Conversation

Notices

1. Embed this notice
   Josh (josh@kiwifarms.cc)'s status on Monday, 01-May-2023 00:01:44 JST Josh
   Kiwi Farms, [4/30/2023 12:22 PM]
   The file server which stores attachments was compromised and all live version of files have been replaced with a 3kb file of some kid on Twitter taking credit for it. I'm closing the site to audit the attack. I'll update this message as I learn more.
   
   12:43pm - The impact is much smaller than I expected. I am now revaluating what has happened. It does not appear the fileserver itself is compromised.
   
   1:00pm - I've only found two video files that have been changed to the corrupted file. I'm not sure how the trick is being done yet.
   
   1:45pm - I believe I have an idea of how it was done and I'm attempted to recreate it.
   
   Kiwi Farms, [4/30/2023 4:17 PM]
   I have confirmed the attack vector, have applied patches to secure the attack, verified the patches individually, and am now working on undoing the damage.
   
   The attack did not have direct access to the file server but did find a way to replace existing files. No accounts were compromised and the actual damage is relatively small. It was video files in 2 threads, my avatar, and one other video that's used on the registration page.
   
   I reached out to the attacker and he's not politically motivated, it's just something he did for fun. I opted to give him 5 XMR for confirming my theories of what the vector was.
   
   Back online ETA 1 or 2 hours.
   
   Edit: It's literally just some kid, calm down.
   • Embed this notice
     Token (coin@asimon.org)'s status on Monday, 01-May-2023 00:02:32 JST Token

     in reply to
     @josh Smart move converting the hacker into a semi bug bounty hunter.
     Alex Gleason likes this.