2011

From Furaffinity Wiki

Back to TimeLine

Oct 2011

The new Furocity admins abruptly resign all around the same time, blaming poor leadership and gross misconduct behind the scenes.

Only one Furocity admin now remains, and they are later removed as well. The Furocity merger is never mentioned again.

Aug 2011

The Acceptable Upload Policy is updated to introduce oddly specific rules about photos of food and BDSM costumes. The wiki is incidentally noted to no longer exist.

Furocity admins appear - The staff page is rearranged to split admins into departments. Most FA staff remain as "user support", whereas the departments almost exclusively contain Furocity admins with anonymous (and often antagonistic) FA accounts.

FA is down periodically over two days due to a DDoS from a botnet. Attacker was not identified. During the downtime, FA upgrades one of their self-owned routers.

Vigilink - FA is discovered to have quietly added an affiliate linking script five days prior, violating its own TOS and possibly FTC rules. A non-apology is issued, and a news post offers the opt out link.

Jul 2011

Logins mixup due to cache issue.

Some users find themselves logged in as different users, with the powers of those users. A few abuse this privilege to wipe others' galleries. The cause turns out to be a server-side cache mechanism; Yak (Site Admin) claims someone else installed it over him, though never reveals whom.

A user releases a program for downloading an artist's entire gallery. Yak deliberately breaks it, citing "because I can? there is no technical reason for this."

The file server runs out of disk space. Users are unable to upload art, though some voluntarily delete their own work to help out. There is no sign of the new 12TB server as promised.

FA announces a merge with Furocity. This is later clarified to be a personnel merge only: the sites will remain separate, but Furocity moderators and developers will help out FA.

Jun 2011

An unknown attacker creates a page that, when visited by a logged-in FA user, post a journal as that user that encourages watchers to visit the attack page. Arcturus later uses the same approach to force visitors to submit empty submissions and log out whenever they visit yiffyleaks.

The general approach used was on Eevee's exploit list. Shortly thereafter, the first real CSRF protection is added to FA, almost a year after Eevee and Yak discussed it.

FA mentions that it has only 1% of its available disk space left, but that it's adding a new 12TB file server within the next month. The current server is only 2TB.

May 2011

Front page news states: "We're working on the UI release, and hope to have an open beta soon! Right now we're waiting on a few things before the beta opens up (recoded commenting system) before we can launch the beta."

All FA pages are now accessible via SSL, though http is still the default.

FA united 4

Apr 2011

Some of the XSS exploits on Eevee's list is fixed around this date.

FA Forum hacked.  Ratte's forum account is compromised. Dozens of screenshots of admin threads are leaked.

Mar 2011

For 3 days,  FA suffers serious performance degradation due to a lengthy DDoS attack.

Dax's SSH password is discovered in the December note leaks. It still works, providing access to both the database and backup servers.

The site Note system were never encrypted to prevent this.

Figment, FA's virtual machine server, drops offline. Affected services include FA:United's website, email, FA registration, and password resets. FA acknowledges the problem some twelve hours later.

More DDOS attacks - Another DDoS attack causes 500 errors and general slowdowns, although FA had already been running slowly since the recent hardware installation

FA installs a "dedicated firewall and a load balancer" to counter the DDOS attacks.

URL shortener disappears - FA's new hardware firewall quietly blocks all access to the pss.ms domain.

Feb 2011

Four months later, Summercat (an admin at the time) finally asks Eevee for explanations of all the exploits they know about. The details are gathered and finally provided on March 1

FA purchases knowledge base software, despite having had a wiki for some time that many admins never had access to. The software proves to be of extremely poor quality; FA takes it down two days later and instead purchases different software, hosted outside their own servers, for $50/mo.

Jan 2011

Site exploited.  A server misconfiguration allows anyone to read the password for the database server, as well as parts of the source code. Some of the code is leaked.

FA's Cacti installation (used for server monitoring) is discovered to have a guest account enabled, allowing anyone to view real-time private statistics. Once discovered, the entire server was firewalled.

FA announces the impending hiring of a UI designer to finish the new UI.

In its birthday announcements, FA announces that web hosting will be up and running within 30 days.  It is never implemented.

FA turns six years old. FA announces a "v3" is under development; new dev staff will be added; commenting will be overhauled; and commission and rating systems will be added. A beta is scheduled for unveiling during FA:United 4, on May 21st.

In a turn around, in its birthday announcements, FA implies that no work has been done on the new UI since it was first previewed in the summer of 2009.