A normal day on FimFiction
Typical FimFiction Author

FimFiction is the largest internet database for fanfiction of or relating to the My Little Pony fandom. While that fact alone makes this site a hell-hole of itself, the incompetent limey Graeme Pollard (aka Knighty) is the head admin, who, with a lack of basic knowledge of web security, or really anything other than beating off to stories about sapient ponies fucking, tries his hardest to manage the site. Unfortunately, a number of trolls have chosen to target FimFiction, ultimately ruining the LOVE AND TOLERANCE experience for every user, especially by maliciously exploiting Knighty's failure of a web framework.

<knighty> Silicas it's my fault

<knighty> dont pay me for beign a bad coder



ASCII representation of Knighty
  • On January 27, 2012, the NCF and GNAA came together to take advantage of a XSS vulnerability in FimFiction. It was then discovered that Knighty, being the genius he is, was storing password hashes in cookies. The result: Knighty's cookie stolen, the website defaced, and hundreds of hashed passwords taken. Read more here.
    • The Practical Solution: Mass logout, stop storing password hashes in cookies.
    • Knighty's solution: Not knowing what to do, Knighty disconnected the DB, effectively shutting the site down. He later bound cookies to ip addresses to prevent such an incident from reoccurring, but forgot to fix the vulnerability.
  • On December 4, 2012, a CSRF vulnerability was utilized to join almost 1000 users to a group titled "FAGGOT HORSEFUCKER AUTISTS". In addition, a similar exploit was used to delete users' journals without their consent.
    • The Practical Solution: Fix the problem by using an authentication key with every request.
    • Knighty's solution: Remove the deletion feature, delete troll groups as they are created.


If you are reading this...

Check your groups page. Somebody posted an autojoin comment, so you have (probably) been added to a group called...

(I shudder even to type it)


Yep. You read that right.




In addition to a horrific site, FimFiction has an irc channel on the grossly incompetent network irchighway (that is vulnerable to the Firefox XPS IRC Attack). #fimfiction has historically been such a prime trolling target that for months +R (registered users only) has been forced to prevent the massive bot spam they had grown accustom to.


<Silicas> Not much, anymore. was hacked earlier today, but that's all sorted out now.
<FireSoul> Oh dear.
<FireSoul> Why would anyone hack FiMFiction?
<Lamia> so is that the reason registration is closed
<Wizardmon> it was just some script kiddies
<FireSoul> Ah.
<Carmine> I'm going to sleep.
* Carmine is now known as Carmine|Sleepy
<StSebastian> Gnight Carmine
<Carmine|Sleepy> Long day of writing 400 words.
<Wizardmon> all they did is put goatsee on it and then the administrator took the site down and fixed the security hole
<Lamia> I ain't seen that in a long time
<Wizardmon> they also chat bombed us in here, but IRCops allbanned them
<vapbt> hey, i just heard about the hacking thing, should i change my password?
<Parchment_Scroll> No reason to believe database was accessed, last I heard.
<Parchment_Scroll> Stupid busted monitor.  Send it to the moon, Tia!
<vapbt> oh ok, so im safe?
<Parchment_Scroll> Should be.
<vapbt> im glad i can trust you guys c:
<Smayds> everything's fine. Knighty and the IRCops did a stellar job.


Twitter-favicon.png FIMFiction_TXT is an account to publicly display the horrors that occur on, including such memorable statements as:

I was going to just say that this is bad and you should feel bad, but I read the last paragraph. Did... did you just start crying during sex?


Fluttershy is trying to model for Rarity, but something between her legs is getting in the way.


NO Twilight, NO!” Spike yelled as he realized Twilight’s true intentions. “No more of these spells that fuel your sick sexual desires!


