Golden Sun Hacking Community
July 26, 2017, 02:46:33 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 1230 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Today at 01:11:03 PM
Luna_blade: was there not a program already supporting delayed messages?
Yesterday at 06:42:07 PM
Fox: Depends on what you're up to... But on the surface, it's not likely you'd need it... I love it when things can be versatile.
Yesterday at 08:41:08 AM
Crystal Sonata: I don't much see a purpose for it, but interesting.
July 24, 2017, 02:53:28 AM
Fox: I'm Teawater, by the way... Hi!
July 24, 2017, 02:52:34 AM
Fox: Who?
July 24, 2017, 02:40:42 AM
Takumi: GUESS WHO'S BACK BITCHES \o/
July 22, 2017, 07:18:23 PM
FoxI felt a sudden Piers reference. :P - @avatar:  And yeah, it's easy to forget about things like that.
July 22, 2017, 07:15:48 PM
leaf: I didn't even realize my avy was still hosted on photobucket. fixed now.
July 22, 2017, 07:15:20 PM
leaf: and... looks like photobucket is kill
July 18, 2017, 02:20:00 PM
Fox: @Gameradar = I like that approach.... 30 second video ad for one ad-free day... as an option.... Interesting? - Of course, keeping to using an adblocker is also an option... but the point is how they made it almost sound encouraging. :P
July 16, 2017, 12:06:02 AM
Fox: Recent research is making me worried that it might not be vulnerable enough to do anything with it. Not absolutely sure, though.
July 14, 2017, 06:12:12 AM
Fox: Well thanks. While it does appear to be a vulnerable glitch, we still need to find a way to succefully abuse it. It's a bit complex, so I'd be amazed if someone actually finds a good method! :)
July 14, 2017, 02:01:57 AM
Ark: Game crash: successful. Shoutouts to Fox for being amazing
July 14, 2017, 12:20:07 AM
Plexa: I'll play around with this stuff on stream in 20 mins or so. No idea if I'll find anything or if I even understand properly what you're doing - but we'll see!
July 11, 2017, 09:50:07 AM
Fox: Initial process of elimination. (When taking into consider if whether you can retreat in a map or not, and if the are contains at least two map code files....) ... I'm left with these to look at: Lemuria Ship, Gondowan Cliffs, Gabomba Statue, Jupiter Lighhouse, Mars Lighthouse, Anemos Inner Sanctum ; Not much room for luck if my hunch is even correct at all... 
July 11, 2017, 08:11:16 AM
Fox: Oh yes... Map code files can be shared across maps, but I don't think the same map code files is used for all maps of an area... So.... I will need to do so testing to verify my hunch about whether NPC Script glitching could even be a thing... or if it is just me imagining things....
July 11, 2017, 07:41:34 AM
Fox: of the commands*
July 11, 2017, 07:41:11 AM
Fox: That is to say... if I recall correctly... that NPC Scripting (idle scripts, I think.)  ... is basically custom code (aka: Not asm/arm/thumb)... and I do believe _at least_ one that commands.... might deal with flags (assuming if I remember)... I need to confirm my hunch, though... but finding tricks to even do script code properly will probably be next to impossible.
July 11, 2017, 07:16:12 AM
Fox: case*

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.081 seconds with 21 queries.