Golden Sun Hacking Community
January 22, 2019, 07:03:01 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 2898 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 0
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1763

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 0
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1763

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
January 20, 2019, 06:29:27 PM
Fox: That would be cool to have, yes. Where the text in the ROM is uncompressed. - The huffman compression used in the gba games is not used in the nds game, so perhaps that may be one reason it wasn't done. I think it is some generic compression thingy. If someone did do it (and make the entire ROM uncompressed), perhaps I would be more inclined to work on my dark dawn editor. Hm?
January 15, 2019, 05:38:01 PM
KyleRunner: Could someone please create a GSTOOLKIT compatible with Dark Dawn? I'll try to translate that one to my language as well (as I did with the first two games).
January 09, 2019, 02:39:00 PM
Luna_blade: I wonder when true death will strike
January 08, 2019, 03:00:02 PM
Misery: That is true
January 07, 2019, 06:08:38 PM
JamietheFlameUser: so this place is pretty inactive
December 17, 2018, 06:43:36 AM
Salanewt: Okay, minor announcement I guess. We just looked over some pre-release footage of GS1, and noticed that one of the unused and unlisted animations we discovered in GS2 (and GS1) plays in that footage. "Brine" is actually an early Fizz.
December 15, 2018, 01:06:23 AM
Fox: :D https://www.youtube.com/watch?v=MFmr_TZLpS0
December 15, 2018, 12:58:01 AM
Fox: A banana for you, a banana for me, a banana to your face. Your face is mine! A face for you, a face for me. A face for the banana too. Who wants to feed the banana?
December 09, 2018, 07:43:31 PM
Fox: A banana for you, a banana for me, let's all open a banana and enjoy!
December 08, 2018, 09:48:52 PM
Drake baku: ba... ba.... bana.... bana.... banana.... nanananananananana..... and now back to doing normal, kinda
December 07, 2018, 05:43:02 PM
Luna_blade: Hey I forgot the christmas theme
November 29, 2018, 09:01:09 AM
zman9000: ded
November 19, 2018, 11:05:28 AM
Drake baku: Good day to ya all
October 30, 2018, 09:45:58 PM
Atrius: There used to be where I got the battle sprites for Kraden, but that site doesn't exist any more.
October 26, 2018, 01:31:40 PM
Infitek: Do you know if there any custom Alex battle sprites available on the internet ?
October 26, 2018, 01:31:01 PM
Infitek: Hey everyone
October 13, 2018, 03:23:06 AM
Salanewt: Updated it to provide more info that I forgot to mention.
October 13, 2018, 03:16:48 AM
Salanewt: I'm still trying to iron out IQ 2 but I'm pretty sure it's entirely random targeting.
October 13, 2018, 03:16:29 AM
Salanewt: Oh yeah, I posted some more info about enemy IQ.
October 12, 2018, 09:51:27 PM
FoxThe HTML5 project is too small to count

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.06 seconds with 21 queries.