Postmortem Site compromised 10-Sep-2019

Status
Not open for further replies.
I think that person who decided to do this is definitely a furry. The file is only leaking now because furries were the one's that decided to release it on Twitter.

Someone on here a couple weeks ago named Abe hinted they might've had backdoor access to KF in an AC thread that was moved to Lolcow General. I highly doubt it was them but it's a more logical step.
 
  • Like
  • Informative
  • Agree
Reactions: Tommy Wiseau Kin, s0mbra, Dork Of Ages and 5 others
I'm kinda interested... Who is/are list No. -1?
It's absurdly long.

Also No. 0 is missing for some reason. Maybe that was the hacker? I'm unfamiliar with Xenforo's internal formats.
 
  • Agree
Reactions: Kosher Salt
New account here, I was always a lurker and never had an account, however considering how much good lulz this site has provided me with I feel it's only appropiate I point this out for those that are not technically aware:

  1. @Null mentioned in a recent stream that he verified Yaniv's drunkposting and credible death threats via e-mail sign-up, therefore we know this data is retained, probably indefinitely, for password resets etc.
  2. Anyone able to grab a token from what sounds like an exposed redis database (or any other "in-memory database", null was very vague on what tech the site uses), are technically sufficient to do point number three - which is;
  3. Write a simple scraper with the access token from Nulls account, and get the IP (which since Christchurch he has claimed is not stored anymore, so I don't understand why the IP needs to be loaded into a cache database?), e-mail and all other data pertaining to every single KiwiFarms user there exists, or have existed.
Sleep tight fellow Kiwi's, let's hope we find those clues and figure out where the site was breached (XenForo or misconfig of cached db?)

www.youtube.com

"BLUES CLUES" [That's The First Clue Remix!] -Remix Maniacs

*Download Link*http://www.jsquadbeats.com/bluescluesPlease SUBSCRIBE to our original page also. Filled with all our Industry Music and original compositions....
www.youtube.com www.youtube.com

Oh, and to the hacker(s). I've looked at the release1.zip, and it's laughably a big fucking nothingburger. Good luck tracking people down using their IP - the IPv4 space is filled, and IP addresses are dynamic nowadays. Sloppy job, Mossad.
 
Last edited:
  • Like
  • Autistic
Reactions: niconiconecro, The Flawless Gazelles, Dork Of Ages and 3 others
CWCchange said:
Forgive me if this has already been asked, but what is the date range of this data?
Click to expand...

The IPs it is showing for me are from a few days ago but I didn't log out during that time so I don't think that helps narrow it down.
 
  • Like
Reactions: Dork Of Ages
I love how these idiots on Twitter keep mentioning how they hope the database got wiped (gee... I wonder why?).

Not only do they fundamentally misunderstand how and what was done in the hack, it's like they don't comprehend Null has backups (he's only mentioned that several times).
 
  • Agree
  • Like
Reactions: Kosher Salt, niconiconecro, s0mbra and 10 others
OhTheBliss said:
New account here, I was always a lurker and never had an account, however considering how much good lulz this site has provided me with I feel it's only appropiate I point this out for those that are not technically aware:

  1. @Null mentioned in a recent stream that he verified Yaniv's drunkposting and credible death threats via e-mail sign-up, therefore we know this data is retained, probably indefinitely, for password resets etc.
  2. Anyone able to grab a token from what sounds like an exposed redis database (or any other "in-memory database", null was very vague on what tech the site uses), are technically sufficient to do point number - which is.
  3. Write a simple scraper with the access token from Nulls account, and get the IP (which since Christchurch he has claimed is not stored anymore, so I don't understand why the IP needs to be loaded into a cache database?), e-mail and all other data pertaining to every single KiwiFarms user there exists, or have existed.
Sleep tight fellow Kiwi's, let's hope we find those clues and figure out where the site was breached (XenForo or misconfig of cached db?)

www.youtube.com

"BLUES CLUES" [That's The First Clue Remix!] -Remix Maniacs

*Download Link*http://www.jsquadbeats.com/bluescluesPlease SUBSCRIBE to our original page also. Filled with all our Industry Music and original compositions....
www.youtube.com www.youtube.com

Oh, and to the hacker(s). I've looked at the release1.zip, and it's laughably a big fucking nothingburger. Good luck tracking people down using their IP - the IPv4 space is filled, and IP addresses are dynamic nowadays. Sloppy job, Mossad.
Click to expand...

Whenever @Null gets time, please go over the nginx logs to confirm point 3 did or did not happen. If not, holy fucking shit, what a bunch of retards. If you're gonna hack something, do it properly.

SLOPPY JOB [OMITTED]
 
  • Like
  • Agree
Reactions: niconiconecro, Dork Of Ages, Zeebie and 1 other person
Status
Not open for further replies.
Back