Rogue coder’s attack takes F-List down
Author: GreenReaper
Furry roleplaying description site F-List is down after an attack from a disgruntled developer.
While the developer’s SSH access had been removed, he regained access through a backdoor. The coder gave all users administrative rights, including access to email addresses and IP logs.
In a maintenance notice, F-List founder Hexxy urged calm:
F-List will be fine. The only interest we have is in bringing the site back up, and ensuring everything is secure. A former coder uses his access to F-List’s servers to mess things up. No permanent damage has been done, but things are a little emotional right now. Don’t do anything stupid, that doesn’t help anyone, it just creates more damage.
Repairs to the site are expected to take at least two days, but a temporary copy is available.
Find the full article here: flayrah
Creative Commons: Full post may be available under a free license.
Furry News Network 
Wow, I never expected people to be making news out of this. >.>
February 3, 2011 at 4:21 pm
Noticed the misspelling of “Rogue” was corrected in the title. It should probably also be corrected in the tags…
February 3, 2011 at 4:21 pm
You honestly didn’t expect people to be making news out of this? Taking down a site out of sheer spite?
http://pastebin.com/u61HFcb4 – Documentation.
You shut down F-list, we shut down you.
February 3, 2011 at 5:37 pm
Wrong info, I’ll be watching my news if you guys decide to kill the wrong person. *sits in his easy chair, laughing*
February 3, 2011 at 6:42 pm
lol to be fair, not like you do anything but accuse it of being wrong.
February 3, 2011 at 6:55 pm
Hey, thanks Zido. I had a nice RP going. And yes, that’s quite the news. You fucked up and annoyed every single person on f-chat by now. Along with me.
You’re mad. -.-
February 3, 2011 at 5:51 pm
Zidonuke did something he regrets. Let me make myself clear. F-List is not out for revenge. And neither should any of you be. All we are concerned about is bringing the site back up. The site will be back up soon without any permanent damage, so don’t worry too much.
You idiots gathering “dox” on Zidonuke, thinking you are so badass , are just making the situation worse. If you think you are doing me a favour, you are not. Cut it out.
~Hexxy, F-List.net
February 3, 2011 at 5:58 pm
It’s not about revenge. Not calling for people to find him or do anything. We would just like him to know, very politely, that he fucked with the wrong site. And we would appreciate being left alone in the future. Otherwise, we [do] know where to find him.
February 3, 2011 at 6:01 pm
In that case you would have sent him a private message with all his personal info. But in your case, you posted all his info in public, pretty much “Look guys! This is who did it all! Now do what must be done!”
Don’t say “we”, please, this is you, whoever you are. I want nothing to do with this. Obviously I don’t like what happened, and B& shall happen, but this is crossing a line that a lot of people don’t agree with.
February 3, 2011 at 6:14 pm
Many people agreed last night, but then again, we were quite incensed. Fine. Private it is.
February 3, 2011 at 6:20 pm
Lame impersonator is lame.
February 3, 2011 at 6:41 pm
Also, an example must be made. No one is above the rules.
February 3, 2011 at 6:53 pm
Of course we can be above the rules. ITS OUR FUCKING OWN WEBSITE THAT WE BUILD.
February 4, 2011 at 3:38 pm
That attitude is fine if you want to be the only ones using it.
Look at it from the perspective of a user who found their private information available to the world through the deliberate actions of a staff member. How can such a site be trusted?
February 4, 2011 at 6:06 pm
What pisses me off even more is that you understand nothing about what you have done and if people go after you, that is the biggest reason.
When you made everyone a mod, you let them do password lookups. Do you know much of breach of security that was? You call yourself a ‘coder’ and a ‘hacker’. You know most people use the same user name and password among different sites.
Above the law? No one is above the law. Even if you code the website, build it from the ground up, people put their trust in you that you will not misuse information or power maliciously and instead obey rules that are clearly set down to prevent abuse. This is something every responsible adult learns. Clearly, you cannot even grasp that simple concept and exactly why you were allowed to work on this site flabbergasts me.
Your new project? People are hardly going to flock to the site of someone who is known to behave irrationally, irresponsibly, and immaturely. And they will know. I have a tip with you. Why don’t you repent, apologize, and learn from your actions instead of running away like a manchild and blame everyone else for your misdoings.
tl;dr Zidonuke, grow up you twat. You deserve everything that happens to dyou.
February 4, 2011 at 6:56 pm
No comment on the content of this reply, save for one thing… I can confirm that admins cannot do password lookups. Passwords were already always stored as hashes, and only someone with database access can access those.
Adding to that, today I released an update that ensures passwords are stored in a manner that is about as secure as it can get.
February 7, 2011 at 1:41 pm
I had an RP going that I had been waiting for. We kept getting interrupted and it finally happened, then this! But, these things happen. Good job on staying professional, Hexxy. I have faith that everything will be fixed and back where it should be.
February 3, 2011 at 10:59 pm
Yeah. 😦 It was a good outlet to have. I have faith in you guys to bring it back up as soon as you can! It was mildly upsetting…
Stinks that a bunch of people who had nothing to do with anything had to be effected but lolinternet.
February 3, 2011 at 11:05 pm
Now for another edge to the story, I released all the code: http://goo.gl/YmYnF
February 4, 2011 at 10:14 pm
Zidonuke (David Brown )
This information is public domain so im purely putting it here so when people search “David Brown” (when hes looking for a job) they’ll see his history of previous IT related involvment.
It should be in the meta tags to be honest.
February 6, 2011 at 2:51 pm