94000130 FFF70000
Absolutely the Worst
- Joined
- May 19, 2018
- Messages
- 327
- Likes received
- 2,018
LATEST UPDATE: The crisis is officially over.
previous stuff:
Article: Xanaecor — Today at 1:12 PM
Good Afternoon!
Yesterday, after meeting for several hours with Network Solutions (our domain registrar), they finally agreed to our demands to lock our account and revert changes made to our domain name's NAMESERVER configuration. This lock also prevents anyone from signing in and making further changes. A fraud investigation has been launched on their part, and upon conclusion, our account will be fully released to us and we will receive more information on how this hijacking occurred. Our domain is directing traffic correctly.
While the bad actor was in control of our domain between Tuesday, August 20th at 12:47AM ET and Wednesday, August 21st at 2:28PM ET, they redirected our traffic to other websites and they set up an email server to receive any emails that were sent to any of our @ furaffinity.net accounts. If you sent any emails to our @ furaffinity.net accounts during that time, then the bad actor has those emails, we did not receive them, and you should act appropriately to secure and protect your information. Furthermore, any emails sent from @ furaffinity.net during that time would have been sent by the bad actor and should not be trusted. The bad actor never had access to our actual email accounts, any previous emails, nor data we have previously received.
It is important to stress that the Fur Affinity web server itself was never compromised, and the bad actor never had access to any private information therein such as our user and server data (It's as if someone stole your home address and had your mail and visitors routed somewhere else. Your house and everything inside is fine, only the address and incoming/outgoing mail were affected). As a precautionary measure during the incident, we invalidated all current login sessions and you will need to log back into your account.
FUR AFFINITY IS NOW ONLINE AND MAY BE ACCESSED SAFELY!
Furthermore, as of last night (August 21st at 9:53PM ET), we have regained access to our Twitter account, and with the help of Whanos (@ KernelJunkie), reclaimed our username (@ FurAffinity). And as of this morning (August 22nd at 10:45AM ET), we also secured Dragoneer's personal Twitter account.
We have also been made aware of various sources claiming to have identified the bad actor responsible for this attack. We have no way to verify that these accusations are accurate, but will continue to share all information with the FBI. With that said, we want to remind everyone that we have a zero-tolerance policy toward harassment, no matter the circumstances. Recently, there have been instances where speculation has led to individuals being harassed, even if they have no proven connection to the incident.
It is important to note that Fur Affinity, with direct insight into the situation, has not conducted its own investigation. We are leaving that responsibility to law enforcement. Speculation only spreads misinformation and causes harm, so please be cautious about what you share or believe online.
We kindly urge everyone to avoid engaging in further speculation or harassment. It is the role of law enforcement to determine the facts and make decisions, not ours.
Finally, we want to extend our deepest gratitude to all of you for your unwavering support during this incredibly difficult time. Your kindness, patience, and understanding have meant the world to us as we've navigated these challenges together. We are committed to continuing to foster a creative and welcoming environment for all, and it is your strength and solidarity that make our community truly special. Thank you for standing with us. @ everyone
previous stuff:
UPDATE:
Long story short, their twitter had an announcement about it, but the announcement mysteriously vanished. UPDATE 8/20/2024 9:08 PM EST ( ): FurAffinity's twitter has also been confirmed compromised, as has the late Dragoneer's twitter (owner before his recent untimely death)
Basically, don't use FA, there's a man-in-the-middle attacker that keeps trying to reroute the site IP to their own phishing lookalike. So far Cloudflare and/or HTTPS may or may not have prevented it from working. Supposedly the only current source of information is the FurAffinity discord server.
I'm not in the loop but the FA discord supposedly is, people are percolating the info out from there.
Edit:
Got a full quote of their discord announcements channel (times in central standard American I think?) Edit: Changed to Article so it can be quoted.
from elsewhere:
Update: Kiwifarms announced that they're not involved in this at all and suspended all new registrations for a time, and are supposedly now mocking the hacker's apparent moral line (haven't checked that myself mind you).
Edit whatever#: updated to latest announcement channel contents, but I'm going to bed soon and have work tomorrow so likely won't be able to keep posting updates.
Article: luffy — Today at 9:53 AM
Great news @ everyone! We've connected with all necessary contacts and finally made progress in recovering our domain. The tech team has regained control and temporarily locked down the site while they double-check everything and continue to move things forward.
With that said, I'm actively working on ways to manage the sudden influx and unrestrict the server. Please understand that it's highly unusual to gain members at this rate, and I'm not particularly experienced in handling it, so things might get a bit messy. I kindly ask everyone to be patient and respectful, not only toward each other but also toward our volunteer mod team. If things become too chaotic, we may need to restrict access again. Thank you for your cooperation.
luffy — Today at 10:52 AM
If you are experiencing lag due to the influx of super reactions, please disable your motion settings. User Settings > Accessibility > Reduced Motion
I cannot disable super reactions without disabling all, which I will not be doing.
Image
luffy — Today at 12:11 PM
We're currently unable to manually verify requests for the FA+ role.
The "Known Member" role is earned by reaching a certain level of participation; it's not based on us simply "knowing" you.
The phone verification requirement will not be removed. It's a crucial Discord safety feature that helps prevent many issues for us.
Long story short, their twitter had an announcement about it, but the announcement mysteriously vanished. UPDATE 8/20/2024 9:08 PM EST ( ): FurAffinity's twitter has also been confirmed compromised, as has the late Dragoneer's twitter (owner before his recent untimely death)
Basically, don't use FA, there's a man-in-the-middle attacker that keeps trying to reroute the site IP to their own phishing lookalike. So far Cloudflare and/or HTTPS may or may not have prevented it from working. Supposedly the only current source of information is the FurAffinity discord server.
I'm not in the loop but the FA discord supposedly is, people are percolating the info out from there.
Edit:
Got a full quote of their discord announcements channel (times in central standard American I think?) Edit: Changed to Article so it can be quoted.
Article: luffy — Yesterday at 11:51 PM
You may receive a 1016 error. We are working to resolve it. Thank you for your patience!
luffy — Yesterday at 11:59 PM
@ FA Pings - Pinging so people read this channel.
Dev is on it.
luffy — Today at 12:59 AM
@ FA Pings Urgent: Domain hijacking attempt
It appears someone is trying to redirect our domain to a site that is not associated with Fur Affinity. This could lead to a phishing page that mimics our website in appearance.
Please avoid visiting our URL or interacting with the website until we provide further updates.
We are in contact with our service provider's support team.
Your personal information and passwords remain secure and have not been compromised.
luffy — Today at 1:24 AM
ELI5 version:
Someone is trying to trick people by making our website take them to a site that isn't Fur Affinity (e.g. they can make furaffinity.net show their own content rather than our website). This fake website could look like anything but might be designed to look like ours to steal your information.
For this reason, we urge you to not "log into" or visit the site until we follow up.
Please refrain from spreading misinformation or speculation and acting as experts on the situation as it furthers confusion and causes added stress. If someone asks about the situation, redirect them to this channel.
luffy — Today at 1:38 AM
@ here The website may appear to be back to normal for now, but it's still under threat. The hijackers have temporarily reverted it to our website, but they can switch it to whatever they want at any moment. Please do not interact with the website.
Reminder: Your personal information is secure and has not been affected.
luffy — Today at 2:21 AM
From tech:
"we have two events: original nameserver change and then the change being reverted. these happened around half an hour apart. as in, when I got online to handle things the changes have already been reverted back by the attacker, but things didn't work because cloudflare locked it's service. all this time the website was loading with an SSL error (not having certificate for https) was the time it was pointing to original cloudflare and our domain settings. they just have been locked, and as soon as I unlocked them things start working again.
at no point in time, as far as I can tell, did FA domain resolve to an actual valid webpage which could have grabbed session data."
luffy — Today at 10:34 AM
@ FA Pings
The situation is ongoing.
We are in works to regain ownership of the account.
Cloudflare was not accessed, our registrar was.
Your personal information and passwords are safe.
We advise you to not use the site until further notice. (ELI5 version pinned in ┆general-convo ).
luffy — Today at 2:17 PM
Hello following servers. Sorry I didn't press Publish on these sooner! Please be wary of misinformation (there is a lot right now), and if you need more info, come check out our ┆general-convo pinned messages and expanded ┆announcements.
luffy — Today at 3:11 PM
FOR YOUR CONVENIENCE: This post consolidates all previous updates into one place, so you don't need to search through earlier messages. Everything you need to know is right here.
Our domain (furaffinity.net) is hijacked. Someone is trying to sporadically redirect our domain to a site not associated with Fur Affinity, potentially leading to a phishing page that mimics our website.
For your safety, please avoid visiting or interacting with our site until we provide further updates. Your personal information and passwords remain secure and have not been compromised. We are actively working with our service provider to resolve the issue.
The website may appear normal, but it's still under threat. The hijackers have temporarily reverted it to our site, but they can change it again at any moment. If you are concerned, log out of the site and do not log back in until we give the green light.
Please avoid spreading rumors or misinformation. For clear and official updates, rely only on this channel or our official social media. There is a "What on earth does that even mean?" explanation pinned in ┆general-convo.
luffy — Today at 4:51 PM
@ FA Pings More information has been posted to our Twitter: [dead link]
The reason Fur Affinity went offline around at 12:48am is due to someone hijacking our account with @ netsolcares. Even though we worked quickly to correct the situation, their customer support has stated they cannot lock or freeze the account and we have to wait 24-48 hours for proper assistance. We have contacted them multiple times expressing urgency in this matter, and they've responded saying there is nothing they can do even though we have proven without a doubt that we are the proper owner and the account has been hijacked. This is a serious security issue and oversight on their side. Refusal to take this issue seriously has caused undue stress and misinformation to spread. We need action now to get the domain back into our control. This is unacceptable that customer support at @ netsolcares can identify a hijack but not stop or freeze the account immediately.
Fur Affinity (@ furaffinity) on X
The reason Fur Affinity went offline around 12:48am is due to someone hijacking our account with @ netsolcares. Even though we worked quickly to correct the situation -
Twitter•Today at 4:48 PM
luffy — Today at 6:21 PM
@ everyone We invalidated all login sessions for security reasons. Do not log back into Fur Affinity until we greenlight it. Nothing is currently affected. This is a preventative measure.
luffy — Today at 6:42 PM
Logins are disabled.
luffy — Today at 7:18 PM
@ everyone The Fur Affinity Twitter has been compromised. We're doing everything we can to regain access, but please do not trust anything posted on there until we let you know here that we have control of it again.
Please tell those you know that they must rely on our Discord for information for now.
Please report tweets made by our account.
Xanaecor — Today at 8:37 PM
Due to recent unusual level of DM activity that has occurred in this server, only friends will be able to contact each other further as a precautionary measure for the next 24hrs.
As always, please be weary of accepting friend requests from people you do not know. @ everyone
Xanaecor — Today at 9:14 PM
We are aware that our Twitter (X) username has been changed and that the original was reclaimed by Whanos as a safety precaution to help our community. We are in contact and working with this user. Please do not direct any misplaced harassment toward them. @ everyone
luffy — Today at 10:07 PM
@ Server Pings Hello everyone!
Given the sudden influx of over 7,000 users just today, I'll be implementing temporary precautionary features and restricting access in ways we haven't before to manage the situation. I understand this isn't ideal, but right now, our priority as a community should be to provide clear and concise communication regarding ongoing events. Over time, I'll gradually lift these restrictions as things stabilize. Our moderation team is small, and to be honest, we did not - nor did anyone, except the person/group that caused it - anticipate this.
I'll be exploring ways to allow questions about the current situation, but please note that everything we know is posted in the ┆announcements (this) channel. If there are updates, they'll be posted here. If not, there's nothing new to share, and therefore there'll be no post.
After I work through the above, I'll look to see if there is any new information to share and post an update if so. I am also reviewing our server's security measures.
For your reference, we have always had Highest security in the server and accounts with moderation access require 2FA.
Thank you for your understanding!
luffy — Today at 10:33 PM
We are going through tickets and since DMs are closed I do not think Carl can send you alerts, but please know extra info is appreciated and your concerns are being looked at. If your ticket is closed, it has been noted.
luffy — Today at 10:54 PM
I have limited channels so that you must either have the FA+ or Known Member role in order to speak in our channels. Again, this will be revised and I will be lifting the restrictions as I watch it progress.
WE WILL NOT BE PROCESSING NEW FA+ ROLES AT THIS TIME. I apologize for the inconvenience.
luffy — Today at 11:03 PM
Just want to note that I am personally sorry for the restrictions. It's not the way I want to manage the community but it's the only feasible way to ensure that, with the influx (containing a good amount of bad apples as I've found from auditing what's happened since I got back), the server can stay healthy while mods sleep. It also helps control misinformation which is huge right now.
Voice channels will be locked down in about an hour and reopened tomorrow.
from elsewhere:
Article: Also, whoever hacked the twitter changed the handle to @ ilovekiwi4lunch ... and then someone else (the aforementioned Whanos) sniped the @ furaffinity handle to keep it from being misused. The account is still compromised but the handle isn't.
Update: Kiwifarms announced that they're not involved in this at all and suspended all new registrations for a time, and are supposedly now mocking the hacker's apparent moral line (haven't checked that myself mind you).
Edit whatever#: updated to latest announcement channel contents, but I'm going to bed soon and have work tomorrow so likely won't be able to keep posting updates.
Last edited: