The reason Fur Affinity went offline around at 12:48am is due to someone hijacking our account with @netsolcares. Even though we worked quickly to correct the situation, their customer support has stated they cannot lock or freeze the account and we have to wait 24-48 hours for proper assistance. We have contacted them multiple times expressing urgency in this matter, and they've responded saying there is nothing they can do even though we have proven without a doubt that we are the proper owner and the account has been hijacked. This is a serious security issue and oversight on their side.

A good reason FA should use a new hosting service. Bad response on netsol's part.

furrymaster6 said:
A good reason FA should use a new hosting service. Bad response on netsol's part.

Understatement.

For a site of that size, it's not a "bad" response, it's batshit insane.
Frankly, could be grounds for FA to sue them later.

Mods, is there a way to have e621 redirect outgoing FA links for the time being? edit: Or yeah, at least give a nice big warning.

fuyu_graycen said:
Hope they get it sorted soon, what a horrid time for all this shit to happen

I would probably also make this a news pin for E621 so people know not to press FA Links

I'm actually surprised this isn't headline. Lot of people might not know better.

I didn't until I was redirected to the KF site.

Also why they are going after FA?

mta_2_train said:
Also why they are going after FA?

Presumably a hatred of furries, and Dragoneer's death has left the site extremely vulnerable. If anyone wanted to attack the site, it left the perfect opportunity to do so.

gobey said:
Mods, is there a way to have e621 redirect outgoing FA links for the time being? edit: Or yeah, at least give a nice big warning.

^this is a great idea

lendrimujina said:
An organization of borderline cyberterrorists is mocking how low someone else is willing to stoop? Oh, that is rich.

If KF is telling the truth and they genuinely WEREN'T behind this... that hacker has no idea what's behind the gates they just opened. I almost feel sorry for them... almost.

If true, then the hacker made new enemies from the other side.

Suggestion to also temporarily disable source links going out to FA, maybe through CSS, something like

a[href*=furaffinity.net] {
pointer-events: none;
text-decoration: line-through;
color: red;
}

So they would still show up, but wouldn't be clickable and it would be clear it's not just a bug on this site not showing the links?

Maybe add a small infobox with a link bellow Sources section, so if people ignore regular notices/banners, this could be additional vector of spreading the news?

daisuke_td said:
lots of words

I'm certain that the e6 staff are just trying to get their information 100% correct. this is a sensitive matter, but something needs to be done to protect users, like what you've suggested.

Okay so the FA twitter is compromised but the handle is not. For some reason the idiots who got ahold of the Twitter account changed the handle, and some do-gooder nabbed it before they were able to change it back.

Their Twitter may be back at some point.

Still waiting to hear anything about the domain server, but has it been long enough? And NetSol is just giving boilerplate responses to pretty much everyone on Twitter, how very uninformative.

pheagleadler said:
and some do-gooder nabbed it before they were able to change it back.

From what I can tell, the "do-gooder" was shit-posting under the account a lot at first, but now they hid ("protected"? I don't know how Twitter works...) everything and claim they're now reserving the name until it can be returned to the proper owner.

Maybe all those posts were made before they nabbed the name...?

crocogator said:
From what I can tell, the "do-gooder" was shit-posting under the account a lot at first, but now they hid ("protected"? I don't know how Twitter works...) everything and claim they're now reserving the name until it can be returned to the proper owner.

Maybe all those posts were made before they nabbed the name...?

Whanos renamed their own Twitter account to @furaffinity in order to prevent someone else from sniping it. It was the fastest way to reclaim the handle.

Well, now we ain’t getting into… the other website and things are getting back to normal at a slow pace.

valrinix said:
Well, now we ain’t getting into… the other website and things are getting back to normal at a slow pace.

yep. currently the site redirects to an error page with the discord link, so the domain itself is back under control. no clue about the twitter, although i know the handle is being saved.

hiddenbird said:
yep. currently the site redirects to an error page with the discord link, so the domain itself is back under control. no clue about the twitter, although i know the handle is being saved.

Whanos might carry on Dragoneer’s legacy if we’re lucky.

Thread updated,site domain address is back in the hands of furaffinity staff according to their most recent announcements.

Site may still remain down or in read-only for the next couple of days as they sort things out through..

lendrimujina said:
An organization of borderline cyberterrorists is mocking how low someone else is willing to stoop? Oh, that is rich.

If KF is telling the truth and they genuinely WEREN'T behind this... that hacker has no idea what's behind the gates they just opened. I almost feel sorry for them... almost.

It's Gimli and Legolas working together for a common goal

ryu_deacon said:
Thread updated,site domain address is back in the hands of furaffinity staff according to their most recent announcements.

Site may still remain down or in read-only for the next couple of days as they sort things out through..

That's excellent to know. Thank you for keeping so many people informed.

fuyu_graycen said:
It's Gimli and Legolas working together for a common goal

They were always on the same side, broadly. This is more like if Gandalf and the Balrog found a common enemy.

georgie_leech said:
They were always on the same side, broadly. This is more like if Gandalf and the Balrog found a common enemy.

Let's be honest; it's more like Pippin and Gollum.

nathmurr said:
That's excellent to know. Thank you for keeping so many people informed.

Notify me if they get done checking and double checking. I’ll be waiting.

I wonder if they're waiting for non peak hours to turn the site back on so the servers won't be overwhelmed, whenever that is

Signed up for Discord so i could check FA's discord and (around 1:30am UTC) the latest announcement i can find regarding FA website status is:

"No updates on the Fur Affinity site yet, but things still going well - stay tuned!"

(announcement presumably posted to FA Discord approx four hours ago ... if i understand Discord time stamps correctly)

Like a week after the owner of FA dies the site gets hacked, and the FA twitter/X account is hacked including the deceased owners account was hacked.

Then this hacker makes an enemy of basically everyone by making both Furries and Kiwifarms hate them.

How did this even happen? I am guessing they got the Account login details when they hacked the site but surely this will turn off so many people from Network Solutions. You'd think they would respond faster to a security issue like this.

casmin7~ said:
Like a week after the owner of FA dies the site gets hacked, and the FA twitter/X account is hacked including the deceased owners account was hacked.

Then this hacker makes an enemy of basically everyone by making both Furries and Kiwifarms hate them.

How did this even happen? I am guessing they got the Account login details when they hacked the site but surely this will turn off so many people from Network Solutions. You'd think they would respond faster to a security issue like this.

From what I've seen floating around, and to be clear I have no evidence one way or the other, it seems like a password manager was compromised.

Minor update to the Twitter account situation;

Momma Sciggles
—
Today at 7:09 PM
The twitter is officially back in our hands thanks to @Whanos 💖 @everyone

Have a wonderful night.

luffy
—
Today at 7:30 PM
If you are still seeing inappropriate posts on our Twitter, it is likely a caching issue. Please clear your Twitter cache and they should disappear - or wait awhile and they'll go away. Thank you!

Furaffinity.net remains down at this time.

nekrosilisk88 said:
From what I've seen floating around, and to be clear I have no evidence one way or the other, it seems like a password manager was compromised.

Could be, but I also heard that since they had access to the domain, they were able to intercept password reset emails. Dunno how true that is, it goes well beyond the scope of my understanding of the inner workings of the internet.

nekrosilisk88 said:
From what I've seen floating around, and to be clear I have no evidence one way or the other, it seems like a password manager was compromised.

From what I've heard they used social engineering to get the network solutions account and the Twitter account was tied to a @furaffinity.net email address they gained control of and they changed the password from there

no-one-you-know said:
From what I've heard they used social engineering to get the network solutions account and the Twitter account was tied to a @furaffinity.net email address they gained control of and they changed the password from there

Ugh, that figures! I guess for an administrator of a website, it's kind of important to have non-SMS/password authentication.

So, mentioning questionable domains, everyone might want to add e9 62. net to firewalls or filters or something. Nasty typo.

pheagleadler said:
Could be, but I also heard that since they had access to the domain, they were able to intercept password reset emails.

I don't know if it's true for the current FA difficulties, but in the general case, that is possible.

Probably the most well-known part of DNS is an "A record", which tells computers where to send general Internet traffic for that domain. That's the thing that tells you that google.com is 142.250.190.110. These days, most computers will use the A record to route HTTP or HTTPS traffic (most popular), but many other kinds of traffic are possible: SSH (remote login), FTP (file transfer), and even NNTP (Usenet news) shut up, grandpa.

Another important part of DNS is an "MX record", which tells computers where to send email traffic (SMTP) for that domain. That's the thing that tells you that to send email to somebody on gmail.com, you should talk to the computer known as gmail-smtp-in.l.google.com. (You then need to do an A record lookup for gmail-smtp-in.l.google.com to figure out its IP address so you can actually talk to it.)

If you have control of the domain registration for a site, you are free to set both the A records and MX records to anything you want.

There used to be a limitation that it could take a couple of days for the entire Internet to notice changes in those records, but these days, the whole Internet usually knows about the change within 15 to 30 minutes or so.

If an attacker gets control of a domain, and points the MX record at a mail server that the attacker controls, the attacker can get all of the email that's inbound to that domain.

In modern times, there are a few other records that have to do with anti-spam stuff for sending mail. An attacker would have to set those to records appropriate values to be able to successfully send email from that domain, but that is possible for them to do.

Again, I don't know if the FA attacker actually did any of this. It would have been possible to tell from the Internet at large if you had a copy of FA's DNS records from before the attack, and then checked them often for changes during the attack.

====* The More You Know

Whanos has assisted in recovery of The Official Furaffinity Twitter. As soon as everything is back in full order, we will return to our usual fling. Hopefully, everything is okay and our stuff is still intact.

alphamule said:
So, mentioning questionable domains, everyone might want to add ****.*** to firewalls or filters or something. Nasty typo.

Reason? A statement like that with no explanation will send an awful lot of people directly to that address out of curiosity. Like a social engineering OSHA violation.

psycholasagna said:
Reason? A statement like that with no explanation will send an awful lot of people directly to that address out of curiosity. Like a social engineering OSHA violation.

There's a reason it's not a link. Bah.
Just be careful how you type in URLs or use favorites. XD

Broke it up so no one quick-mouses selection with context menu to open in a new tab because of course you can do that, haha.

We are still waiting for them to restore the site.

Xanaecor
—
Today at 11:12 AM
Good Afternoon!

Yesterday, after meeting for several hours with Network Solutions (our domain registrar), they finally agreed to our demands to lock our account and revert changes made to our domain name’s NAMESERVER configuration. This lock also prevents anyone from signing in and making further changes. A fraud investigation has been launched on their part, and upon conclusion, our account will be fully released to us and we will receive more information on how this hijacking occurred. Our domain is directing traffic correctly.

While the bad actor was in control of our domain between Tuesday, August 20th at 12:47AM ET and Wednesday, August 21st at 2:28PM ET, they redirected our traffic to other websites and they set up an email server to receive any emails that were sent to any of our @furaffinity.net accounts. If you sent any emails to our @furaffinity.net accounts during that time, then the bad actor has those emails, we did not receive them, and you should act appropriately to secure and protect your information. Furthermore, any emails sent from @furaffinity.net during that time would have been sent by the bad actor and should not be trusted. The bad actor never had access to our actual email accounts, any previous emails, nor data we have previously received.

It is important to stress that the Fur Affinity web server itself was never compromised, and the bad actor never had access to any private information therein such as our user and server data (It's as if someone stole your home address and had your mail and visitors routed somewhere else. Your house and everything inside is fine, only the address and incoming/outgoing mail were affected). As a precautionary measure during the incident, we invalidated all current login sessions and you will need to log back into your account.

✨🌟🎉 FUR AFFINITY IS NOW ONLINE AND MAY BE ACCESSED SAFELY! 🎉🌟✨

Furthermore, as of last night (August 21st at 9:53PM ET), we have regained access to our Twitter account, and with the help of Whanos (@KernelJunkie), reclaimed our username (@FurAffinity). And as of this morning (August 22nd at 10:45AM ET), we also secured Dragoneer's personal Twitter account.

We have also been made aware of various sources claiming to have identified the bad actor responsible for this attack. We have no way to verify that these accusations are accurate, but will continue to share all information with the FBI. With that said, we want to remind everyone that we have a zero-tolerance policy toward harassment, no matter the circumstances. Recently, there have been instances where speculation has led to individuals being harassed, even if they have no proven connection to the incident.

It is important to note that Fur Affinity, with direct insight into the situation, has not conducted its own investigation. We are leaving that responsibility to law enforcement. Speculation only spreads misinformation and causes harm, so please be cautious about what you share or believe online.

We kindly urge everyone to avoid engaging in further speculation or harassment. It is the role of law enforcement to determine the facts and make decisions, not ours.

Finally, we want to extend our deepest gratitude to all of you for your unwavering support during this incredibly difficult time. Your kindness, patience, and understanding have meant the world to us as we've navigated these challenges together. We are committed to continuing to foster a creative and welcoming environment for all, and it is your strength and solidarity that make our community truly special. Thank you for standing with us. @everyone

Do please note that while private data from the servers were not accessed according to the announcements, it is still a good practice to update/change your logins and do do so on a regular basis. And of course also not keep all your eggs in one basket both in terms of correspondence(commissioner & artist communication) and gallery maintenance.

happy that the site is already back online, but i will wait some time before logging and changing the password, just to make everything is under control

eranormus said:
happy that the site is already back online, but i will wait some time before logging and changing the password, just to make everything is under control

I tried to access FA but I got a "This site can't be reached" notice

fearofafurryplanet said:
I tried to access FA but I got a "This site can't be reached" notice

That usually means your ISP's DNS servers haven't been updated yet. Try again in a couple of hours.

calydor said:
That usually means your ISP's DNS servers haven't been updated yet. Try again in a couple of hours.

I’ll wait.

fearofafurryplanet said:
I tried to access FA but I got a "This site can't be reached" notice

The Cache needs to clock out on Mobile Devices.

luffy
—
Today at 6:47 PM
@FA Pings From tech. You have to be a lil technical to understand. Sorry!
"Whoever has image loading issues on FA: This is due to DNS cache on your device, or your ISP's (Internet Service Provider) DNS servers. On a PC you can probably fix that by running ipconfig /flushdns in console, or switching your DNS server settings to use Cloudflare and Google name servers instead, which don't cache things for as long. You can Google on how to do that for your operating system. The Primary DNS server can be 1.1.1.1 (cloudflare) and the secondary 8.8.8.8 (google). This is not something you would need to revert back later, as both CF and Google DNS are just superior anyway.

As for mobile devices, unfortunately you are just going to have to wait out for your service provider's cache to expire."

It’s back. IT’S BAAAAAAAAACK!!!!! https://www.furaffinity.net/

We act like this was an unexpected and unprovoked attack. Furries have been responsible for multiple high profile website hacks (as well as obtaining personal information and threatening to release it) in the past few weeks and the owner of one of those sites even threatened revenge over it. Us getting a taste of our own medicine, even if we were not personally involved, is hardly surprising and many would call it deserved.

cka9se said:
Us getting a taste of our own medicine, even if we were not personally involved, is hardly surprising and many would call it deserved.

Really, dude? "Deserved," that some dick pissed on the fresh grave of one of our most civic-minded members in order to 'pwn' thousands of people that are very tangentially related to a very small (and disbanded) group known for exposing and/or lightweight vandalism of alt-right monsters? Recalibrate, hard.

psycholasagna said:
alt-right monsters? Recalibrate, hard.

You too. One's political opinions do not make one a monster, it is one's actions that do. I don't know much about furry politics (though I have heard some disturbing rumors about this "civic-minded member") however I personally feel that the hack of a furry website is much more likely a response to multiple hacks committed BY furries in recent weeks than a recent death.

The FA hacker could have done FAR worse if they wanted to: if the redirect had been to a phishing clone of FA instead of to very obviously not FA they would very likely have gotten admin credentials, and we would have much rather suffered this than what they could do with that. So lets not try getting revenge over a revenge, this hasn't gone over to the real world yet and let's hope we don't have to deal with chlorine bombs and the like again.

lendrimujina said:
An organization of borderline cyberterrorists is mocking how low someone else is willing to stoop? Oh, that is rich.

If KF is telling the truth and they genuinely WEREN'T behind this... that hacker has no idea what's behind the gates they just opened. I almost feel sorry for them... almost.

Sad thing is, one day, what happened to FA's Twitter account will eventually happen to KF, to some degree.

cka9se said:
You too. One's political opinions do not make one a monster, it is one's actions that do.

Bingo. Now drop it and roll, gaslighter.

cka9se said:
We act like this was an unexpected and unprovoked attack. Furries have been responsible for multiple high profile website hacks (as well as obtaining personal information and threatening to release it) in the past few weeks and the owner of one of those sites even threatened revenge over it. Us getting a taste of our own medicine, even if we were not personally involved, is hardly surprising and many would call it deserved.

Oh for the love of god. You cannot be serious. The person who did this was sloppy and I'm hoping they'll go to jail for it.

luznolindo said:
Sad thing is, one day, what happened to FA's Twitter account will eventually happen to KF, to some degree.

Sad thing?

cka9se said:
You too. One's political opinions do not make one a monster, it is one's actions that do. I don't know much about furry politics (though I have heard some disturbing rumors about this "civic-minded member") however I personally feel that the hack of a furry website is much more likely a response to multiple hacks committed BY furries in recent weeks than a recent death.

The FA hacker could have done FAR worse if they wanted to: if the redirect had been to a phishing clone of FA instead of to very obviously not FA they would very likely have gotten admin credentials, and we would have much rather suffered this than what they could do with that. So lets not try getting revenge over a revenge, this hasn't gone over to the real world yet and let's hope we don't have to deal with chlorine bombs and the like again.

Go run defense for that wackjob somewhere else, buddy.
Same goes for far-right politics.

cinder said:
Go run defense for that wackjob somewhere else, buddy.
Same goes for far-right politics.

TBF, this topic is kind of obsolete, anyways?
I mean, the domain and Twitter accounts are back, and the crisis is over.

alphamule said:
TBF, this topic is kind of obsolete, anyways?
I mean, the domain and Twitter accounts are back, and the crisis is over.

Sure, but if people still want to talk about it, that's fine.
As long as the thread does not devolve into a slap fight, of course.

psycholasagna said:
thousands of people that are very tangentially related to a very small (and disbanded) group

Do you really think they see it that way?

qwazzy said:
Do you really think they see it that way?

who's "they"? because the barely-conscious crypto idiot that managed to stumble his way through essentially password-resetting FA's domain name and then subsequently failed to utilize that opportunity to do do literally anything of note probably has zero connection to the organizations effected by the Seigedsec hacks.