Null/Kiwifarms Satire & Speculation Does KF actually get hacked a lot or is the site just badly coded?

[nobodyworthwhile]

It just occured to me to wonder this. A lot of times when the site loads slowly or not at all, the usual excuse is "well its constantly being DDoS'd by trannies."

But like.... is it seriously getting attacked that often? there was recently a news banner thing that said trannies were getting paid to DDoS the site every hour of the day.

And I'm thinking how unlikely that is. I mean, they need to eat and sleep sometime, and KF is such an irrelevant site now that I can't imagine people have that big an investment.

Then I thought, "could the whole thing just be a cover story for Null's shitty coding skills?"

Don't get me wrong, I believe the major DDoS attacks last year were legit, I just think this narrative of an ongoing continuous attack is open to speculation.

 

[polonium]

You ever notice that there's a curious synchronicity between Josh saying "I've made changes" and "We're being DDoSed"

Almost like a fumbling retard is just face rolling his keyboard with zero thoughts in his head then sitting back and looking smug at his sysadmin skills

 

[Boobie Bomb]

He definitely has bad coding

 

[Crimson Fucker]

Pretty sure this has been the common consensus here for a while now.

 

[universe adventurer]

this.

You ever notice that there's a curious synchronicity between Josh saying "I've made changes" and "We're being DDoSed"

 

[The Gays From LA]

We've already had this discussion a couple of times before, for example in the "KiwiFarms Down A Lot" thread, so once again:

Null did not code KF himself. Null is using a proprietary closed architecture online forum program called Xenforo. Null lost his Xenforo license years ago. This loss of the license means that Null can no longer download updates and patches directly from Xenforo. This is the reason KF is plagued with persistent problems that Null cannot fix. Because Xenforo is closed architecture software, Null cannot tweak it on his own like with open source software, or rely on others to work on patches and fixes independently. There are some aspects to the forum which Null did code himself, like the chatroom (which is how KF got hacked back in 2022 during #DropKiwiFarms, it happened through the chat), but those aren't what causes all the problems with loading. It's the lack of normal updates and fixes.

Then there's the fact that after he lost Cloudflare, Null's new anti-DDoS software is a piece of shit called Haproxy. Haproxy is written in C, which is not Null's main programming language, so whenever he's adjusting Haproxy to deal with new DDoS attacks, he's basically making it up as he goes along.

If you want an impression of Null's 37337 coding skillz, check out this old post from the main thread:

He's also a terrible programmer. Look at infinity-next. My favorite example of him being a shit programmer is probably this file I cisad spend hours picking it apart. One thing I can remember off of the top of my head is the way he does SQL aggregates causing a race condition clusterfuck and he also accesses the Request object IN A FUCKING LISTENER. YOU'RE SUPPOSED TO DO THAT STUFF IN THE CONTROLLER.

Joshua Conner Moon - Kiwi Farms - Joshua Moon Megathread

For someone who has had only one job, to be the computer-toucher for one specific website where he controls everything, the hardware, software, the lot, and to have learnt next to nothing about how the hardware actually works is frankly embarassing. Maybe it's not his association with kiwi farms...

www.onionfarms.com

The DDoS attacks are definitely real, and I can tell they are independently from what Null says, because whenever KF is getting DDoSed I cannot archive any pages via https://archive.is That's how I could often tell that the site is getting DDoSed even before Null noticed it.
Because archived pages would come out looking like this:
https://archive.is/N7Dra
https://archive.is/kCVzB

https://archive.is/KvFlI

 

[Kenneth Erwin Engelhardt]

@The Gays From LA We are in the same position as Null.We also had our license revoked as well.

 

[Jetstream Sharpe]

proprietary closed architecture online forum program

I can use big words too, mr. elon steve musk gates

 

[atmos driver]

It was hacked in 2019 and user info was distributed on the dark net I think. I find it hard to believe it wasn't hacked again. PHP, which Xenforo is coded in, is probably the least secure programming language for web use. Even if he found a way to get security updates, I doubt it'd be much of a challenge for hackers. In general, talented hackers nowadays work in teams. I've seen teams find holes in just about every stock forum software when they bother to make the effort.

 

[polonium]

It definitely gets DDoSed and hacked but if you believe that every time it goes down its trannies and not the fat-fingered grinning idiot at the wheel then I have a bridge to sell you.

 

[The Gays From LA]

I find it hard to believe it wasn't hacked again.

KF was hacked again in 2022 as soon as Cloudflare stopped protecting KF - which was the whole reason Liz campaigned Cloudflare for years to drop KF. Liz wanted to get KF to a state where it was vulnerable to such hacking attacks.

Here's Null's post about that attack at the time:

The hacker of the 2022 #DropKiwiFarms hack attempted to cause a massive user data leak by transferring all user data to a third party website, poz.hiv. This failed user data leak was intentional as well as symbolic: the idea was that KF users got "pozzed" in a digital sense.

http://Poz.hiv was hosted on github pages, and doesn't appear to be active (for 9+ m9nths), so that script must have been for a very long time, when going to the site it redirects and says they have all be gone for 9+ months

https://twitter.com/i/web/status/1571708416095141888

Archive: https://archive.is/CqNQK

Kevin Beaumont did a thread about the hack at the time, which he later deleted for "'reasons":

Kiwi Farms’ proxy service and Kiwi Farms itself has been hacked.

My guess would be users might want to change their passwords and consider DMs etc may be compromised.

https://twitter.com/i/web/status/1571417934911643648

If you own a forward proxy, you’re in the middle of authentication, ie it is plain text passwords.

https://twitter.com/i/web/status/1571418394603184129

The avatar logos were changed to Poast, a rival free speech forum.

https://twitter.com/i/web/status/1571419898575818755

It should be noted that a Kiwi Farms user posted a victims social media password on the site just yesterday, in a thread a few posts below the admin’s post.

The reasoning this has been okayed in the past is ‘people should practice better security’.

https://twitter.com/i/web/status/1571474275910959106

In fairness to Joshua (the Admin), he appears to know technically what he’s doing based on his comments in Telegram chat.

Unfortunately for him all the companies he’s working with and the users.. don’t.

https://twitter.com/i/web/status/1571480230342324225

TIL from the chat - he had two factor on his admin account it appears, but they stole his session cookie for the forum software via the front end HTTP proxy being owned.

https://twitter.com/i/web/status/1571480878282309638

Kiwi Farms says re their hack:

- Assume your password for Kiwi Farms has been stolen.
- Assume your email has been leaked.
- Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.

An attempt was also made to export the user database.

https://twitter.com/i/web/status/1571505856453165060

It’s the first Kiwi Farms telegram post comments section I’ve seen without racism.

https://twitter.com/i/web/status/1571506659637268480

The saga continues - there was (also?) a script injected for a month on Kiwi Farms called Troonshine, gathering information and credentials from user’s systems, posting it to “http://poz.hiv”.

They look very, very owned.

https://twitter.com/i/web/status/1571566745638273027

http://Poz.hiv was redirecting to http://poz.com - a legit site - up until several weeks ago, when things changed.
A cached copy of the script suggests somebody basically put an in browser infostealer on Kiwi Farms. They might need to rebrand to Kiwi Leaks.

https://twitter.com/i/web/status/1571575433631596545

The branding of the scripts and domains is all Kiwi Farms forum language (eg HIV is used there to mean gay people, troon is trans).

It would not surprise me if this was insider threat within the community itself. [this was some obvious misdirection bullshit on Kevin's part]

https://twitter.com/i/web/status/1571567639511633921

When Naia Okami broke ranks with #DropKiwiFarms, because he realized that they were committing crimes, Naia contacted Null and they discussed the poz.hiv hack in private, with Naia warning Null about other things that Liz was planning to do once he got Cloudflare out of the way.

It was rumoured at the time that the same hackers who had hacked Epik in 2021 (Hackers on Estradiol) were also behind the #DropKiwiFarms hack, but I've never seen a confirmation for this rumour.

 

[universe adventurer]

Null is using a proprietary closed architecture online forum program called Xenforo.

correction: semi-proprietary. if you buy xenforo software then you can get its entire source code. software like xenforo should be fall under source available/shared source

 

[universe adventurer]

KF was hacked again in 2022 as soon as Cloudflare stopped protecting KF - which was the whole reason Liz campaigned Cloudflare for years to drop KF. Liz wanted to get KF to a state where it was vulnerable to such hacking attacks.

Here's Null's post about that attack at the time:

View attachment 47549View attachment 47550

The hacker of the 2022 #DropKiwiFarms hack attempted to cause a massive user data leak by transferring all user data to a third party website, poz.hiv. This failed user data leak was intentional as well as symbolic: the idea was that KF users got "pozzed" in a digital sense.



Kevin Beaumont did a thread about the hack at the time, which he later deleted for "'reasons":




When Naia Okami broke ranks with #DropKiwiFarms, because he realized that they were committing crimes, Naia contacted Null and they discussed the poz.hiv hack in private, with Naia warning Null about other things that Liz was planning to do once he got Cloudflare out of the way.

View attachment 47551View attachment 47552View attachment 47553


It was rumoured at the time that the same hackers who had hacked Epik in 2021 (Hackers on Estradiol) were also behind the #DropKiwiFarms hack, but I've never seen a confirmation for this rumour.

strangely enough, the site's wayback archive looks like it's just some ordinary blog site

with its earliest archive dating back to 2015.

the wayback archive:

POZ - POZ Magazine - POZ.com - HIV - AIDS - HIV AIDS

POZ serves the community of people living with and those affected by HIV/AIDS. POZ offers treatment updates, personal profiles, investigative features, blogs, forums and a large social network.

web.archive.org

archive.today archive:

https://archive.is/wip/De1iD

so that means the perpetrator behind kiwifarms 2022 hack bought the domain just for the hack

 

[universe adventurer]

so that means the perpetrator behind kiwifarms 2022 hack bought the domain just for the hack

this is as far as my analysis theory goes

 

[Stop Socking Gaylord]

It's only been hacked a few times over the years.
If you're referring to the DDoSing, that's not hacking, that's overloading a site with so many requests that it has an e-seizure and goes down for a while.
Another reason for their clearnet downtime is deplatforming from hosting services.
Hacking though? Basically not a problem

 

[Crimson Fucker]

I can use big words too, mr. elon steve musk gates

I forgot how autistic his posts can be sometimes because I almost never read them unless they are short.

 

[Crimson Fucker]

It's only been hacked a few times over the years.
If you're referring to the DDoSing, that's not hacking, that's overloading a site with so many requests that it has an e-seizure and goes down for a while.
Another reason for their clearnet downtime is deplatforming from hosting services.
Hacking though? Basically not a problem

Don't forget when this happens.

 

[Stop Socking Gaylord]

Don't forget when this happens.
View attachment 47735View attachment 47736

Don't tattle on your alts, homie. But yes, laughed the first time

 

[Crimson Fucker]

Don't tattle on your alts, homie. But yes, laughed the first time

I only made this joke on the generic avatar thread, and I don't have alts on here. Or did someone on kiwifarms already beat me to this?

 

[Stop Socking Gaylord]

I only made this joke on the generic avatar thread, and I don't have alts on here. Or did someone on kiwifarms already beat me to this?

It's usually a good idea to wipe all meta data from anything cross posted, including file names.
I'm sure there's an automatic way to do this on a 'puter but when mobilefagging, just crop a sliver and change the file name