FurRag forums
August 16, 2017, 03:11:07 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  Home Help Search Login Register  
  Show Posts
Pages: [1] 2 3 ... 10
1  Discuss / General / Re: While you were away... (possible site news) on: March 20, 2014, 08:37:44 AM
My sincere thanks to Chipotle for his fantastic, generous efforts and patience. Words fail me.

And to y'all, for your attention and appreciation for what FurRag stands for. I take no credit for that: FurRag is you; caretakers like Altivo, evangelists like Quinn, to name a few, and all of you.

The end date for the static site hasn't been decided, but it will be in 2014, and it will close. It's not that it's a massive logistical o financial drain, it's more a matter of cleanliness. I don't want FurRag-the-archive to distract furry readers from sites where authors are actively posting, and where they can connect with their favorite writers.

As for the forum, no decision has been made about closing it. If this forum winds up being the only thing running on the hosting service I use, I may want to shut down the hosting account to save myself a little cash each month -- but if the forum is in active use, I won't close it.

I will find a solution; move it to a little nook of a trusted friend's hosting service, or maybe there's a free SMF hosting service, I don't know. But all forum threads and all user accounts will be included.

Anyway. Thank you, Chipotle, for giving FurRag a second breath, and a nice swan song!
2  Discuss / General / Re: ALERT: Possible Security Breach on FurRag.com on: December 09, 2013, 08:42:27 PM
I've corrected the error. I believe I must have clicked it twice; whether notifications are active or not the button says 'notify' and the contents of the subsequent popup are easily overlooked. Thank you!
3  Discuss / General / Re: ALERT: Possible Security Breach on FurRag.com on: December 09, 2013, 07:03:48 PM
Hi all.

I apologize for my silence and inaction on this issue. To my shame, I was under the assumption that I'd be notified of any reply to this topic, and clearly I was wrong.

To those who voiced their appreciation of what FurRag was prior to the hack: thank you, and thanks all the more to Altivo, and the others like him who maintained the site and forums, and who cultivated the community. Like any absentee landlord I just pay the electric bills; these guys make this place what it is.

it's a busy time of year, but that's no excuse for leaving you all hanging.

Some of you have indicated you'd like copies of stories you have on the site so you can post them elsewhere – that, I'm happy to say, remains possible, and I've already done so on one occasion. Please contact me at alexfvance[at]gmail[dot]com with your request, preferably from the e-mail address you used when you signed up, and I'll send your stories to you.

This isn't the end, I'm still looking into solutions to offer, at least, a temporary archive of the stories, but only when I can be absolutely certain that there is no security risk, that privacy remains intact, and that authors' requests to have their stories or accounts removed can be honoured.

- Alex
4  Discuss / General / Re: Furrag maintenance on: September 29, 2013, 07:16:56 AM
Hi all,

My apologies for the length of time it's taken me to collate and respond. I'm sorry to hear about your friends' passing.

I've updated the main thread here: http://forum.furrag.com/index.php/topic,1352.msg10230.html#msg10230

In the meantime, IronJack, please send me an e-mail at alexfvance@gmail.com with your mate's username and I'll see that you receive a copy of her stories.

- Alex
5  Discuss / General / Re: ALERT: Possible Security Breach on FurRag.com on: September 29, 2013, 07:14:37 AM
Hi all,

First of all, my apologies for the length of time it's taken to follow up. Secondly, I'm afraid I don't have good news.

I've had only limited success in securing information about why the list of usernames, e-mail addresses, and password hashes was able to be retrieved, though the most common suspicion is an inherent flaw in the codebase. Again, FurRag is based on the eFiction codebase, which hasn't been actively maintained since 2010.

I've reached out to a few nerd acquaintances, none of whom are available to review and overhaul the codebase. This is understandable; it's a massive amount of work and it's a serious responsibility. Those friends whom I believe to have the necessary skills and experience to audit and repair FurRag are also ones who have more than full time occupations.

Some others have shown insight into the security breach and proposed possible fixes, some have shown enthusiasm for the task of finding the security leak(s) and repairing it/them. However, while I have no reason to doubt their intentions and sincerity, these are people I don't personally know, and for whose character I can't vouch. To let un-vetted persons poke around at the code would be the antithesis of the security we're trying to achieve.

All this means that, as it currently looks, FurRag is destined for the knacker's yard.

We can't in good conscience keep the site up, knowing that our users' information is at risk due to unknown and unfixed security flaws in the codebase. We don't have the resources to fix it ourselves.

FurRag will be shut down, but I'm currently investigating how to best do that. On the one hand, it would be good to leave the site on in a read-only fashion so that folks can get at their stories and comments and archive them somehow; on the other hand, doing so would prevent folks from being able to delete stories, or their own profiles, should they not wish them to be available anymore. Further, it does not currently appear that the eFiction codebase even has a facility for a read-only mode.

My current plan is to find some way to create a read-only version of FurRag that will remain active for a few months, and then take the site offline for good.

We've had a good run, guys. All of you have made this little corner of the web a lively little literary litter-box. I'm happy that I could slap the site up for you to enjoy, I'm proud of the authors that made the site worth visiting and I'm immensely thankful for the admins, Altivo in particular, who cultivated this little community during my negligence. You guys are awesome, and I want to do right by you.

So please, chime in with your thoughts!

Kind regards,

- Alex
6  Discuss / General / Re: ALERT: Possible Security Breach on FurRag.com on: September 13, 2013, 10:48:33 PM
I believe the leaked list contains usernames from multiple sites that use the same codebase as FurRag, a CMS called eFiction which has not been maintained since 2010.

This suggests that the leak is due to an inherent and previously unknown security flaw in eFiction itself. Investigation is ongoing.
7  Discuss / General / Re: ALERT: Possible Security Breach on FurRag.com on: September 13, 2013, 10:44:42 PM
Preliminary research indicates that the list of usernames came from FurRag.com itself and that the forum has not been compromised.

The list seems to consist of users from multiple sites that use the same codebase as FurRag, some 10% of which are actually from FurRag users.

Analysis of the list plus spot checks suggest that the list was taken on 15 December 2012.
8  Discuss / General / ALERT: Possible Security Breach on FurRag.com on: September 13, 2013, 09:23:38 PM
Hi all,

Alex Vance here, the 'absentee landlord' of FurRag.com.

I've been made aware of a list of usernames, e-mail addresses and MD5 hashes that has been leaked and determined that it was stolen from FurRag on 2 September.

For the security of our users I'm putting the site in Maintenance Mode until further notice, while I seek help in investigating the source of the security breach, the nature and extent of it, and what solutions there can be.

In the meantime, I advise you all to change the password on any accounts you have that use the same e-mail and password combination as you use for FurRag.

Note that this is precautionary advice: there's currently no evidence that anyone has access to your password.

Further information will be posted here, as it becomes available.

Please be patient. I will do what I can and seek the help I need to get this resolved.

Kind regards,

- Alex F. Vance
9  Discuss / General / Lester the spambot on: October 08, 2012, 03:17:39 PM
Hi all,

Turns out, I'm still kickin'. This morning the review system was hit by a wedding-dress obsessed spambot called Lester, who left nearly 100 bogus reviews. Astute authors reported these quickly, and as soon as I received the reports I deleted the account.

Unfortunately, since it's been a while since the site itself's had a spambot (Altivo's been heroically guarding and gardening the forums, for which I thank him) I made a mistake: I deleted the offending account, before deleting his reviews.

Therefore I can only delete them when authors report them. I'm really sorry about this, guys.

Out of some 99 reviews by Lester Anonymous I've deleted a few dozen; if you find the bot's left any on your stories, regarding prom dresses and really bizarre spambot gobbledygook, please tap the Report button and I'll take care of 'em toot sweet.


- Alex "Khaki" Vance
10  Discuss / General / Re: Okay, now we're definitely being invaded! on: June 21, 2011, 08:42:48 AM
My thanks to you all, altivo first and foremost, for your patience, attention and assistance! There's been a bunch of good ideas, and they've been of great help.

First and foremost, we want FurRag to remain a pleasant and trouble-free environment, which of course means the exclusion of spambots -- scourge of the Internet. Altivo has been doing this for us quietly and attentively, for which he deserves great thanks, but obviously it isn't right that this should cost him so much work.

We also don't want to burden new members with complex procedures or even simple ones that could dissuade them from participating, or assuming that the community is more trouble than it's worth. Such processes delay a new member's ability to participate, and of course also require daily attention from the forum moderators.

I'm a firm believer that electronic systems should manage themselves and let the humans that use them get on with the business of doing whatever the system was designed to help them do, so a programmatic solution is far preferable.

I reviewed Mungo's suggestion, helpfully mentioned by Altivo, and since I have a backup of the entire forum that's less than eight hours old I decided to implement the modification, bravely titled Stop Forum Spam, which apparently checks the e-mail addresses of new registrants against a database of known spammers.

While my research into this mod hasn't been exhaustive, what I've seen has convinced me that this is on the up-and-up and that it has no access to personal data other than the e-mail address of a new user.

I'm hoping that this helps. I'm with Altivo, in that I'd rather wait a few weeks or months before implementing a major upgrade, to see if anyone runs into serious trouble and let the new software mature a bit, but I'd rather go through the hassle of upgrading the forum over a weekend than place extra managerial burdens on Altivo or invoncenience our users, new and old.

Thanks again for all your support!

- Alex Vance
11  Discuss / General / Re: Okay, now we're definitely being invaded! on: June 20, 2011, 05:40:41 PM
Hi all,

The security patches up to the latest version of our forum software SMF (1.1.14) have been applied. If this isn't sufficient to stem the tide, then there are a few options worth exploring.

Zeek, thanks so much for the pointers! Unfortunately one of the suggested links only lists 1.1.9 as compatible, which I'm not sure I should risk, and the other one would prohibit visually handicapped or mobile users from registering.

One week ago, SMF 2, after four years of development, went gold. It includes substantially improved security, including a revamped captcha -- one of Zeek's suggestions was simply a hack to get the SMF 2 captcha functionality in SMF 1.

Let's give it a few more days. We'll see if the spam problem abates, and I'll keep a weather eye out to see if anyone's having trouble with SMF 2, and decide from there whether to upgrade.

- Alex
12  Events / Open Submissions / Re: New Publication -- Allasso on: June 20, 2011, 01:26:06 PM
Hello fellow Alex,

Not to hjack the thread, but it caught my eye and I thought I'd butt in. Six years ago I was in the same position you were, casting out wide nets to acquire fiction for what would become FANG Vol. 1, and the start of my involvement in furry publishing. I'm delighted you're starting your own publication!

Do you have a distribution plan? Do you have experience in layout and typesetting? Will you be issuing release contracts to the authors or operating on a gentleman's agreement?

Actually, there's a fair few other aspects of book publishing where I could offer advice to help you avoid some of the pitfalls that made my own publication enterprises rather a rocky road. If you'd like a touchstone to help you along, please feel free to contact me at alexfvance@gmail.com.

- Alex (Prime)

13  Discuss / General / Re: Okay, now we're definitely being invaded! on: June 20, 2011, 01:20:09 PM
Hi all,

First of all, my thanks to Altivo and Quinn for dousing the fires that arose over the last week or two. Also, my thanks to you all for reporting them when you came across them.

There is a recent security patch available for our forum software; it's well possible that this should plug the leak we seem to have sprung. This evening I'll run a full backup and apply the patch.

If all goes well you should notice absolutely nothing. If it goes poorly you'll notice some brief downtime while I restore the backup and look into alternatives.

Fingers and paws crossed!

- Alex
14  Discuss / General / Re: Can't register on: October 24, 2010, 09:30:09 PM
Hi folks,

I've been working with our hosting provider to find a solution, and I think we've worked one out. I've updated some stuff on the site and as far as I can see, our registration woes are over.

Try it out!

- Alex
15  Discuss / General / Re: Registration Issues on: October 24, 2010, 09:29:58 PM
Hi folks,

I've been working with our hosting provider to find a solution, and I think we've worked one out. I've updated some stuff on the site and as far as I can see, our registration woes are over.

Try it out!

- Alex
Pages: [1] 2 3 ... 10
Powered by MySQL Powered by PHP Powered by SMF 1.1.14 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!