Kiwifarms under attack | Veteran of the Psychic Wars | The Internet is for EVERYONE.

Status
Not open for further replies.
pretty bad
"Yesterday, Vsys, a host we used as a forward-proxy, was compromised.

Today, the site was hacked to change everyone's avatars to logos of another site (which I am not naming because I'm not sure what the motivation is behind it).

Then, each node on the forum index was deleted one at a time.

There are backups of the site so no information is permanently lost but I have not diagnosed what the attack vector was yet or the extent of the breach."

A Follow up

1663521004032.png
 
Virtual Cafe Awards

IlluminatiPirate

The Dreaded Pirate of Agora Road
Joined
May 29, 2018
Messages
1,562
Reaction score
5,056
Awards
275
Virtual Cafe Awards
Does this mean that this forum could be attacked as well?

We're a little smaller than the farms, there only 3,700 of us here. I doubt we'll be next.
 
Virtual Cafe Awards

h00

message is what matters
Gold
Joined
Apr 15, 2022
Messages
598
Reaction score
2,812
Awards
214
Website
h00.neocities.org
Virtual Cafe Awards

IlluminatiPirate

The Dreaded Pirate of Agora Road
Joined
May 29, 2018
Messages
1,562
Reaction score
5,056
Awards
275

Attachments

  • Screenshot_20220918-162947_Telegram.jpg
    Screenshot_20220918-162947_Telegram.jpg
    96.1 KB · Views: 68
Virtual Cafe Awards

punishedgnome

Well-Known Traveler
Joined
Feb 2, 2022
Messages
481
Reaction score
1,145
Awards
123
Shit this scares me because we use xenforo, ill ask xenforo if they have a way to combat this for us
It sounds like it was some custom add-on Josh had made himself. He also hasn't been getting updates from Xenfor for some time as they banned him.

I also can't imagine this site is high-profile enough to be an enticing target.

This is why I make a new Protonmail account for every forum.
 
Last edited:
Virtual Cafe Awards

mydadiscar

Webcomics! Banzai!
Joined
Jan 20, 2022
Messages
1,558
Reaction score
5,702
Awards
266
Shit this scares me because we use xenforo, ill ask xenforo if they have a way to combat this for us
Gee, you want to spell it out for people?
Hay guise! Here's how someone hacked a forum! We use the same forum software as them! I better find out how to fix this!!!
 
Virtual Cafe Awards

Andy Kaufman

i know
Joined
Feb 19, 2022
Messages
1,184
Reaction score
4,781
Awards
209
Gee, you want to spell it out for people?
Hay guise! Here's how someone hacked a forum! We use the same forum software as them! I better find out how to fix this!!!
Anyone even remotely familiar with this stuff can see that agora road uses xenforo.
I saw it on the front page already before I even had an account. It's not like that's some hidden detail pirate just released.
 
Virtual Cafe Awards

handoferis

Executor of Dry IT Men
Bronze
Joined
May 28, 2022
Messages
737
Reaction score
1,909
Awards
195
Fuck me this is bad. Hooking up a chat you made to the database/session state for an out of date forum is fucking dumb and raises your attack surface considerably (i.e. you now have forum*chat vulns, as opposed to forum+chat vulns), and is exactly how sessions and shit get stolen. Null calls it an XSS vulnerability but he basically opened the hole, all they had to do was poke through. This is the kind of shit you might be able to get away with (still bad idea) if you didn't have a target painted on your back, but KF does and has for a long while now.
 
Virtual Cafe Awards

punishedgnome

Well-Known Traveler
Joined
Feb 2, 2022
Messages
481
Reaction score
1,145
Awards
123
More than anything else about this fiasco, what bothers me is that Null positions himself as a trustworthy expert for his users to listen to.
Yes, it certainly seems like this exploit was his fuckup. He gloated quite a bit when Ethan Ralph's shit got hacked, and that looks really bad now in hindsight.
 
Virtual Cafe Awards
Status
Not open for further replies.