Creative Commons license icon

FurrTrax is a new furry social network

Your rating: None Average: 4 (13 votes)

FurrTrax is a mobile app, social networking site and collaboration system to help members of the furry fandom organize, plan events, make friends and find other furries in their local areas or with simular interests.

Key features include public and private chatrooms, including video chatrooms, a public shoutbox, webmail hosting, heavily customizable user profiles, with user manageable comments walls and user image gallery and file sharing, GPS distances of members (but not actual pinpoints), event posting and planning, singles and dating, private messaging, image galleries, a section for authors and their stories, including fiction and non-fiction, user forums, a classified section, a user to user store, groups pages with group walls and status updates and notification. Instant messaging is not yet available but is coming soon.

FurrTrax is not a paysite, or a subscription site, and does not require any purchase of any kind to use all of the sites sections. There is however a Donator Rank which offers some basic bonuses including choice of name color, colored chat text, the ability to add background images to profiles, attach extra profile pictures over the default of 10, embed YouTube videos on profile and access the rich profile editor tool. The minimum donation is one dollar. All features not listed here are given to basic members by default.

The FurrTrax mobile site is also in transition to a new Jquery mobile theme, so some pages may not match the look of others. This is temporary.

The FurrTrax System was built in its entirety by DarkXander, a member of the fandom from Phoenix, Arizona, on Linux using PHP, Java, and MySQL. All PHP programming was written from scratch in Linux G-Edit similar to Windows Notepad. FurrTrax does not use or rely on any third party frameworks, CMS systems or libraries.

FurrTrax has also been built with a strong concern for its security, is a full CloudFlare Pro Site, and has been heavily tested for security flaws via SSL security test, automated exploit scans, Securi test and Web Inspector. FurrTrax also has its own custom built in detection engine for SQL injections and XSS attempts with an ever growing list of patterns it can detect and defend against in a completely automated fasion.

DarkXander is a corporate network engineer, Linux system administrator, Linux programmer, and has a background in security auditing, Cisco CCNA and SQL, with experience in both government and private sector IT operations and management.

Comments

Your rating: None Average: 5 (3 votes)

It is good to see the development of new social sites for the fandom. We benefit from increased options, and it's clear that the developer/lead admin of this site really wants to make it one of the better options.

This makes it all the more unfortunate that, despite the concern for security and the now-default use of HTTPS on login, the site retains several core issues which I previously mentioned to the developer:

  • FurrTrax stores login information in cookies, sent to the server with each request, rather than providing a session-specific cookie. This means anyone with access to your browser has access to your credentials, even if you did not "save" them in your browser.
  • The cookies are not marked as secure if you login over HTTPS, but are available in HTTP mode, so even if you think you are accessing the site securely, an attacker might cause you to expose them over a public connection by viewing any site where they can embed images.
  • Moreover, FurrTrax lets you retrieve your password, which suggests that anyone who did manage to break in to it - or gain access to your email account - would be able to retrieve it as well. The one saving grace here is that this feature doesn't actually seem to be working, though I suspect that's just because it can't send you the email.

Writing it all yourself gives you control, but it is not always the best idea when it comes to the foundations. It's been over a decade since it was best-practice to store a one-way salted hash of the password that cannot be feasibly retrieved, and established frameworks do that. There is no need for the password itself to ever hit the database - it just needs to be processed identically on login and the result compared.

Visitors to FurrTrax should not use a password which is used anywhere else (which is good practice in any case).

Your rating: None Average: 4 (1 vote)

Actually, you caught me mid revision today on the password reset system, it doesnt work because its handler file is disabled while im converting it to a hash based reset code, which emails a link to cause the server to generate a random password for the account, which is then emailed again to the email account.

Ive been busy doing extensive re-skinning on the mobile site to make it better function on newer devices, you can take a look at those partly completed changes if you browse the various sections of the mobile site. anything with a blue and red top bar is old, and not updated to the new theme.

Bit by bit FurrTrax moves forward. We recently added push notifications via a mobile app, and were planning to create an IM system as well.

DarkXander
Owner of FurrTrax.com Furry Social Network

Your rating: None

I also just implemented the secure setting on any cookies which are set in https mode.

DarkXander
Owner of FurrTrax.com Furry Social Network

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <img> <b> <i> <s> <blockquote> <ul> <ol> <li> <table> <tr> <td> <th> <sub> <sup> <object> <embed> <h1> <h2> <h3> <h4> <h5> <h6> <dl> <dt> <dd> <param> <center> <strong> <q> <cite> <code> <em>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This test is to prevent automated spam submissions.

About the author

DarkXander (Xander Venterus)read storiescontact (login required)

a network engineer, furrtrax.com owner and Red Anthro Dragon from Chandler, Arizona, United States, interested in car racing, guns, shooting, horse riding, atvs, and general redneckery

Farm Raised, Patriotic, Gun Toting, Horse Riding, Mustang Racing, Proud American Redneck, lolol
Founder, Owner, and Lead Admin of FurrTrax.com Furry Social Network
Holds 21 IT Related Certifications, All Current as of 2015!
Certified Computer Forensics Specialist
15 years experience as a Network Engineer