Fur Affinity goes read-only while it strengthens security after recent attacks

First Fur Affinity posted this in their forums:

It was brought to our attention last night (May 16) that someone had obtained a copy of Fur Affinity’s source code via the recent “ImageTragick” exploit in the ImageMagick library (a common server-side image processing software). This exploit was patched earlier in this month, but not before a malicious user was able to download a copy of our source code, and later actively distributed it via USB drives at a convention.

We managed to get a hold of one of the USB drives and started to analyze what was distributed. While we were investigating, somebody launched a second attack against the site using information gleaned from the source code.

This attack targeted the site’s database by deleting user information, submissions, and watches. It was stopped before any further damage could be done. Other information such as journals, notes, passwords, and personal information was not affected. We’re currently in the process of doing a security audit on the existing code and closing any loopholes which may be accessible from the source code.

We are also working to restore the deleted data. Our most recent full backup is from May 11, so approximately 6 days worth of new user registrations, account watches, and new submissions have been lost due to the attack. We are still trying to evaluate the scope of the attack.

We apologize for the inconvenience to the community, and are working to rectify the issues. If anyone has any knowledge/evidence as to who perpetrated the attack, or who was distributing the USB drives containing FA’s source code, please privately contact Dragoneer on Twitter (@Dragoneer) or via email at [email protected].

We are working to restore FA as quickly as we can, but want to make sure we take proper steps to prevent any further issues. We will keep the community updated on our progress.

Sadly, within the last hour, they wrote:

We have temporarily put the site into Read Only mode while we work on implementing additional security measures. We have just learned the attackers have access to personal user data, such as encrypted passwords and email addresses.

We will be making improvements to the login page and password reset tool to increase security on those pages. Once the changes are complete, we will provide instructions on how to reset your password. We apologize for the inconvenience.

About the author: Dissent