Forum

I was wondering why the site was down. I'm not surprised by anything in today's world tbh. Hope everything gets back into place. I've known whole YouTube channels that have never recovered from getting hacked like this. I'm wishing for the best. Good luck.

xstylus wrote:

CatSword wrote:

I'm curious as to how exactly a hacker completely stole control of the domain though, to the point of having his information replaced in the WHOIS. I didn't know you could just steal someone's URL like that.

It's sadly easier than one would think, if one isn't careful.

Let's say there's an admin or superuser of a company or website. Let's also say this person is also a user of one of the many other sites that recently suffered a data breach. (And, in fact, according to haveibeenpwned.com, there are indeed @AnimeNewsNetwork.com email address holders whose info has been compromised through no fault of their own.)

Let's also say that one of those admins may have the bad habit of re-using a single password at multiple sites, and has not changed it in a long time. All a hacker has to do (and it doesn't even need to be a GOOD hacker) is to snoop around for one of the publicly released breaches and see if any of the passwords are still any good -- and voila, he's in.

Once they got in, they apparently found enough information to be able to log into the domain registrar and initiate a transfer, and/or to intercept the registrar transfer emails. That's plausible because some companies share an "in-case-of-emergency" list that contains important passwords (such as twitter logins, site host logins, registrar logins, secondary email accounts, and other credentials), which is shared with important company individuals. Dunno if ANN does this, but I've previously worked with companies who do.

Anyway... again, not saying that what I described above is what actually happened, but that's one of many ways (and often the most common way) that things like this happen.

Moral of the story: Change your passwords often, use two-factor authentication, and don't use re-use the same password everywhere.

There is no TWO-Factor authentication on phpBB. We need import to new XenForo software better.

Emerje wrote:

The forums (and much of the site) here are heavily modified and customized to meet ANN's needs, upgrading to a new version would be a rather large undertaking.

Emerje

I want to know, who is ANN Owner? I need to contact ANN Owner about software and server issue. I'm assistant of security server and software in vBulletin and XenForo security file.

Friggin' hackers, man. Hope this gets fixed.

Last edited by xstylus on Tue Aug 08, 2017 2:23 pm; edited 1 time in total

Samet Chan wrote:

I want to know, who is ANN Owner? I need to contact ANN Owner about software and server issue. I'm assistant of security server and software in vBulletin and XenForo security file.

Tempest may be the guy you'd want to talk to...?

That's just awful! I can't even imagine.

Unfortunate that the site got hacked along with the other stuff.

evileye_theblocker wrote:

I have a feeling that it is because of @Anime. Similar to what what happened with @n, I'm sure the @Anime handle is something that is a prized name.

Chris Macdonald mentioned on his Twitter before that someone tried to brute force @Anime in 2015.

I always felt that ANN shouldn't have @Anime (because they have AnimeNewsNet, which is the name of their site) and that it should be owned by someone from Japan for all things anime.

Nothing was said about the integrity of the forum DB, something I'd like to know. Knowing the type of attack and the exploit used (unless it was a keylogger) would be useful too - and yes, for these things transparency is essential.

Also, this version of PHPbb may be "heavily customized" but if it has security flaws it's ANN's fault. Security is an investment, not a cost.

xstylus wrote:

Samet Chan wrote:

I want to know, who is ANN Owner? I need to contact ANN Owner about software and server issue. I'm assistant of security server and software in vBulletin and XenForo security file.

Tempest may be the guy you'd want to talk to...?

Thank you. I sent to email him.

Kimiko_0 wrote:

Did you get the 4nn.cx URL shortener/redirect back already?

It looks like it's working! More interestingly, our avatars all have '4NN' watermarks now.

ximpalullaorg wrote:

Nothing was said about the integrity of the forum DB, something I'd like to know. Knowing the type of attack and the exploit used (unless it was a keylogger) would be useful too - and yes, for these things transparency is essential.

This is a good point and I just updated the main article with this:

Further, AnimeNewsNetwork's domain was breached, but not our servers - your personal information is safe, however we always recommend changing passwords just in case.

Zin5ki wrote:

More interestingly, our avatars all have '4NN' watermarks now.

My avatar doesn't. I must be special.

Actually, I'm guessing it's because I used the "Link to off-site Avatar" option.

Last edited by Samet Chan on Tue Aug 08, 2017 3:10 pm; edited 1 time in total

Zac wrote:

ximpalullaorg wrote:

Nothing was said about the integrity of the forum DB, something I'd like to know. Knowing the type of attack and the exploit used (unless it was a keylogger) would be useful too - and yes, for these things transparency is essential.

This is a good point and I just updated the main article with this:

Further, AnimeNewsNetwork's domain was breached, but not our servers - your personal information is safe, however we always recommend changing passwords just in case.

Far, good points. I know phpBB is not enough strong security. We need import to XenForo software 1.5, It's strong security more. But I don't know about this server running OS and others. I have to sent email Tempest.

I'd changed password to 50 Character generator password as well. phpBB doesn't have power more add-on. XenForo has better than phpBB. XenForo has TWO-Factor auth...

A shame this had to happen. I hope the staff is doing alright and that the site could get fixed soon enough.

More power to you guys!

This is sad to know. :/

BTW, I just visited the main website and it seems to have changed with the only text Anime and a ticking clock. Also, there are clouds floating in the background. Is this done by the main team? I was kind of freaked out when the background music on the website started playing. Confused

Pranav Arora wrote:

BTW, I just visited the main website and it seems to have changed with the only text Anime and a ticking clock. Also, there are clouds floating in the background. Is this done by the main team?

No, somebody hijacked the domain name and re-routed traffic to a completely different server.

Forum - View topic
Update: What's Going On with Anime News Network?

Made in Abyss Volumes 11-12 Manga Review

Odekake Kozame Anime About Young Shark Gets New Series (Updated)

Akira Konno's Kujima Utaeba Ie Hororo Comedy Manga Gets Anime

Adult Swim Streams Rick and Morty: The Anime's First Look Preview

Slam Dunk Anime Episodes 61-101

Code Geass: Rozé of the Recapture Anime Previews 2nd Part in Trailer, Visual

The ANN Aftershow - Yatagarasu Gets Violent!

Code Geass: Rozé of the Recapture - Part 1 Anime Film Review

This Week in Games - Switchin' It Up

Creative Producer Goro Taniguchi, Director Junichi Yamamoto Talk Web3 Anime

Hokkaido Gals Are Super Adorable! Anime Series Review

This Week in Anime - Why Hunter × Hunter is Worth the Wait

Forum - View topicUpdate: What's Going On with Anime News Network?

Forum

Forum - View topic
Update: What's Going On with Anime News Network?