What you need to know about the recent MangaDex data breach

Status
Not open for further replies.
Joined
Aug 30, 2020
Messages
1
eE6m342.jpg

man
 
Group Leader
Joined
Feb 18, 2018
Messages
21
I can't believe this right now. I'm sure this post is gonna get swept or I'm gonna get banned, but I'll try being as polite as possible.

You guys are absolutely incompetent. From the very beginning, this site was just a quickly slapped-together replacement for Batoto (may God rest their souls), and for three years it has continued to be just that: hastily slapped-together. It's not enough that the site was compromised once already, no, you've allowed it to be compromised again! And instead of trying to take measures to protect your users' data, you just gamble on the possibility that "surely it's not for real this time!" despite knowing that it very well was possible, and later tell everyone in an on-site forum post (which keeps getting bad gateway errors because the servers are so slow), "Anyway, buckle up kiddos because your data's gonna be all over the place here in a little bit."

Every version of this site you guys release is just as broken as the last one. Load times are still ungodly high after what, 3 years of operation and loads of funding through donations and affiliates? And that's if the site is even working and displaying pages properly instead of a handful of broken links, the chance of which is about 50/50. The backend code is absolute crap and the admins are too ignorant and completely unwilling to fix it. It's absurd that you still have no real support/contact page/instructions besides "go in the Discord and ask politely on the off chance a mod is online and you get their attention," which is lazy and already opening up users to even more security issues. 2FA is handled in the laziest way possible (storing free codes on the server side which proves completely useless when data breaches like this and the previous one happen, the exact thing 2FA is supposed to be protecting us from). And long-requested basic features like filtering out comics based on their country of origin, a system to verify scanlation groups without having to go to a forum thread and wait on an admin to check the groups thread, follow feature for artists, ability to search artists or tags from the main search bar without having to go through advanced search, the ability to establish groups that don't have websites, or even the most basic of "Go To Page" buttons or a quick quote system in the forum threads still aren't implemented last I checked. Writing this post, I've even learned that the forum doesn't even have shortcut keystrokes for formatting and using the button unfocuses the text box so I have to format text one inconvenient click at a time. This is tech we've had on every other board system since the 2000s.
I do not believe you for a second when you say, "we've investigated and are patching any and all security holes and we can assure you that our site is secure." You haven't even alerted users through email about the data breach, and I'd put money on the fact that your crap servers or low-tier coding can't even handle the load of that, one of the most basic things any website that stores user data does.

In sum, this site is absolute trashfire, and I'm tired of dealing with the admins' complete and utter incompetence and laissez-faire attitudes towards their userbase that generates donos and affiliate kickbacks and free content for them to aggregate, so if this post does get me banned, that's fine. Just make sure to scrub my info from your servers thoroughly so my information doesn't get violated once again during the next inevitable massive data breach.

HOMBREEEEEEEEEEEEEEEEEEEEEEEEEEE
 
Dex-chan lover
Joined
Feb 5, 2018
Messages
786
Thank you for the hard work.
With that said, can you disclose which CVEs that the hackers used?
Also, will the v5 use anything other than PHP?
 
Head Contributor Wrangler
Staff
Super Moderator
Joined
Jan 18, 2018
Messages
1,966
@blurgh123
No, the coding is just being done by people who actually have webdev experience, not one guy winging it.
 
Joined
Nov 28, 2018
Messages
8
I'd recommend to create account on hackerone and/or other bug bounty sites
And leave some contacts in code where mmm lets say gray hats can get some coins for reporting bugs and vulnerabilities

For example https://securitytxt.org/


PS: Still getting 504 but glad we are back
 
Dex-chan lover
Joined
May 13, 2018
Messages
385
@Dobu
Man I gotta agree on you with this one.
What's the point of 2fa if data breaches are going to spill out all of the user's info?

And those basic features, it could be a life-saver around here.
 
is a Reindeer
VIP
Joined
Jan 24, 2018
Messages
3,231
@dobu

You guys are absolutely incompetent. From the very beginning, this site was just a quickly slapped-together replacement for Batoto (may God rest their souls), and for three years it has continued to be just that: hastily slapped-together.
It was coded in a weekend by a single person and then gradually improved on by a single person who isn't even a dev. We know it's shit lol, working on the v3 code is demoralizing to all of the devs. Hence why the plan is for a complete rewrite away from the existing code.

Load times are still ungodly high after what, 3 years of operation and loads of funding through donations and affiliates?
95% of image server traffic loads in under a second according to MD@H stats. The site loads faster than it's ever have recently. If it's slow, that's something pretty unique to your situation.

The backend code is absolute crap and the admins are too ignorant and completely unwilling to fix it.
The admins have nothing to do with it, but you are right that the devs want to kill themselves looking at the current site code. Again, hence the plans for a rework. Everything we do is just firefighting attempts to keep v3 going until v5 exists.

It's absurd that you still have no real support/contact page/instructions
Batoto had a support forums, an IRC channel, and reports. We have a support forum, a Discord, and reports. Your standards between us and Batoto are kind of... lol. Batoto even ran ads all the time too, you know? What we're doing with one tiny banner isn't even close to the level of ads they had.

a system to verify scanlation groups without having to go to a forum thread and wait on an admin to check the groups thread
Even in v5 it'll be a manual process. Sorry that you don't have to deal with the people attempting to upload ads and bait images to the website.

And long-requested basic features
We've said time and time again that v3 won't receive many updates as v5 is our focus. There's no point coding something awful that works with the v3 codebase and then having to reimplement it into v5.

this site is absolute trashfire, and I'm tired of dealing with the admins' complete and utter incompetence
Well, feel free to make your own website. We don't ban people for criticizing us, lol. You're acting a bit silly.
 
Joined
Mar 23, 2019
Messages
11
Love mangadex been using it for 4 years now. Would love it if i could donate some money to support the website. Thanks for the transparency.
 
Joined
Apr 20, 2020
Messages
4
It happens, I already know that you take steps to prevent this and software is never perfect. Glad to see you back up
 
Status
Not open for further replies.

Users who are viewing this thread

Top