|FurrTrax Security Upgrades|
Posted by: DarkXander at 09-17-2015 20:53 PM
|Tonight i applied some new Security Updates to the Authentication Protocols that run the site. An extra level of encryption suffice to say. Ideally you would not even see a difference in how the site works, and you shouldnt even notice it.
If you do notice anything not working properly relating to password changing, logging in or out, or the such, please report it immediatly and provide as much detail as possible, even screenshots are encouraged if possible.
That said, so far i havent found anything not working properly!
|Spotlight: FurrTrax Security and People who Don't Think|
Posted by: DarkXander at 09-13-2015 15:12 PM
|So first off, i really should not have to write this article, i assumed it was common knowledge for everyone, or at least most people, and i still hope that it is.
Today, someone posted on twitter what they thought was a security flaw on the site. It turns out it was an old page that never got cleared out after the server was rebuilt and we transitioned from the use of an old IPTABLES software based firewall, to the new Dedicated Firewall and Cloudflare. The page was in a subfolder that is no longer used by furrtrax and essentially was forgotten to be deleted. It contained a page that showed a defacement made by a hacker about 2 years ago.
This twitter person did a URL scan against the site, for reasons we dont know, but suffice to say he was not authorized at the time to do, but i digress, he did it anyway for whatever reason, and found that old dafaced page in the old subfolder and somehow thought it was still in use somewhere. I told him that it was an old page in the cache from a subfolder we dont use, and in fact i deleted the file after i realized it was still there.
He then tried to get me to let him do a "security audit" of the site because he found a page on a url scan which he thought proved to me that he knew what he was doing. Well anyone with any script kiddie knowledge can find a tool to do URLscans automatically, if you know how to use a gameboy you can figure out how to do a urlscan. And we proceeded to have a twitter arguement from there, he wasnt exactly happy that i wasnt impressed with the skills he thought he had proven to me.
So i told him flat out, if you think your that good, go try to hack us, and if you think you have found a bug, post it in the bug bounty, NOT on twitter to everyone.
He ran out of things to say at that point but the point stands, I insulted his conduct for not using the bug bounty feature. He did a urlscan of the site, so he cant say he didnt find it, and the fact that its listed on the homepage doesnt help his case.
I know most of you already know and are aware of what ive covered in this post, but thanks to at least 1 persons lack of understanding, ive now had to spell it out...
Have a good day everyone, End Rant.
|Spotlight: FurrTrax is AMD Turbo Charged!|
Posted by: DarkXander at 08-31-2015 21:25 PM
|On Saturday Myself, and my local furry friend Gustav visited the Datacenter where FurrTrax's Main Server lives, and after shutting everything down pulled the whole system out of the cage and took it to a work space where we had setup my tools and a monitor, keyboard and power cables for working on the system.
We removed the CPU, RAM, Motherboard and half of the system harness, Remember this is a server that is only 5 inches thick but long, so space is very limited. The components we removed were, An AMD Quad Core 2.6 GHz CPU, 16 GB of DDR3 RAM, and the MSI 760GM-E51 Military Edition Motherboard.
We then Installed the following NEW Components:
MSI 760GM-E51 FX Military Edition(the newer faster version of the same board)
AMD FX(tm)-8320 Eight-Core Processor 3.5 GHz with 4.0 GHz Turbo Function
Low Profile Quad Copper Heatpiped CPU Heatsink
28 GB of Kingston HyperX DDR3 1333 RAM
Core 0 is dedicated to the FireWall System, Cores 1-6 are Dedicated to FurrTrax itself, Core 7 floats anywhere extra power is needed, and also runs a special projects system thats only on every once in a while. The System runs on VMware VSphere to do all this.
|Minecraft Game Server Update|
Posted by: Hobbs at 08-27-2015 15:58 PM
|Hay everyone! Just to let you know the MineCraft Game server will be down sometime during the weekend of the 5th and 6th.
Why will the server be down?
1. I've been working on a new system build for a new gaming computer monster, and I need some parts from my current computer so I can see if the parts that I already have are working they way they should.
2. The current system is due to some hardware cleaning/dusting. as well as some old data to be dumped/defragged for a better performance.
Max downtime is 5 hours.
Why cant you wait till the week?
I work Monday through Friday 12 hours a day. I just don't have the time during the week.
|Spotlight: FurrTrax Minecraft Server Launched!!!|
Posted by: Hobbs at 08-09-2015 19:57 PM
|So after a few delays. we are proudly able to launch the server full time. The server will expand more once we get a dedacated server to host it. However in the mean time we have a server with multi worlds, with up to 150 players. and a few other plugins.
Do keep in mind though that the server is still a work in progress, if you find any bugs with it, please message Hobbs.
In the event you can not connect just try a few times. the first time you connect will be the hardest. if you cant connect after about 5 trys you can either restart minecraft or try again in a hour or so.
We will be looking for more Gameserver Mods, so do keep this in mind if you wish to be a mod on the gameserver.
Even though the server is running on 1.8.7 You can play and connect with 1.8.8
Server IP : mc.furrtrax.com
Remember to keep checking back from time to time. FurrTrax may run other servers. for games that you like.
|Spotlight: DarkXanders Birthday|
Posted by: DarkXander at 08-02-2015 23:35 PM
|Just for those who dont know, Aug 3rd is my birthday, ive already begun working on a feature to advertise birthdays for the site but it isnt finished yet. just in case anyone was going to ask about that!
|Furrtrax Minecraft server|
Posted by: Hobbs at 07-27-2015 15:41 PM
|From your friends here at FurrTrax we are happy to say that soon we will be launching a full time FurrTrax Minecraft 1.8.7 Server.
See the Furry Forums for all the current and upcoming info!
See Article in the Forums
|Spotlight: DarkXander is Un-Employed|
Posted by: DarkXander at 07-20-2015 11:30 AM
|I walked into work today to start on a project and was told to gather my tools and belongings and leave, and handed a letter of termination, citing unprofessional conduct with no details in the slightest..... After working for this company from their very start, 10 years now. The site will remain up as long as i am able to keep it going, donations will be greatly needed for the site to endure.
|Login Problems - How to Fix|
Posted by: DarkXander at 07-16-2015 17:07 PM
|An issue with password hashing has been identified and a fix has now been put into place, if you have been unable to login recently and your sure your password was correct, please try logging in once more and the system should now check your login for a damaged hash, and fix it automatically!
If your hash is damaged, your first login attempt will fail, but just try again, the second attempt to login should be successfull as long as your password is correct the system will automatically fix it.
The Gamma app will not fix this for you however, if the app is not able to log you in, use the website or mobile site, after logging in there, the Gamma App should work once again.
|Furnation.com Serious Flaw, Reyedog refused to fix.|
Posted by: DarkXander at 07-02-2015 20:00 PM
|So in a good intentions effort i extended an offer to assist Reyedog with his site, in which he lied to me, and said, We didnt get attacked, it was all just a server error.
Well screenshots showing furnations homepage being trolled obviously shows he is lying, and trying to cover it all up.
I did a little brief recon on their server and found the flaw that allowed them to be litterally shut down, and tried via Inkbunny, Skype, Yahoo, and even furnation itself to tell Reyedog how to fix this issue, and he bans me because he seems to want to pretend it all never happenned.
I tested the exploit for 10 seconds, from my cell phone which has little to no real power, and they went down instantly. I quickly shut off the exploit and after a moment they came back up. This is a serious issue, anypone with basic to moderate know how can shut them down without even using a botnet.
This is so sad it is laughable. My offer to help him fix it still stands, if he ever realizes you cant lie to everyone, and accepts the help.
|Furnation.com is DOWN, Hacked Possibly?|
Posted by: DarkXander at 07-02-2015 10:55 AM
|Furnation.com is down, and apparently has been for some time today, i just noticed when i tried to go their to scope out the competition a little and i was greeted by a complete timeout. On their facebook page there is a mention by someone in a comment that they seem to be having trouble with a hacker. And they report they have had a mass loss of accounts in their database....
I worry that perhaps this hacker may have compromised their Database Server and possibly gained access to peoples usernames, email addresses, and passwords or hashes. As anytime there is a security issue with a site that you use i recommend, if you use or had an account on Furnation.com, if it hasnt been mass deleted already, go change your password when the site comes back up, IF it does come back up.....
We will keep an eye on this situation, and our own security logs
|PSA: Bug Bounty Program|
Posted by: DarkXander at 06-29-2015 13:53 PM
|FurrTrax is going to have its own little bug bounty Contest. What this means is that anyone who finds a bug, security flaw, etc, and reports it via the form linked below, and to noone else is entered to win a monthly prize of $10 Amazon Gift Card.
Because we are not rich we will be picking the winner based on severity of the bug, but to keep things a little more fair, every three months we will draw from the pool a random winner as well.
This doesnt mean submit opinions for changes, this is strictly for bugs and errors only. Any messages about adding features, or changing features will not count.
To submit a bug or issue Click this Link!
|Spotlight: Jenn Rose Emergency Heart Surgery Tommorrow|
Posted by: DarkXander at 06-02-2015 21:35 PM
|Tommorrow afternoon Jenn Rose, of which the paws4jenn.com fundraiser is for goes in for un-planned heart surgery. She went to the hospital with absent seizures/uncontiousness Sunday midday, and has been hospitalized ever since, Ive been assisting her family as i am able but today her doctors decided she needs emergency surgery tommorrow to embed a pacemaker to help regulate her heart functions. Understandably she is nervous about tommorrow, and could use some messages to cheer her up. This is Jenns 3rd or 4th round of heart surgery....
Send any such messages to me via PM, and i will email them to her phone where she will be able to read them in bed.
|PSA: BLACKOUT: NSA Patriot Act is Dying, Lets Burry it alive!|
Posted by: DarkXander at 05-30-2015 10:12 AM
|Tommorrow at 11:59PM unless congress has signed the renewal, the Patiot Act, which is the legislation that allows the NSA to spy on us will die, and the NSA will have to bring a large number of their spy operations to a close. Lets help force congress to do the right thing, which is for them to do nothing, and let the Act Expire.
This number has been setup to call into congress and speak your mind:
Visit Blackout Site
Whether you agree or disagree with what Edward Snowden did, the information he shed light to on the Depth of NSA Spying is shocking, and needs to be put to a permanent end!
|FurrTrax Gamma Project - IOS/Apple App|
Posted by: DarkXander at 05-20-2015 08:50 AM
|For those of you with Iphones, Ipads, Ipods, etc. I have gotten an estimate to get a IOS App for FurrTrax made from the source code of the new Gamma Android App. So you would enjoy push notifications just like everyone on android. The problem is, thanks to Apples Money Grubbing it will cost us about $200-250 to complete and put in the Apple Store.
Obviously i cant foot that cost myself, the breakdown is 100-150 for the Development of the App by a professional App Designer, I have used this team for part of the Gamma App and they said they could have the app done as soon as a week or two. The problem is Even once the App is built, I would have to BUY an Apple Developer Account, to be able to post it on their store. That costs $100-125 per year. I dont know if there are enough Apple Users on FurrTrax to justify $250 dollors that i really dont have to spare in the budget. Feedback? Donations toward the cost?
|FurrTrax Gamma Project|
Posted by: DarkXander at 05-18-2015 13:00 PM
|We have a new mobile app in the pipeline, codenamed FurrTrax Gamma, the first release will be for Android, and will feature Push Notifications, and if all goes to plan, IOS Support will follow soon after! No ETA yet, just keep an eye out for the news. I just finished building the new API that this app will use to talk to the FurrTrax Mainframe so now production can continue.
|New Forums FurrTrax Style|
Posted by: DarkXander at 05-14-2015 12:02 PM
|The new forum system i have been working on is now open, find it on the main website. It is fully built by me, right into the FurrTrax system, fully integrated unlike the original phpbb forum now known as the old forum. The new one will not have any of the permissions screwups of the other one, and runs considerably lighter than phpbbs fat codebase.
Now that the forum is fully integrated it will also allow me to make a lot more features and options that integrate between the forums and other parts of the site instead of litterally injecting furrtrax member logins to PHPBBs seperate database.
Im sure there a few bugs in the new forum, and it isnt 100% finished, editting of posts, and deleting of posts is currently off because those features are not quite finished yet but be patient.
|Accounts and Logging In|
Posted by: DarkXander at 05-07-2015 16:57 PM
|As of now, you can now login on Mobile and Full Website with your E-Mail Address and Password, or you Username and Password, both will work now. Also, Recover Password has been given an E-Mail address option as well for those who cant remember their usernames exact spelling. Hopefully this helps. There is also an E-Mail verification prior to getting a new account, to prevent multiple accounts from being created under the same E-Mail Account.