Things were hacked in furaffinity and it's now down.

More info here: http://forums.furaffinity.net/threads/5-17-site-attack.1530523/

The net damage of the attack is that the previous 6 days of submissions have been lost to the attack. This also means that when submissions are re-uploaded, someone is going to have to go through and change the sources of the last few 6 days of furaffinity submissions.

Just thought that should be brought up.

Figures.
And just in time for the Ursa Major awards. I can't wait to see the reaction if FA ends up winning the best site award.

I don't understand why people would go out of their way to attack FA. I can understand "why", rhetorically, but not why literally.

Also, the Ursa Major awards? I can assume it's a furry reward, but I don't assume.

FA needs to be retired from the award anyways.

More info about Ursa Major at forum #187133.

As for redoing all the sources, this will come in handy: date:may/10/2016..may/18/2016

Friendly advice: please deal with your own uploads before helping with others'. You can do this by adding user:(username) to your search.

Siral_Exan said:
I don't understand why people would go out of their way to attack FA. I can understand "why", rhetorically, but not why literally.

Well, primary reason could be the same as with any hacking or trolling, ranging from getting reaction to monetary gain.

From what I have observed, it seems like FA is this mammoth in the room, which haven't updated (1280px and 10MB limitations in CURRENT YEAR) and have made decisions to anger many of it's users, but everyone still uses it because everyone else uses it. So at that point the reason might also be to proving how much of a old their code is to revenge from some angry ex-user.

In any way, my FA account has always been to counter the age restriction only, nothing else, so only thing bothering about this is that because there are so many freaking artists who have decided it to be good idea to put all the eggs in one basket and have all their stuff under FA only, some even go as far as to DNP stuff here and DMCA other places. That means their old art is basically unaccessible without direct URLs and no new stuff from them is posted until FA sorts things out.

Mario69 said:
(1280px and 10MB limitations in CURRENT YEAR)

Admittedly, the workaround for the 1280px limitation is to replace an existing post's image after uploading it. Not sure if that works for the 10MB one as well, but I've certainly seen artists evade the image size cap through this method.

In either case, change your passwords, people. Dragoneer hasn't answered whether that data has been compromised (even when asked in the forum topic regarding the hack), so take some proactive measures just in case.

Strongbird said:
Admittedly, the workaround for the 1280px limitation is to replace an existing post's image after uploading it. Not sure if that works for the 10MB one as well, but I've certainly seen artists evade the image size cap through this method.

But that is just a workaround for limitation in place and there are tons of users who do not use that workaround or do not know about it.

And that workaround has been used for years if I'm not incorrect. So that simply raises the questions:
Why haven't staff of the site fixed that issue as it's clearly hole in the limitation they have in place?
Or why haven't they allowed larger resolutions to all instead of just for those who know about the bug?

Because they still have that limitation in place and just screams incompetence to me that there's nothing done to it, neihter it being raised or bugs around it being fixed.

And thus began the war between the Furry Empire and the Horde of 4Changhis Khan. The conflict would last nearly 14 years and would utterly change forever the face of the world. Kingdoms would lie in ruins. Whole empires would shake. In the end, an estimated 50 million lives were lost.

TruckNutz said:
the Horde of 4Changhis Khan

That legitimately made me laugh, man.

Anyways, I agree that Furaffinity needs to update their code, but not that they deserve to be hacked just to "Prove" it. Furaffinity's got its uses, and there are a lot of features that help keep it going. While other sites often pull those features out in greater quality, they're also very busy about them, which may scare users away (some people just cannot handle a busy looking page), so they use the simple themed Furaffinity.

Furrin_Gok said:
That legitimately made me laugh, man.

It needs to be made a thing

TruckNutz said:
And thus began the war between the Furry Empire and the Horde of 4Changhis Khan. The conflict would last nearly 14 years and would utterly change forever the face of the world. Kingdoms would lie in ruins. Whole empires would shake. In the end, an estimated 50 million lives were lost.

Dude have you ever been on /trash/

Rustyy said:
Dude have you ever been on /trash/

no why

Mario69 said:
But that is just a workaround for limitation in place and there are tons of users who do not use that workaround or do not know about it.

And that workaround has been used for years if I'm not incorrect. So that simply raises the questions:
Why haven't staff of the site fixed that issue as it's clearly hole in the limitation they have in place?
Or why haven't they allowed larger resolutions to all instead of just for those who know about the bug?

Because they still have that limitation in place and just screams incompetence to me that there's nothing done to it, neihter it being raised or bugs around it being fixed.

You're right. The lead coder Yak doesn't seem motivated to roll out any updates, and that could be for any number of reasons.

If I had to guess, the biggest reason is because the horde of FurAffinity users will continue to use the site regardless, because it is considered THE furry media site.

FurAffinity has poor functionality, and I get the impression that its administration has a "Too big to fail" attitude.

This is why I'm more active on e621 and Twitter than anywhere else. I do hope that this incident is the kick in the arse FurAffinity needed to finally get with the times or get left in the dust.

TruckNutz said:
no why

furry and degeneracy galore

Qmannn said:
I'm not trying to justify this nonsense, but the submission page does notify users that they can do this. Yes, the FurAffinity actually encourages users to do this.

Sure of that ? I gave the hint to many artists and I once got that's frowned upon by the admins. It was "documented" on the FA Wiki but a time ago I noticed the part mentioning it (Or the whole page, can't remember) was gone

So they were hacked because their source code was leaked? That's always been a fear of mine while coding websites. I've tried to code solid websites that could stand up to a source leak; even if someone knew how my code worked, they couldn't break through it.

I hope they get back up and running soon.

so, something bad happened to FA...again. with all that's happened to/on that site over the years, this kind of news doesn't surprise me much any more.

oh, and i think i found someone new to the world of the internet near the beginning of that thread. "I can't believe someone would do that. :/ I hate people that do this kind of stuff." yeah, welcome to the internet...and FA.

I noticed that some of my first posts on FA was missing but I didn't think it was a hack...

ITS DA CHINESE AND DA RUSSIANS WORKING IN TANDEM!!!!

DURR INVADING! TRYING TO WEAKEN US FURST BY TAKEN OUT ALL DIGITAL COMMUNICATION AND DISRUPTING SOCIETY!!!!!!

Rustyy said:
ITS DA CHINESE AND DA RUSSIANS WORKING IN TANDEM!!!!

DURR INVADING! TRYING TO WEAKEN US FURST BY TAKEN OUT ALL DIGITAL COMMUNICATION AND DISRUPTING SOCIETY!!!!!!

No you pleb. It's clearly the North Koreans and ISIS :P

I dunno. Maybe if they patched their shit instead of not even knowing about this exploit first-hand as soon as it was announced by the IM team, it wouldn't have happened.

Doesn't also help that FA is a really lethargic Site when it comes to technical aspects anyway. They are probably still using exploitable software versions even after this moment.

Meanwhile, every other furfag Website is still up and running just fine, because they patched. Lol.

RubisDrake said:
I dunno. Maybe if they patched their shit instead of not even knowing about this exploit first-hand as soon as it was announced by the IM team, it wouldn't have happened.

Doesn't also help that FA is a really lethargic Site when it comes to technical aspects anyway. They are probably still using exploitable software versions even after this moment.

Meanwhile, every other furfag Website is still up and running just fine, because they patched. Lol.

I don't even see why FA is worth two shits anyhow. I mean. I have an account. Half the posts I've seen ain't even furry related. I've even quite a few selfies of teenage guys posing in front of nazi flags (I searched "flag" and that's what I saw). I mean, I'm not even offended (bcz I don't even give a shit what someone flies), but its as simple as it ain't furry so it doesn't belong on FURaffinity. It's fucking retarded. Other shit I see, again, ain't even furry. It's basically just twitter in a fursuit

Good news, everyone. FA is now back up!

As an interesting side note: all new uploads have an ID of 2 million or higher, looks like they used that hack to jump ~10k IDs to avoid database problems.

ultragamer89 said:
Good news, everyone. FA is now back up!

but for how long

Literally the FA cycle

TruckNutz said:
And thus began the war between the Furry Empire and the Horde of 4Changhis Khan. The conflict would last nearly 14 years and would utterly change forever the face of the world. Kingdoms would lie in ruins. Whole empires would shake. In the end, an estimated 50 million lives were lost.

"lives," come on, it's Internet nerds vs Internet nerds. Lives is a very optimistic euphemism.

Ugh, Fur Affinity is broken. I can't log in since apparently they have a broken password recovery page--It mixes up what all goes onto what lines, meaning even if I successfully get the password change through, I have no idea what it actually changes the password to!

Can somebody get ahold of them and let them know about this? I really wanna log in.

Furrin_Gok said:
Can somebody get ahold of them and let them know about this? I really wanna log in.

I made an account 6 minutes ago, and I'm logged in.

What exactly do you want me to tell them? Are you sure the problem is on their end? Who do I tell it to?

Lance_Armstrong said:
I made an account 6 minutes ago, and I'm logged in.

What exactly do you want me to tell them? Are you sure the problem is on their end? Who do I tell it to?

I have literally reset my password five times, to varying sets of code that makes definite sense to me, and I still cannot seem to log in using any of the codes. If I hadn't forgotten my original code I probably could have used that and been fine, but the reset password page is borked.

What's your username on there? I will send them a message with your account name and copy what you said here.

http://www.furaffinity.net/user/furringok/ ?

Lance_Armstrong said:
What's your username on there? I will send them a message with your account name and copy what you said here.

My username is furringok. I have filled in every field on the page, including the ones up top to send the email in the first place; attempted to use every field as the password, none of them working... I suspect it might be using the temporary reset code as the new password, but thing is, it's too long and won't be allowed.
Hitting enter in the bottom field also causes it to hit the button of the top field instead of the bottom, so I have to manually click it for it to work.

Ticket created: http://www.furaffinity.net/controls/viewticket/114129/

Lance_Armstrong said:
Ticket created: http://www.furaffinity.net/controls/viewticket/114129/

Really disappointed that your ticket beat my find. Such a stupid little thing, too: Everything except the login page accepts the username without underscores, which had me fooled.

Furrin_Gok said:
Really disappointed that your ticket beat my find. Such a stupid little thing, too: Everything except the login page accepts the username without underscores, which had me fooled.

So what you're saying is that I can close the ticket.

Lance_Armstrong said:
So what you're saying is that I can close the ticket.

The ticket I couldn't even see in the first place? Yeah.

Heh.

Blind_Guardian said:
Heh.

That's in response to personal information being at stake.

Hopefully, it doesn't last too long. Although limited having access to FA is better than nothing.

We have just learned the attackers have access to personal user data, such as encrypted passwords and email addresses.

If your server has been compromised you should immediately assume this has happened, not just pretend it hasn't until you find evidence that user data has been stolen. It really worries me that FA is run by these people.

If crap like this happens so often that people have come to expect it, I honestly have to ask, why the hell are people still using it? It's not like several years ago when your options were limited.

SirBrownBear said:
If crap like this happens so often that people have come to expect it, I honestly have to ask, why the hell are people still using it? It's not like several years ago when your options were limited.

FurAffinity is like the abusive parent they always wanted

SirBrownBear said:
If crap like this happens so often that people have come to expect it, I honestly have to ask, why the hell are people still using it? It's not like several years ago when your options were limited.

Because it's literally the only site I get any business.

Ratte said:
Because it's literally the only site I get any business.

You don't use/want an Inkbunny account?

Siral_Exan said:
You don't use/want an Inkbunny account?

I don't make cub porn so I never got business there. I left it two years ago because of said lack of business.

Ratte said:
I don't make cub porn so I never got business there. I left it two years ago because of said lack of business.

While that is a touché, I do wonder, then, where else you may post your art. I can imagine you doing pixiv, but I wouldn't be able to read it...

Siral_Exan said:
While that is a touché, I do wonder, then, where else you may post your art. I can imagine you doing pixiv, but I wouldn't be able to read it...

I can't read Japanese.

I just post on FA and DA now, but of the 5+ years I've been on DA I have only been commissioned twice. All of my business otherwise comes from FA. Without it, I'm hosed. Since I don't make porn I already get next to no business as it is.

Ratte said:
I can't read Japanese.

I just post on FA and DA now, but of the 5+ years I've been on DA I have only been commissioned twice. All of my business otherwise comes from FA. Without it, I'm hosed. Since I don't make porn I already get next to no business as it is.

Why not swap back to DA? Forgive me if I am oblivious to these sites, E6 has been my main for two years, it's only been a month since I started actually using the others...

Siral_Exan said:
Why not swap back to DA? Forgive me if I am oblivious to these sites, E6 has been my main for two years, it's only been a month since I started actually using the others...

I use DA as well as FA. I get no business there.

Now this worries me, not to jinx anything but is e6 vulnerable(or even prepared) for such an attack similar to that on FA?

There's no doubt that e6 has also been one the targets of (DDoS) attacks from who I can only presume are anti-furry terrorists. But what if something stronger & more dangerous appears?

Qmannn said:
Pixiv has an English option and a bunch of English speaking users.

I don't really draw the kind of art people go there for.

Or anywhere, for that matter, haha.

Tuvalu said:
If your server has been compromised you should immediately assume this has happened, not just pretend it hasn't until you find evidence that user data has been stolen. It really worries me that FA is run by these people.

"Run" is a strong word.

TheGreatWolfgang said:
Now this worries me, not to jinx anything but is e6 vulnerable(or even prepared) for such an attack similar to that on FA?

There's no doubt that e6 has also been one the targets of (DDoS) attacks from who I can only presume are anti-furry terrorists. But what if something stronger & more dangerous appears?

We actually have professional server people both from Bad dragon and from our hosting company, as well as professional programmers. This could happen, since there is no 100% guarantee that someone doesn't find an exploit, but we won't do crap like FA with their damage control afterwards.

Blind_Guardian said:
Heh.

Hey I wonder if that's related to the problems I found.

Ratte said:
I can't read Japanese.

You do realize they have an English mode? Down at the bottom of the page it has a list of languages. This won't auto-translate everything, but it translates the navigational menus, profile field headers, and stuff. English users of the site can still read your English profile that way.

Ratte said:
I don't really draw the kind of art people go there for.

Or anywhere, for that matter, haha.

What are you talking about? Poofy critters are definitely the pixiv style.

Ratte said:
I don't really draw the kind of art people go there for.

Or anywhere, for that matter, haha.

I like the fact that you don't draw it. I think your art is super cute, and I've been thinking about commissioning you. Know much about caracals? Haha

Well worst case scenario, perhaps switch to Weasyl? E621 is fine and dandy, but I Like to have another place to spread my work around plus get some commissions and stuff.

This sucks :/

SirBrownBear said:
If crap like this happens so often that people have come to expect it, I honestly have to ask, why the hell are people still using it? It's not like several years ago when your options were limited.

Everyone uses service because majority is there and nobodys going to use other service because minority is there and because nobody is changing to service used by minority, everyone keeps using service used by majority. This isn't exactly rocket science.

youtube vs vimeo, whatsapp vs telegram, windows vs linux, facebook vs google+, skype vs teamspeak, steam vs gog.com, etc. etc. (of course there are some other minor caviats with these, but you get the point)

Mammoths and monopolys can still fall. However it does take long time, because rivals basically need to make their service better, so that everyone has a reason to switch over or use their service alongside the current one, slowly growing from being simply better rather than just being biggest.

Problem with art sites focusing/allowing furry art might actually be that there are so many smaller alternatives, which has made the users scatter all over and FA is the only central. What I mean that there are users which might use FA and Inkbunny and other users who use FA and Weasyl, so of course only place to find both artist is to simply use FA. Then stuff like Inkbunny having "cub" marked on top of it even though they simply allow it and nothing else.

Furrin_Gok said:
You do realize they have an English mode? Down at the bottom of the page it has a list of languages. This won't auto-translate everything, but it translates the navigational menus, profile field headers, and stuff. English users of the site can still read your English profile that way.
What are you talking about? Poofy critters are definitely the pixiv style.

It takes years for me to get established anywhere so I'm not sure it's worth it.

And no, I didn't know because I don't use it. All I knew about it was that when I was shown it in the past I couldn't read anything.

Aeruginis said:
I like the fact that you don't draw it. I think your art is super cute, and I've been thinking about commissioning you. Know much about caracals? Haha

I know what they are, yes. Wouldn't be the first time I've drawn any.

Qmannn said:
This was an interesting read: http://stuff.veekun.com/fa-timeline.html

Feb 20, 2016

IMVU sends lawyers at Silver Eagle

Silver Eagle reports that IMVU's legal department is sending him strongly-worded emails regarding his own attempt at a furry art site. Other developers distance themselves from Silver Eagle for fear of also attracting legal attention.

A few people who brought this up on FA report having their comments hidden, submissions deleted, or accounts suspended.

I appreciate it when bad things happen to Furaffinity.

It's like watching the crippled man shoot himself in the other leg.

Horrible...just horrible.

I probably should've expected that I'd be unable to log back in due to the website's new password recovery tool only accepting the email for the sake of getting the verification code but not accepting that same email for when its time to actually set the new password. There is literally nothing I can do about that. I've never even thought that would be possible that it recognizes it once but can't recognize it twice.

¯\_(ツ)_/¯

I just don't get it. I never thought that knowing all of my login info at all times would one day still prevent me from being able to get back onto a website.

Dominass_Triton said:
I probably should've expected that I'd be unable to log back in due to the website's new password recovery tool only accepting the email for the sake of getting the verification code but not accepting that same email for when its time to actually set the new password. There is literally nothing I can do about that. I've never even thought that would be possible that it recognizes it once but can't recognize it twice.

¯\_(ツ)_/¯

I just don't get it. I never thought that knowing all of my login info at all times would one day still prevent me from being able to get back onto a website.

I could reset everything normally, try it again when the load is less on the server, also make sure to check for errant typos and spaces and what have you. Potentially even capitalization in the email.

Oh look, three days (almost ) and FA is still undergoing a rewrite the security algorithms, what the deuce are they doing that takes so long? Not even the data recovery too this long.

fox_whisper85 said:
Oh look, three days (almost ) and FA is still undergoing a rewrite the security algorithms, what the deuce are they doing that takes so long? Not even the data recovery too this long.

Maybe (Hopefully!) they're finally upgrading security.

Furrin_Gok said:
Maybe (Hopefully!) they're finally upgrading security.

FA is back online, but a lot of people are having issues with recovering passwords.

Furrin_Gok said:
Maybe (Hopefully!) they're finally upgrading security.

lol

Okay so now I'm hearing things about malicious ads on FA hijacking browsers sooo yeah, outlook not so good

^{Personally I'm surprised that ad services allow those kinds of ads but eh}