During the whole ordeal, three accounts were defaced: nek0gami, tincrash and hobbesmaxwell.
It started when tincrash's email account was compromised, as explained in this forum post. The attacker reset tincrash's password, logging in an started deleting pictures.
An administrator, who will not ever be named publicly by anyone in FA's administration, responded to the problem, banning the account and deleting the inappropriate pictures that were posted. Unfortunately, a mistake was made and there was a period of about four minutes where tincrash's account was set to administrator, rather than banned. In this time, the attacker used his newfound access to the admin panel to compromise nek0gami's account.
I really don't know why the attacker went for nek0gami and not one of the administrative accounts, but once the mistake was corrected, the danger to the site was over as the user in question no longer had administrative access. (The screen shots that were posted may have been a clue... the attacker was too stupid to think of that.)
This was confirmed after a night of furious log grepping by yak and tsawolf. Bow down before them, as they are your gods.
After hundreds of attempts to regain administrative access through both nek0gami and tincrash's accounts, the attacker gave up, instead deciding to rely on an old fall-back of people who hate furries and/or FA. And that would be the list of passwords leaked years ago... by... uh... fuck. I don't know. Nobody seems to actually know who originated it.
There are about 4800 accounts on said list and the attacker picked one and got lucky. This is how he got into hobbesmaxwell's account. (We stopped him before anything was deleted, in this case.)
On a whim, I took the leaked password database and compared it to site's current user table. I was utterly shocked... no... horrified by what I found. Over 700 accounts were still using the same password. The same password that had been leaked years earlier and is available to anyone who cared to look for it. So we purged them. When some people reset their passwords to the same thing, we started leaving shouts on their pages as themselves when we locked them out. (See more details on the forums.)
That is everything that went down yesterday. I would like to leave you with a warning, though.
The person who originally initiated this unfortunate incident really seems to have it in for furries in general. We've gotten reports of other accounts being compromised in much the same way as tincrash's was, getting defaced by the same person. (Yes, we've checked our logs. All the people in question were attacked through the password reset feature, which would require access to their email.) Naturally, people who hate furries are hardly unusual. We all know this. This is just meant as a warning to make sure your systems are patched, behind a firewall (most modern consumer routers are also firewalls) and have sufficient virus protection.
major suckage..,
February 27 2009, 06:33:58 UTC 9 years ago
I changed my password tonight anyway.
I wish you luck in tracking him or her down though.
Z
February 27 2009, 07:59:03 UTC 9 years ago
Could you be any more pretentious?
February 27 2009, 17:19:59 UTC 9 years ago
February 27 2009, 17:22:09 UTC 9 years ago
I re-state my comment of "Could you be any more pretentious?"
February 27 2009, 19:03:55 UTC 9 years ago
Deleted comment
March 2 2009, 04:49:34 UTC 9 years ago
Yes, it was totally me! You caught me!
February 28 2009, 01:50:47 UTC 9 years ago
Having been on the other side of the fence, I can safely say that it sucks balls to pore (or grep) through what could be millions of lines of logfile-y goodness looking for that one nugget of clarity.
The least they deserve in return for your security is a little gratitude. <3
March 2 2009, 05:01:20 UTC 9 years ago
I've lost money due to my shit getting hacked, but I re-gained it because the company I lost it through (PayPal) saw that my account was compromised and worked with my bank to have the crap removed.
I have no gratitude to a administration "team" that is led by an incompetent ass who can't even have them inpliment an E-MAIL VERIFICATION SYSTEM.
I've been signing up using the same e-mail address EVERY TIME I start up a sock/troll account. The account gets banned, I change my proxy, create another account and I'm back in the game in less than 60 seconds. But that's back when I didn't have a life and loved to troll FA. Now I don't see the fun in picking on the retarded child of the internet.
March 2 2009, 05:04:47 UTC 9 years ago
March 2 2009, 05:09:16 UTC 9 years ago
My passwords are by no means "weak".
February 28 2009, 01:47:36 UTC 9 years ago
I'm sure there's a timestamp feature of some kind, so it shouldn't be too hard to implement a rollback feature for compromised accounts. You might set up a "Hall of Shame" for people with the worst track records of account compromises too. :-P
March 2 2009, 05:04:15 UTC 9 years ago