2022.09.18 : HACKED TODAY!!! KiwiFarms net FULLY hacked by paid ANTIFA today! EVERYTHING compromised: emails, IPs, passwords, control of all servers. Crappy web code by incompetent programmers was to blame, not the new Epic.com anti-DDOS, DNS, or Epic.com Domain registrant. Nor the Ukraine backup.
archive.phPosted by smartypants in Tech (edited )
2022.09.18 : HACKED TODAY!!! KiwiFarms net FULLY hacked by paid ANTIFA today! EVERYTHING compromised: emails, IPs, passwords, control of all servers. Crappy web code by incompetent programmers was to blame, not the new Epic.com anti-DDOS, DNS, or Epic.com Domain registrant. Nor the Ukraine backup machine. OMG!
Details :
It was remote script in a iFrame in a .opus link from a shady site that does not qualify media file links. This is why you never open strange links, or use PhP XenForo, but in this case, even catbox.moe for one whole year still serves fake jpg malware and fake png malware that could hack any Apple product on earth in Feb 2022.
The paid contractors for ADL/SPLC/ShareBlue attack these Free Speech sites often.
JIDF/ MOSSAD/ ADL/ SPLC/ ShareBlue/ CIA/ NSA/ NRO/ FBI/ DIA/ USDOJ/ USSS/ State Dept INR/ USAFISR/ ATF/ DOE/ DHS/ TFI/ ONSI/ DGB/ NSF/ USPS...
Also you can add nation states like China/Russia/Germany/India/Japan etc.
One user minimum from EACH of the above will read this post. NSF Too? Yes, $ millions even for NSF to surf communities.win :
https://www.breitbart.com/tech/2020/03/01/federal-funds-used-to-research-hate-speech-on-gab/
USPS too? Yes not just millions for NSF, but even the USPS monitors White Hate on social sites to allow access of FBI/NSA databases:
https://www.wnd.com/2022/02/revealed-postal-inspectors-using-tech-break-cell-phones/
= = = =
The Left HATES free speech web sites.
Sadly, the Left has unlimited funds to hire ANTIFA jooo contractors to attack crappy web site code, and this time they did not even need to do a "fuzzing" attack.
https://en.wikipedia.org/wiki/Fuzzing
This time it was three various connected attack angles, all permitted by the site code not removing and banning malware links of fake media files, and using incompetent cookie/AUTH/session tokens.
If you were on Kiwifarms net last night.... ANTIFA and rD ra m a dot net, have your IP address to cross correlate into their buddies databases at Facebook, Instagram, Reddit, Apple, and Google/Android. Lots of Gay and Troon technicians do IP lookups to account names for these Leftists to doxx their real names.
Even Epik.com was fully hacked multiple times in less than 12 months :
4 things minimal for a free speech site :
- A dirt cheap VPS (dozens exist for under 10 dollars a month, one free speech example https://buyvm.net/ )
- A Anti-ddos company to hide its real IP and protect it from Joooooos [epik.com BitMitigate for Sep 2022 onward]
- A domain name REGISTRAR safe from seizure by Jooooos [epik.com for Sep 2022 onward]
- A domain name server that ignores complaints from Joooos. [epik.com for Sep 2022 onward]
Free Speech company Epik.com (has several Jooos on its Board though) now as of one day ago, does 3 of the 4 above for kiwifarms net :
whois kiwifarms.net
Domain Name: KIWIFARMS.NET
Registry Domain ID: 1999477806_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.epik.com
Registrar URL: http://www.epik.com
Updated Date: 2022-09-16T12:42:02Z
Creation Date: 2016-02-01T21:58:46Z
Registry Expiry Date: 2024-02-01T21:58:46Z
Registrar: Epik Inc.
Registrar IANA ID: 617
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS3.EPIK.COM
Name Server: NS4.EPIK.COM
DNS, domain, and the first of two anti-DDOS layers (BitMitigate) by Epik.com !!!
Epik welcomes media rage and screeching, the Jooos already took away Paypal and many other things from Epik, and notoriety is GREAT for their market cap valuation. Screeching rage MSM news is good marketing.
Epik just got rid of their main Centrist for day-to-day operations.
Brian Royce the very based MAGA guy runs Epik starting now and is moving away from centrist "Rob Monster" censorship, and positioning Epik for major value one day.
https://domainincite.com/28202-epik-replaces-monster-with-younger-clone#comment-20378
you need to PROTECT YOUR IDENTITY, Epik stopped taking bitcoin 6 years ago and now uses FAKE BITCOIN and FAKE Monero via 3rd parties that REQUIRE PHOTO ID and REQUIRE screen camera face photo to send Bitcoin to Epik.
Epik WILL GET HACKED again!
All anonymous data leaked by ANTIFA jooos :
Sep 21 2021 Epik hack: what we know & what you should do:
https://domainnamewire.com/2021/09/16/epik-hack-what-we-know-what-you-should-do/
auth codes to steal domains taken! wordpress master passwords taken, everything on earth taken
= = = = =
Then the ANTIFA jooos this year stole ALL CUSTOMERS CREDIT CARDS THAT SHOULD NOT HAVE EVEN BEEN STORED, complete with billing info and names !!
Epik sends hack notice, warns on credit cards!:
https://domainnamewire.com/2021/09/19/epik-sends-hack-notice-warns-on-credit-cards/
= == = = =
See? less than a year ago ALL users of Epik were totally ass raped by clever hackers paid for by Jooo ANTIFA money.
= = = = = =
Kiwifarms.net will continue to be infiltrated by skilled hackers, as world class hackers are not uncommon, just hard to locate and hire.
Epik.com will continue to be infiltrated by skilled hackers, as world class hackers are not uncommon, just hard to locate and hire.
Maybe because I know too many world class hackers, I think they are common.
But this is a dark time for Free Speech social web sites allowing "hate thoughts" and facts on African IQ DNA, and facts on WW2.
Kiwifarms.net should publish a donation monero wallet more often, and hire real programmers.
= = = = = =
Good Luck, Free Speech.
il_douche wrote (edited )
The site was hacked because Josh added a shitty insecure chat applet to the site which was otherwise totally secure.
It was an XSS exploit that allowed session stealing. This means that the attacker was able to log in as other users and potentially reset passwords. The attacker ATTEMPTED to download a list of username/email/IP/password-hash of all users but it failed with an error instead.
This means that at worst the attacker may have reset some users' passwords. But the site will be restored to an earlier backup before those resets. So the attacker basically accomplished nothing. And everyone just needs to re-log in after the site comes back up.
Despite all the FUD being spread by OP and Josh himself, the attacker did not get full passwords because sites don't typically store full passwords. Sites store hashes based on the passwords. At worst the attacker has hashes, emails, and ip addresses. But probably not even that because as Josh has stated the download failed.