Golden Sun Hacking Community
April 28, 2017, 12:11:49 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 321 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Today at 03:06:05 AM
Rolina: Once I'm done with data collection, I'll post a summary of my findings, and will begin by proposing a set of modification categories and their associated values.  Problem is, it'll use my system, so I'll need those more familiar with the two casting systems (MPP and INT) to translate the intent of the modifers properly.
Today at 03:03:18 AM
Rolina: ---extra turn, it's good now because of my proper hard mode" nonsense method of fixing the lower difficulty curve of the games.  I think the first thing to look at is the Size and Type of enemies.  A small plantoid should have substancially different than a medium goblinoid, imo.  Especially when you start factoring in other modifiers, such as body shape, the role in combat, monster tier level, and even manual tweaking.  Sometimes, a turtle just needs that extra 10% defense to really make sense.
Today at 02:59:39 AM
Rolina: Yeah.  I was getting data so I can use the trendlines as a basis for an enemy creator using my system.  As it turns out, it may turn into a tool for the GSHC before then just to get some consistant statistical variatino added in.  Between that and your AI project, we could probably do a lot to help with widening the scope of enemies in the game.  Could lead to a proper increase in difficulty that has nothing to do with something simple like "so guys I upped theier stats and gave them all an---
Today at 01:53:24 AM
Lord Squirtle: The "lack of enemy variation" part specifically.
Today at 01:49:27 AM
Lord Squirtle: Lol, that's starting to sound like one of the reasons why I'm planning an AI overhaul.
Today at 12:32:55 AM
Rolina: I thing it goes a long way to explaiing why battles are on the easier side - just a pure lack of enemy variation.  When the big bad dragon shares the same statistical layout as a freaking grub with a stick... well, I figure something should be done about that.  Luckily, we're here to correct such lazy design.
Today at 12:30:41 AM
Rolina: And PP is even worse.  It looks like it's completely divorced from level for most monsters, with them gaining PP based on what and how many spells they have on their movset, usually around 20 for most non-damaging spells.
Today at 12:29:30 AM
Rolina: Been doing some data collectino with enemy stats.  Less than a fifth of the way through so far, and.... well, from the trends I've been noticing, the results look kinda... depressing.  Most monsters seem to follow the same statistical trends, regardless of what type of creature it is.  Could be a bird, a beast, or a freaking turtle - the ratio of Health, Attack, Defense, and Agility appears to be following the same ratios.
Yesterday at 11:36:37 PM
Fox: Sounds like you got what I got way back?  Guess that means the error's still there.
Yesterday at 09:43:50 PM
Caledor: Menu Box patchs for TLA is up. sadly i got an error after uploading so i tried again without checking and now there are 2 patches. If someone could delete the second one i'd appreciate it.
Yesterday at 12:17:52 AM
Fox: (e.g. The process of reomving, replacing, adding, and/or moving around current ability effects to other index numbers.... ETC.)
Yesterday at 12:15:33 AM
Fox: Or an Ability Effect editor, even.... But I imagine most of those would involve have patches applied to help with compatibility, and what not.?
Yesterday at 12:10:36 AM
Fox: Hm. Oh! Did Atrius's Editor contain code from the April Fools version? Might be cool to have that, I'm guessing? - And yes, tools... even specific feature tools... Like an Intellect Editor, maybe.... If it was practical. (Not saying doable, but practical.)
April 26, 2017, 11:58:08 PM
Lord Squirtle: And yeah, "far less user-friendly" as an argument relies on the current lack of tools that could make using that easier.
April 26, 2017, 11:57:26 PM
Lord Squirtle: Since the GS editor is actually slower than using a hex editor is when it comes to classes, especially if you are mostly copying or tweaking existing classes to make full lines for them.
April 26, 2017, 11:56:18 PM
Lord Squirtle: Well I mean, it's the kind of effect that could easily be applied to a number of abilities if one wants. Having to open up a hex editor to use it for each of those abilities would take some time, and wouldn't really be as worthwhile as it can be for classes.
April 26, 2017, 11:50:27 PM
Fox: Far less user-friendly? Hm? I would say it depends on the tools/and such... For example, still haven't gotten my Exporter project done....
April 26, 2017, 10:07:39 PM
Lord Squirtle: But what I was thinking of doing with the unused effects was figuring out which ones are still available and combining them; averaging out the differences between each one so they make up for the ones that are missing.
April 26, 2017, 10:05:36 PM
Lord Squirtle: I may consider moving the effects to the end of the effect list, since I moved the pointer table and added some empty space on the end. My main concern with that is that it would be far less user friendly.
April 26, 2017, 08:06:20 PM
Fox: Heh... Starting to make me want to add the Ability Editor to my own Editor now... So I can do that, and have chance values listed for each and every one. (So it is more specific than Atrius's editor.)

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.073 seconds with 21 queries.