School of Fish
kiwifarms.net
- Joined
- Mar 17, 2019
Now I know how Mister Metokur feels. We have our own 'Lucky Dox' now and most of us here are probably not even Irish. Now pay us.
Last edited:
Postmortem Site compromised 10-Sep-2019
- Thread starter Null
- Start date
- Status
- Joined
- Sep 10, 2019
Ah fuck. Oh well, the Wednesday stream may be interesting, if Null (I won't tag him since he has enough on his plate), has the capacity to do one this Wednesday.
I wonder if he'll tell us whether he uses redis or mongoDB, or something entirely different? Both known to have vulnerabilities, and both are "in-memory cache" databases. It may be time to change tech.
Better idea: just search for your user ID, visible in the user page URL like https://kiwifarms.net/members/username.id/
- Joined
- Apr 10, 2018
fucking BOO
i didn't bother using a vpn and used private trash email thats connected to everything but my actual name and was quite frequently online during the period and still im not on the list at all i feel purposefully ignored
my feels hurt gib patreon
i didn't bother using a vpn and used private trash email thats connected to everything but my actual name and was quite frequently online during the period and still im not on the list at all i feel purposefully ignored
my feels hurt gib patreon
- Joined
- Sep 10, 2019
You didn't shitpost hard enough to piss off Mossad it seems.
- Joined
- Dec 28, 2014
He specifically mentioned Redis and, I believe, that it was related to the event.
- Joined
- Feb 11, 2017
Might not be a bad idea to force 2FA by default.
- Joined
- Sep 10, 2019
He does the best he can keeping this site alive on the limited resources he has - however isolation of a redis database to make it not publicly reachable is quite an oversight.
BY THE FUCKING WAY - YOUR SESSION TOKENS ARE IN THE ACCOUNT.TXT LEAKS. IF YOUR ACCOUNT ARE IN THOSE LEAKS, LOG OUT AND LOG BACK IN. NULL SHOULD FORCE LOG-OUT EVERYONE TO RESET SESSIONS.
Example of a session key (that can be used to hijack that account):
TL;DR: Please log out and back in to reset your session to make sure your session doesn't get hijacked (and yes, injecting your session key into the cookies does indeed bypass 2FA, so you're still not safe).
- Joined
- Jul 22, 2013
Just saying.... an achievement looking like a pizza slice that just says 9-10-19 Never Forget would be dope.
Think Null already forced a login.... I had to log back in earlier today.
- Joined
- Sep 7, 2016
So, if anyone comes up to take responsibility and likewise take action on behalf of said leak, I suppose this gives users a full on right to sue on basis of Privacy Invasion and Defamation correct?
I do love a good lawsuit,
I do love a good lawsuit,
Null did that. I've seen at least 2 people in this thread who said they had to make new accounts because they didn't remember their passwords
- Joined
- Aug 7, 2019
FWIW I reckon whoever did this just wrote a scraper (as others have said)... That went through the 'Online Now' section at the bottom of the forum index (on phone, cbf finding link to actual online now page). I'm guessing nulls access means he can see Emails and IPs on certain sections of the site. Also why I believe no back end was compromised, as they wouldn't have had to create such a clusterfuck of files. Definitely not a perfectionist 'hacker'.
- Joined
- Sep 10, 2019
- Joined
- Aug 7, 2019
Naw, pretty sure forced login coz he did a fresh install of the forum software. Session data wouldn't be saved & imported.
Neet Tokusatsu
kiwifarms.net
- Joined
- Jul 23, 2018
Well, i'm in the list, will i get a trophy? 
- Joined
- Sep 10, 2019
I haven't tried to hijack an account for obvious reasons (don't wanna get shoah'd now that I finally got around to making an account), but essentially yeah - the session tokens are now invalid.
Well, i'm in the list, will i get a trophy?
Zoë Quinn will give you a handjob and a pizza.
- Joined
- Mar 16, 2019
Ass News Network and Sean O'Mara and his fuckbuddies are always behind this.
Everytime I insult them, shit like this happens immediately. This is too fucking suspect.
I wouldn't be surprised either. They are friends with all of the elitist nerds out in West Coast America. I'm not surprised they're potentially friends with the faggots in Silicon Valley and a lot of hacker script kiddie hobbyists, plenty I'm sure who they assign to be moderators and admins for their shitty websites. Fuck, even Harry Hope Chapman got her shit wiped from Google years ago when she joined, that was a big sign right there.
Everytime I insult them, shit like this happens immediately. This is too fucking suspect.
I wouldn't be surprised either. They are friends with all of the elitist nerds out in West Coast America. I'm not surprised they're potentially friends with the faggots in Silicon Valley and a lot of hacker script kiddie hobbyists, plenty I'm sure who they assign to be moderators and admins for their shitty websites. Fuck, even Harry Hope Chapman got her shit wiped from Google years ago when she joined, that was a big sign right there.
So barely over a month apart there's a massive dox due to basic security incompetence, and a huge faildox due to yet more incompetence.
- Joined
- Jan 6, 2019
So barely over a month apart there's a massive dox due to basic security incompetence, and a huge faildox due to yet more incompetence.
step 1: delete your account
step 2: delete yourself
- Joined
- May 21, 2019
I'm pretty sure I've been compromised, but quite frankly I don't care. I doubt whoever has my IP now will be able to do anything with it.
What I am livid about is that my account I used at home seems to have been logged out of and I no longer have the password.
Now it will take litteraly minutes to create a new account, Gaddammit!
Fuck these hackers for inconviniencing me!
What I am livid about is that my account I used at home seems to have been logged out of and I no longer have the password.
Now it will take litteraly minutes to create a new account, Gaddammit!
Fuck these hackers for inconviniencing me!
- Status