Menu
By:
Filters
What's new

  • Donate and support Agora Road's Macintosh Cafe to keep the forum alive and make any necessary upgrades to have a more pleasant experience! In addition, you will be able to have "moods" enabled on your profile and have donation only awards! Update: I configured the site with Brave Browser, so you can send tips to the site with BAT.

    You can now donate directly to the forum without signing up for patreon. You will still have all of the same perks in patreon but its now one less sign up method. It will be under Account Upgrades

Kiwifarms under attack | Veteran of the Psychic Wars | The Internet is for EVERYONE.

Status
Not open for further replies.
Hadrian Hardrada Cicero

Hadrian Hardrada Cicero

Manifest Destiny | Galatians 4:16
Gold
Joined
Aug 9, 2021
Messages
742
Reaction score
3,399
Awards
217
Ronin said:
pretty bad
t.me

Kiwi Farms

Announcements and coordination during downtime. Archive & RSS: https://tg.josh.rs https://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion/
t.me t.me
"Yesterday, Vsys, a host we used as a forward-proxy, was compromised.

Today, the site was hacked to change everyone's avatars to logos of another site (which I am not naming because I'm not sure what the motivation is behind it).

Then, each node on the forum index was deleted one at a time.

There are backups of the site so no information is permanently lost but I have not diagnosed what the attack vector was yet or the extent of the breach."
Click to expand...

A Follow up

1663521004032.png
 
Virtual Cafe Awards
IlluminatiPirate

IlluminatiPirate

The Dreaded Pirate of Agora Road
Joined
May 29, 2018
Messages
1,494
Reaction score
4,586
Awards
242
Virtual Cafe Awards
IlluminatiPirate

IlluminatiPirate

The Dreaded Pirate of Agora Road
Joined
May 29, 2018
Messages
1,494
Reaction score
4,586
Awards
242

Attachments

  • Screenshot_20220918-162947_Telegram.jpg
    Screenshot_20220918-162947_Telegram.jpg
    96.1 KB · Views: 66
Virtual Cafe Awards
punishedgnome

punishedgnome

Well-Known Traveler
Joined
Feb 2, 2022
Messages
466
Reaction score
1,072
Awards
118
IlluminatiPirate said:
Shit this scares me because we use xenforo, ill ask xenforo if they have a way to combat this for us
Click to expand...
It sounds like it was some custom add-on Josh had made himself. He also hasn't been getting updates from Xenfor for some time as they banned him.

I also can't imagine this site is high-profile enough to be an enticing target.

This is why I make a new Protonmail account for every forum.
 
Last edited:
Virtual Cafe Awards
mydadiscar

mydadiscar

Webcomics! Banzai!
Joined
Jan 20, 2022
Messages
1,337
Reaction score
4,616
Awards
225
IlluminatiPirate said:
Shit this scares me because we use xenforo, ill ask xenforo if they have a way to combat this for us
Click to expand...
Gee, you want to spell it out for people?
Hay guise! Here's how someone hacked a forum! We use the same forum software as them! I better find out how to fix this!!!
 
Virtual Cafe Awards
Andy Kaufman

Andy Kaufman

i know
Joined
Feb 19, 2022
Messages
1,184
Reaction score
4,729
Awards
209
mydadiscar said:
Gee, you want to spell it out for people?
Hay guise! Here's how someone hacked a forum! We use the same forum software as them! I better find out how to fix this!!!
Click to expand...
Anyone even remotely familiar with this stuff can see that agora road uses xenforo.
I saw it on the front page already before I even had an account. It's not like that's some hidden detail pirate just released.
 
Virtual Cafe Awards
Collision

Collision

Green Tea Ice Cream
Joined
Jun 5, 2022
Messages
381
Reaction score
1,404
Awards
126
More than anything else about this fiasco, what bothers me is that Null positions himself as a trustworthy expert for his users to listen to.
 
Virtual Cafe Awards
handoferis

handoferis

Executor of Dry IT Men
Bronze
Joined
May 28, 2022
Messages
655
Reaction score
1,619
Awards
178
Hadrian Hardrada Cicero said:
.net is back on with statements

View attachment 37227
View attachment 37228
View attachment 37229
Click to expand...
Fuck me this is bad. Hooking up a chat you made to the database/session state for an out of date forum is fucking dumb and raises your attack surface considerably (i.e. you now have forum*chat vulns, as opposed to forum+chat vulns), and is exactly how sessions and shit get stolen. Null calls it an XSS vulnerability but he basically opened the hole, all they had to do was poke through. This is the kind of shit you might be able to get away with (still bad idea) if you didn't have a target painted on your back, but KF does and has for a long while now.
 
Virtual Cafe Awards
punishedgnome

punishedgnome

Well-Known Traveler
Joined
Feb 2, 2022
Messages
466
Reaction score
1,072
Awards
118
Collision said:
More than anything else about this fiasco, what bothers me is that Null positions himself as a trustworthy expert for his users to listen to.
Click to expand...
Yes, it certainly seems like this exploit was his fuckup. He gloated quite a bit when Ethan Ralph's shit got hacked, and that looks really bad now in hindsight.
 
Virtual Cafe Awards
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
Hadrian Hardrada Cicero Kiwifarms VS. Australia Current Events, Philosophy, & Paranormal. 28
Hadrian Hardrada Cicero [UPDATE] Christ Chan replies to a Kiwifarms user | Chris Chan sends a letter to Null, owner of Kiwifarms, comparing Null to Judas. Current Events, Philosophy, & Paranormal. 21
Under the Silver Lake General Discussion 2
gathermore The trees are using us to draw up their dead ancestors who are sequestered deep under the earth. Current Events, Philosophy, & Paranormal. 9
samuelvachella Do You Think The Vachella - "Midwest Sub Rosa" Video Falls Under Vaporwave? Music Artists/Production/Discussion 1

Similar threads