Golden Sun Hacking Community
May 21, 2018, 03:08:18 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 2549 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1758

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1758

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
May 09, 2018, 12:35:37 AM
KyleRunner: The "Start In" field is not editable... I'll try making new shortcuts
May 08, 2018, 09:51:08 PM
Fox: If all else fails, you canmake new Shortcuts to do the same thing.
May 08, 2018, 09:49:53 PM
Fox: Export Properties > Shortcut (Tab) > Target / Start In ; Target (for Export) should be: (filename) 0 , and for Import: (filename) 1
May 08, 2018, 08:52:00 PM
KyleRunner: I can't change the path in properties menu...
May 08, 2018, 01:27:19 AM
Fox: You may need to edit something in properties, though... so it uses the exe file in the same directory.
May 08, 2018, 01:24:59 AM
Fox: It is suppose to be a shortcut, yes.
May 03, 2018, 11:48:05 PM
KyleRunner: Fox, the "export" function in your text editor is just a shortcut... Could you please fix it?
May 02, 2018, 09:53:45 PM
KyleRunner: I come here everyday. I'm working on a Portuguese translation, and the people here help me a lot.
May 02, 2018, 08:56:07 AM
Drake baku: My feel as well, I posted a little as well since my return, but silence was all that followed... At least the forum is a great source for data when hacking GS/ GS2, currently looking for something I have read a long time ago cause my PP recovery psy is not working
May 01, 2018, 09:58:04 AM
Fox: I am thinking a lot of this might be because of Discord?
May 01, 2018, 09:56:08 AM
Fox: Yeah, this forum is more dead than ever before.  February and April have 0 new topics. (All other months prior have more.) And March has lowest number of new posts. (It'd be dumb to count the very first month this site was created.)
April 25, 2018, 09:02:13 PM
Fox: Yes. The best tool is a hex editor. Well.... VBA, VBA-SDL-H, no$gba Debugger, GBATEK, and my documentation.... to use these to learn how the code/data works. Best method because it maximizes your editing ability... and then there is my program gsmagic that I was working on. Still in its early stages, though. (Even after year(s).)
April 25, 2018, 04:21:58 PM
Xendrox D: *exept tla editor.
April 25, 2018, 04:21:29 PM
Xendrox D: is there any other tool for hacking gs?
April 23, 2018, 09:26:27 PM
Atrius: Rarely, but not never.
April 23, 2018, 08:01:48 AM
Drake baku: Can it be, the god who created the editor, atrius. I heard you never came back online here anymore
April 20, 2018, 02:46:36 PM
KyleRunner: Atrius!!
April 19, 2018, 11:29:46 PM
Atrius: @Fox, I tried, but for some reason Mario Golf won't boot, and Mario Tennis crashes when you patch out the text compression, and I'm not sure why...  The normal text loading functions in them are basically the same as the ones in the Golden Sun games.
April 16, 2018, 07:44:36 AM
Drake baku: So it took about halve a hour of letting my lap stay off for it to suddenly work again
April 16, 2018, 07:31:28 AM
Drake baku: All of a sudden fox his editor gets errors. When trying to start it, thing worked fine yesterday...

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.043 seconds with 21 queries.