FurRag forums
August 18, 2017, 04:32:04 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: 1 [2] 3
  Print  
Author Topic: ALERT: Possible Security Breach on FurRag.com  (Read 19825 times)
Altivo
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 1126


Wandering about distractedly...


View Profile WWW
« Reply #15 on: October 15, 2013, 01:20:37 AM »

Thanks, you make me smile. Not because things seem to have crashed into the ditch, but because you confirm what I've been saying for years. For every visible reader at Furrag, I believe we had as many as a hundred or more silent ones.

Now let me offer some navigation hints. Many of the more prolific writers on Furrag do have their works elsewhere. Some are in actual print or available as e-books through Amazon or Smashwords. Many have been posting to Furaffinity or Sofurry just as they did here. I realize it's harder to sift through those two sites to find the writing, but there is quite a bit of it there. Oftentimes writers use the same name in all sites, since they do want to be recognized and visible to their readers. Furplanet and Sofawolf, as well as Rabbit Valley Comics, produce quite a lot of furry printed output. The first two are also starting to put out ebook versions. So there's plenty of furry reading available, even while Furrag is out of the picture.
Logged

-
“Don't be seduced into thinking that that which does not make a profit is without value.” ― Arthur Miller
A Quiet Fan
Newbie
*
Offline Offline

Gender: Male
Posts: 3


View Profile
« Reply #16 on: October 15, 2013, 08:14:54 PM »

Thanks, you make me smile. Not because things seem to have crashed into the ditch, but because you confirm what I've been saying for years. For every visible reader at Furrag, I believe we had as many as a hundred or more silent ones.

Now let me offer some navigation hints. Many of the more prolific writers on Furrag do have their works elsewhere. Some are in actual print or available as e-books through Amazon or Smashwords. Many have been posting to Furaffinity or Sofurry just as they did here. I realize it's harder to sift through those two sites to find the writing, but there is quite a bit of it there. Oftentimes writers use the same name in all sites, since they do want to be recognized and visible to their readers. Furplanet and Sofawolf, as well as Rabbit Valley Comics, produce quite a lot of furry printed output. The first two are also starting to put out ebook versions. So there's plenty of furry reading available, even while Furrag is out of the picture.


Thanks for the tip, Altivo. I really appreciate it! I just have a couple more things to say now:
1) Making people smile is what I do, I just wanted to speak up;
2) Would shutting the site down, then starting it up again with a clean slate do anything?; and
3) We're all in this together.


Yours Truly,

A Grateful Fan.
Logged

There is a certain amount of madness in every brilliant idea.
Altivo
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 1126


Wandering about distractedly...


View Profile WWW
« Reply #17 on: October 15, 2013, 08:52:56 PM »

Restarting the site with the same software would not really achieve much. The problem is the software itself, which apparently is not secure if someone was able to get in, steal a copy of the user list (including the encrypted passwords) and post it to another site. Since the software would still be the same, someone could repeat that action.

Fixing the existing software looks unlikely. It is "abandonware" and has no technical support. Moving to some other software platform would be at least possible, but the selection of possible replacements is vanishingly small and none of them look to have good support.
Logged

-
“Don't be seduced into thinking that that which does not make a profit is without value.” ― Arthur Miller
A Quiet Fan
Newbie
*
Offline Offline

Gender: Male
Posts: 3


View Profile
« Reply #18 on: October 15, 2013, 10:01:10 PM »

A few choices are better than none, right? But I suppose there's not much else that can be done now, is there?

You were right. We are heading into a ditch, aren't we. But where I'm from, when we drive into a ditch; instead of panicking, we say "Hang on tight and watch this".

I've said my piece. I'll probably quiet down for a while, but I'll still be here. If I feel that I need to speak up, I will; but for now, I will leave you with this piece of wisdom.

When you talk, whisper. When you speak, SHOUT.

As for the meaning of it... well, I'll let you figure that out for yourself. After all, what fun would it be if the answers were handed to you?

Good luck, and thank you for responding.

I have nothing more to say.
(At least for now.)


Yours Truly,

A Content Fan.
Logged

There is a certain amount of madness in every brilliant idea.
SwiftwindSpirit
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #19 on: October 16, 2013, 06:00:37 AM »

Hello, all who are reading this; I am a faithful reader of the stories on FurRag.

I don't have an account, not because I'm lazy,I just never got around to it, and when I heard it was closing down for good, it pretty much tore my heart out and crushed it. I have no idea where to find stories from all you authors out there, other than on FurRag, so sit let me just say that I had to get my two-cents in before it all fell apart(I registered on this site just so that I could). There are lots of incredible people and stories on the site that will all but vanish if and when it shuts down, and to me, that's like holding a digital book-burning. I am a huge fan of you all,(I'm looking at you, Alex Vance) and since I can't get on FurRag anymore, I needed to let my voice be heard somehow on the topic. There are not only writers and admins and registered folks, there are countless unnamed readers, too. I'm not ordering the site to be saved, I'm simply asking you to try; if not for the writers, then for the readers who sit on the sidelines,not wanting to make a fuss. If there was anything at all I cold do to help out,then I would. And while ranting isn't going to solve the problem, taking a stand is a damn good place to start.

If it can be saved, then that's wonderful! If not, then I hold no ill will towards any of you. Not all stories can have happy endings, after all.

If you are like me and have something to say, say it. For whatever difference it makes.
LET YOUR VOICE BE HEARD.

I am a guest on FurRag, and I WILL NOT be ignored.


Yours Truly,

A Not-So-Quiet Fan.

Thank you so much for speaking up like that for the readers. You know I'm really bummed I lost all of my content on this site thanks to a careless hack. I like several of my fellow writers had several works on here. I just wish deep down we could be able to recover what we lost so we can post it elsewhere. I'm so proud to see a reader finally speak up about how frustrating it is to lose a site dedicated to writers. I really think the security should have been monitored a lot better so this wouldn't have happened.

Your words are really encouraging and I hope beyond all hope the staff here realizes there is a fan base that's worth trying for. I personally would hate to see all this writing get axed because a punk ass little kid hack took it down. Keep supporting us as writers and we will support you!
Logged
chipotle
Newbie
*
Offline Offline

Posts: 15


View Profile
« Reply #20 on: October 18, 2013, 07:04:22 AM »

I don't think the actual methodology of the apparent password grab has been described (maybe it hasn't been discovered), which is a necessary step toward fixing the problem. I've downloaded the most recent version of the eFiction software that this site runs, and while there's nothing screaming TERRIBLE SECURITY FLAW RIGHT HERE! FIX THIS! that I caught, the biggest issue with it is that the code is at "not bad for 2003" standards. Even so, if the problem was described in more detail it'd probably be relatively easy to fix.

My suspicion is that the reason that there isn't another piece of software out there that's a direct replacement for eFiction is that freeware content management systems like Drupal or Joomla have become capable of filling the same role. Configuring them to do so wouldn't be trivial, although you'd get the benefit of leveraging a huge development community.
Logged
Quinn Yellowfox
Global Moderator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 654



View Profile
« Reply #21 on: October 20, 2013, 04:15:30 PM »

It's great to hear reader support. I hope quiet readers make more noise.
Logged

"A little nonsense now and then is relished by the wisest men." Roald Dahl
IronJack
Newbie
*
Offline Offline

Posts: 10


View Profile
« Reply #22 on: October 22, 2013, 12:59:17 PM »

@ Quinn, I don't think that you will see many replying to the forum aspect, but I get the idea that there is quite a substantial following out there that avidly hope for FurRag's return. While many of the authors are also on other sites I mentioned before that the primary difference is that FurRag focused solely on writing, with an ease of navigation. With So Furry, FurPlanet and so on it's rather frustrating trying to locate specific authors, stories by genre, etc;. FurRag was beautifully laid out, with a reader simply clicking on preferences and given a smorgasbord of tales that fit his or her criteria. I hate to say it, but I am also one of those that enjoys a little bit of the instant gratification that FurRag was able to provide in that regard. I'm actually a little disappointed that other sites that post stories don't also follow the example that FurRag employed.

  Hopefully FurRag will rise from the ashes of this debacle. It would be a shame to see the loss of so much that was done, the stories that date to the beginning of the site fade into obscurity, or be unable to return to a favorite tale every now and again. There are those of us that are still hoping that we'll see the phoenix rising and again spread its wings to take flight.

  IronJack
Logged
tempest
Jr. Member
**
Offline Offline

Gender: Male
Posts: 50



View Profile
« Reply #23 on: October 27, 2013, 07:35:17 PM »

Gosh, I was listening to Knotcast and they mentioned the FurRag getting blasted. Holy... Macaroni. This is like hearing something bad about a distant friend you haven't heard for a long time.

FurRag is actually the first site I stumbled when I did a web search for the 'furry'. I really don't know how it managed to appear so high in the google's search results, back in the 2009. I read my first stories there, and posted my own long before I opened an FA account. Still, I remember my fear of seeing the first furry story in my life, "Black Mouse" by foozzzball, and the sensation that I've never read an adult story before. Oh, the crazy days of filtering the sea of stories like a clam, giving advices, kindling encouragements. Typing a review on a tiny T9 keyboard of an ancient smartphone. Reading Maranatha in public transport. That thrill of the Library, a thrill you get every time you walk into one!

I'd really like to see FurRag revamped. Now it's just Kamui's picture and bunch of nostalgia on a server strapped with unstable code and locked doors. The codebase needs to change to something more up to date, that's one thing. If nothing works, then just parse the stories into text files, assemble them on an archive, and willing furs will seed it forever on TPB.

Big cheers to Altivo, Quinn, and many others who kept the fire going, though many I have forgotten over the dusty years. May the site be reborn by next year!
Logged
Shayde
Newbie
*
Offline Offline

Gender: Male
Posts: 1



View Profile WWW
« Reply #24 on: October 30, 2013, 04:30:49 PM »

This really is disheartening, to be honest. While I may not be the most 'active' user on the website, I did strongly enjoy its' merit as a place to go to and share my literature with others. I am shocked that the userlist and passwords had managed to be leaked, but, I am glad that the staff team of FurRag itself was able to react fast enough to stop a massive calamity from dropping into their laps. I may not be the best writer there is, but, I know that while I was able to post to the main site there were a few people that enjoyed my writing, and I know I enjoyed some of the stories that people had posted on here.
FurRag, I think, is a valuable tool for writers in the community, as it encouraged feedback on what people were able to produce, rather than on places such as SoFurry, or FurAffinity, that just seem to have people trolling through to read and add things to their favorites without stopping. I personally can say that I grew as a writer from the feedback I was able to garner from other users in the short time I had my account here, and I think that should be preserved somehow. Everyone should be focusing, this point, an the alternatives to FurRag, because with a problem this severe, the main site won't be around much longer. I hate to say it, but I have already removed the site from my browser's bookmark list.

As much as it has turned into a degrading form of itself, though I do give Toumal great respect and a lot of admiration for keeping a site like SoFurry running, as well as trying to continue expanding the functionality the way he does, the site is at the least a viable alternative, I would think. SoFurry allows users to create groups, and the support for literature submissions they improve and maintain on a regular basis, as much as they can. If FurRag ever does pull through, I guarantee that I will be back enthusiastically. If not, well, I do hope these forums remain alive so that I can still communicate with the FurRag community.

I hate to say goodbye to something I hadn't gotten the chance to really know, yet, but I would hate more for things to have happened to the users because of a slip up. I sincerely hope that a resolution can be found, that doesn't involve the dissolution of the site.
Logged

The Universe doesn't revolve around us, the Universe revolves around what we can create...
ren9999
Newbie
*
Offline Offline

Posts: 1


an avid reader with a job... yet still no life


View Profile
« Reply #25 on: December 08, 2013, 12:47:55 AM »

is it possible that the thief/thieves simply downloaded the entire site and went to work from there?

there are many programs out there that can download entire websites and make them operate completely disconnected from the net.

one example would be a program called httrack

the description they give of their program is this:

Quote
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads

quoted from their main page: http://www.httrack.com/

if you say that the above aproach (downloading the entire website) isnt possible because it would take to much harddrive space, well, hard drive space is very easy to come by.

on a slightly different note: any update on how things are going? i had just recently found out about furrag and had come to check it out (a furry fiction archive site, HELL YES) i do hope you are able to come back, i would love to join and read all the stories.
« Last Edit: December 08, 2013, 12:56:42 AM by ren9999 » Logged

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life. - Andrew Brown
Altivo
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 1126


Wandering about distractedly...


View Profile WWW
« Reply #26 on: December 09, 2013, 12:26:49 AM »

Download tools like that can only download files that are actually "servable" by the server software. That includes HTML, CSS, and images, but doesn't include internals such as databases or password files. To get at those, you have to break through some security flaw either in the server software itself (possible but unlikely at hosting sites of any size, or in the PHP or other scripting code used on the website.
Logged

-
“Don't be seduced into thinking that that which does not make a profit is without value.” ― Arthur Miller
Osfer
Administrator
Full Member
*****
Offline Offline

Gender: Male
Posts: 233


Uncrowned King of FurRag and Bad Dog Books.


View Profile WWW
« Reply #27 on: December 09, 2013, 07:03:48 PM »

Hi all.

I apologize for my silence and inaction on this issue. To my shame, I was under the assumption that I'd be notified of any reply to this topic, and clearly I was wrong.

To those who voiced their appreciation of what FurRag was prior to the hack: thank you, and thanks all the more to Altivo, and the others like him who maintained the site and forums, and who cultivated the community. Like any absentee landlord I just pay the electric bills; these guys make this place what it is.

it's a busy time of year, but that's no excuse for leaving you all hanging.

Some of you have indicated you'd like copies of stories you have on the site so you can post them elsewhere – that, I'm happy to say, remains possible, and I've already done so on one occasion. Please contact me at alexfvance[at]gmail[dot]com with your request, preferably from the e-mail address you used when you signed up, and I'll send your stories to you.

This isn't the end, I'm still looking into solutions to offer, at least, a temporary archive of the stories, but only when I can be absolutely certain that there is no security risk, that privacy remains intact, and that authors' requests to have their stories or accounts removed can be honoured.

- Alex
Logged
Altivo
Administrator
Hero Member
*****
Offline Offline

Gender: Male
Posts: 1126


Wandering about distractedly...


View Profile WWW
« Reply #28 on: December 09, 2013, 07:21:58 PM »

 Cheesy Alex, if you aren't set to get automatic notification for every thread to which you post, you need to click on the "notify" button at the bottom of the thread to get notification turned on. The forums do send out e-mail notices, and I've been getting them for this thread.
Logged

-
“Don't be seduced into thinking that that which does not make a profit is without value.” ― Arthur Miller
Osfer
Administrator
Full Member
*****
Offline Offline

Gender: Male
Posts: 233


Uncrowned King of FurRag and Bad Dog Books.


View Profile WWW
« Reply #29 on: December 09, 2013, 08:42:27 PM »

I've corrected the error. I believe I must have clicked it twice; whether notifications are active or not the button says 'notify' and the contents of the subsequent popup are easily overlooked. Thank you!
Logged
Pages: 1 [2] 3
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.14 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!