What you need to know about the recent MangaDex data breach
- Thread starter Plykiya
- Start date
- Status
- Joined
- Dec 22, 2018
- Messages
- 60
- Joined
- Jun 29, 2019
- Messages
- 45
I don't really read manga much now, i usually came here to read comments, but still,
the one who did this was actually a pathetic lonely guy who just wants attention and stupidily poor too, He really should go find other better things to do in life instead of making poor drama
& People seriously really need to give any help & support they can for Mangadex if they don't want to regret later
the one who did this was actually a pathetic lonely guy who just wants attention and stupidily poor too, He really should go find other better things to do in life instead of making poor drama
& People seriously really need to give any help & support they can for Mangadex if they don't want to regret later
- Joined
- Jun 29, 2019
- Messages
- 159
Ya can find idiots trying to make their lives worthy doing something like that, they wont do something like this to bigger sites because lawsuits and professional hacker detecting teams
- Joined
- Feb 16, 2020
- Messages
- 431
@Halo
> You could post it yourselves at this point and maybe accept some help with finding exploits, but what do I know...
You're not wrong, and we of course thought about it
Our current stance is that the repo is quite outdated, and knowledgeable people have already contacted us about multiple issues within it. Some that were already fixed, some that werent.
We however 100% encourage and appreciate people looking and reporting their findings in case any is done. It's just a bit awkward to publicize a leaked and outdated version of it.
I hope this isn't too disappointing of an answer. Feel free to PM us on Discord if you have suggestions of better ways to handle this tension. We're always open to discussion.
> You could post it yourselves at this point and maybe accept some help with finding exploits, but what do I know...
You're not wrong, and we of course thought about it
Our current stance is that the repo is quite outdated, and knowledgeable people have already contacted us about multiple issues within it. Some that were already fixed, some that werent.
We however 100% encourage and appreciate people looking and reporting their findings in case any is done. It's just a bit awkward to publicize a leaked and outdated version of it.
I hope this isn't too disappointing of an answer. Feel free to PM us on Discord if you have suggestions of better ways to handle this tension. We're always open to discussion.
- Joined
- Sep 20, 2019
- Messages
- 12
Thanks for the head's up. Happily, I've long since moved to using stupidly long, randomly-generated passwords for everything, on top of different usernames. Too bad about the email but it's linked to other previously-hacked sites anyway, so eh. It's inevitable.
Dex-chan lover
- Joined
- Sep 29, 2018
- Messages
- 986
@Plykiya OK, thanks. Before I start making up a new password, could someone comfirm the exclusions of the password system? Will v5 remove any of these?
@tristan9
Here is another: I fully expected the site to be down for days if not longer. Thank you for what you have done getting the site back up and everything you and the others do to keep the site running for free.
Is the prize 10,000 BTC?
@tristan9
Here is another: I fully expected the site to be down for days if not longer. Thank you for what you have done getting the site back up and everything you and the others do to keep the site running for free.
- Joined
- Feb 19, 2020
- Messages
- 8
So by this you mean it's your source code, merely missing a few patches you slapped on it in the past four months?
This wouldn't be such a bad idea, there's a lot of bored autists here. You could give brownie points in the form of special ranks or something.
What publicity? Unlike you guys who write a PHP backend in 2021 and don't know how to proxy Crypto to cash or an offshore bank https://old.reddit.com/r/mangadex/comments/m6zq7i/mangadex_currently_has_77k_in_funds/gr8erkz/ - the guy who hacked you knows what he's doing. Unused alias and temp-github + dumping your shit website that is only used by scanlators because there are no other alternatives to it besides hosting your own page.
Let's be real here. The only reason they're removing the link to the GitHub repo is because they don't want people to see their shitty code; which is also likely also the reason they haven't opensourced themselves yet either.
> Bending over to Viz and taking down titles, then getting breached whilst continuously promising v5 with no real updates other then YES WE PROMISE IT'S COMING SOON GIVE US MORE CRYPTO WHICH WE WILL THEN SAY WE CANT CASH OUT HRRRRRR and begging your users to host chapters for other users P2P because mommy kicked you out of the house and now you have to rent an apartment instead of paying for image servers, opening said users up to potential legal troubles; all whilst your shitty site falls apart and errors every two seconds when you try to visit a fucking page.
Did I mention the fact that even though they constantly cry about needing donations and have to outsource their image servers, they still refuse to run ads? Slow clap, slow clap.
- Joined
- Feb 16, 2020
- Messages
- 431
@Halo
> I'd still publish it just to annoy the 10kBTC-kun by making their repo obsolete.
We talked about that very seriously yeah
@Hebiwoku
See, you probably don't argue in good faith anyway, but have your (you) as I can't avoid getting baited into these arguments like the moron I am.
> So by this you mean it's your source code
I mean that is exactly what is written in the OP? Did you read it?
> merely missing a few patches you slapped on it in the past four months?
What's the difference between "patches you slapped" and "bugs/vulns we fixed" since it seems to make a difference to you?
> What publicity?
I wonder
> Unlike you guys who write a PHP backend in 2021
implying this was written in 2021
implying there hasn't been a push for v5 for months now specifically because there's awareness that the current setup fucking sucks
implying we haven't been fighting constant server overloads too, keeping us already busy as this is a **hobby**
> and don't know how to proxy Crypto to cash or an offshore bank
this isn't this easy, also the crypto value jump is recent afaict -- additionally, you will have noticed, as a crypto expert, that these addresses have barely been touched aside from paying things like DDG too
> your shit website that is only used by scanlators because there are no other alternatives to it besides hosting your own page
make your own if you know so much better my dude, we have not exactly patented the idea as far as I'm aware
> The only reason they're removing the link to the GitHub repo is because they don't want people to see their shitty code; which is also likely also the reason they haven't opensourced themselves yet either.
The reason the site is not opensource is the balancing of the benefits of massive help vs dealing with annoying people.
I'll let you entertain what kind of person we might want to avoid dealing with in that context. Hint: backseat programmers with no clue.
> Bending over to Viz and taking down titles
You go and host their stuff then. Again, we haven't patented the idea nor forbidden others from attempting it. If anything, the fact that everyone else keeps dying is causing the traffic and popularity increases that have been tough to deal with...
> begging your users to host chapters for other users P2P because mommy kicked you out of the house and now you have to rent an apartment instead of paying for image servers, opening said users up to potential legal troubles; all whilst your shitty site falls apart and errors every two seconds when you try to visit a fucking page.
wow you just have no clue I guess
> Did I mention the fact that even though they constantly cry about needing donations
Now you have, yes. But we also don't cry about needing donations. There's literally 1 dismissable banner for it.
> they still refuse to run ads
So we're both moneygrabbers and not moneygrabbing enough to satisfy you? Might wanna check up your logic there
> I'd still publish it just to annoy the 10kBTC-kun by making their repo obsolete.
We talked about that very seriously yeah
@Hebiwoku
See, you probably don't argue in good faith anyway, but have your (you) as I can't avoid getting baited into these arguments like the moron I am.
> So by this you mean it's your source code
I mean that is exactly what is written in the OP? Did you read it?
> merely missing a few patches you slapped on it in the past four months?
What's the difference between "patches you slapped" and "bugs/vulns we fixed" since it seems to make a difference to you?
> What publicity?
I wonder
> Unlike you guys who write a PHP backend in 2021
implying this was written in 2021
implying there hasn't been a push for v5 for months now specifically because there's awareness that the current setup fucking sucks
implying we haven't been fighting constant server overloads too, keeping us already busy as this is a **hobby**
> and don't know how to proxy Crypto to cash or an offshore bank
this isn't this easy, also the crypto value jump is recent afaict -- additionally, you will have noticed, as a crypto expert, that these addresses have barely been touched aside from paying things like DDG too
> your shit website that is only used by scanlators because there are no other alternatives to it besides hosting your own page
make your own if you know so much better my dude, we have not exactly patented the idea as far as I'm aware
> The only reason they're removing the link to the GitHub repo is because they don't want people to see their shitty code; which is also likely also the reason they haven't opensourced themselves yet either.
The reason the site is not opensource is the balancing of the benefits of massive help vs dealing with annoying people.
I'll let you entertain what kind of person we might want to avoid dealing with in that context. Hint: backseat programmers with no clue.
> Bending over to Viz and taking down titles
You go and host their stuff then. Again, we haven't patented the idea nor forbidden others from attempting it. If anything, the fact that everyone else keeps dying is causing the traffic and popularity increases that have been tough to deal with...
> begging your users to host chapters for other users P2P because mommy kicked you out of the house and now you have to rent an apartment instead of paying for image servers, opening said users up to potential legal troubles; all whilst your shitty site falls apart and errors every two seconds when you try to visit a fucking page.
wow you just have no clue I guess
> Did I mention the fact that even though they constantly cry about needing donations
Now you have, yes. But we also don't cry about needing donations. There's literally 1 dismissable banner for it.
> they still refuse to run ads
So we're both moneygrabbers and not moneygrabbing enough to satisfy you? Might wanna check up your logic there
- Joined
- Feb 19, 2020
- Messages
- 8
@tristan9 your response is mind-melting, let's start:
> See, you probably don't argue in good faith anyway, but have your (you) as I can't avoid getting baited into these arguments like the moron I am.
https://www.youtube.com/watch?v=gUMhUg1kxBU
What I actually said was:
Are you really going to address them separately in an attempt to discredit my arguments in a thread where anyone can see you should of addressed the whole sentence instead of splitting the responses? lol...
v5 has been a push for months? Push harder then lol
I've always hated this argument of "you can't criticize something if you cannot PERSONALLY do it better yourself", hear me out on this hypothetical here:
> Be me
> @tristan9
> 400lbs over the national average
> Work as a wagie - coping in the cagie. All day long I sweat and ragey 😡
> Save up to the Philippines to have sex withunderaged children real life lolis
> Board the plane
> Looks of disgust
> So many people leave I get the entire row to myself
> Pilot sees me
> Visibly shaken
> Pilot distracted
> Nosedives the plane killing 30 people, I am protected by my 400lbs of good boy blubber.
> In court
> Grieving family's of the victims in the stands
> Pilot argues that since none of them can fly a plane, they can't criticize him for crashing it.
Do you see the problem with your retarded argument here?
Here's an idea:
Run ads on the site, but make them toggle-able through a setting in your user page. This way, everyone that cares (genuinely active users) can turn them off in the flick of a button, and people with an IQ will just have them blocked with adblock. However - people coming from ad ridden aggregators to read the latest popular manga they've seen r/manga talk about (the majority of your visitors) who really don't care about ads can be used for money to fund the site. Not hard, is it?
> See, you probably don't argue in good faith anyway, but have your (you) as I can't avoid getting baited into these arguments like the moron I am.
https://www.youtube.com/watch?v=gUMhUg1kxBU
POV: You cannot read a full sentence and do not understand how a comma works
What I actually said was:
Are you really going to address them separately in an attempt to discredit my arguments in a thread where anyone can see you should of addressed the whole sentence instead of splitting the responses? lol...
The terms "patches" is incredibly broad, and can be used to describe bugs/vulns fixed. This is a non argument
Take note of how he attempts to mock me by quoting the part of my argument that prefaces the reasoning as to how the hacker gets no attention from this.
"Write" was a phrasing mistake on my behalf. I meant to instead feature the word "use", but I haven't slept for two days so writing long things out is a bit hard. Ironically - despite this; my arguments are still more coherent than yours.
v5 has been a push for months? Push harder then lol
I couldn't hear your flimsy argument over the constant 503's.
I didn't say the money was being used for personal gain, I just said it was stupid that you guys would only accept crypto donations then tell the people who have donated that you that you can't use them because you don't know how to convert BTC. Yeah, really isn't easy! IDK what I'd know having cashed out a few thousand in BTC.
I've always hated this argument of "you can't criticize something if you cannot PERSONALLY do it better yourself", hear me out on this hypothetical here:
> Be me
> @tristan9
> 400lbs over the national average
> Work as a wagie - coping in the cagie. All day long I sweat and ragey 😡
> Save up to the Philippines to have sex with
> Board the plane
> Looks of disgust
> So many people leave I get the entire row to myself
> Pilot sees me
> Visibly shaken
> Pilot distracted
> Nosedives the plane killing 30 people, I am protected by my 400lbs of good boy blubber.
> In court
> Grieving family's of the victims in the stands
> Pilot argues that since none of them can fly a plane, they can't criticize him for crashing it.
Do you see the problem with your retarded argument here?
I can tell you've never used GitHub, fucking christ. With the way a public repo works, only the developers can directly push code - and you can set it up so all changes are reviewed by a head dev to make sure they're good. People can open issues to reports vuns and bugs, and non developers can open "pull requests" - where they create a separate branch with modified or added code you can choose to add after audit and set guidelines for. Backseat programmers? Stop making up non-existent issues because you don't want people to see your Double.MIN_VALUE IQ code.
See the prementioned.
Cope, dilate, seethe, cry.
https://en.wikipedia.org/wiki/Hyperbole 🤯🤯🤯
Might wanna check your logic was literally my reaction reading your entire poorly written rebuttal.
Here's an idea:
Run ads on the site, but make them toggle-able through a setting in your user page. This way, everyone that cares (genuinely active users) can turn them off in the flick of a button, and people with an IQ will just have them blocked with adblock. However - people coming from ad ridden aggregators to read the latest popular manga they've seen r/manga talk about (the majority of your visitors) who really don't care about ads can be used for money to fund the site. Not hard, is it?
- Joined
- Feb 16, 2020
- Messages
- 431
@Hebiwoku
Look, I understand you're angry, but insults are not needed, especially /g/-tier cope-seethe-dilate memes when I'm willing to engage in a serious discussion with you because, fundamentally, we are not in disagreement about many aspects of MD being dysfunctionnal.
So as to not spam this thread, and because realistically you didn't look into even half of your claims, I'll refrain from being baited into this argument further.
Have a good day, you seem to really need it.
Look, I understand you're angry, but insults are not needed, especially /g/-tier cope-seethe-dilate memes when I'm willing to engage in a serious discussion with you because, fundamentally, we are not in disagreement about many aspects of MD being dysfunctionnal.
So as to not spam this thread, and because realistically you didn't look into even half of your claims, I'll refrain from being baited into this argument further.
Have a good day, you seem to really need it.
- Joined
- Feb 12, 2021
- Messages
- 1
Hey devs/sysadmins/whatever; I appreciate you guys being open about the breach/leak and the scale of it, the write-up was pretty good and as I'm just a lurker with a randomly generated pass, this is no skin off my back. I've only slightly perused this last page of comments and tbh. I'm not interested in the tears. Shit happens, take it as a learning experience and just be as professional as you can. 🙂
- Joined
- Feb 19, 2020
- Messages
- 8
@tristan9
> Look, I understand you're angry
Not angry, just bored and playing devils advocate.
> insults are not needed, especially /g/-tier cope-seethe-dilate memes
https://en.wikipedia.org/wiki/Irony
> I'm willing to engage in a serious discussion with you because, fundamentally, we are not in disagreement about many aspects of MD being dysfunctionnal.
Which is why you tried and fail to rebutt everything I said?
> So as to not spam this thread
So you're folding?
> Because realistically you didn't look into even half of your claims
He can't name a single claim that was incorrect because he knows I'm right. Point and laugh
> I'll refrain from being baited into this argument further.
I see where you got the idea of MD@Home from now (https://en.wikipedia.org/wiki/Folding@home)
> Have a good day, you seem to really need it.
Just saw this video on a guy who had a similar condition with folding to you and had it cured by reaching peak cope. Hope you get help soon for this debilitating condition 🙏🙏🙏
> Look, I understand you're angry
Not angry, just bored and playing devils advocate.
> insults are not needed, especially /g/-tier cope-seethe-dilate memes
https://en.wikipedia.org/wiki/Irony
> I'm willing to engage in a serious discussion with you because, fundamentally, we are not in disagreement about many aspects of MD being dysfunctionnal.
Which is why you tried and fail to rebutt everything I said?
> So as to not spam this thread
So you're folding?
> Because realistically you didn't look into even half of your claims
He can't name a single claim that was incorrect because he knows I'm right. Point and laugh
> I'll refrain from being baited into this argument further.
I see where you got the idea of MD@Home from now (https://en.wikipedia.org/wiki/Folding@home)
> Have a good day, you seem to really need it.
Just saw this video on a guy who had a similar condition with folding to you and had it cured by reaching peak cope. Hope you get help soon for this debilitating condition 🙏🙏🙏
- Status
Similar threads
- Locked
- Suggestion
