Golden Sun Hacking Community
September 20, 2017, 02:16:55 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 1448 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Today at 12:08:05 AM
Atrius: Thanks for letting me know, it should be fixed now.
Yesterday at 11:47:02 PM
Fox: Okay cool.  Speaking about broken things = There was some error I've known about for awhile now:  When you try to upload something to the Downloads section. The user may think the upload failed, but it actually succeeds. - I wonder if that was one of the few things? And whether that could be fixed if it hasn't yet.
Yesterday at 11:42:01 PM
Atrius: Oops, that wasn't even supposed to go up.  So, our hosting company moved the site over to a different server, and I was just updating some settings to fix things that broke in the move.
Yesterday at 11:39:18 PM
Fox: @Atrius: Probably going to need to update the Maintenance Description... I was confused at first, but it says 20 Mar 2017.
Yesterday at 07:29:35 AM
dawnbomb: can someone link me the discord
Yesterday at 04:52:32 AM
Majora: That's hilarious, lmao. I thought it read like something you might have written, Fox, was almost unsure if it was a bot at first
September 18, 2017, 03:01:57 PM
Fox: Yeah, he copied this post: http://forum.goldensunhacking.net/index.php?topic=1425.0
September 18, 2017, 02:57:48 PM
Fox: (Although, not sure about the last part, it just feels strangely familiar for some reason.)
September 18, 2017, 02:56:43 PM
Fox: BOT ALERT! Kill it, kill it! I think it copied one of my posts? :P
September 17, 2017, 12:58:02 AM
Fox: Not saing we actually need those ofcourse (we don't?), but more saying that minorities could get too attached to them.
September 17, 2017, 12:54:47 AM
Fox: I think it's interesting how Facebook likes to start things, and then retire them. For example, Advanced Search, and E-mail. - They seemed like pretty fine features in my opinion, but retiring them because most people aren't using them at that time? I'm not sure if they know what they're doing, but it sound like they don't. :P
September 14, 2017, 12:59:16 PM
Fox: (At leat when I think about establishments...)  ; Oops, pardon my rudeness... .I forgot to welcome you back.... Well... WElcome back! We are glad you've returned.
September 14, 2017, 12:52:57 PM
Fox: (Just want to clarify that "founded" may be an actual word, but sounds weird the way it was used.)
September 14, 2017, 12:47:42 PM
Fox: Cringy? Let me check... Hm... Low number of posts [check] (5 posts) ; misspellings/grammar [check] ("Toturial" (Torture-ial?) , ; founded, ehh.... double past-tense?) ; The best part is at least the posts have a positive attitude! (That may be the most important part?) :)
September 14, 2017, 05:59:01 AM
KeinoGSTLA: back then my posts were so cringy lmao
September 14, 2017, 05:58:39 AM
KeinoGSTLA: damn feels good to find this place again
September 10, 2017, 04:27:04 PM
Fox: I don't suppose there is anything else? ;; Hmmm... What if a Big Brother game was similar to ... er.... Exit/Corners .... which seems to have a Trust system. 
September 06, 2017, 11:02:17 AM
Plexa: Honestly we haven't looked into that ... I completely forgot about it until now!
September 06, 2017, 05:44:33 AM
Fox: (Referring to the box/crate that would allow you to get stuck.)
September 06, 2017, 05:43:42 AM
Fox: Is SW Atteka Islet the only one that forgets to update the heightmap when save/resetting? ... The Move pillar seems to update it fine... Hm.

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.038 seconds with 21 queries.