Golden Sun Hacking Community
May 24, 2017, 09:40:09 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 614 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Today at 06:49:14 PM
Lord Squirtle: I guess I'll make a topic for the GBA concept room in Dark Dawn soon.
Today at 04:27:21 PM
Fox: Yep ... There are many libraries for many languages... Python, etc... And then there are things like  the Google apis - e.g. http://maps.googleapis.com/maps/api/geocode/json?address=(whatever you want to search for)
Today at 07:46:43 AM
Luna_blade: I can see how XML/JSON are a thing these days.
Yesterday at 04:52:18 PM
Fox: Easier in the idea that I can reduce required external stuff where the source code isn't available/modifyable (Well, there is overrides in some cases, but still.) ; So it's possible the only "Events" I would require are those of the Form.... (Mouse Events, Keyboard Events, Paint Events, Etc. when needed.)
Yesterday at 04:42:14 PM
Fox: Anyway... I know I am using built-in controls in my current editor, but it is not out-of-the-question that I might just go and make my own custom controls... so that it is actually easier for me (But that'd take a lot of work.)  I'm thinking about one large bitmap object, and just drawing them on it. Problem is, I'm afraid it might not be efficient enough.  So I haven't decided about doing it.)
Yesterday at 04:33:28 PM
Fox: @XML = If I recall, I believe Visual Studio uses it for Settings Variables that remain even after you close the program. (e.g. There's one variable I have in my program that I call "LastRom" to make it easier to get back into the program.)
Yesterday at 04:17:59 PM
Fox: XML/JSON are simple = They are just a way to store data outside the application... ... The complexity is comparable to learning about data trees, I'd say... XML = Looks like HTML  ; JSON = Think Lists and Dictionaries, and nested ones.
Yesterday at 03:51:19 PM
Luna_blade: @the whole static thing: I recently came across the problem that if you use design patterns, objects of the same class might get duplicate info. Sometimes this is very little information, so it seems better to use something class-wide than making a file
Yesterday at 03:47:41 PM
Luna_blade: another thought I had is that I already made some code better...
Yesterday at 03:45:59 PM
Luna_blade: Sure I will open-source it on github once I rewrite it to be more maintainainable. Now that I think about it, I should put some other stuff there as well
Yesterday at 03:44:54 PM
Luna_blade: Yeah I made some code and screens for it in Java. The last thing I was busy working on was the grid for the values and the selection shape.
Yesterday at 03:41:22 PM
Luna_blade: I will learn a bit of JSON and XML soon. I guess those are pretty good replacements for what I meant with static
Yesterday at 03:40:42 PM
Luna_blade: It's an okay article. I prefer reading the java implementations on tutorialpoint
Yesterday at 12:07:19 PM
Fox: article*
Yesterday at 12:07:06 PM
Fox: Oh yes, there's a whole artice on design patterns at wikipedia? https://en.wikipedia.org/wiki/Software_design_pattern
Yesterday at 07:20:37 AM
Fox: Oh yes.... Just checked.... Program.cs has "Application.Run(new Form1());" ... AND.... Program.cs is a STATIC class, so my hunch is confirmed. (In a way.)
Yesterday at 07:12:43 AM
Fox: So... I'm assuming that it is like a tree, and your top level file should be the static class, with all the other object classes linked from it? (Like a tree?) - Wonder how the Dessigner treats Forms. (How are Form objects linked to a static class, if at all?)
Yesterday at 07:00:51 AM
Fox: (Since I can have incredibly bad wording sometimes :P)
Yesterday at 06:59:50 AM
Fox: (Well, started "?" was more implying whether you made any public releases yet....
Yesterday at 06:59:02 AM
Fox: Wait? You started a Hed Editor? Curious if you were going to open-source it....

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.061 seconds with 21 queries.