# On Tincrash's account and the 2/26 FA Outtage.



## Leasara (Feb 26, 2009)

People seem to be getting themselves all worked up over this, so I figure I'll try to put out fires with a new post.

I'm Tincrash's girlfriend, a former IT professional for five years, and I've been in contact with the staff, so I figure I can best tell you what went on and what is going on.

Tin's computer had a worm, a keylogger, and a trojan on it, they have now been removed.  These compromised his email address at the very least.  FA's system was not breached or exploited at all.  This was not an attack on FA by anyone, it was a script kiddie that got lucky.  The 'hacker' changed the password on his email account, then destroyed his DA account, then started in on his FA account.  That's when Tin called me and I tried to get someone to lock the account to prevent further damage.  The admin that responded went to ban the account, but accidentally made it an admin instead, most likely through a mis-click on a drop down menu or the like.  The 'hacker' had admin powers for under 2 minutes and managed to damage two more accounts before the account was banned.  

The FA Staff have examined the site and confirmed that the damage is limited to these three accounts: Tincrash, nek0gami, and Hobbes_Maxwell.  The site is down to make certain they can't accidentally promote a user when they intend to ban them again.  The secondary concern is the ability to restore the lost data.  They are not going to name the member of the staff that made the mis-click, and I don't blame them one bit.

If you must blame someone, blame the 'hacker'.  Blame me for not having talked to him about his loose password and virus scanning habits sooner, and for rushing the Admins into the mistake.  Dragoneer has also volunteered to take the heat.

For those that are concerned about Tincrash, we've managed to change the passwords and email address on everything except his DA and his Yahoo account.  His financial stuff is untouched.  If you don't know him, he's the sweetest guy you're likely to meet, but his emotions guide him pretty strongly.  He's been beating himself up all night about the way this has snowballed.  We're both terribly sorry this has spilled over from our network to the fandom at large.


----------



## Nanakisan (Feb 26, 2009)

as i said i nthe last post. don't make it so hard on yourself over this. the admins nailed the problem quickly enough. so theres no reason to blame anyone. except the cracker


----------



## Leasara (Feb 26, 2009)

Nanakisan said:


> as i said i nthe last post. don't make it so hard on yourself over this. the admins nailed the problem quickly enough. so theres no reason to blame anyone. except the cracker



Thanks, but I really feel at least somewhat responsible.  I'm just glad the kid didn't empty our bank account or something.

Really this post is here to concentrate the information that has been peppered through the other three posts, and to settle people's fears that get churned up when they can't get to FA.


----------



## Houshou (Feb 26, 2009)

Wow, that hacker really did hit the Jackpot. I'm just glad the *censored* didn't have time to "cash out".

As fur Tin. He needs to realize that while yes it could have been preventable with daily/weekly scans. He shouldn't beat himself up over it. No one was physically hurt over this, and the worse he has to look forward to is re-uploading all of his files into a new account.


----------



## Nanakisan (Feb 26, 2009)

Leasara said:


> Thanks, but I really feel at least somewhat responsible.  I'm just glad the kid didn't empty our bank account or something.
> 
> Really this post is here to concentrate the information that has been peppered through the other three posts, and to settle people's fears that get churned up when they can't get to FA.



oh thats just typical Non-sense. the whiners and such are just addicted to the free pronz they get and when they get cut off of it. they cry and scream about it over nothing. sides as i keep trying to say. no one is responsible. it was a honest mistake that even i would have done eventually if i ran a site like this. on another note. the fact Tincrash got nailed by a keylogger while he had a operating anti-virus indicates he needs a better AV. one that supports active file scanning so it scans a file as you are about to open it. this way you won't get infected again. but you are the IT professional. my skills are self taught and mostly un-certified methods.


----------



## LadyHisoka (Feb 26, 2009)

he was not responsible in the least; I already explained this if anyone is to blame its the ones that reward this act and acts like it.

it was a problem it is solved now, the damage was minimal given the circumstances.


----------



## Nanakisan (Feb 26, 2009)

LadyHisoka said:


> he was not responsible in the least; I already explained this if anyone is to blame its the ones that reward this act and acts like it.
> 
> it was a problem it is solved now, the damage was minimal given the circumstances.



My point exactly


----------



## LadyHisoka (Feb 26, 2009)

Nanakisan said:


> My point exactly



Yes but I understand how he can feel emotional traumatized by this even if ti dosen't show, what happened to him was indeed horrible but he had no hand in it an when he understands that well not even I can tell you what comes next.


----------



## Leasara (Feb 26, 2009)

LadyHisoka said:


> he was not responsible in the least; I already explained this if anyone is to blame its the ones that reward this act and acts like it.
> 
> it was a problem it is solved now, the damage was minimal given the circumstances.



I've been telling him the same thing.



			
				 Nanakisan said:
			
		

> ... but you are the IT professional. my skills are self taught and mostly un-certified methods.


I don't hold a single cert, I've just been playing with computers for 26 years  
He has Avast!, the best of the freeware AVs out there.  I've been thinking, and I don't know if we've ever scanned his external hard drive.  His computer was a mess before I got to it last November.  Spent three days getting the tangles out, but I don't remember if that included the external.  Seems likely.


----------



## LadyHisoka (Feb 26, 2009)

I would recommend a self scanning program like Norton, thou you have to buy it it is worth the investment.


----------



## kamperkiller (Feb 26, 2009)

LadyHisoka said:


> I would recommend a self scanning program like Norton, thou you have to buy it it is worth the investment.



Anything but Norton and macaffy (sp) they keep getting hacked and destroyed.
Anything mainstream is useless now a days.


----------



## LadyHisoka (Feb 26, 2009)

kamperkiller said:


> Anything but Norton and macaffy (sp) they keep getting hacked and destroyed.
> Anything mainstream is useless now a days.



Alone yes, with other products NO!


----------



## kamperkiller (Feb 26, 2009)

Leasara said:


> People seem to be getting themselves all worked up over this...



Because we REALLY have nothing better to do. this is like a wreck with people and texting capabilities... It will pass but untill then the road is chocked with idiots.



LadyHisoka said:


> Alone yes, with other products NO!



I use to use Black ice firewalls but now I'm running  Sunbelt Personal Firewall  after IBM shut it down to save money.


----------



## Leasara (Feb 26, 2009)

LadyHisoka said:


> I would recommend a self scanning program like Norton, thou you have to buy it it is worth the investment.



I wouldn't put Symantec or McCaffee consumer level stuff on my system if they were paying me.  TrendMicro and AVG have gotten iffy as well.  Avast! is a really pretty good, probably worth buying, but I've been disabled the last 5 years and I'm used to doing everything on the cheap.  I'll have to talk to him about buying the retail version in the morning.


----------



## LadyHisoka (Feb 26, 2009)

kamperkiller said:


> Because we REALLY have nothing better to do. this is like a wreck with people and texting capabilities... It will pass but untill then the road is chocked with idiots.
> 
> 
> 
> I use to use Black ice firewalls but now I'm running  Sunbelt Personal Firewall  after IBM shut it down to save money.




well that explains allot Now I need to wipe my main computer and revive from my backup documents.


----------



## Nanakisan (Feb 26, 2009)

Leasara said:


> I wouldn't put Symantec or McCaffee consumer level stuff on my system if they were paying me.  TrendMicro and AVG have gotten iffy as well.  Avast! is a really pretty good, probably worth buying, but I've been disabled the last 5 years and I'm used to doing everything on the cheap.  I'll have to talk to him about buying the retail version in the morning.



Yes on buyying avast. so help him if he gets the keygen program. that thing had such a horrible little trojan in it. it took me days to remove it.


----------



## PurpleDragon (Feb 26, 2009)

Leasara said:


> The admin that responded went to ban the account, but accidentally made it an admin instead, most likely through a mis-click on a drop down menu or the like.  The 'hacker' had admin powers for under 2 minutes and managed to damage two more accounts before the account was banned. (...)
> They are not going to name the member of the staff that made the mis-click, and I don't blame them one bit.



Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.


----------



## Valerion (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



Unfortunately it's the only way to learn.  The mentality of "he made a mistake, fire him" costs more in the long run.  I've learned way more from my mistakes than from my non-mistakes.  A person who is careful not to make the same mistake again costs a lot less than getting a new one and training him and then have him make the same mistake eventually.


----------



## CaptainCool (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



thats a little harsh. yeah, it was a pretty bad mistake, sure. but everyone makes a bad mistake like that once in a while. you learn your lesson and you wont do it again^^


----------



## Whitenoise (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



Don't be such a crybaby douche bag PurpleDragon, I'm sure all you furfags can last a few hours without your crudely rendered dog boners. Christ, get a fucking life :V .


----------



## PurpleDragon (Feb 26, 2009)

Whitenoise said:


> Don't be such a crybaby douche bag PurpleDragon, I'm sure all you furfags can last a few hours without your crudely rendered dog boners. Christ, get a fucking life :V .



There we go... from reasonable objection to personal attack in a matter of 3 postings. *sigh* Some people just aren't made for arguments.


----------



## pyromancy (Feb 26, 2009)

Whitenoise said:


> Don't be such a crybaby douche bag PurpleDragon, I'm sure all you furfags can last a few hours without your crudely rendered dog boners. Christ, get a fucking life :V .



white noise: (n) Persistant signal with no content.


----------



## PriestRevan (Feb 26, 2009)

Whitenoise said:


> Don't be such a crybaby douche bag PurpleDragon, I'm sure all you furfags can last a few hours without your crudely rendered dog boners. Christ, get a fucking life :V .


 
^Thank you.

Fuck.


----------



## SFox (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



People shouldn't be fired for making one mistake, everyone makes them. They should simply learn from it and be much more careful in the future. If it were to happen again on the other hand, that's another story.


----------



## PriestRevan (Feb 26, 2009)

somberfox said:


> People shouldn't be fired for making one mistake, everyone makes them. They should simply learn from it and be much more careful in the future. *If it were to happen again on the other hand, that's another story*.


 
Becaue admins can _obviously _stop every single person who tries to hack FA.


----------



## SFox (Feb 26, 2009)

PriestRevan said:


> Becaue admins can _obviously _stop every single person who tries to hack FA.



WTF does this have to do with an admin accidentally promoting a hacked account to admin?


----------



## Arshes Nei (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



It was an honest mistake and to be frank not surprised it didn't happen sooner. I don't see any real malicious or gross negligence on that admin's part actually. It's the same kind of annoying human error that happens when you use the scroll wheel on your mouse and it's focused on the wrong item.  Or like office mistakes I see where a person would hit "Reply To" instead of "Reply to All" ...shit happens. You just figure out how to fix it for next time.

It wasn't like the admin went "tee hee let's fuck around on the site".  And no, wasn't me. I just felt I needed to speak up in defense of the admin this happened to.


----------



## Leasara (Feb 26, 2009)

PriestRevan said:


> Becaue admins can _obviously _stop every single person who tries to hack FA.



It wasn't an attempt to hack FA.  It was a kid that got lucky with his hack of Tincrash's computer.  Fortunately the dork was too stupid to capitalize on his luck and the damage was very limited.


----------



## Whitenoise (Feb 26, 2009)

PurpleDragon said:


> There we go... from reasonable objection to personal attack in a matter of 3 postings. *sigh* Some people just aren't made for arguments.



I'm not trying to change your mind, I'm telling you to shut the fuck up. No sense taking your impotent frustrations out on a volunteer, especially seeing as this is a fucking furry porn website, it's not like this kid hacked into something that actually matters. So far as I'm concerned this was harmless, but feel free to bawww about it anyway furries, your butthurt amuses me  .


----------



## Takara_kitsune (Feb 26, 2009)

PurpleDragon said:


> Frankly I don't see why the admin in question should not face the consequences and get demoted. Admins shouldn't make such blatant mistakes, even when they have to take immediate action. Want of care in such moments is not exactly acceptable.



Well, my thoughts on this... were this a business, the admin would have been fired, no questions asked. And while this is the case, I can't say I agree with doing that here. 

First of all, the admins here are volunteers, none of them are paid. Second of all, they all seem like great people, and to demote them or punish them would only cause more drama. (And demotion would make it pretty obvious who it was, too. That would not be fair at all. -_-) 

I'm still relatively new in the networking field, I've got a couple months left before I have my two Associates degrees in networking hardware and software, but I'll say this for sure: Nothing is ever as easy as people like to make it sound. Multiple things went wrong here, it was like that show "Seconds from Disaster", where they point out the entire chain of events that went wrong. And you know what? This was a chain of unfortunate events. No one's at fault but the stupid script kiddie that got lucky... and believe me, if I ever meet him, he's going down... 

Why am I so lenient on the admin here? Because no other privately owned site on the 'net gets attacked as much as our furry sites. They're dealing with the same shit that the FBI and CIA prevent all the time! That's how stupid the problem is! FA has like, not even a fraction of the funds that these agencies has, and must put up with the same stuff! And same with banks, they defend against this shit with a much larger budget than FA. Give the guy a break, seriously!


----------



## LizardKing (Feb 26, 2009)

You have "Ban User" and "Make Admin" buttons next to each other?

That's like having a life-support system with the power button next to the "Instant Orgasm" button.


----------



## Leasara (Feb 26, 2009)

LizardKing said:


> You have "Ban User" and "Make Admin" buttons next to each other?
> 
> That's like having a life-support system with the power button next to the "Instant Orgasm" button.



From a coding standpoint it's easier to make a catch-all Account Status dropdown menu than making individual buttons for each status an account can have.

Unfortunately it's also pretty easy to click the wrong option in a dropdown box.

Edit:
That's not to say they use a dropdown for this sort of thing, I haven't the slightest idea of how it's actually coded.  This is just a wild, slightly educated, guess on how the admin panel is set up.


----------



## LizardKing (Feb 26, 2009)

Leasara said:


> From a coding standpoint it's easier to make a catch-all Account Status dropdown menu than making individual buttons for each status an account can have.
> 
> Unfortunately it's also pretty easy to click the wrong option in a dropdown box.



Pretty sure it's not _that_ much effort to have 1 for "This user needs to be punished" and 1 for "This user is ttly awesome and needs an upgrade". Or whatever. You get the idea. 

I still want an "Instant Orgasm" button.


----------



## Leasara (Feb 26, 2009)

LizardKing said:


> Pretty sure it's not _that_ much effort to have 1 for "This user needs to be punished" and 1 for "This user is ttly awesome and needs an upgrade". Or whatever. You get the idea.
> 
> I still want an "Instant Orgasm" button.



I'd rather have a "Strawberry Milkshake" button, so long as there was no corn syrup in the milkshake and it came with whipped cream and a cherry on top.


----------



## ArielMT (Feb 26, 2009)

LizardKing said:


> I still want an "Instant Orgasm" button.



Drag the FA pawprint from the address bar down to your quick launch bar, and you'll have one.



Leasara said:


> I'd rather have a "Strawberry Milkshake" button, so long as there was no corn syrup in the milkshake and it came with whipped cream and a cherry on top.



That sounds better.  :9


----------



## kamunt (Feb 26, 2009)

pyromancy said:


> white noise: (n) Persistant signal with no content.



*snickers* I see what you did there.


----------



## Valerion (Feb 27, 2009)

Takara_kitsune said:


> Well, my thoughts on this... were this a business, the admin would have been fired, no questions asked.



And the business doing this would be stupid.  I would instead make sure the employee understand the gravity of the situation, and evaluate him.  If it was malicious or really negligent, then yes, disciplinary action may be warranted.  If not, you end up with a chastised employee that's more careful and less likely to make mistakes in the future.  And then you FIX THE PROCESS to make sure it's less likely to happen again.  As opposed to just getting a new guy that will also eventually press the wrong button sooner or later.

And then some companies wonder why their employees aren't loyal ...


----------



## Takara_kitsune (Feb 27, 2009)

valerion said:


> And the business doing this would be stupid.  I would instead make sure the employee understand the gravity of the situation, and evaluate him.  If it was malicious or really negligent, then yes, disciplinary action may be warranted.  If not, you end up with a chastised employee that's more careful and less likely to make mistakes in the future.  And then you FIX THE PROCESS to make sure it's less likely to happen again.  As opposed to just getting a new guy that will also eventually press the wrong button sooner or later.
> 
> And then some companies wonder why their employees aren't loyal ...



Well, not saying that'd be my policy. That's truly how it is. Mistake or no, if that happened in a business environment, you'd get fired. I'm not saying I agree with this, I'm against that. Mistakes will be made. It's mostly the same thing as having a 'fall guy'. Something bad happens, so the bloodthirsty executives want someone to take all the blame for it. 

Needless to say, I'm glad that no one is being punished for this. It's partially due to the setup here. I don't need to see the admin panel to know it's a dropdown menu, because if you look at the rest of FA, it's all dropdown menus, why would the admin panel be any different? I bet it looks like this: 

Account Type:
@Administrator
-Banned
~Member

And all that takes is one fuck-up with the scroll wheel, you know? If I wanted to blame anyone for that, I'd blame whoever came up with drop-down menu boxes. 

And as for administrators and technicians... the reason we're so easy to fire (I'm a networking student, and currently work as a bench technician) is because we're not hard to find. There are a lot of computer-related technicians out there. To fire one and get another... it's nothing to some companies. Who needs loyalty when you have a new beginner-level technician that saves you money by working for only $10 an hour when the guy they just fired made $20?


----------



## Dragoneer (Feb 27, 2009)

Takara_kitsune said:


> Well, my thoughts on this... were this a business, the admin would have been fired, no questions asked. And while this is the case, I can't say I agree with doing that here.


Even if FA were a for profit business, would I have removed the admin over it? No. Because what happened caused one account to become compromised. I don't like it, but the server logs prove that it's a mistake. The admin, when question, didn't deny it, even mentioned it was a mistake.

We all foob from time to time, and even in businesses and our day to day jobs. Even the best workers make a mistake. And that's what happened here. =P


----------

