Josh on Nostr: Kiwi Farms, [4/30/2023 12:22 PM] The file server which stores attachments was ...
Kiwi Farms, [4/30/2023 12:22 PM]
The file server which stores attachments was compromised and all live version of files have been replaced with a 3kb file of some kid on Twitter taking credit for it. I'm closing the site to audit the attack. I'll update this message as I learn more.
12:43pm - The impact is much smaller than I expected. I am now revaluating what has happened. It does not appear the fileserver itself is compromised.
1:00pm - I've only found two video files that have been changed to the corrupted file. I'm not sure how the trick is being done yet.
1:45pm - I believe I have an idea of how it was done and I'm attempted to recreate it.
Kiwi Farms, [4/30/2023 4:17 PM]
I have confirmed the attack vector, have applied patches to secure the attack, verified the patches individually, and am now working on undoing the damage.
The attack did not have direct access to the file server but did find a way to replace existing files. No accounts were compromised and the actual damage is relatively small. It was video files in 2 threads, my avatar, and one other video that's used on the registration page.
I reached out to the attacker and he's not politically motivated, it's just something he did for fun. I opted to give him 5 XMR for confirming my theories of what the vector was.
Back online ETA 1 or 2 hours.
Edit: It's literally just some kid, calm down.
Published at
2023-04-30 14:49:17Event JSON
{
"id": "1609c7452e96bb9aa95be5cafa019f02dd5e5af56f6f7ec0bc083a5617777cd3",
"pubkey": "e7d91783d7aca8b9545f78d9918360e1ca6381f0a43d94d596e059684281f47b",
"created_at": 1682866157,
"kind": 1,
"tags": [
[
"mostr",
"https://kiwifarms.cc/objects/b797b20f-d80a-459d-9167-4500c519ff20"
]
],
"content": "Kiwi Farms, [4/30/2023 12:22 PM]\nThe file server which stores attachments was compromised and all live version of files have been replaced with a 3kb file of some kid on Twitter taking credit for it. I'm closing the site to audit the attack. I'll update this message as I learn more.\n\n12:43pm - The impact is much smaller than I expected. I am now revaluating what has happened. It does not appear the fileserver itself is compromised.\n\n1:00pm - I've only found two video files that have been changed to the corrupted file. I'm not sure how the trick is being done yet.\n\n1:45pm - I believe I have an idea of how it was done and I'm attempted to recreate it.\n\nKiwi Farms, [4/30/2023 4:17 PM]\nI have confirmed the attack vector, have applied patches to secure the attack, verified the patches individually, and am now working on undoing the damage.\n\nThe attack did not have direct access to the file server but did find a way to replace existing files. No accounts were compromised and the actual damage is relatively small. It was video files in 2 threads, my avatar, and one other video that's used on the registration page.\n\nI reached out to the attacker and he's not politically motivated, it's just something he did for fun. I opted to give him 5 XMR for confirming my theories of what the vector was.\n\nBack online ETA 1 or 2 hours.\n\nEdit: It's literally just some kid, calm down.",
"sig": "05d4954a08c52837b290758d50eac7bc6b71e141494eaea5be315834b4c171986c157b9b76bf5933dffea530d075502f9b7e9bc4f5e7c56bf063eaa30c5c2de0"
}