DarkXander Owner of FurrTrax Post ID: 298 Posted: 07-02-2015 10:58 AM |
Furnation.com is down, and apparently has been for some time today, i just noticed when i tried to go their to scope out the competition a little and i was greeted by a complete timeout. On their facebook page there is a mention by someone in a comment that they seem to be having trouble with a hacker. And they report they have had a mass loss of accounts in their database.... I worry that perhaps this hacker may have compromised their Database Server and possibly gained access to peoples usernames, email addresses, and passwords or hashes. As anytime there is a security issue with a site that you use i recommend, if you use or had an account on Furnation.com, if it hasnt been mass deleted already, go change your password when the site comes back up, IF it does come back up..... We will keep an eye on this situation, and our own security logs ;) | ||
😻Stripes😻 Banned Post ID: 299 Posted: 07-02-2015 11:44 AM |
hahaha wow | ||
Fesothe Donator Post ID: 300 Posted: 07-02-2015 12:30 PM |
The last time I looked they used a 3rd party social network framework, with custom url hosting. They then had very little control over anything and I assume that was to protect themselfs from such situations while reducting costs, unless they've moved to a new custom website and messed it up but idk about that as I don't care to check it and never will. | ||
Tati Member Post ID: 301 Posted: 07-03-2015 02:05 AM |
no hackers, they rolled back on the server to a specific date and it deleted accounts after that date, no hackers | ||
DarkXander Owner of FurrTrax Post ID: 307 Posted: 07-03-2015 08:57 AM |
Tati, perhaps you need to look over the evidence and even the guy posting how he did it, they got attacked hard core yesterday, they are just trying to cover it all up and lie. look here: https://forums.furaffinity.net/threads/1416570-Furnation-com-is-DOWN-Hacked-Possibly I even found the security hole in their site, tested it and they went down for 10 minutes, then i tried to report the issue to their owner, and he banned me. and everyone else who had screenshots, the homepage was even trolled all over. http://cdn.furrtrax.com/other/furnation-hack2.png http://cdn.furrtrax.com/other/furnation-hack3.png Editted by Admin DarkXander | ||
Elshara Silverheart Member Post ID: 1394 Posted: 08-11-2016 00:01 AM |
SocialEngine is what they use as a content platform. Safer than something like phpfox but hardly by much...wordpress probably has better security imo. | ||
DarkXander Owner of FurrTrax Post ID: 1395 Posted: 08-11-2016 08:23 AM |
Due to the XMLRPC DDoS Issues, Wordpress is worse. While its harder to breach and grab data from, its effortless to trick a wordpress site into DDoS Attacking anyone you want it to without any admin access at all. Google XMLRPC Reflection/Amplification Attack | ||
Elshara Silverheart Member Post ID: 1397 Posted: 08-11-2016 14:08 PM |
That's probably because it's .htaccess isn't set up as securely. Everything can be avoided if the file permissions of the server are a first priority. Then you must worry about the code itself. How easy it is to manipulate. The worst case scenario, someone has your database information so then there's a MYSQL problem for many users. Then you have to basically try to not hack wordpress if the actual site itself can be so hackable. Yeah i see what you're saying. finding reasons to not hack something is more challenging than finding one to hack it. It's for that reason I'd never use wP, ever. Not even as a blog. | ||
Elshara Silverheart Member Post ID: 1398 Posted: 08-11-2016 14:20 PM |
I do use a platform for a private blog but it's hardly worth hacking because nobody even knows about it and the page rank is low enough that it doesn't show up in Google. SocialEngine is good for that, and it's actually a security benefit because Google Traffic can break a site if it's not hosted on a powerful server. I'm planning on going custom but I am tempted to get a better background in Linux first. SSL is better than nothing. I know it's off topic but as a Social Engine owner I find the worst security flaw is the ad ons, not so much the core. I've worked with every platform out there, Dolphin, PHPFox, Jooma, Drupal, WP, Oxwall, Ning, Elgg etc. Customization is best with SE and for the look and feel of the overall website, I prefer it for that reason. PHPFox has an excellent settings area and can support almost anything but it's security and stability is an utter joke. Every commercial platform has it's querks, especially when it comes to updating its core packages to the latest versions, it just doesn't happen a lot, if ever. That's why they update if someone hacks a well known site and happens to gain enough attention for it that the developers take notice. Custom servers and applications are ideal, but when you haven't got the money to go custom or the experience to set up such a server configuration, then you do the next best thing. Either pay a develoer, or pirate it. My thoughts on piracy are mixed but my thoughts on developers are straight forward. 8 Times out of 10 they will rip you off for something you could learn yourself and do a better job at maintaining because for all the fancy UI bells and wistles they offer, less than 2% of it works under pressure or high demand, or a mixture of both. Support is a whole other matter entirely, so if it's not something you built, you can't be responsible for it and that's the reason why I'm a fan of custom built websites, like this one. Communication is all that's needed to make great ideas flow and flourish. | ||
DarkXander Owner of FurrTrax Post ID: 1400 Posted: 08-11-2016 14:35 PM |
SSL does nothing to secure a site from hacks or exploitation, it simply prevents third parties from seeing whats going through the connection. IT makes 0 difference to things like SQL injections, XSS, DDoS, etc. All it does is ensure your privacy. File permissions can be an easy one to goof, but 99% of the problem is either the code itself, the Server Software Stack, or an admin who knows nothing of security doing a poor setup. Mind you this is not just my opinion as a hobbiest either, im a 26 time certified network engineer, and cyber security specialist. |