Golden Sun Hacking Community
June 28, 2017, 01:56:13 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 1042 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1754

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Yesterday at 10:52:35 PM
Fox: romhacking changed their appearance? A little bit.  Interesting...
June 25, 2017, 08:29:25 PM
Fox: Not as bad as a "HP to 1" hit... unless it kills you in one hit... but yeah, basically.....
June 25, 2017, 07:34:34 PM
Eon713: Toxic works similarly, first turn= 1/16 damage, 2nd 2/16, 3/16, etc. After a while you literally cannot survive the damage even at full health
June 25, 2017, 05:28:05 PM
Fox: With stacking support. ... So might be different numbers.
June 25, 2017, 04:58:36 PM
Fox: *Looks up* ... I suppose that could work. I had in mind that the damage would be greater than that max HP possible after like....  10? turns. So....random numbers:  5 10 20 40 80 160 320 640 1280 BOOM! (>2000)
June 25, 2017, 03:02:53 PM
Eon713: like toxic from pokemon?
June 25, 2017, 02:14:33 AM
Fox: @early stages = Small... or even no damage at all
June 25, 2017, 02:08:11 AM
Fox: Hm. Random thought of a mechanic like a poisonous snake bite. = Starts out with small damage... and if not treated, does big damage... In real life, waiting a long time makes the *poisonous* snake bite look really nasty, I believe. Or maybe that was some reality(?) tv I was watching once a long time ago....
June 24, 2017, 10:52:03 PM
Fox: Ooh... Salanewt's name is back! Hi Salanewt's name! And hello to you as well Salanewt! ; And yeah, SMF (and name) has been amazing.
June 24, 2017, 07:36:19 PM
Salanewt: Aw, RIP one of the best names this site has ever seen. It was time though!
June 24, 2017, 01:47:25 PM
Fox: 1pt text is great, yeah.... Meanwhile, I start feeling like I want to document GS2's MFT stuff. - Especially listing which file uses which compression format... to kind of get a sense of how gsmagic _could_ work.... Er....
June 23, 2017, 02:25:42 PM
Seto Kaiba: you know I miss how SMF is almost dead now because having 1pt text to hide my true feels was perhaps the best part of web 2.0
June 23, 2017, 04:19:13 AM
Fox: Alright. Sounds good.  I agree it does seem a bit silly.  Sounds more of an April Fools type of thing. (Maybe having an ability for people to change their names limitless times specifically on April Fools is an idea.)
June 23, 2017, 04:09:25 AM
Kain: Sala asked me about the name, I thought it was silly but agreed he could have it only for a week.  Tomorrow his name goes back to Salanewt.
June 23, 2017, 03:29:10 AM
Fox: And yay! Atrius is back! Thanks for the reply. Somehow I didn't notice the recuriveness before.
June 23, 2017, 03:25:29 AM
Fox: @ridiculous name for a week =  Hm? So, how many characters would you say should be the maximum to have a name "permanently"... or better yet... How many characters can a name have on registration?
June 23, 2017, 01:00:50 AM
Atrius: @Javi3, Lo siento, ya no tengo tiempo.
June 22, 2017, 08:57:37 PM
Fox: @conundrum = Think about 8/16/32 bit aligned address, and what that means... Etc.
June 22, 2017, 08:55:23 PM
Fox: @Space manager thought for gsmagic = What a conundrum... Whelp... I'll just do whatever.... Probably would waste more time thinking about preventing bugs than coding anyway. :P
June 21, 2017, 09:30:34 AM
Fox: Because he quit a long time ago and has other priorities?

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.087 seconds with 21 queries.