2016)

Tali Aurora said:


> Welcome to this forum topic! Here you will find;
> Rioting furries
> Melodramatc furries
> Overreacting furries
> ...


Wich one an I


----------



## Nendakitty (May 18, 2016)

of Fangs and Furry said:


> cough.



... Heavy...Metal? Have you even heard good heavy metal. Damn this is just cheap autotuned rubbish, and that's just not even including the fact that its FNAF.

Mungo said earlier to leave out the bullshit and random socialising on an important thread. Add music to the music thread kiddo.


----------



## Bananas_on_Bread (May 18, 2016)

of Fangs and Furry said:


> Wich one an I


cancer


----------



## of Fangs and Furry (May 18, 2016)

Who here likes cats?


----------



## Tali Aurora (May 18, 2016)

of Fangs and Furry said:


> Wich one an I


You are a hybrid of;
Peacekeeper
Memester


----------



## of Fangs and Furry (May 18, 2016)

Bananas_on_Bread said:


> cancer


Shut up


----------



## noveltybest (May 18, 2016)

seesh what the hell is going on I'm going to draw somemore stuff when this site opens up.


----------



## Redfurryfire (May 18, 2016)

Bananas_on_Bread said:


> cancer


----------



## of Fangs and Furry (May 18, 2016)

Tali Aurora said:


> You are a hybrid of;
> Peacekeeper
> Memester


Thank you.


----------



## mshy (May 18, 2016)

Geez can we please be on topic if that's so hard to ask?


----------



## noveltybest (May 18, 2016)

Redfurryfire said:


>


shots fired.


----------



## Nendakitty (May 18, 2016)

Dragging the thread back to reality.

Is there any more updates from Neer? Last I heard they'd stabilized some more stuff but there's still no ETA.

I don't want to dig through the thread but any updates? I mean either way compared to previous FA black outs in super pleased to see Neer socialising and keeping us so updated for once.

Good change. Its nice seeing a side where he genuinely seems to care about the site and the users.

But yeah updates or nothing yet? Cheers~


----------



## Fordoxia (May 18, 2016)

Nendakitty said:


> Dragging the thread back to reality.
> 
> Is there any more updates from Neer? Last I heard they'd stabilized some more stuff but there's still no ETA.
> 
> ...


Nufin' yet.  Now...  Bak to insanity!


----------



## FatalSyndrome (May 18, 2016)

Nendakitty said:


> Dragging the thread back to reality.
> 
> Is there any more updates from Neer? Last I heard they'd stabilized some more stuff but there's still no ETA.
> 
> ...


The site status forum is where the updates will be, if there's any new ones you'll see em there.


----------



## amethystos (May 18, 2016)

Well in other news I wish all the best to the programmers who are trying to patch things up. I'm really inconvenienced by this (I'm one of those people that uses FA commissions/auctions to pay rent/utilities/misc bills...), but I understand that if they don't patch this up thoroughly, the site will be down for even longer and it could become catastrophic. Thankfully it was only 6 days lost and not 6 years...


----------



## of Fangs and Furry (May 18, 2016)

Redfurryfire said:


> Oh, FNAF shit. Yup. I'm officialy done with you.


You are 
A jerk


----------



## Samandriel Morningstar (May 18, 2016)

Tali Aurora said:


> Welcome to this forum topic! Here you will find;
> Rioting furries
> Melodramatc furries
> Overreacting furries
> ...










Clearly getting back on topic wasn't your intention.


----------



## ZX6R (May 18, 2016)

V3N44X said:


> This is a top site. Things do not work that way at this level of operation.
> Simple... the clock is ticking. Act like it is.
> 
> If the site needs to be opened in read-only initially... so be it.
> ...


Did I say that it was an excuse for downtime? Nope, but you can't just expect them to throw up a quick fix and call it a day. Maybe that's what they've done before, but this time there is higher stakes if they do. They're trying to make sure there isn't any other vulnerabilities. Pull the "top site" card whenever you want. The company I work for is one of the top 5 wire manufacturers in the world.  And you talk about "no excuse for downtime". Downtime costs millions for us.  I tried not to rant, but FA is doing what they can right now and people complaining about it is not helping in any way.


----------



## ohtar (May 18, 2016)

mshy said:


> Geez can we please be on topic if that's so hard to ask?



what topic? All this started as was an announcement that the site went to shit and nobody knows when it will be back up. Short of repeating that over and over again, there is literally no conversational topic to this whatsoever.
we were already told a few times to stop making up theories and pointing fingers so thats out, and staff doesn't really want people's opinions on where they may or may not have mucked up so that's out too...


----------



## Nendakitty (May 18, 2016)

FatalSyndrome said:


> The site status forum is where the updates will be, if there's any new ones you'll see em there.



He tends to be updating the site status a little bit behind twitter, (which I don't avidly follow) so I wasn't sure if there were any updates from there that hadn't been cross posted yet, but thanks!


----------



## Redfurryfire (May 18, 2016)

of Fangs and Furry said:


> You are
> A jerk



Ik, i'm a dick. But kid listen. Please leave the forums if all you do is spam memes and post gay music. It's oke to go off topic. But please, don't be cancerous and behave yourself.


----------



## Fordoxia (May 18, 2016)

amethystos said:


> Thankfully it was only 6 days lost and not 6 years...



And as it turns out, it was 6 years; the weeks was a typo...


----------



## noveltybest (May 18, 2016)

ok how do we message other people on this?
I mean the well art and ych customers.


----------



## Drage (May 18, 2016)

Traveller800 said:


> I don;t get it...whats the motivation? Its clearly not cash otherwise they would have demanded a ransom or something. Why would they devite time to fucking with your website? Its stupid AND cruel to the users.




The Motivation is clear its some dude/woman who has a hate for Furrys. 
It's sad though that is most likely the case.


----------



## Lakue (May 18, 2016)

I just want FA back...


----------



## TaylorxxWolfie (May 18, 2016)

PheagleAdler said:


> What sites would those be, if I may ask?


Right now, SoFurry is up and running as normal


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> I like FNaF.
> 
> 
> 
> ...


Look, could you at least put the vids in a spoiler tab (like this SPOILER <content> /SPOILER)


----------



## Moderator-Gazelle (May 18, 2016)

Guys, please keep on topic. Thanks~


----------



## TaylorxxWolfie (May 18, 2016)

Doggystail said:


> I just want FA back...


Me too


----------



## HowlingWolven (May 18, 2016)

First off, yep, finally got driven to open a faf account by this outage.

Second of all, holy shit. The site's been down for less than 48 hours and we've got sixty-nine pages of mostly shitposting. (And yeah, I've kept up-to-date on it...)

Lastly, admins, keep doing what you're doing. As others have suggested, consider rewriting the backend from scratch (using 2016 standard practices instead of however old the core of the current code is) and if it makes sense by whatever metrics, don't waste time on getting that project off the ground. Oh - don't skimp on pentesting if that ends up happening.


To go back to the museum analogy: build a new wing for the exhibits while keeping the old one open. The new wing should be modern and energy-efficient, and it should be secure at night so thieves don't run amok. Hire some professional 'thieves' to attack the new wing, both during construction, as well as after it's open to the public.


----------



## Samandriel Morningstar (May 18, 2016)

Just a suggestion but we could move on over to this topic instead.


forums.furaffinity.net: >post anything you're thinking right now ITT


----------



## Redfurryfire (May 18, 2016)

Moderator-Gazelle said:


> Guys, please keep on topic. Thanks~



Please, i beg you. kick of Fangs and Furry from this topic/forum hes annoying everybody here. :/


----------



## Nendakitty (May 18, 2016)

Moderator-Gazelle said:


> Guys, please keep on topic. Thanks~



Admin literally said no more of this rubbish.



of Fangs and Furry said:


> Sigh. I'm stressed.
> This song is epic. Not gay. I love it.
> 
> 
> ...



Still posting in the wrong thread though.


----------



## skyliner_369 (May 18, 2016)

Doggystail said:


> I just want FA back...


Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.


----------



## Moderator-Gazelle (May 18, 2016)

Right okay I did say please keep on topic. *Beginning now, users who continue to not follow the rules will be prohibited from posting to this thread for one hour. You have been warned.*


----------



## V3N44X (May 18, 2016)

Rabbi-Tom said:


> Yanno...I discovered something during this FA down time....
> 
> 
> It was, bright, warm and SUNNY outside...Wow!! Wonderful,  You all should experience this yourselves instead of sitting in your dark caves of woe.
> ...



The Data Lab is warm, dark, and full of blinky lights. I like it there. I love my servers. They love me back. They operate as I have designed them, and a couple monkeys operate them for me. I sit back... and watch the lights.


----------



## Fordoxia (May 18, 2016)

of Fangs and Furry said:


> Then you stop posting videos.


By god, the irony is off the charts.

Seriously though: Terms and Rules | Fur Affinity Forums


----------



## Sailors-Kitty (May 18, 2016)

I'm just hoping that after this attack and FA is back up things get better for this site. So far, after being on it a few months,  I've really enjoyed it. Especially how kind everyone is! I haven't really found a site with as nice as a community as this one does.


----------



## thunderstrike23 (May 18, 2016)

I am super worried that the site's source code was handed out like candy...  Cause that's some scary shit.  Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;


----------



## V3N44X (May 18, 2016)

thunderstrike23 said:


> I am super worried that the site's source code was handed out like candy...  Cause that's some scary shit.  Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;


Nah. Shouldn't be scary. Shouldn't even be all that damaging.
And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
Unless this is their first security test ever. Then they deserve a spanking.


----------



## Lakue (May 18, 2016)

skyliner_369 said:


> Me, too. I wanna Look at more pictures of foxes and such, and play the newest flashes, but... Ugh! Someone had to dick with the site, and just ruin EVERYONE's day. Why would anyone do this?! Wait! I know! Someone wanting to force their beliefs on everyone! Ugh... horrendous.


You can't understand, people are just ingorant and full of hate


----------



## noveltybest (May 18, 2016)

wait do I have to re-favorite crap after this is over  ill be so tired and sore from these potential comic titles its ridiculous.


----------



## Fordoxia (May 18, 2016)

thunderstrike23 said:


> I am super worried that the site's source code was handed out like candy...  Cause that's some scary shit.  Not to mention, I can't imagine how much code writing everyone's gotta do before the site can go back up to stop the hacker/people/freaks/whatever from just waddling back in and blowing up the site again ;.-.;


Its especially not scary because of Kerchoffs' Principle, which postulates that you should assume that an enemy/hacker/adversary has access to your complete source code/algorithms, and that you should design your security to take account of this.


----------



## skyliner_369 (May 18, 2016)

Doggystail said:


> You can't understand, people are just ingorant and full of hate


I know... and I just wish they weren't, but I know that they will never go away. It's a fact of life, like taxes and death.


----------



## Samandriel Morningstar (May 18, 2016)

noveltybest said:


> wait do I have to re-favorite crap after this is over  ill be so tired and sore from these potential comic titles its ridiculous.





Dragoneer said:


> This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.
> 
> We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.


----------



## thunderstrike23 (May 18, 2016)

V3N44X said:


> Nah. Shouldn't be scary. Shouldn't even be all that damaging.
> And it shouldn't take much code writing. Perhaps fixing a few buffer overflows or something.
> Unless this is their first security test ever. Then they deserve a spanking.



Well I hope it's not.  That being said, from what I've read and such whoever had messed with the site was outright deleting things. Like users, submissions, etc...  
Then again, I don't know -too- much about site programming.  I had some basic training in Dreamweaver 8 back in 2007, but that's about it.  Anyhow, I just hope it's not as bad as I think.  Thanks for your time!


----------



## Lakue (May 18, 2016)

skyliner_369 said:


> I know... and I just wish they weren't, but I know that they will never go away. It's a fact of life, like taxes and death.


Sad but exact, it could takes days to talk about people's hate and the furry fandom and  it has been done too much before


----------



## Cybeast (May 18, 2016)

Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way. 

I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?

While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.


----------



## Nendakitty (May 18, 2016)

What I don't understand is. Everyone is so angry. Its a free website anyway so technically Neer owes us nothing and could just take down FA permanently if he wanted.

That's besides my point. Everyone's pointing fingers at haters and such. Most of the HUGE hacks on websites this year have been done to find fault in coding and get staff to fix it. 

Has no one thought that the person who did this was trying to help but screwed up. I'm not saying it is the case, but you cant rule it out.

Its useless whining and saying "furry haters this and that". We aren't being attacked anymore and its more socially accepted being furries. Its probably someone having fun unfortunately. Or someone that messed up and tried helping.

Who knows. Crying doesn't help though.


----------



## aaarisha (May 18, 2016)

I know there's no ETA, but anyone have an idea how much longer this might take?


----------



## Redfurryfire (May 18, 2016)

Also, admin if you are reading this. There was a message most of the data was restored. but does that imply for 11 may or for the day before FA went down?


----------



## Nendakitty (May 18, 2016)

versailles100 said:


> I know there's no ETA, but anyone have an idea how much longer this might take?



Could take hours, could take days, depends on how much they have left to fix


----------



## Fordoxia (May 18, 2016)

Cybeast said:


> Since the source code is like the all access pass to the site and all our stuff that we put on Furaffinity, I'm a bit worried that our stuff could be compromised in some way.
> 
> I feel for the people that lost recent watches and lost their accounts over the pass few days. But isn't there a way to alter the source code of the website to protect against more hackers and people who might DDOS the site again?
> 
> While I'm on it, there's no way that someone could just break the site like that in one night, the individuals who got the source code on the USB drives had to have planned this for some time now for them to elaborately do this. But it has to be someone who is a really good hacker, or someone that works closely on the site? I'm merely thinking out loud on this one but you tell me.


This wasn't a DDOS, it was a hack.  Different things.

Source code does not nessicarally give access to everything.  In this case, it didn't.

The Exploit was through ImageMagik, which allowed the code to be obtained, allowing the attacker to search it for vulnerabilities.


----------



## Samandriel Morningstar (May 18, 2016)

versailles100 said:


> I know there's no ETA, but anyone have an idea how much longer this might take?



There's been no word as of yet as far as I've seen,considering all of the stuff that needs to be taken care of I'm sure they're taking their time to make sure this doesn't happen again instead of slapping on a temporary fix and calling it good.
Just be patient.


----------



## skyliner_369 (May 18, 2016)

Doggystail said:


> Sad but exact, it could takes days to talk about people's hate and the furry fandom and  it has been done too much before


Exactly. I just wish the site comes back soon. And that the haters at least leave us be.


----------



## Lakue (May 18, 2016)

Nendakitty said:


> What I don't understand is. Everyone is so angry. Its a free website anyway so technically Neer owes us nothing and could just take down FA permanently if he wanted.
> 
> That's besides my point. Everyone's pointing fingers at haters and such. Most of the HUGE hacks on websites this year have been done to find fault in coding and get staff to fix it.
> 
> ...


Well, I'm not crying, I'm just pissed


----------



## skyliner_369 (May 18, 2016)

Samandriel Morningstar said:


> There's been no word as of yet as far as I've seen,considering all of the stuff that needs to be taken care of I'm sure they're taking their time to make sure this doesn't happen again instead of slapping on a temporary fix and calling it good.
> Just be patient.


If that's the case, the coders all deserve cookies. :3


----------



## Cybeast (May 18, 2016)

Fordoxia said:


> This wasn't a DDOS, it was a hack.  Different things.
> 
> Source code does not nessicarally give access to everything.  In this case, it didn't.
> 
> The Exploit was through ImageMagik, which allowed the code to be obtained, allowing the attacker to search it for vulnerabilities.



So if the Exploit go through via ImageMagik as was explained , shouldn't they be held somewhat accountable for some of the mess that happened because the exploit was found in their system?


----------



## Samandriel Morningstar (May 18, 2016)

skyliner_369 said:


> If that's the case, the coders all deserve cookies. :3



That's for sure,they really deserve a lot more respect just like the other staff members of this website.
They do a lot.


----------



## Nendakitty (May 18, 2016)

Doggystail said:


> Well, I'm not crying, I'm just pissed



I didn't point out individuals however there are MANY posts saying stuff like "why does everyone hate furries" and "cant the haters leave us alone" it comes across as whiney and there's no proof of such trivial thoughts. 

Makes us look stupid as a group of people of you ask me. Its a website. There's others.


----------



## skyliner_369 (May 18, 2016)

Nendakitty said:


> What I don't understand is. Everyone is so angry. Its a free website anyway so technically Neer owes us nothing and could just take down FA permanently if he wanted.
> 
> That's besides my point. Everyone's pointing fingers at haters and such. Most of the HUGE hacks on websites this year have been done to find fault in coding and get staff to fix it.
> 
> ...


I, am not crying, just irked. And I don't work for the site, so I CAN'T help.


----------



## Redfurryfire (May 18, 2016)

I feel like the twintowers just collapsed on FA, the amount chaos going on now is insane.


----------



## XianFuSheng (May 18, 2016)

Dear god, you look away for a few hours and drama erupts like there's no tomorrow, there's not enough popcorn for this damnit!

Also, on topic...those USB things were handed out at a con right? Why would anyone hand out random USB things with a website's source code on it? I mean, majority of people most likely wouldn't know what the heck to do with it due to lacking any if all coding knowledge. Sounds rather dumb to me.


----------



## noveltybest (May 18, 2016)

skyliner_369 said:


> If that's the case, the coders all deserve cookies. :3


what do you mean by "cookies"


----------



## Nendakitty (May 18, 2016)

skyliner_369 said:


> I, am not crying, just irked. And I don't work for the site, so I CAN'T help.



Acting childish wont help the situation either though. Irked or not. Leave the admins to their job.

They're fixing it. They're updating us. All we can do is be mature and wait. The only way you can help is by mot pointing fingers at "haters" no one knows who did it so leave that be until the staff work it out.


----------



## Fordoxia (May 18, 2016)

Cybeast said:


> So if the Exploit go through via ImageMagik as was explained , shouldn't they be held somewhat accountable for some of the mess that happened because the exploit was found in their system?


I'm not a lawyer, so I could not say.


----------



## Lakue (May 18, 2016)

Nendakitty said:


> I didn't point out individuals however there are MANY posts saying stuff like "why does everyone hate furries" and "cant the haters leave us alone" it comes across as whiney and there's no proof of such trivial thoughts.
> 
> Makes us look stupid as a group of people of you ask me. Its a website. There's others.


Well you're just saying what I said, there has been too much pics on the subject of hate, also I was just guessing and that's a possibility


----------



## CerusSerenade (May 18, 2016)

Redfurryfire said:


> I feel like the twintowers just collapsed on FA, the amount chaos going on now is insane.


Let's not compare server downtime to mass murder.


----------



## Elohiim_Koshiiri (May 18, 2016)

PheagleAdler said:


> What sites would those be, if I may ask?



Basically the most well known sites that hate furries or just do it for the lulz.

I will not post names, because thats against the rules, but as I said, if we find anything we will forward it too Dragoneer and his staff.


----------



## noveltybest (May 18, 2016)

Nendakitty said:


> Acting childish wont help the situation either though. Irked or not. Leave the admins to their job.
> 
> They're fixing it. They're updating us. All we can do is be mature and wait. The only way you can help is by mot pointing fingers at "haters" no one knows who did it so leave that be until the staff work it out.


your right all we need to do is hope for the best and get to creating stuff so we can actually make the site great again.


----------



## skyliner_369 (May 18, 2016)

Redfurryfire said:


> I feel like the twintowers just collapsed on FA, the amount chaos going on now is insane.


well, YEAH! the whole website fell down and that means nobody, NOBODY can see their favorite furry artist's work, so they come here to voice their feelings.


----------



## Samandriel Morningstar (May 18, 2016)

XianFuSheng said:


> Dear god, you look away for a few hours and drama erupts like there's no tomorrow, there's not enough popcorn for this damnit!
> 
> Also, on topic...those USB things were handed out at a con right? Why would anyone hand out random USB things with a website's source code on it? I mean, majority of people most likely wouldn't know what the heck to do with it due to lacking any if all coding knowledge. Sounds rather dumb to me.



It's all about who knows who,if one person doesn't know anything they'll probably pass it down to the next and so on and so forth.
It's all about connections.
From what I've read with what little information that's been given they may have just tossed them about but there was probably knowledge of the event just outside of the main people who caused this.



skyliner_369 said:


> well, YEAH! the whole website fell down and that means nobody, NOBODY can see their favorite furry artist's work, so they come here to voice their feelings.



It's understandable everyone is upset,but it's a given.
Repeatedly getting up on that soapbox and shouting the same thing the other 20 or more people have doesn't do anything except add on to the stress and the general disorder happening right now.


----------



## Elohiim_Koshiiri (May 18, 2016)

CerusSerenade said:


> Let's not compare server downtime to mass murder.



This


----------



## DreadnoughtDT (May 18, 2016)

Tali Aurora said:


> Welcome to this forum topic! Here you will find;
> Rioting furries
> Melodramatc furries
> Overreacting furries
> ...



Fairly certain I'm sane, and am not a mammal. Heh.


----------



## Redfurryfire (May 18, 2016)

CerusSerenade said:


> Let's not compare server downtime to mass murder.



Was just a little joke. Sorry if it was too far. But yeah maby bad example...


----------



## RainyCat (May 18, 2016)

Dragoneer said:


> We have RAID 10s in all our servers. Full database and storage backups are held on other servers, so it's not quite the same as a single drive going offline and needing to replace the backup. And yes, doing daily backups is something we want to do, but with a site the size of FA, it can cause some severe slowdowns doing them constantly. We're in the process of acquiring a new backup storage system which would allow us to do said backups (but also requires a network upgrade).



Buy an external bay with mini-sas connectors and a raid card to match, this is what is used in most cloud systems:
iStarUSA DAGE412U40DEBK-3MS 4U 12-bay 3.5" SAS/SATA 6.0Gb/s miniSAS SFF8088 JBOD Trayless Hotswap Rackmount Chassis 500W PSU - Newegg.com (Ignore the JBOD, Mini-Sas CAN raid)
HP 487204-B21 PCI-Express x8 SATA / SAS Smart Array P812/1G FBWC RAID Controller Card - Newegg.com
NEW EMC 10M External SAS SFF-8088 to SFF-8088 Mini SAS External Cable - 038-003-658 - Newegg.com

You get 3x 12-Gbit lanes with Mini-Sas and the full bandwidth of your Pci-Express slot. Transfers are faster than 3 SFP+ connections to a fiber switch or regular switch, latency is in microseconds possibly nanoseconds but as close as you'll get to a HBA adapter. If you have the money go with a Q-Logic or Intel card, those are the best but might exceed your price range, just make sure the connectors match up.


----------



## skyliner_369 (May 18, 2016)

DreadnoughtDT said:


> Fairly certain I'm sane, and am not a mammal. Heh.


CX you are awesome.


----------



## Zepher_Tensho (May 18, 2016)

Cybeast said:


> So if the Exploit go through via ImageMagik as was explained , shouldn't they be held somewhat accountable for some of the mess that happened because the exploit was found in their system?



It doesnt work like that. You can't hold someone legally accountable because a bug was overlooked in the code. The only parties guilty of illegal activity are the ones leveraging the exploits.


----------



## Moderator-Gazelle (May 18, 2016)

versailles100 said:


> I know there's no ETA, but anyone have an idea how much longer this might take?


Unfortunately we don't know how much longer it'll take, but I can give you a comparison graph on how fast we're going compared to land mammals top speeds, if that helps.







tl;dr guys i love you so much thank you for continuing to be patient, we will tell you literally the moment we know thank you so much for waiting for us


----------



## Fordoxia (May 18, 2016)

DreadnoughtDT said:


> Fairly certain I'm sane, and am not a mammal. Heh.


If you think you are sane, you are not.


----------



## noveltybest (May 18, 2016)

skyliner_369 said:


> well, YEAH! the whole website fell down and that means nobody, NOBODY can see their favorite furry artist's work, so they come here to voice their feelings.


that is if there's any big or favorite artist on this board looking at us now complain about it .(I'm looking at you big artist I might of watched)


----------



## supersonicbros23 (May 18, 2016)

I honestly hope whatever code fixing they do doesn't drastically alter the site's appearance once it does go back up. I 
loved the layout, nothing too fancy yet everything looked good and organized.


----------



## Redfurryfire (May 18, 2016)

Moderator-Gazelle said:


> Unfortunately we don't know how much longer it'll take, but I can give you a comparison graph on how fast we're going compared to land mammals top speeds, if that helps.
> 
> 
> 
> ...



You guys just had to make it 9001, didn't you?


----------



## Cybeast (May 18, 2016)

Zepher_Tensho said:


> It doesnt work like that. You can't hold someone legally accountable because a bug was overlooked in the code. The only parties guilty of illegal activity are the ones leveraging the exploits.



Still, ImageMagik could be warned. Right?


----------



## Blackraven2 (May 18, 2016)

If you have a large but well maintained code base, the average to be expected rate of security flaws is one flaw every one thousand code lines.
If you put extraordinary effort into securing the code and make regular code audits, that goes down to one in ten thousand lines.

But there's always a few more. Security flaws have even been found in unix library code that had been 20 years old, open source and looked at by the community for the whole time.

With FA's code out in the hand of malicious attackers. The site cannot go on-line without getting rid of any flaws the attackers might easily find.
If a flaw allows an attacker sufficient privilege escalation, not even read-only-mode would stop him. They could burrough their way all the way to the database, or even its online backup regardless.

It's also not enough to close the holes they already found and used. It's not enough to close even all holes of the same type. You'd need a thorrough code audit, by experienced people - and also fix everything they might find - before you could risk bringing the site up in any form at all. 

If FA staff brought the site back up too soon. It would likely just get hacked again. Except, the next attacker might not be after the database, he might be after the users and identity theft or similar and go unnoticed for much longer.


However a thorrough code audit by professionals would take weeks on even medium sized code bases. And you'd still have no guarantee that it'd have found everything. 

The only way to make sure none of the potentially found flaws in the leaked code are exploitable is to throw it away and rewrite it from scratch. But that, too might take too long. Maybe less, maybe more. The older a code base is, the more sense a rewrite makes in cases like this.


But, all of that in mind, I don't expect FA to come back in the next few days. And if it does, it wouldn't stay up for long.


What could possibly be done, considering the code is already in the hand of attackers, if rewriting the codebase is not an option, one could crowdsource the audit.
Make your liability (leaked code) into an asset. Call to any experienced developers in the user base for help, put the code open source for everyone to see, and ask for as much help to find and close the holes as one can get.


----------



## aaarisha (May 18, 2016)

Sorry for asking, I didn't mean to sound impatient. Was just askin' is all.


----------



## DreadnoughtDT (May 18, 2016)

skyliner_369 said:


> CX you are awesome.



Awww, thank you!

And yes, I'm aware I'm not actually sane. It's always been my philosophy that "Those who say they are sane, are the ones who are not."


----------



## skyliner_369 (May 18, 2016)

Blackraven2 said:


> If you have a large but well maintained code base, the average to be expected rate of security flaws is one flaw every one thousand code lines.
> If you put extraordinary effort into securing the code and make regular code audits, that goes down to one in ten thousand lines.
> 
> But there's always a few more. Security flaws have even been found in unix library code that had been 20 years old, open source and looked at by the community for the whole time.
> ...


This, I agree with completely. Perfection is impossible, and thus, all one can do is get as many hands working to get it as close to perfect as possible.


----------



## noveltybest (May 18, 2016)

DreadnoughtDT said:


> Awww, thank you!
> 
> And yes, I'm aware I'm not actually sane. It's always been my philosophy that "Those who say they are sane, are the ones who are not."


so your insane .


----------



## SGRedAlert (May 18, 2016)

noveltybest said:


> so your insane .


You're*


----------



## DreadnoughtDT (May 18, 2016)

noveltybest said:


> so your insane .



No one is truly sane. We're all just varying levels of insane. It's like the thought of "normal" is a fallacy, if that makes sense.


----------



## skyliner_369 (May 18, 2016)

DreadnoughtDT said:


> Awww, thank you!
> 
> And yes, I'm aware I'm not actually sane. It's always been my philosophy that "Those who say they are sane, are the ones who are not."


Psh! Do you try the same thing repeatedly, expecting a different result? If not, then, by definition, you're not insane. :3


----------



## DreadnoughtDT (May 18, 2016)

skyliner_369 said:


> Psh! Do you try the same thing repeatedly, expecting a different result? If not, then, by definition, you're not insane.



Yeah, it's called fighting a boss in Dark Souls. lol


----------



## skyliner_369 (May 18, 2016)

DreadnoughtDT said:


> Yeah, it's called fighting a boss in Dark Souls. lol


XD okay, you win.


----------



## Rabbi-Tom (May 18, 2016)

Resume your normal lives, please move on, allow the staff to do their jobs.  Whining only irks them more.


----------



## SGRedAlert (May 18, 2016)

DreadnoughtDT said:


> No one is truly sane. We're all just varying levels of insane. It's like the thought of "normal" is a fallacy, if that makes sense.


"What is normal for the spider is chaos for the fly." I forgot who wrote that, but it's something that's stuck with me whenever someone's like "Ugh, you're not normal!" Well, neither are you. Everyone defines 'normal' differently, therefor 'normal' is an arbitrary concept, unless you're talking about irrefutable facts - like, I dunno, humans have two eyes. That's generally the norm, and a one-eyed individual is not normal.


----------



## DreadnoughtDT (May 18, 2016)

SGRedAlert said:


> "What is normal for the spider is chaos for the fly." I forgot who wrote that, but it's something that's stuck with me whenever someone's like "Ugh, you're not normal!" Well, neither are you. Everyone defines 'normal' differently, therefor 'normal' is an arbitrary concept, unless you're talking about irrefutable facts - like, I dunno, humans have two eyes. That's generally the norm, and a one-eyed individual is not normal.



Yeah, that's essentially what I mean. That's an awesome saying BTW, I think I'll use that from now on.


----------



## skyliner_369 (May 18, 2016)

SGRedAlert said:


> "What is normal for the spider is chaos for the fly." I forgot who wrote that, but it's something that's stuck with me whenever someone's like "Ugh, you're not normal!" Well, neither are you. Everyone defines 'normal' differently, therefor 'normal' is an arbitrary concept, unless you're talking about irrefutable facts - like, I dunno, humans have two eyes. That's generally the norm, and a one-eyed individual is not normal.


Truth!


----------



## noveltybest (May 18, 2016)

if the site gets fixed we are gonna go insane either way so I guess we are all crazy for stuff when disasters happen not saying this is a big tragedy just saying when something bad happens all the time and when its fixed its a relief for a short time.

(maybe its in most of our bodily functions the scientists might say.....)


----------



## skyliner_369 (May 18, 2016)

noveltybest said:


> if the site gets fixed we are gonna go insane either way so I guess we are all crazy for stuff when disasters happen not saying this is a big tragedy just saying when something bad happens all the time and when its fixed its a relief for a short time.
> 
> (maybe its in most of our bodily functions the scientists might say.....)


Yeah, there's a good chance of that.


----------



## ArielMT (May 18, 2016)

Cybeast said:


> Still, ImageMagik could be warned. Right?


The ImageMagick team released patches as soon as the ImageTragick vulnerability was announced.  There was some miscommunication with the disclosure, but they knew from the start and worked with the hackers who discovered it to get the word out and encourage patching.


----------



## nyannom1 (May 18, 2016)

SGRedAlert said:


> "What is normal for the spider is chaos for the fly." I forgot who wrote that, but it's something that's stuck with me whenever someone's like "Ugh, you're not normal!" Well, neither are you. Everyone defines 'normal' differently, therefor 'normal' is an arbitrary concept, unless you're talking about irrefutable facts - like, I dunno, humans have two eyes. That's generally the norm, and a one-eyed individual is not normal.


I don't really believe in the concept of normal, and I can't put a direct example for normal, because it will vary so much.


----------



## SGRedAlert (May 18, 2016)

DreadnoughtDT said:


> Yeah, that's essentially what I mean. That's an awesome saying BTW, I think I'll use that from now on.


Oh. Apparently it was spoken by Charles Addams, the writer of the Addams Family. Huh. The more you know!
It really is a wonderful saying, and people shut up the second they hear it, because you can't argue that!


----------



## supersonicbros23 (May 18, 2016)

So I did some peeping around and found 1 or 2 recent threads on the attack elsewhere, but so far I can't find anything about someone "spilling the beans" so to speak, pretty much just "Hey guys did you hear about...?" stuff.
Anyone else do some snooping around?
(Honestly FA was the only thing that kept me busy really, without it I have much free time.)


----------



## SGRedAlert (May 18, 2016)

nyannom1 said:


> I don't really believe in the concept of normal, and I can't put a direct example for normal, because it will vary so much.


Well like I said, 'normal' is generally an arbitrary concept, unless you're talking about absolute fact, or a scientific norm. But most scientific norms can be described more along the lines of an 'average' than 'normal' so I dunno. I suppose that makes 'normal' redundant.


----------



## Fordoxia (May 18, 2016)

nyannom1 said:


> I don't really believe in the concept of normal, and I can't put a direct example for normal, because it will vary so much.


I simply view normal as statistically average.


----------



## Bannor (May 18, 2016)

SGRedAlert said:


> "What is normal for the spider is chaos for the fly." I forgot who wrote that, but it's something that's stuck with me whenever someone's like "Ugh, you're not normal!" Well, neither are you. Everyone defines 'normal' differently, therefor 'normal' is an arbitrary concept, unless you're talking about irrefutable facts - like, I dunno, humans have two eyes. That's generally the norm, and a one-eyed individual is not normal.


Without cheating and using google, I'm thinkin' that's a quote from or by Charles Addams, although attributed to Morticia Addams (from the Addams Family).


----------



## Moderator-Gazelle (May 18, 2016)

nyannom1 said:


> I don't really believe in the concept of normal, and I can't put a direct example for normal, because it will vary so much.





SGRedAlert said:


> Well like I said, 'normal' is generally an arbitrary concept, unless you're talking about absolute fact, or a scientific norm. But most scientific norms can be described more along the lines of an 'average' than 'normal' so I dunno. I suppose that makes 'normal' redundant.


I really super love this conversation, but i'd love it more in another thread ;u; Thank you so much for the intelligent conversation though!


----------



## skyliner_369 (May 18, 2016)

supersonicbros23 said:


> So I did some peeping around and found 1 or 2 recent threads on the attack elsewhere, but so far I can't find anything about someone "spilling the beans" so to speak, pretty much just "Hey guys did you hear about...?" stuff.
> Anyone else do some snooping around?
> (Honestly FA was the only thing that kept me busy really, without it I have much free time.)


Yeah, pretty much the same here.


----------



## DreadnoughtDT (May 18, 2016)

With all this free time, I'm sitting here playing Transformers: Devastation. I'm so sad this game tanked, considering it had a sequel hook at the end of it...


----------



## TaylorxxWolfie (May 18, 2016)

KazWolf said:


> Watching the drama growing up, I am ready to pick up some popcorn


Is that the "just do it" guy?


----------



## SGRedAlert (May 18, 2016)

Bannor said:


> Without cheating and using google, I'm thinkin' that's a quote from or by Charles Addams, although attributed to Morticia Addams (from the Addams Family).


I googled it a minute or two ago, and yeah, it's Charles Addams. Thanks!


----------



## SGRedAlert (May 18, 2016)

Moderator-Gazelle said:


> I really super love this conversation, but i'd love it more in another thread ;u; Thank you so much for the intelligent conversation though!


Oh, okay, thank you!


----------



## skyliner_369 (May 18, 2016)

Moderator-Gazelle said:


> I really super love this conversation, but i'd love it more in another thread ;u; Thank you so much for the intelligent conversation though!


Right! We're furrys. we're distractible. So... you hear anything? I'd hope that the guys have worked out what can go wrong.


----------



## Bannor (May 18, 2016)

SGRedAlert said:


> I googled it a minute or two ago, and yeah, it's Charles Addams. Thanks!


Yay!


----------



## nyannom1 (May 18, 2016)

TaylorxxWolfie said:


> Is that the "just do it" guy?


I think so. His name is Shia LeBouf btw.


----------



## BloodhoundPreston (May 18, 2016)

Shadow said:


> Take a chill pill and fantasize about FA working. Also, be nice to the bronies, they're our younger furry siblings. It's just a green pegasus drawn by someone younger.


Well, it was drawn by my little sister. And I've changed my profile pic.


----------



## Zepher_Tensho (May 18, 2016)

Cybeast said:


> Still, ImageMagik could be warned. Right?



They fixed the vulnerability already. FA just didnt patch in time. The damage was done before the exploit was fixed.


----------



## Moderator-Gazelle (May 18, 2016)

skyliner_369 said:


> Right! We're furrys. we're distractible. So... you hear anything? I'd hope that the guys have worked out what can go wrong.


I basically know as much as what's been disseminated on the forums, as we've literally put out announcements as soon as information became concrete.

Other than that, @yak and @Dragoneer have been up all night doing things, and I think Neer is also eating chicken alfredo at an alarming pace. More details to follow.


----------



## TaylorxxWolfie (May 18, 2016)

nyannom1 said:


> I think so. His name is Shia LeBouf btw.



I know. lol I didnt know how to spell his name


----------



## skyliner_369 (May 18, 2016)

Zepher_Tensho said:


> They fixed the vulnerability already. FA just didnt patch in time. The damage was done before the exploit was fixed.


Yeah. And I don't think FA could have patched it in time. Hacker communities on onion networks are way more active than even the best companies.


----------



## Samandriel Morningstar (May 18, 2016)

versailles100 said:


> Sorry for asking, I didn't mean to sound impatient. Was just askin' is all.



You were just curious there's nothing wrong with that,no worries.


----------



## KazWolf (May 18, 2016)

TaylorxxWolfie said:


> Is that the "just do it" guy?


Yes, Just do it guy, Shia LaBeouf


----------



## DreadnoughtDT (May 18, 2016)

Welp, considering I have nothing constructive to add to this thread, I think I'll take my leave. *the dragontaur pads out of the room* Enjoy yourselves, now.


----------



## nyannom1 (May 18, 2016)

TaylorxxWolfie said:


> I know. lol I didnt know how to spell his name


Haha, I had to ask someone in class if that was the correct spelling


----------



## skyliner_369 (May 18, 2016)

TaylorxxWolfie said:


> I know. lol I didnt know how to spell his name


I woulda just said "Shaia LaBuff"


----------



## TropicalDonkey (May 18, 2016)

On the subject of losing business during the shutdown, may I ask how many people actually frequent the art part of the forums when looking for art? Because I've noticed anyone putting up ads for their art for the most part gets no replies or views.


----------



## skyliner_369 (May 18, 2016)

I'm glad I didn't post any information on me that's too personal. If a website I go to gets hacked, I simply assume that every ounce of information was taken from the site.


----------



## noveltybest (May 18, 2016)

ill stay but wait for a good post to come. the site might come tomorrow on my birthday or many days after.

at this rapid rate.


----------



## Nemnth (May 18, 2016)

skyliner_369 said:


> I'm glad I didn't post any information on me that's too personal. If a website I go to gets hacked, I simply assume that every ounce of information was taken from the site.


From what I was reading, no personal information was leaked, this includes passwords and other fun stuff. It was just attacked directly with intent to take down the site


----------



## Samandriel Morningstar (May 18, 2016)

TropicalDonkey said:


> On the subject of losing business during the shutdown, may I ask how many people actually frequent the art part of the forums when looking for art? Because I've noticed anyone putting up ads for their art for the most part gets no replies or views.



It depends on what you're offering and what the site traffic is at that time,so right now might actually be a good time to post anything you're offering it may do well in the long run but in general it's sort of a hit and miss topic.


----------



## supersonicbros23 (May 18, 2016)

Oh man... I just went to the BFLC site (where according to early posts was the location of the distribution of the USB drives) and FurCon theme was "Fallen Utopia."
Might Fur Affinity might be considered one of the "Utopias" for furries?
Oh man... I probably shouldn't speculate, thats how rumors start.


----------



## mshy (May 18, 2016)

i'm new here, how often are these said "attacks?"


----------



## skyliner_369 (May 18, 2016)

Nemnth said:


> From what I was reading, no personal information was leaked, this includes passwords and other fun stuff. It was just attacked directly with intent to take down the site


This may be, but the attack could be a diversion. Just assume the worst and hope for the best.


----------



## Samandriel Morningstar (May 18, 2016)

mshy said:


> i'm new here, how often are these said "attacks?"



It's not consistent if that's what you're worried about.
It's been a while since the last one.


----------



## mshy (May 18, 2016)

Samandriel Morningstar said:


> It's not consistent if that's what you're worried about.
> It's been a while since the last one.


Thanksies.


----------



## Samandriel Morningstar (May 18, 2016)

mshy said:


> Thanksies.



You're welcome.


----------



## Nemnth (May 18, 2016)

skyliner_369 said:


> This may be, but the attack could be a diversion. Just assume the worst and hope for the best.


A diversion for what? You're making this seem bigger than it really is.


----------



## skyliner_369 (May 18, 2016)

Speaking of patching code, It'd be nice if the FA file size limit was increased. I understand that space is limited, but it would still be nice. One can dream, right?


----------



## Samandriel Morningstar (May 18, 2016)

skyliner_369 said:


> This may be, but the attack could be a diversion. Just assume the worst and hope for the best.



Let's just not make assumptions about anything or point fingers,it was an attack and that's all it was.
There was nothing to gain from it or to build up from it besides the general chaos that's ensued.
A lot of people are already really upset/uncomfortable about what's happened so let's try and not stir the pot any further.


----------



## skyliner_369 (May 18, 2016)

Nemnth said:


> A diversion for what? You're making this seem bigger than it really is.


Well, like I said, assume the worst, hope for the best.


----------



## skyliner_369 (May 18, 2016)

Samandriel Morningstar said:


> Let's just not make assumptions about anything or point fingers,it was an attack and that's all it was.
> There was nothing to gain from it or to build up from it besides the general chaos that's ensued.
> A lot of people are already really upset/uncomfortable about what's happened so let's try and not stir the pot any further.


... right. Ahhhhhh... oops.


----------



## Faolan_Wolf-Wings (May 18, 2016)

There is no such thing as perfect, really.  What we call "perfect" is merely a concept we use based on ideals and dreams.  The mind may be without limits, but reality is always full of limits and flaws.  But that's the closest to the true definition of "perfect" there ever is.  Time is change, and change evolves constantly.  We can't control it, but we can utilize it and harness it's power in some ways, as a sailor would harness the winds with the mast and sailcloth of his ship.  Wherever the wind blows, we follow, yet we can change our courses, to go a different direction by adjusting our sails.

Basically what I am getting at is that we can try to improve the systems, but it will never reach the perfection formed by our ideals.  We can continue the same pattern, but we don't have to, as we have the options to try different approaches to solving the problems we face.  We can only do the best we can with what we have, and though we dream big, we are bound by limits of the present time as we move to the future.

Sorry for the wise words lecture, but I feel I had to say it here.  >w<


----------



## noveltybest (May 18, 2016)

Nemnth said:


> A diversion for what? You're making this seem bigger than it really is.


don't worry this is just a big chip off the backs of the people it'll be fine just takes great recoding though I do hope for a cool new design of the site after this like you get to group your art work inside of one group and you can constantly do this without harm your computer or you can post within your picture.


----------



## mint_swirl (May 18, 2016)

mshy said:


> Why must all of these hacker asshats must ruin the experience for us artists?


to be fair though,
we really need to stop being so reliant on FA as our number one art site, because this isnt the first time and im scared to say this wont be the last :T
but in times like this it is hard to branch out to other art sites because all my damn commission info is on my profile xD so im up the creek without a paddle till the site it back up,
though working on a new price list till i can get my hands on my original price list,
so i know your pain mshy, but we need to stop relying on FA to heavily to hold all our commission info and que lists


----------



## Tali Aurora (May 18, 2016)

Stop being overdramatic. It's down for a while, so what? MUCH worse things have happened to our fandom. Do you not remember the chlorine gas incident at that convention? MUCH worse than some idiots messing with FA.


----------



## skyliner_369 (May 18, 2016)

Tali Aurora said:


> Stop being overdramatic. It's down for a while, so what? MUCH worse things have happened to our fandom. Do you not remember the chlorine gas incident at that convention? MUCH worse than some idiots messing with FA.


you're right. It could be. it still can be. but right now, it isn't. I hope it stays that way.


----------



## Tali Aurora (May 18, 2016)

For the love of... Do I have to be blunt too?
Stop whining, get over yourselves, and do something productive. I'm tired of my notifs being clogged up by the constant complaining!


----------



## Tali Aurora (May 18, 2016)

skyliner_369 said:


> you're right. It could be. it still can be. but right now, it isn't. I hope it stays that way.


Mhm


----------



## TaylorxxWolfie (May 18, 2016)




----------



## supersonicbros23 (May 18, 2016)

Tali Aurora said:


> For the love of... Do I have to be blunt too?
> Stop whining, get over yourselves, and do something productive. I'm tired of my notifs being clogged up by the constant complaining!


I don't mean this like a smartass but theres a button to unwatch the thread, should get rid of the notifications.
Can't disagree with the advice though


----------



## noveltybest (May 18, 2016)

Tali Aurora said:


> For the love of... Do I have to be blunt too?
> Stop whining, get over yourselves, and do something productive. I'm tired of my notifs being clogged up by the constant complaining!


everyone give this person a hug!


----------



## Faolan_Wolf-Wings (May 18, 2016)

Well, I'm certain once the site is up and running again, everyone will be aware of this illegal jump drive code distribution trick so that at any future conventions, those would not be allowed in the event.


----------



## skyliner_369 (May 18, 2016)

I just want my daily dose of fuzzbutts and non-fuzzbutts. (furrys and the likes)


----------



## noveltybest (May 18, 2016)

Faolan_Wolf-Wings said:


> Well, I'm certain once the site is up and running again, everyone will be aware of this illegal jump drive code distribution trick so that at any future conventions, those would not be allowed in the event.


mhm but then again what are allowed in furry events?


----------



## supersonicbros23 (May 18, 2016)

Faolan_Wolf-Wings said:


> Well, I'm certain once the site is up and running again, everyone will be aware of this illegal jump drive code distribution trick so that at any future conventions, those would not be allowed in the event.


Like a little pat-down at the door? That'd be difficult, those things are so easy to disguise, there are soooooooo many novelty ones... 
	

	
	
		
		

		
			





  this is actually a 2GB jump drive


----------



## Tali Aurora (May 18, 2016)

;; Can you help me find the unwatch button-thing? This thread is scaring me Q_Q


----------



## Nemnth (May 18, 2016)

Tali Aurora said:


> ;; Can you help me find the unwatch button-thing? This thread is scaring me Q_Q


Theres a tab near the top that says watched threads. Select that and go through it


----------



## Draconas (May 18, 2016)

Reposting this


Draconas said:


> Several suggestions were given to broaden your horizons, you ignore them and look where it lands you.
> 
> You put all of your eggs in one basket. communications? references? the ability to conduct business? you've been locked out all of this AND MORE for 20+ hours, and some of you still have the gall to bitch and complain "well XYZ doesn't get enough traffic" then go there and make traffic. "their interface is shit" you could've spent today learning the interface for another site, it's not that hard.
> 
> ...


----------



## noveltybest (May 18, 2016)

Tali Aurora said:


> ;; Can you help me find the unwatch button-thing? This thread is scaring me Q_Q


someone guide this person!


----------



## FatalSyndrome (May 18, 2016)

They just tweeted that they're trying to get it back up just a little bit ago


----------



## Faolan_Wolf-Wings (May 18, 2016)

noveltybest said:


> mhm but then again what are allowed in furry events?


Likely now that everyone knows the truth when the story spreads, nobody would accept any jump drives being distributed.  It's a trick that will only be effective once.  You'd have to be a total fool to fall for it again after what happened last time.


----------



## FatalSyndrome (May 18, 2016)

Draconas said:


> Reposting this


A lot of us upload frequently to multiple sources, that doesn't change the fact that BUSINESS TRAFFIC is dead there. I have my own website, FA, DA, Weasyl, FN, SF, Twitter, Tumblr, you name it. Trust me I don't put all my eggs in one basket.

Doesn't change the fact that most buyers with money are still on FA. You're not even an artist and likely have no experience in these matters, so maybe consider a lot of us already do what you and many others have suggested, and spare the lectures perhaps? You're not the first person to say this and the advice is a broken record.


----------



## noveltybest (May 18, 2016)

supersonicbros23 said:


> Like a little pat-down at the door? That'd be difficult, those things are so easy to disguise, there are soooooooo many novelty ones...
> 
> 
> 
> ...


in the near future my pencil would even be a jump drive.


----------



## rjbartrop (May 18, 2016)

FatalSyndrome said:


> A lot of us upload frequently to multiple sources, that doesn't change the fact that BUSINESS TRAFFIC is dead there. I have my own website, FA, DA, Weasyl, FN, SF, Twitter, Tumblr, you name it. Trust me I don't put all my eggs in one basket.
> 
> Doesn't change the fact that most buyers with money are still on FA. You're not even an artist and likely have no experience in these matters, so maybe consider a lot of us already do what you and many others have suggested, and spare the lectures perhaps?



And right now, traffic on FA is zero, so any other site will give you more.


----------



## Hurricane_Valentine (May 18, 2016)

Just putting it out the that I appreciate you all working so hard to do this. Running a FREE site with thousands of ungrateful users tossing turds at a fan can't be easy. We've sadly reached an age that people arent happy unless they're in a utopia. 

Thanks guys!


----------



## FatalSyndrome (May 18, 2016)

rjbartrop said:


> And right now, traffic on FA is zero, so any other site will give you more.


No shit.


----------



## supersonicbros23 (May 18, 2016)

noveltybest said:


> in the near future my pencil would even be a jump drive.


Gotchya covered.


----------



## Moderator-Gazelle (May 18, 2016)

Tali Aurora said:


> ;; Can you help me find the unwatch button-thing? This thread is scaring me Q_Q


Here!


----------



## Draconas (May 18, 2016)

FatalSyndrome said:


> A lot of us upload frequently to multiple sources, that doesn't change the fact that BUSINESS TRAFFIC is dead there. I have my own website, FA, DA, Weasyl, FN, SF, Twitter, Tumblr, you name it. Trust me I don't put all my eggs in one basket.
> 
> Doesn't change the fact that most buyers with money are still on FA. You're not even an artist and likely have no experience in these matters, so maybe consider a lot of us already do what you and many others have suggested, and spare the lectures perhaps? You're not the first person to do this, it's a broken record, chill.


I don't need to be an artist to understand how stupid and crippling it is to keep all of your commission info on one site that's been down for 2 days now, so don't even go there.
as for the rest of your message, glad you use more than one site, this was aimed at those who don't and chose to bitch about other websites being sucky instead.


----------



## Faolan_Wolf-Wings (May 18, 2016)

supersonicbros23 said:


> Like a little pat-down at the door? That'd be difficult, those things are so easy to disguise, there are soooooooo many novelty ones...
> 
> 
> 
> ...


I'm referring to distribution of the items.  It could also be distributed by SD cards as well, if it's big enough to hold all that code.  But customers can't possibly be fooled twice for that, and with security becoming more aware, I wouldn't be surprised if someone goes undercover to ensure nobody tries to do it again.


----------



## Drage (May 18, 2016)

Jane_M_J said:


> Dragoneer! Is whole this situation mean we have to wait for FA for days or even weeks?!?



Consider FA has a massive Data Base we could be talking up to one week.


----------



## FatalSyndrome (May 18, 2016)

Draconas said:


> I don't need to be an artist to understand how stupid and crippling it is to keep all of your commission info on one site that's been down for 2 days now, so don't even go there.
> as for the rest of your message, glad you use more than one site, this was aimed at those who don't and chose to bitch about other websites being sucky instead.


It's an amateur mistake to put all your information on one site, really. For those that don't know that, I try to promote them so they can learn to gain more traffic on, say, Twitter, which is almost never ever down.
That makes sense! I appreciate the clarification.
Was considering making a guide to set up this sorta stuff, but I'm not sure if I have the right or grounds to do so.


----------



## AsheSkyler (May 18, 2016)

I'm honestly shocked they're already ready to start trying to make it live again. I expected at the absolute minimum a full week offline considering what kind of hack attack this was. Even a month would have been acceptable to me.

Besides, I'm a webcomicker that has used DrunkDruck for seven years. No FA outage I've experienced can compare to the glorious blunders that Platinum Studios has brought to the misfortunate sites it has bought out! And over something like site design at that. I was trained on using mirror sites long ago.


----------



## Draconas (May 18, 2016)

FatalSyndrome said:


> It's an amateur mistake to put all your information on one site, really. For those that don't know that, I try to promote them so they can learn to gain more traffic on, say, Twitter, which is almost never ever down.
> That makes sense! I appreciate the clarification.
> Was considering making a guide to set up this sorta stuff, but I'm not sure if I have the right or grounds to do so.


I may have been a bit harsh in my reply my bad


----------



## Tali Aurora (May 18, 2016)

Faolan_Wolf-Wings said:


> Well, I'm certain once the site is up and running again, everyone will be aware of this illegal jump drive code distribution trick so that at any future conventions, those would not be allowed in the event.


It's not running right now.


----------



## FatalSyndrome (May 18, 2016)

Tali Aurora said:


> It's not running right now.


They'll say when it does


----------



## Faolan_Wolf-Wings (May 18, 2016)

Tali Aurora said:


> It's not running right now.


Just saying that this news is big, so everyone will hopefully be more alert at conventions about such things being given out.


----------



## Bourbon. (May 18, 2016)

of Fangs and Furry said:


> Don't worry, 13 yr old here.


No wonder you think everything is anger and drama.

No one is ranting. Stop capslocking at people and trying to moderate the posts. You're not a moderator or an admin. You're liable to get yourself banned for trying to police others and acting as you are.


----------



## Ivorytigress (May 18, 2016)

*Day 63*
_Furaffinity is still down. 
Porn supply is running low.
We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _


----------



## ScarClaw (May 18, 2016)

Since it is STILL Down I got bored and made this video.  The sad music is supposed to be a joke but at the same time exaggerating a little on how I feel about it lol.


----------



## skyliner_369 (May 18, 2016)

Ivorytigress said:


> *Day 63*
> _Furaffinity is still down.
> Porn supply is running low.
> We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _


Yup... pretty much the truth.


----------



## FatalSyndrome (May 18, 2016)

Draconas said:


> I may have been a bit harsh in my reply my bad


That's alright! Thank you x3


----------



## noveltybest (May 18, 2016)

Drage said:


> Consider FA has a massive Data Base we could be talking up to one week.


estimating that timing it could be any time so its clearly unknown at this point but with a fast staff might be shorter we can never tell.


Ivorytigress said:


> *Day 63*
> _Furaffinity is still down.
> Porn supply is running low.
> We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _


were not sacrificing theres still more porn left.


----------



## supersonicbros23 (May 18, 2016)

I left DeviantArt because 8/10 people I met there were assholes, and I am not even rounding. When I joined FA that ratio went to 1/20 and for once I actually started getting regular feedback on my works.
I am_ not_ going back to DeviantArt.


----------



## YaoiMeowmaster (May 18, 2016)

Draconas said:


> I don't need to be an artist to understand how stupid and crippling it is to keep all of your commission info on one site that's been down for 2 days now, so don't even go there.
> as for the rest of your message, glad you use more than one site, this was aimed at those who don't and chose to bitch about other websites being sucky instead.




You cant just MAKE traffic out of nowhere. Most of us artists have our commission info everywhere, even plastered with us in person. And the responsible lot of us always save refs and in person details.

There are too many FA alternatives that are pretty much clogged with too many artists and not enough customers. Thats why Weasyl doesnt work. Everyone is just posting and sitting on their ass waiting to get compliments while for the most part, because FA is an equal mix of both consumer and creator, its much easier to get feedback. Same thing with FN right now. Its so nice in theory, but its quiet as heck.

Its like telling someone who plays guitar in times square that they should go make traffic in the forest. Sure...they MIGHT encounter a hiker or something, and maybe they should do it once in a while for a change of pace, but at the end of the day, FA is important for us artists. We dont rely on it out of laziness, we simply invest a lot of time into it because the ROI on every other network is minimal at best.

Edit: other websites are not as good because they lack what I said before, a balanced community. Deviantart suffers from the same egocentrism problem.


----------



## skyliner_369 (May 18, 2016)

supersonicbros23 said:


> I left DeviantArt because 8/10 people I met there were assholes, and I am not even rounding. When I joined FA that ratio went to 1/20 and for once I actually started getting regular feedback on my works.
> I am_ not_ going back to DeviantArt.


*shudder* Deviantart is a barren waist-land for the furry community.
\


----------



## noveltybest (May 18, 2016)

Bourbon. said:


> No wonder you think everything is anger and drama.
> 
> No one is ranting. Stop capslocking at people and trying to moderate the posts. You're not a moderator or an admin. You're liable to get yourself banned for trying to police others and acting as you are.


the most mature person on FA in history.
is right over here.


----------



## skyliner_369 (May 18, 2016)

I WOULD go to e621, but that site is really badly organized to me.


----------



## noveltybest (May 18, 2016)

skyliner_369 said:


> *shudder* Deviantart is a barren waist-land for the furry community.
> \


true and there's only one contest keeping us alive but its currently being spammed by trolls or ads or other contest dwellers.


----------



## Zepher_Tensho (May 18, 2016)

Drage said:


> Consider FA has a massive Data Base we could be talking up to one week.



The backup is already done. Right now all we're waiting on is for them to go over the source code and fix anymore security holes.


----------



## nyannom1 (May 18, 2016)

Ivorytigress said:


> *Day 63*
> _Furaffinity is still down.
> Porn supply is running low.
> We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _


I have over 800 pictures of gay furry but not everyone will like that


----------



## skyliner_369 (May 18, 2016)

nyannom1 said:


> I have over 800 pictures of gay furry but not everyone will like that


I like gay, and str8! :3


----------



## supersonicbros23 (May 18, 2016)

Regardless of the restoration level of the site, there is still the sub-importance of the APB out for those flash drives and the people possessing them. As overly dramatic as this sounds I think we need "boots on the ground" for this one. At the very least a mole.

Otherwise a very dedicated individule


----------



## YaoiMeowmaster (May 18, 2016)

supersonicbros23 said:


> Regardless of the restoration level of the site, there is still the sub-importance of the APB out for those flash drives and the people possessing them. As overly dramatic as this sounds I think we need "boots on the ground" for this one. At the very least a mole.


The flash drives themselves dont even matter anymore. As someone said, it's likely the source code has been copied and redistributed onto github, or pastebin. If this was the 90s then maybe tracking down a deadly floppy disk would be feasible, but no one would dedicate such manpower to a furry website sadly enough. 

Although, it would make quite an interesting story. The best bet is for the con staff to investigate who was the person handing them out in the first place


----------



## Bourbon. (May 18, 2016)

Y'all talk a LOT by the by. I was offline for like 10 hours and came back to 20+ more pages of people acting stupid, generalizing artists, not being artists and telling artists that they should be using other sites while not understanding the issue of traffic and earning new commissions, and people being immature children and trying to dictate what other people can or cannot say. 

Oh, you guys.


----------



## Koshiryuu (May 18, 2016)

I'm wondering if it was someone who left the main site due to personal reasons and returned just to extract revenge.


----------



## HowlingVoice (May 18, 2016)

Hoo boy, this thread is all sorts of pure drama gold.


----------



## Lazarus. (May 18, 2016)

Koshiryuu said:


> I'm wondering if it was someone who left the main site due to personal reasons and returned just to extract revenge.


Do I smell a conspiracy theory?


----------



## skyliner_369 (May 18, 2016)

HowlingVoice said:


> Hoo boy, this thread is all sorts of pure drama gold.


Yup. I already grabbed my bag of popcorn.


----------



## Flame-LoneWolf (May 18, 2016)

"Muahaha, I'm a bored, cancerous waste of space who feels like ruining a website of people who have nothing to do with me and hindering their day! That'll make me feel like I filled the void in my pointless, completely empty existence I call a life!"

This is the only think I can hear hackers like this telling themselves honestly...


----------



## Lazarus. (May 18, 2016)

Pull up your lawn chairs and coolers boys and girls, there's gonna be a downhome furry drama show tonight.


----------



## Hurricane_Valentine (May 18, 2016)

Ivorytigress said:


> *Day 63*
> _Furaffinity is still down.
> Porn supply is running low.
> We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _



Lol best comment I've seen thus far.


----------



## Bourbon. (May 18, 2016)

Lazarus. said:


> Pull up your lawn chairs and coolers boys and girls, there's gonna be a downhome furry drama show tonight.


I don't know about all that. The only drama I've been seeing are people accusing people of drama when there is no drama.


----------



## supersonicbros23 (May 18, 2016)

YaoiMeowmaster said:


> The flash drives themselves dont even matter anymore. As someone said, it's likely the source code has been copied and redistributed onto github, or pastebin. If this was the 90s then maybe tracking down a deadly floppy disk would be feasible, but no one would dedicate such manpower to a furry website sadly enough.
> 
> Although, it would make quite an interesting story. The best bet is for the con staff to investigate who was the person handing them out in the first place


Well how about scouting pastebin and github then? I know "once its up its everywhere" phenomenon the internet is responsible for but still. I don't know, I just hate sitting feeling helpless when stuff like this happens.


Bourbon. said:


> I don't know about all that. The only drama I've been seeing are people accusing people of drama when there is no drama.


 well that and non-furries making accounts to start drama. I've seen a few instances of  that in the past 24 hours, but I guess that's to be expected


----------



## Snowbbi (May 18, 2016)

Lazarus. said:


> Pull up your lawn chairs and coolers boys and girls, there's gonna be a downhome furry drama show tonight.


Shit man, I missed the rehearsals. And I really wanted to play Wendy.


----------



## Lazarus. (May 18, 2016)

Bourbon. said:


> I don't know about all that. The only drama I've been seeing are people accusing people of drama when there is no drama.


And that's exactly how it starts, fingerpointing. Then side taking. Normally it spreads to journal making and callouts but some fuckweed spoiled that, didn't he?
Or she.
I don't discriminate.

That or actual bad business measures/shitty attitudes. 
That can cause drama too.

But a lot of the time it starts off with the whole mob mentality thing.


----------



## Hurricane_Valentine (May 18, 2016)

There's a glitch in the matrix.


----------



## Bourbon. (May 18, 2016)

Lazarus. said:


> And that's exactly how it starts, fingerpointing. Then side taking. Normally it spreads to journal making and callouts but some fuckweed spoiled that, didn't he?
> Or she.
> I don't discriminate.
> 
> ...


I think everyone's been surprisingly mature (save for about three or four users), especially considering how dramatic the fandom can be at times.


----------



## Charix (May 18, 2016)

I should probably go dupe-check my furry art file collection. 90,000 seems a bit excessive.


----------



## YaoiMeowmaster (May 18, 2016)

supersonicbros23 said:


> Well how about scouting pastebin and github then? I know "once its up its everywhere" phenomenon the internet is responsible for but still. I don't know, I just hate sitting feeling helpless when stuff like this happens.



With the amount of posts pastebin alone gets in a single hour, that's just threading water. 
It's simple and difficult to fix, just make the source code irrelevant by changing it substantially or go open source. Furaffinity needs to focus on itself first rather than waste resources chasing after wind at this moment. Once it's stable, then they can look into whos responsible.


----------



## Faolan_Wolf-Wings (May 18, 2016)

I was waiting for


Flame-LoneWolf said:


> "Muahaha, I'm a bored, cancerous waste of space who feels like ruining a website of people who have nothing to do with me and hindering their day! That'll make me feel like I filled the void in my pointless, completely empty existence I call a life!"
> 
> This is the only think I can hear hackers like this telling themselves honestly...


I doubt such people are ever _that_ simple.  There are many different reasons why someone would do certain things.  Stereotypes are very inefficient in judgement of people for their actions and behaviors.


----------



## Lazarus. (May 18, 2016)

I just surfed back and saw someone refer to Shia lebouf as the"Just Do it" guy and I am shaking my head.


----------



## Bannor (May 18, 2016)

Hurricane_Valentine said:


> There's a glitch in the matrix.


My fault.  I took both the red and blue pills .


----------



## veles1121 (May 18, 2016)

well i hope it goes up soon   i miss my things


----------



## Hurricane_Valentine (May 18, 2016)

Bannor said:


> My fault.  I took both the red and blue pills .



Now you've done it. Prepare the virgin sacrifice, we're taking this back to 1200.


----------



## Lazarus. (May 18, 2016)

Bourbon. said:


> I think everyone's been surprisingly mature (save for about three or four users), especially considering how dramatic the fandom can be at times.


OH BOY 
AT TIMES
I swear this is in like the top three dramatic fandoms out there.
Right up there with the Steven Spewniverse fandom.
At least we haven't, to my knowledge, bullied someone to near death for not drawing a certain character overweight.
Or maybe we did and I haven't kept track.
Either way.
Shitty fandom.
Has a lot of upsides. 
Not leaving yet.


----------



## Virgil_Boruto (May 18, 2016)

Hurricane_Valentine said:


> Now you've done it. Prepare the virgin sacrifice, we're taking this back to 1200.


NOW YOU'VE DONE IT... *GIVE ME THE CRYSTALS *(kudos to anyone who can catch reference lol)


----------



## Lazarus. (May 18, 2016)

Virgil_Boruto said:


> NOW YOU'VE DONE IT... *GIVE ME THE CRYSTALS *(kudos to anyone who can catch reference lol)


Now you're on my time you little skunk!


----------



## noveltybest (May 18, 2016)

we are one screwed up generation ...


----------



## YaoiMeowmaster (May 18, 2016)

Lazarus. said:


> Right up there with the Steven Spewniverse fandom.
> At least we haven't, to my knowledge, bullied someone to near death for not drawing a certain character overweight.


They also bulled her for not drawing a character dark enough and not drawing an indian character with a big enough nose and pretty much celebrating and thinking themselves matyrs for it. 
Man, Furries have gone through some stupid stuff before too, heinous things, but at least they can have the capacity to condemn them. From what I know a majority of those people still think they're right it's repulsive.


----------



## ZX6R (May 18, 2016)

supersonicbros23 said:


> Well how about scouting pastebin and github then? I know "once its up its everywhere" phenomenon the internet is responsible for but still. I don't know, I just hate sitting feeling helpless when stuff like this happens.
> well that and non-furries making accounts to start drama. I've seen a few instances of  that in the past 24 hours, but I guess that's to be expected


It's not worth the time. It's time to patch for FA, if they do things correctly for a change, then the source code really becomes irrelevant.


----------



## Lazarus. (May 18, 2016)

YaoiMeowmaster said:


> They also bulled her for not drawing a character dark enough and not drawing an indian character with a big enough nose and pretty much celebrating and thinking themselves matyrs for it.
> Man, Furries have gone through some stupid stuff before too, heinous things, but at least they can have the capacity to condemn them. From what I know a majority of those people still think they're right it's repulsive.


Couldn't have said it better.


----------



## Lazarus. (May 18, 2016)

Off topic, just found out what David Bowie smelled like, totes buying the aftershave, no regrets.

EDIT 
I either have to fly to France to pick it up, or buy it off of Amazon for 70+
Totally still doing it.
No regrets.


----------



## supersonicbros23 (May 18, 2016)

Lazarus. said:


> Off topic, just found out what David Bowie smelled like, totes buying the aftershave, no regrets.
> 
> EDIT
> I either have to fly to France to pick it up, or buy it off of Amazon for 70+
> ...





noveltybest said:


> we are one screwed up generation ...


What a wonderful time to be alive.


----------



## Moderator-Gazelle (May 18, 2016)

Hi guys! If you could please keep the thread on topic I really don't want to have to hand out time-out cards (1 hour thread restrictions) to peeps~ Please keep on topic in the thread <3



Spoiler


----------



## supersonicbros23 (May 18, 2016)

Yeah, I've said about all I can to contribute constructively. Pretty much a waiting game now.


----------



## Lazarus. (May 18, 2016)

Alright, so everyone making programming suggestions, are you programmers or are Furaffinities codes and junk all like high school computer class?
I don't know what anyone's talking about myself, I can barely embed an image into a page without looking at a guide.


----------



## Drage (May 18, 2016)

Ivorytigress said:


> *Day 63*
> _Furaffinity is still down.
> Porn supply is running low.
> We may have to sacrifice someone to ensure the colony has enough food to last the nuclear winter. _



Who shall it be?


----------



## Barking-In-the-Dark (May 18, 2016)

They updated their twitter! 

__ https://twitter.com/i/web/status/733069367106232320


----------



## HowlingVoice (May 18, 2016)

I just love how there's always some form of shitfest whenever something happens to FA.

Not the end of the world, it'll be back. XD Though as an artist it DOES suck not having access to some of my clients and ref materials. Partly my fault yes. I do have their emails so if worst comes to worst I can recontact.


----------



## KazWolf (May 18, 2016)

Site is getting back, soon. Now can we get the peace, and forget all the drama?


----------



## Bannor (May 18, 2016)

Barking-In-the-Dark said:


> They updated their twitter!
> 
> __ https://twitter.com/i/web/status/733069367106232320


Huzzah!!


----------



## Samandriel Morningstar (May 18, 2016)

Moderator-Gazelle said:


> Hi guys! If you could please keep the thread on topic I really don't want to have to hand out time-out cards (1 hour thread restrictions) to peeps~ Please keep on topic in the thread <3
> 
> 
> 
> Spoiler





Thank you.


----------



## Barking-In-the-Dark (May 18, 2016)

Bannor said:


> Huzzah!!


MUCH HUZZAH! ^_^


----------



## Snow Sailor (May 18, 2016)

So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.


----------



## KazWolf (May 18, 2016)

Bannor said:


> Huzzah!!


Thats the news i wanted!


----------



## Moderator-Gazelle (May 18, 2016)

The site is coming back online very very soon, hold tight guys it'll be up at-- oh someone posted the twitter announcement.

YAAAY~


----------



## supersonicbros23 (May 18, 2016)

HowlingVoice said:


> I just love how there's always some form of shitfest whenever something happens to FA.
> 
> Not the end of the world, it'll be back. XD Though as an artist it DOES suck not having access to some of my clients and ref materials. Partly my fault yes. I do have their emails so if worst comes to worst I can recontact.


The hardest part is for people, like me who have nothing else to do with their sad life, to get over 24 hours of stir crazyness.


----------



## KazWolf (May 18, 2016)

I am happy. When site comes back, I will instantly take my ref sheets into my computer, so atleast I have it if something would happen again, I hope nothing would happen ever again, but who knows.


----------



## Samandriel Morningstar (May 18, 2016)

Snow Sailor said:


> So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.



What happened was pretty much said on the post that began this thread by Neer.
But I'm sure if they want to respond to us with a more detailed report they will,but I doubt that since the general specifics really aren't something we need to worry about unless it was of concern to the general safety and so on of the members.
They'll basically cover what's been lost and make sure any loose ends are taken care of for the members of the forum/website.


----------



## tbonethebunbun (May 18, 2016)

WORD OF ADVICE TO EVERYONE:

When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3


----------



## KazWolf (May 18, 2016)

tbonethebunbun said:


> WORD OF ADVICE TO EVERYONE:
> 
> When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3



Thats what I am going to do. Every picture I have I will put to my hard drive.


----------



## marmelmm (May 18, 2016)

tbonethebunbun said:


> WORD OF ADVICE TO EVERYONE:
> 
> When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3



Been doing that since 2007, myself.  ^.^


----------



## xTwilightStarx (May 18, 2016)

Glad to see things will be back in working order again soon~
People got way too scared about this!

Also, sorry for off-topic posting.
I was scratching my head for hours wondering why I couldn't comment on anything.
I'll refrain from talking about unrelated things.


----------



## Ramirez the sergal (May 18, 2016)

Snow Sailor said:


> So question. What exactly happened in the attack? I know it was a part of the ImageMagick exploit, but what did the exploiters do exactly? I'm assuming they were able to download the site's PHP code and use that to find places that were SQL-injectable, but I haven't seen anything about exactly what happened. If they were able to gain access to the site's files, that means that they were likely also able to gain access to the site's config files with database usernames and passwords. So why didn't the exploiters just log into the MySQL shell with those and delete the entire database? Were permissions protecting the user running ImageMagick from accessing the config files or MySQL? I'm very curious.



well put, my answer ( know very little about the inner workings of this site) is that they got into the server that was holding the pictures and whatnot while the server used to store users and passwords was on another rack and had a different firewall to pass through.


----------



## ZX6R (May 18, 2016)

tbonethebunbun said:


> WORD OF ADVICE TO EVERYONE:
> 
> When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3


Yep. I've been doing that forever. I have all my stuff on my file server, which does nightly backups.


----------



## Snow Sailor (May 18, 2016)

Samandriel Morningstar said:


> What happened was pretty much said on the post that began this thread by Neer.
> But I'm sure if they want to respond to us with a more detailed report they will,but I doubt that since the general specifics really aren't something we need to worry about unless it was of concern to the general safety and so on of the members.
> They'll basically cover what's been lost and make sure any loose ends are taken care of for the members of the forum/website.



I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.


----------



## Barking-In-the-Dark (May 18, 2016)

Moderator-Gazelle said:


> The site is coming back online very very soon, hold tight guys it'll be up at-- oh someone posted the twitter announcement.
> 
> YAAAY~


^^; Sorry. I hope that was okay for me to post. I was excited and thought I should share.



tbonethebunbun said:


> WORD OF ADVICE TO EVERYONE:
> 
> When the site comes back up, BACK-LOG YO' SHIT, DAWG! Save everything and put that stuff on an external HD, then save it for times like these! That's what I'm gonna do. X3



How does one back-lock their stuff? I have an external-HD....so should I just put it on that as usual?


----------



## Snow Sailor (May 18, 2016)

Ramirez the sergal said:


> well put, my answer ( know very little about the inner workings of this site) is that they got into the server that was holding the pictures and whatnot while the server used to store users and passwords was on another rack and had a different firewall to pass through.



Hmm I see. They said that there was a week's worth of content and users lost, however, which implies that the users WERE stored on the exploited machine.


----------



## ZX6R (May 18, 2016)

Snow Sailor said:


> I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.


Maybe the user accounts are stored on a different server?


----------



## Lazarus. (May 18, 2016)

Moderator-Gazelle said:


> The site is coming back online very very soon, hold tight guys it'll be up at-- oh someone posted the twitter announcement.
> 
> YAAAY~


You can figure out where priorities lie.
FA is lifeblood.


----------



## Snow Sailor (May 18, 2016)

ZX6R said:


> Maybe the user accounts are stored on a different server?



Didn't they say that there were a week's worth of new users and content removed? That implies that there was user data stored on the exploited server. Maybe I misread something; if I did please correct me.


----------



## Samandriel Morningstar (May 18, 2016)

Snow Sailor said:


> I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.



Oh it's fine there's nothing wrong with being curious I was just saying that they'll probably just give us all the basics instead of getting into it in depth unless somehow you were able to offer your services to them.
I don't believe anything with passwords was an issue or general information like that but changing passwords is a good idea in general.
You might want to contact Dragoneer personally and see if you can be of any help,you may learn more on the issue then.


----------



## Lazarus. (May 18, 2016)

The Ziggster is anxious to post things to the dormant website.


----------



## xTwilightStarx (May 18, 2016)

I'd assume there was some kind of hole in the exploited server that allowed the hacker to access further data.
I mean, that data *is* linked to the users themselves, so I could see it being possible.
But hey, I don't actually know anything about this stuff, so I could be very wrong.


----------



## Samandriel Morningstar (May 18, 2016)

Snow Sailor said:


> Didn't they say that there were a week's worth of new users and content removed? That implies that there was user data stored on the exploited server. Maybe I misread something; if I did please correct me.



*As said by Dragoneer:*

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.


----------



## Snow Sailor (May 18, 2016)

Samandriel Morningstar said:


> *As said by Dragoneer:*
> 
> This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We're currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.
> 
> We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.



Ah I see. So they are just restoring a backup from 6 days prior even though the data was not deleted. Thanks for the clarification. It is still strange how he says that user information was attacked, yet nothing important was deleted. Sounds like a strange setup they have =P


----------



## Tisha Hedgehog (May 18, 2016)

When I got on to the website 15 hours ago I thought my internet wasn't working for a sec then I realised the site wasn't working.


----------



## Samandriel Morningstar (May 18, 2016)

Snow Sailor said:


> Ah I see. So they are just restoring a backup from 6 days prior even though the data was not deleted. Thanks for the clarification. It is still strange how he says that user information was attacked, yet nothing important was deleted. Sounds like a strange setup they have =P



No problem,I guess we'll all see what the real turn out is once the page is back up.


----------



## Anakhet (May 18, 2016)

supersonicbros23 said:


> Like a little pat-down at the door? That'd be difficult, those things are so easy to disguise, there are soooooooo many novelty ones...
> 
> 
> 
> ...



Something else to point out. Many vendors use flash drives at events! I attended one that everyone who bought a ticket got one with like 20 short stories uploaded onto it as swag. I've picked up a few walking around from vendors with their website printed on it. I bring one when I'm working that has my inventory on it in case my tablet has a malfunction and the file is lost on there. My husband carries one every day with records on it. My mom has one on her keys with medical info as a modern Vile of Life. So not allowing drives into cons because of something like this is just nuts.


----------



## Bananas_on_Bread (May 18, 2016)

Master Jedi, Republic Intelligence
Uh, I never said you could bring apprentices


----------



## Virgil_Boruto (May 18, 2016)

Lazarus. said:


> Now you're on my time you little skunk!


<3333 Someone gets it!


----------



## CreideikiStormbringer (May 18, 2016)

Snow Sailor said:


> I do development and things like this interest me, so I was just hoping one of the developers or staff members would be able to fill us in. Feels like if the exploiters had access to the database, they also had access to user passwords. Even if they were hashed, there is still the potential that they were hashed with an algorithm like sha1 or md5, which are meant to be very fast and mainly used for verification of file contents. It's not hard to put a bunch of hashes into some brute forcing software and get a few weak ones within a minute or two. So I think it would be a good idea to change your password.


Straight hashes by themselves are a _stupendously_ bad idea. Only thing worse than storing the passwords as a simple hash is storing them in the clear. (Also bad idea: Encrypting the passwords. Because that's like storing them in the clear, but you get a false sense of security out of it.)

The correct way of storing user passwords is with a specific password algorithm like scrypt or bcrypt which of course also mean that user passwords are stored with a salt. Which are specifically designed to be hard to parallelize, and to require longer compute times. Your next best choice is to use good ol' PBKDF2 introduced back in PKCS #5 v2.0; which is an iterative process involving an HMAC (the standard being HMAC-SHA1) iterated a _huge_ number of times, which are increased as time goes on (Apple iOS 4 runs 10000 iterations, while server-side hashing for LastPass is 100000 iterations). A "salt" is a random number stored alongside the password in the clear, which is concatenated with the password before the password is hashed. That way you can't use a rainbow table to find hashes of common passwords (you'd need to recalculate the rainbow table for each salt).

Of course there's much better methods of login and authentication than passwords, but the average user has no idea what a public/private keypair is, or how they work.


I'm a crypto nerd, ask me anything.


----------



## AsheSkyler (May 18, 2016)

There might have been a week's worth of submissions and watches lost, but imagine the opportunity of gaining all new watches and faves when you re-upload your past week's stuff! Amidst the restoration stampede of the other folks repairing their galleries when not recording their notes. XD


----------



## FatalSyndrome (May 18, 2016)

Virgil_Boruto said:


> <3333 Someone gets it!


Was a random, but very well loved reference. x3


----------



## Virgil_Boruto (May 18, 2016)

FatalSyndrome said:


> Was a random, but very well loved reference. x3


Haha


----------



## supersonicbros23 (May 18, 2016)

Its not hollywood quality but I managed to kill an hour making it. Here's going to be my first submission (probably to scraps) once all this blows over. (don't worry its thread-relevant)


----------



## ZX6R (May 18, 2016)

Snow Sailor said:


> Didn't they say that there were a week's worth of new users and content removed? That implies that there was user data stored on the exploited server. Maybe I misread something; if I did please correct me.


I don't know where I was going with that to be honest.


----------



## Fordoxia (May 18, 2016)

CreideikiStormbringer said:


> Straight hashes by themselves are a _stupendously_ bad idea. Only thing worse than storing the passwords as a simple hash is storing them in the clear. (Also bad idea: Encrypting the passwords. Because that's like storing them in the clear, but you get a false sense of security out of it.)
> 
> The correct way of storing user passwords is with a specific password algorithm like scrypt or bcrypt which of course also mean that user passwords are stored with a salt. Which are specifically designed to be hard to parallelize, and to require longer compute times. Your next best choice is to use good ol' PBKDF2 introduced back in PKCS #5 v2.0; which is an iterative process involving an HMAC (the standard being HMAC-SHA1) iterated a _huge_ number of times, which are increased as time goes on (Apple iOS 4 runs 10000 iterations, while server-side hashing for LastPass is 100000 iterations). A "salt" is a random number stored alongside the password in the clear, which is concatenated with the password before the password is hashed. That way you can't use a rainbow table to find hashes of common passwords (you'd need to recalculate the rainbow table for each salt).
> 
> ...


Yay!  I love cryptography.

Also, P/P key pair is a yes.


----------



## Birchnutter (May 18, 2016)

me on the website rn


----------



## Tisha Hedgehog (May 18, 2016)

I keep my stuff on my USB.


----------



## Fordoxia (May 18, 2016)

Also, to the people talking about doing their own backups:

Don't just put it on your HDD or an external drive.  Have at least 3 different storage mediums as backups (with at least one being offsite).  This basically guarantees that you will never loose your stuff.

_HDD + Cloud Storage + Ex Drive + Archive = F**kn SORTED!

(Keeping in mind that some cloud storage services take their own backups of your stuff according to this principle)_


----------



## Snow Sailor (May 18, 2016)

CreideikiStormbringer said:


> Straight hashes by themselves are a _stupendously_ bad idea. Only thing worse than storing the passwords as a simple hash is storing them in the clear. (Also bad idea: Encrypting the passwords. Because that's like storing them in the clear, but you get a false sense of security out of it.)
> 
> The correct way of storing user passwords is with a specific password algorithm like scrypt or bcrypt which of course also mean that user passwords are stored with a salt. Which are specifically designed to be hard to parallelize, and to require longer compute times. Your next best choice is to use good ol' PBKDF2 introduced back in PKCS #5 v2.0; which is an iterative process involving an HMAC (the standard being HMAC-SHA1) iterated a _huge_ number of times, which are increased as time goes on (Apple iOS 4 runs 10000 iterations, while server-side hashing for LastPass is 100000 iterations). A "salt" is a random number stored alongside the password in the clear, which is concatenated with the password before the password is hashed. That way you can't use a rainbow table to find hashes of common passwords (you'd need to recalculate the rainbow table for each salt).
> 
> ...


Yeah I understand that just a plain old hash isn't the best way to store passwords. I was just giving an example of one without any sort of hashes. Storing passwords with just hash(salt + password) is pretty common on sites, as I've seen it used over and over again. If we're talking encryption, (which is, yes, a terrible way to store user data) then PasswordStore is really neat. You use your own public GPG key to encrypt the passwords or data and then it allows you to create a git repository to store the encrypted files (not the private key though): passwordstore.org: Pass: The Standard Unix Password Manager

Not so much for site use as your own use so that you can have nice 100 character long passwords.


----------



## noveltybest (May 18, 2016)

I'm glad and its close to my birthday.


----------



## Asia Neko (May 18, 2016)

__ https://twitter.com/i/web/status/733103815487070210


----------



## ZX6R (May 18, 2016)

Asia Neko said:


> __ https://twitter.com/i/web/status/733103815487070210


Here we go.


----------



## Fordoxia (May 18, 2016)

Asia Neko said:


> __ https://twitter.com/i/web/status/733103815487070210


I predict a DDOS caused by large quantities of pr0nz.


----------



## Bananas_on_Bread (May 18, 2016)

*HE*
*http://static1.fjcdn.com/comments/This+monkey+is+a+disgrace+_df3db8f8da7d492f9266d5cecc012e48.png*


----------



## Lazarus. (May 18, 2016)

PROOOONZ


----------



## Bannor (May 18, 2016)

I want to hug Fender.  Real hard.


----------



## noveltybest (May 18, 2016)

we no longer have to starve its coming yall!


----------



## Lazarus. (May 18, 2016)

LET'S SEE HOW MANY DICKS ZIGGY CAN FIT INTO THEIR MOUTH


----------



## supersonicbros23 (May 18, 2016)




----------



## Fordoxia (May 18, 2016)




----------



## FatalSyndrome (May 18, 2016)

Here we go!


----------



## xTwilightStarx (May 18, 2016)

Can bet the sudden lack of posts is due to every furry fleeing from this thread and smashing the shite out of their refresh keys on FA.


----------



## noveltybest (May 18, 2016)

xTwilightStarx said:


> Can bet the sudden lack of posts is due to every furry fleeing from this thread and smashing the shite out of their refresh keys on FA.


gotta feeling.


----------



## Lazarus. (May 18, 2016)

HHHHHHHHHHH
Please pull up soon there's so much I need to sroll through mindlessly hwhile making disgusted faces because we have a disgusting fanbase.
That I love.


----------



## YaoiMeowmaster (May 18, 2016)

I CAN SEE.


----------



## ZX6R (May 18, 2016)

We have administrator-mode screen now!


----------



## cyanidefurart (May 18, 2016)

It's crazy that they caused it to take this long to fix. (Nothing against the staff obviously, we all know they're doing everything they can.) Those hacker(s) suck. For myself and a lot of others, this site is how we make money. I really appreciate that updates on what's going on, so yay staff lol.


----------



## noveltybest (May 18, 2016)

its back!!!!!


----------



## Terror-Run (May 18, 2016)

so, after the inital revival, how long until we basically ddos outselves into another outage?


----------



## Lazarus. (May 18, 2016)

YEEEEEEEE ADMIN MODE


----------



## YaoiMeowmaster (May 18, 2016)

It's such a good feeling to see that screen return, even if we can't do anything with it.

=slow clap=

well done ;w;


----------



## Anakhet (May 18, 2016)

Terror-Run said:


> so, after the inital revival, how long until we basically ddos outselves into another outage?



And that is why I'm waiting a bit for the frenzy to die down.


----------



## ZX6R (May 18, 2016)

It didn't even log me out, lol.


----------



## Bannor (May 18, 2016)

SQUEEEEEEEEEEEEEEEEEEE!!  *forgets to breath*


----------



## noveltybest (May 18, 2016)

I spoke too soon


----------



## Lazarus. (May 18, 2016)

IT BACK


----------



## Birchnutter (May 18, 2016)

PRAISE


----------



## xTwilightStarx (May 18, 2016)

IT'S BAAAAAAACK


----------



## coolclaws7 (May 18, 2016)

Now I can see all my missed notifications.....


----------



## Lazarus. (May 18, 2016)

http://www.furaffinity.net/journal/7578909/


----------



## Moderator-Gazelle (May 18, 2016)

oh no the stampede begins.

the horror.


----------



## xTwilightStarx (May 18, 2016)

And now we can watch the tumbleweeds roll through this thread.


----------



## Lazarus. (May 18, 2016)

aww, shit I lost tlike three watchers and I think a submission


----------



## ZX6R (May 18, 2016)

The users online numbers are so low, lol


----------



## Bannor (May 18, 2016)

Yeah, something I commented on got wiped


----------



## Kahmal (May 18, 2016)

And we are go for a massive porn upload


----------



## Bannor (May 18, 2016)

ZX6R said:


> The users online numbers are so low, lol


Give it a minute ...!


----------



## xTwilightStarx (May 18, 2016)

Ikr, I actually felt kinda sad looking at those numbers. So lonely.
Luckily I've only lost one submission, and a couple of watchers I think.
The benefits of being an unpopular loser.


----------



## noveltybest (May 18, 2016)

yes yes yes now lets see what the hackers did.


----------



## supersonicbros23 (May 18, 2016)

Its up.

Gonna make a quick sweep and then change my password, then get off so I become a -1 on the server capacity toll.


----------



## crystalsugarstars (May 18, 2016)

happy FA is back...
bummed that I lost like 100 watches and like 40+ comments from new (now gone) submissions
ahhhhh


----------



## Bannor (May 18, 2016)

Oh my ... the latest fave was a week ago!  That ain't right.  But, I guess to be expected. *sigh*


----------



## xTwilightStarx (May 18, 2016)

Holy moly look at this mess.


----------



## lord-bilingual (May 18, 2016)

my notifications say 40 submissions and 1 comment but it's all empty, i assume this happened when it was brought back up, how do i fix this?


----------



## YaoiMeowmaster (May 18, 2016)

I did indeed lose a YCH I had up like I feared. 

;w; .... I hope I can get it back up to the bids it was at before.


----------



## SSJ3Mewtwo (May 18, 2016)

With the site now back up (still some catching up to do to make sure things are fully recovered), I'm going to close this thread.  The announcement journal (if you're not following Fender) can be found here:  Site Outage Information & Updates -- Fender's Journal -- Fur Affinity [dot] net

The journal not only covers the relaunch, but a timeline of events, projections for any bugs this may have caused, and also the suggestion to site users to change their passwords if they wish.  As more developments occur they will be released.


----------

