FurBuy

tl;dr version

We're down for a few months. We're coming back soon-ish with our new site once it's ready. You can sign-up for notifications below.

What happened to the site?

On Thursday night (May 23, 2019) our systems came under attack by an individual using a security hacking suite to exploit our system. Long story short, the attack locked-up our database server while we were in the middle of performing an emergency database backup, and we required our on-site host to perform a hard reboot of the server. The combination of an old server, a very strong attack, and having to hard power-off the server during a backup caused the disk volume (hard drive) to become corrupted. We repaired the disk to the best of our ability, but the database was damaged irrevocably and all of our attempts to restore the database have failed. We were able to repair a few tables completely, most partially, and several others were completely lost. Which means the site is no longer operable or recoverable.

We found the hard way that our database backup system has been failing for over a year now, since shortly before our systems administrator passed away from thyroid cancer. The last complete backup of our database we have is from October 2017 and we feel it would be a massive slight to our users to pull that back-up out and run the existing software/site using it, and wiping clean over a year's worth of activity on our system. Mistakes were made here, undoubtedly, and we will own that. And learn from it.

So what happens now?

For now, we are retiring the old (very old) software we wrote (mostly in 1999) which means there will be no FurBuy for the time being. It's honestly amazing that the site was able to run for as long as it has on as old a system as it's on. The same physical hardware has been running the site since 2007 when we upgraded it from the original hardware it was built on. The database server was on its last leg. It had a great run - not many commercial sites have a 20-year run like FurBuy did without a major outage or loss like we just suffered. It's a bittersweet time for us right now because we're proud of what was, but we're also retiring it for good...

... and replacing it with something entirely new. For the last couple years, we've been working with a great team of designers, programmers and testers to bring you a completely new website. But it's not done yet. We're close to being able to fully Alpha Test the new system, then we will go into a public Beta Test phase for a few months to shake-out any issues before we finally go live with a stable new site. The new site is loaded with new features, along with all of the old expected features, and a massive expansion in services and support. We have taken great lengths to make the site responsive (meaning it looks just as good on mobile as desktop), modern (using cutting edge web standards), secure (industry standard security, unlike the old site), and faster than ever (and we were already incredibly fast).

Can I be kept updated on what's going on?

Yes you can! We've created a very short survey which you can use to give us your email address to keep up to date with new developments for the site. We will not send solicitations or spam email and only send notifications when we have significant updates. Your information will also not be shared with any third parties.

We are also seeking alpha and beta testers for our new site. If you take the survey in the link below, you can also let us know if you'd be willing to become a tester for one or both of these stages of testing.

For more pressing questions or feedback, you can still contact us using our usual email address:

How long until the new system is up and running?

It's software, so... It's very hard to predict. It depends on how much time we can get from our coders and testers, and what issues come up with testing and deployment. Conservative estimate is 6-8 months. Liberal estimate (assuming all goes perfectly) maybe 3-4 months. But we'd like to do at least 4 weeks of Alpha Testing and another 4 weeks of Beta Testing (minimum) before we officially make it live to everyone. Feedback and testers are strongly encouraged and welcome! Since we're writing new software, right now is the best time to be heard and influence the new system!

The support we receive from users and fans and the community will have a dramatic impact here, genuinely. We need to hear your support and feedback - it's what keeps a system like this running.

Was any sensitive data obtained by the hacker?

Absolutely not. We have confirmed that the hacker did not access any personal data, emails, passwords, etc. from our system. The only thing they got access to is our source code and the images that users uploaded themselves within the site (if you uploaded sensitive information as an image, we're sorry, but that's on you). Images you have sent via email are still secure and were never accessible. Our database was strongly secured using location-based security, the hacker did obtain our database credentials but without having physical access to our VPN there was no way for them to use it. Our new database system is even more strongly secured and the credentials are not stored in our source code like the old site (for anyone curious, our new system strongly adheres to the 12-factor Application design methodology).

Why did it take so long to hear about all this?

Our main tech has been in the middle of an 1100 mile move with a spouse, 3 cats and 3 moving trucks of cargo. And still managed to find time to investigate the corrupted disk, attempt to rebuild the database using numerous tools and techniques, and then get this new placeholder setup and hosted. FYI the move is still ongoing and our staff won't get fully into swing working on the new site again for another couple weeks. Did we mention our sysadmin passed away a little over a year ago? They did a fantastic job keeping our systems going and they are badly missed, it will be very hard to fill that void in our team.

I paid for a subscription recently, can I get my money back or will it still be honored?

While we did lose our database, we did not lose our Paypal history nor our emails (which are hosted by Google). So we still have record of all of the payments made over the last few years. While we will not be offering refunds (in accordance with our posted policies), we will be granting a full year subscription to anyone who subscribed on or after December 1st, 2018 and a 6-month subscription to anyone who subscribed between May 1st, 2018 and December 1st, 2018 - at the subscription level they subscribed to at that time. Which means nobody loses anything they paid for, in fact we're giving most users additional subscription time for free.

Thanks For a Great Run!

We look forward to serving you again soon!