Postmortem Site compromised 10-Sep-2019

[s0mbra]

Where's my gay "I survived kiwidox 2019" sticker next to my name, null?

I'm getting 404 when I click anything I'm the doc leak, which is too bad. Also what are these fur faggots going to do? Tell my mommy I make fun of animal fuckers and retards on the internet? Boo boo :, (

I was actually worried I'd have to make a new account. I used a literal throw away email and unique password I had to hope I remembered.

This is so pathetically nothing

 

[Arabaxis]

Aw, I'm on the list if that pastebin a few pages back is accurate. They have such personal information as my... Kiwifarms username, an email I barely use, and an IP that's nowhere even close to where I live. Whatever will I do; my life is ruined.

 

[Hoopla]

Oh snap, they have my KF username and a fake e-mail address.

 

[Ashenthorn]

Canned Bread said:
Am I in the list? Won't load for me.

Don't really care too much anyways, I'm a minor poster and there is little to nothing that can connect to me anyways, and even if there was, it's not the end of the world for me to be connected to this site.

Yes you are and there are several IP's listed on the ipout.csv file. They seem to be in the New England area.

As if someone with a username of "Canned Bread" could be from anywhere else.

 

[pairaducks]

Where's my gay "I survived kiwidox 2019" sticker next to my name, null?

You heard us Null. Give us our dammed sticker or we'll dox YOU next

 

[Starscreams Cape]

These people think small...

 

[Pickle Pirate]

As if someone with a username of "Canned Bread" could be from anywhere else.

You better not be about to badmouth brown bread, or I’m going to throw hands.

 

[Exceptional Chimp]

Not on the list
Email is a 10 minute throwaway used nowhere else
Farms passphrase is non-alphanumeric and used nowhere else
VPN is used
Seperate browser for shit like the Farms

Gonna need more than five guys to find me, troony furfags. Come at me sisbro!

 

[Gorgar]

Fitting that I am part of the group considering the deeds I did.

 

[VanillaVonCheez]

I find it funny that they want to attack us, when we are the ones cleaning up their fandom by exposing the sexual predators and animal rapist in their community. They should be thanking us.

 

[stingray]

This entire thread is just fifty pages of r.etards gloating about VPNs and asking other people to check if they're on the list. Spoiler alert: it doesn't fucking matter. But this entire debacle has been really amusing, to say the least. This has also made me frighteningly aware of how fucking stupid most kiwis are. inb4 late come on, Null, give us some speshul badges

 

[DidYouJustSayThat]

Protip: "inb4 late" declaration does not one immune from make.

 

[la mort]

I just checked my email, zero dick pics.

My disappointment is immesurable and my day is ruined.

 

[Stray Bullet]

I guess the good thing about living in a shithole country is that no one can do shit about anything I do online. I am irrelevant tho, I am only here to laugh at Onision, but thanks for putting me on your list furries!

 

[liliput]

Some furries proud of totally haxxoring KF:

 

[Nice Ice]

My dumbass doesn't use a VPN but mobile phones constantly change addresses practically making that information useless. Oh no they have my email oh goodness what ever shall I do.

 

[ShanghaiGuy]

Some furries proud of totally haxxoring KF:

View attachment 932135

You know what if some furry is going to fly all the way here to peg my asshole. Fair play to him. I think he might have trouble getting a visa though.

 

[Captain Manning]

One more thing about IPs: It also helps if you use mobile hotspots for posting on the Farms, and your IP isn't in your name. It's like looking for a needle in in a stack of needles.

I'm not worried about any of this, but I'm curious as to the who. Maybe one day we'll find out.

 

[Maxliam]

Might not be a bad idea to force 2FA by default.

The site I worked for did that because people click on phishing links at a depressing rate.

This entire thread is just fifty pages of r.etards gloating about VPNs and asking other people to check if they're on the list. Spoiler alert: it doesn't fucking matter. But this entire debacle has been really amusing, to say the least. This has also made me frighteningly aware of how fucking stupid most kiwis are. inb4 late come on, Null, give us some speshul badges

Yeah but am I on the list because I can't see from the VPN I'm using?

 

[Irrelevant]

FWIW I reckon whoever did this just wrote a scraper (as others have said)... That went through the 'Online Now' section at the bottom of the forum index (on phone, cbf finding link to actual online now page). I'm guessing nulls access means he can see Emails and IPs on certain sections of the site. Also why I believe no back end was compromised, as they wouldn't have had to create such a clusterfuck of files. Definitely not a perfectionist 'hacker'.

I think Null left Redis wide open on one of the non-Cloudflare servers (e.g. kiwifarms.pl). I've had it happen where software firewalls fail to start after a reboot due to kernel updates and then accidentally leave a server wide open. So these kind of mistakes happen quite often if you're using a regular "bare" VPS without a hardware firewall and it was only a matter of time before some random port scanner bot found it anyway (though it would have helped for Redis to be password protected it's common for it not to be if only clients from the private network are supposed to connect).

Then you could just connect with a Redis client, list all keys, and download them. I think all the .txt files are cache fragments but someone would need to look into the Xenforo source to confirm if these are commonly cached page fragments. The emails come from your account settings page where you can edit your own email and perhaps @Null could improve things by censoring them like a*@b*.c*.

The IPs were probably part of the cache keys or something to make sure people were served the correct fragments.

What I don't understand is why it all ended up as Markdown. Perhaps Xenforo caches multiple output formats and he happened to download the MD one.

Personally I would have released only the IPs + emails in a CSV with no further explanation. I think that would have spooked Null more as it would be less obvious how they were stolen.