Sticky : Fall 2014, Summer 2014 and Spring 2014 Anime Charts

Click on any of the links below to go to the relevant topic :

  • Fall 2014 Chart v3 (2014.09.21) : Fall 2014 Anime
  • Summer 2014 Chart v3 (2014.06.23) : Summer 2014 Anime
  • Spring 2014 Chart v3 (2014.03.26) : Spring 2014 Anime
  • Picture of the day – 01/10/2014

    01.10.2014

     

    Picture of the day – 30/09/2014

    30.09.2014

     

    Picture of the day – 29/09/2014

    29.09.2014

    Beat of the week changed to Hanayuki.

    And yes, there will be another version of the Fall 2014 Anime Chart, probably this week. Stay tuned ;)

    Have a great week.

    About the recent downtime

    Dear users,

    On September 25th, the entire network went silent for about 24 hours. This came without warning, and has surprised quite a few of you.
    This was not a maintenance routine, but a preemptive measure against the recently disclosed Shellshock vulnerability, referenced as CVE-2014-7169.

    This vulnerability is designated as particularly dangerous as it is extremely easy to exploit, and can potentially affect hundreds of millions of Internet-connected objects (computers, smartphones, etc). A simple request through a webpage can be enough, if a few other conditions are met, to inject malicious code or payloads inside the server, thus bypassing most security tools in place.

    Not long after the public disclosure, I began looking for more information on the subject. CGI scripts looked particularly vulnerable, and most shared-hosting companies tend to use these with an Apache server and CPanel, making them vulnerable to this threat. Hopefully at Neregate we’re cool people so we already ditched Apache for Nginx quite some time ago, meaning bye-bye to all CGI scripts.
    However, just because CGI scripts are considered vulnerable doesn’t mean that they are the only possible attack vector an attacker can use against your server; thinking otherwise would be a naive assumption.

    After looking at possible workarounds while waiting for an official fix, I came to the conclusion that it’d be safer to shutdown everything rather than just wait for bad things to happen, so I took the decision of stopping all services, including the mail servers (which is the first time I had to go this far).

    Now, you’re probably thinking that this is a rather excessive measure for a small site like this, as Neregate isn’t a juicy target like the big corporate companies out there. While this is a legitimate thought, things are never that simple. Shortly after the bug disclosure, some people began scanning wide ranges of IP addresses to look for vulnerable servers. With a bug that is so easy to exploit, it wouldn’t take long for someone to code a worm that tries all sorts of code injections while looping on IP addresses. Rather than taking the risk of getting infected, shutting everything down and waiting for a fix seemed like the best solution. Unlike the big players out there who can invest a lot of money in security, small websites like this one can only cross fingers if they stay online. Also, dealing with a virus that has already infected your server is WAY more tedious & time consuming than trying to prevent an infection. The probability of infection was likely very low, but it could not be ruled out.

    Too many people do not give a fuck about the safety of their users, never update their systems, or keep themselves informed. While this is understandable for people on shared hostings (since they have little to no control on system updates), this is not acceptable for people who have full control on a server. As most of you know, your privacy and safety are among my top priorities, because a good browsing experience should also be a safe browsing experience. This doesn’t mean that trouble will never occur, but the risks are definitely reduced, and I take the matter very seriously.
    (Reminder : HTTPS is coming in a few months)

    The patch to fix the vulnerability was posted a little while ago, and after reviewing around 6 gigabytes of logs, there was nothing indicating that the vulnerability was exploited on the server. There were several traces of scans attempting to assess whether or not the server was vulnerable (baka.bz & neregate.com being the prime targets), hopefully it didn’t go any further than that. I also saw some pretty scary and clever attack patterns that were unrelated to the current problem and wow, there’s some massive shit going on behind the scenes (but that isn’t new).

    As a general precaution, never visit websites that claim to help you by scanning a website for a vulnerability. These websites are often scams that make gullible people enter their website address, and feed a database of vulnerable websites. Also, if you use this kind of service to input a website you do not own but you like to visit, all you are doing is potentially put that website’s owner into danger. Think twice, be responsible.
    You do NOT need to test your website using a third party! Just have a look at the vulnerable versions of the bugged application, and see if you are up to date or not. Bug disclosures always come with a list of the vulnerable versions : use them.

    MAC users “should be” protected against this vulnerability unless you did some tweaking to your services, although you should be on the lookout for a system update (if Apple didn’t release one already). Linux users, in general, should update their systems as soon as they can.

    Whenever you see the website being offline, have a look on Facebook and Twitter for updates.

    I apologize for the downtime. It kinda comes at a bad moment since a lot of you wanted to download the new Fall chart and were unable to do so.
    However, safety comes first, and the situation called for it. Hopefully this should not happen very often.

    Best regards,

    Zana

    Picture of the day – 27/09/2014

    27.09.2014

     

    Picture of the day – 23/09/2014

    23.09.2014

     

    Picture of the day – 22/09/2014

    22.09.2014

     

    Fall 2014 Anime Chart v3 Released

    [neregate.com] Fall 2014 Anime Chart v3 Thumb






    Version 3.0 of the Fall 2014 Anime Chart.

    Fall 2014 Anime Chart v3

    Picture of the day – 20/09/2014

    20.09.2014

     

    Picture of the day – 19/09/2014

    19.09.2014

     

    Picture of the day – 18/09/2014

    18.09.2014

    Been sorting out some artists for a few Japanese Artists posts.
    Expect a couple of those in the coming days.

    Picture of the day – 17/09/2014

    17.09.2014

     

    Picture of the day – 16/09/2014

    16.09.2014

    Beat of the week changed to Kimi Janakya Dame Mitai.

    In case you guys forgot, the v3 of the Fall chart is planned for this weekend. Come say hello on the livestream if you feel like it.

    Have a great week!

    Picture of the day – 15/09/2014

    15.09.2014

     

    Subscribe to Posts

    Email: