Post ANlQQRvs48kSSv5AC8 by colonelj@freespeechextremist.com
(DIR) More posts by colonelj@freespeechextremist.com
(DIR) Post #ANlIl0rP7BSQx1HsIa by DarkMahesvara@varishangout.net
2022-09-20T16:54:26.334891Z
5 likes, 3 repeats
https://archive.ph/SBdQH
(DIR) Post #ANlImrvdIIAfpR9NM8 by rlier23@bae.st
2022-09-20T17:03:03.065140Z
2 likes, 0 repeats
@DarkMahesvara old news at this point m8.still, lmao
(DIR) Post #ANlKnx8tatfKCHzyC0 by lewdthewides@hidamari.apartments
2022-09-20T17:25:35.482165Z
7 likes, 3 repeats
@DarkMahesvara Josh was running a copy of Xenforo that wasn't updated for a year because the license got pulled. Instead of migrating the database to something like nodeBB, he added his own shitty code on top of vulnerable code.Guy is a legit idiot
(DIR) Post #ANlLN8PdgTyFHnbdaa by PonyPanda@freespeechextremist.com
2022-09-20T17:32:01.257132Z
2 likes, 0 repeats
@lewdthewides @DarkMahesvara Jesus fucking Christ.People unironically defend this moron.
(DIR) Post #ANlLa6ctdWIXVjzZsO by lewdthewides@hidamari.apartments
2022-09-20T17:34:19.210052Z
5 likes, 0 repeats
@PonyPanda @DarkMahesvara https://archive.ph/xvrCc
(DIR) Post #ANlM0oPhSXhyqMYQDY by pettanko@varishangout.net
2022-09-20T17:39:10.474502Z
4 likes, 3 repeats
@lewdthewides @PonyPanda @DarkMahesvara >No. I will make sure any security issues are dealt with.whoops
(DIR) Post #ANlM9DGqvNCUFnQDGC by lewdthewides@hidamari.apartments
2022-09-20T17:40:39.265684Z
5 likes, 1 repeats
@pettanko @PonyPanda @DarkMahesvara he dealt with them, all right. By creating new ones
(DIR) Post #ANlMCwK1shzuqXgVma by PonyPanda@freespeechextremist.com
2022-09-20T17:41:23.008053Z
3 likes, 1 repeats
@lewdthewides @DarkMahesvara the KiwiFags crowd will defend this saying... "HE GAVE US A WARNING THOUGH."
(DIR) Post #ANlMU2pYw53RxIaf68 by DarkMahesvara@varishangout.net
2022-09-20T17:34:17.703366Z
2 likes, 2 repeats
@lewdthewides further using unmaintained software was indeed foolish however i doubt it would make much difference. if you are a big enough target and all alone its only a matter of time.
(DIR) Post #ANlMZ5DRUlXcniA8dU by Septemberboi@poa.st
2022-09-20T17:45:22.823490Z
0 likes, 0 repeats
@PonyPanda It's a shitty defense and not meant to take away from the impact of the KF hack but it's funny to me that Rockstar, a game company worth approximately 4 billion, had a worse hack with actual leaks; although user data may not be in that one. I'm not even sure if user data has been found in the KF one yet.
(DIR) Post #ANlMcIV2YwrOruvVC4 by ForTheHoard@poa.st
2022-09-20T17:45:57.661738Z
2 likes, 0 repeats
@Septemberboi @PonyPanda That's because kiwi farms doesn't hire women.
(DIR) Post #ANlMjkFlm19oyLKpX6 by RamRanch@poa.st
2022-09-20T17:47:18.480121Z
1 likes, 0 repeats
@ForTheHoard @Septemberboi @PonyPanda Kiwi Farms loves women, it just hates "women" and (((women)))
(DIR) Post #ANlMqNIpVAoXoqvZrc by ForTheHoard@poa.st
2022-09-20T17:48:27.777081Z
0 likes, 0 repeats
@RamRanch @Septemberboi @PonyPanda Kiwi women are skinny and I would have sex with then
(DIR) Post #ANlMt72kPUxeGCi8Om by Septemberboi@poa.st
2022-09-20T17:48:55.422894Z
2 likes, 0 repeats
@ForTheHoard @RamRanch @PonyPanda They're only skinny compared to foodie beauty.
(DIR) Post #ANlNeMhnzpAERjRmXg by colonelj@freespeechextremist.com
2022-09-20T17:57:32.699840Z
3 likes, 0 repeats
@PonyPanda @lewdthewides @DarkMahesvara "who care if Josh's retardation got the site hacked twice? he warned us! so it's your fault!"
(DIR) Post #ANlNl83arEYT2drbAu by PunishedD@poa.st
2022-09-20T17:58:45.699580Z
3 likes, 1 repeats
@DarkMahesvara @lewdthewides The problem wasn't the Xenforo code, the problem was his custom chat client in Rust. Josh was redoing it because the old chat was buggy and very memory intensive. The hacker did have a lot of Xenforo knowledge though, which he used to hijack sessions from the chat vulnerability. It wasn't an unpatched vulnerability in the old code.
(DIR) Post #ANlQQRvs48kSSv5AC8 by colonelj@freespeechextremist.com
2022-09-20T18:28:38.706830Z
1 likes, 0 repeats
@PonyPanda @DarkMahesvara @lewdthewides first time was cause they severely turned down the firewall severely to test things to "prepare for a post-cloudflare world"
(DIR) Post #ANlRj9hiA8i9O4wVqy by PonyPanda@freespeechextremist.com
2022-09-20T18:43:13.848292Z
0 likes, 0 repeats
@PunishedD @DarkMahesvara @lewdthewides Lmao. Jewsh Defence Force mobilized. @colonelj look at this coping coper.
(DIR) Post #ANlS1JnJNyExtWDsuW by colonelj@freespeechextremist.com
2022-09-20T18:46:30.790525Z
2 likes, 1 repeats
@PonyPanda @PunishedD @DarkMahesvara @lewdthewides it doesn't read like a defense to me. sounds like an accurate assessment. the problem was Josh's rust stuff and not Xenforo
(DIR) Post #ANlT0vYraESaguqHjs by PonyPanda@freespeechextremist.com
2022-09-20T18:57:38.859117Z
1 likes, 1 repeats
@colonelj @DarkMahesvara @PunishedD @lewdthewides >Instead of migrating the database to something like nodeBB, he added his own shitty code on top of vulnerable code.He should have fucked off Xenforo and not attempted whatever niggerfix solution he was working on. PunishedD is coping.
(DIR) Post #ANlTf3PJpb9SbnVnHc by PunishedD@poa.st
2022-09-20T19:04:53.603635Z
1 likes, 0 repeats
@PonyPanda @colonelj @lewdthewides @DarkMahesvara "whatever niggerfix solution he was working on"If you can't bother following along the dev updates he posted, you shouldn't bother commenting on the technical aspects.
(DIR) Post #ANlTwdAo6jCcSR6azg by PonyPanda@freespeechextremist.com
2022-09-20T19:08:04.572659Z
0 likes, 0 repeats
@PunishedD @DarkMahesvara @colonelj @lewdthewides Why didn't he migrate the DB?
(DIR) Post #ANlUDcrmVAFgQeJHfc by PunishedD@poa.st
2022-09-20T19:11:08.555022Z
1 likes, 0 repeats
@PonyPanda @colonelj @lewdthewides @DarkMahesvara What would that change? The hack was an xss injection to do session hijacking. The database didn't figure into it, unless its slowness caused the 500 error that prevented the user dump.
(DIR) Post #ANlVMBSXryc7zJ9PEm by colonelj@freespeechextremist.com
2022-09-20T19:23:53.958449Z
0 likes, 0 repeats
@PonyPanda @DarkMahesvara @PunishedD @lewdthewides D is right. you're just coping
(DIR) Post #ANlWtmPdbF0Y6eNH4y by PhenomX6@fedi.pawlicker.com
2022-09-20T19:41:09.379805Z
2 likes, 1 repeats
@PonyPanda @colonelj @lewdthewides @PunishedD @DarkMahesvara it's not coping when CF literally blocks basic exploits and whatnot.Literally a guy I know set up a mediawiki instance and cf began blocking spammer sign up attempts and all. So CF was blocking a lot of KF exploits or attempts at it presumably too because both were from non-CF sources and the first time this happened is why Josh stayed on CF for so long imo.
(DIR) Post #ANlY1xYc9CTawT2Ndo by PhenomX6@fedi.pawlicker.com
2022-09-20T19:53:50.329478Z
2 likes, 0 repeats
@PonyPanda @colonelj @lewdthewides @PunishedD @DarkMahesvara also he was trying to get off of xenforo and namely PHP as Xenforo really tanked with a site the size of KF with as many attachments as it had. KF before the Keffals shitshow was truly a massive site.His issue is he was trying to write a new forum software, in a language that was kind of a meme, instead of thinking "how can I use something more secure for now". The thing is usually sites that run old versions of VB and other forum software (like SA and it's jank ass VB2 setup) have to keep patching flaws or else they'll get pwnd with some old flaw, which wasn't the case here since it was Joshes chatbox.But I've seen people trying to run sites on old IPB 1.3.1 or nulled VB and getting pwnd, if they don't get angry letters for running the latter.
(DIR) Post #ANlZS1gBXmljD4ZWTo by laurel@freespeechextremist.com
2022-09-20T20:09:46.514116Z
1 likes, 0 repeats
@PunishedD @DarkMahesvara @lewdthewides Tbh, not sanitizing user input is about as bad as using outdated software. I mean Rust being a meme language and all has packages such as sanitize_html that do this thing for you.And he should be passing *everything* a user inputs through it.
(DIR) Post #ANleORlN7hCGif6v9E by applejack@gameliberty.club
2022-09-20T21:05:08Z
1 likes, 0 repeats
@Halo @lewdthewides @DarkMahesvara At least it was safe since it was written in Rust 🚀