Golden Sun Hacking Community
June 22, 2017, 11:55:41 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
  Home   Forum   DC Wiki Help Search Calendar Downloads Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Important announcement regarding forum malware attack  (Read 966 times)
0 Members and 1 Guest are viewing this topic.
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« on: March 21, 2017, 12:17:47 AM »

Hey everyone, I've got some bad news and some good news.


The bad news: It's just been discovered that goldensunhacking.net was infected with malware around the end of February in 2016.

The good news: There is no indication so far that the attacker was trying to target user data, or impact normal site visitors in any way.



I'm still sifting through everything to determine the damage, but fortunately what I've analyzed so far indicates that the attacker was just using our server as a proxy.  What that means is that they were masking their IP address as our server's to access other sites.  I haven't found anything yet that would indicate regular users of the site would have been impacted by the malware, but I will keep you updated if I discover anything that indicates otherwise.



21 Mar Update

I've found code that could have been used to redirect traffic coming in specifically from the search providers Google, Yahoo, MSN, AOL, and Bing, or replace all of the links on the site with different links for traffic coming from those same search providers.  It appears to have never been configured properly though, and would not have been functioning.  So far this is the only code I've found that could have impacted normal users, but again it would have required additional set up that was not performed, and would not have been functioning.

Although there are still no indications that user data was targeted, I'm continuing my analysis of all of the site's files to make sure, and will keep you informed.  I have no estimate for when I'll get the site up and running again, making sure everything is clean is my main priority right now.
« Last Edit: April 02, 2017, 01:59:26 PM by Atrius » Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Atrius
Programmer Extraordinaire
Web Host

Fear my blades

Veteran Member
*

Coins: 1
Offline Offline

Gender: Male
Emblems: Website Founder
Clan Position: Creation God of Sol
Posts: 1751

« Reply #1 on: April 02, 2017, 02:20:28 PM »

I've completed my clean up of the Malware, I'm pretty confident that we're clean now, additionally, I've made sure we have the latest security updates installed on the forum.

I'm still not sure how it happened in the first place, it's possible the attack didn't even originate on this site.  One of the dangers of using a shared hosting environment is that things can leak over from other sites on the server.  Regardless, I'm going to be keeping a closer eye on things for a while.
Logged

I'm shaking my head in general disapproval of everything
View Profile WWW
Pages: [1]   Go Up
  Print  
 
Jump to:  

Cbox
Today at 08:57:37 PM
Fox: @conundrum = Think about 8/16/32 bit aligned address, and what that means... Etc.
Today at 08:55:23 PM
Fox: @Space manager thought for gsmagic = What a conundrum... Whelp... I'll just do whatever.... Probably would waste more time thinking about preventing bugs than coding anyway. :P
Yesterday at 09:30:34 AM
Fox: Because he quit a long time ago and has other priorities?
Yesterday at 08:35:54 AM
javi3: Atrius, por que no sigues con el editor de golden sun?
June 20, 2017, 10:52:48 AM
Fox: It feels like the safest bet is to do Atrius's repointering system, and have something that organizes the tables done a bit separate... er... Well, it's something to think about.
June 20, 2017, 08:53:41 AM
Fox: HOWEVER... I can see other problems that might cause..... (Even with just the pointer in the MFT)  Meh. It's like you actually need a program to apply patches to do it appropriately.
June 20, 2017, 08:46:38 AM
Fox: ... So... What am I thinking? You ask? That the patches the point data after MFT, should have had pointers in the MFT themselves.... In that case, I can see a possibility of everything working smoothly even if space is needed to the very end of the ROM.
June 20, 2017, 08:37:22 AM
Fox: It's basically that everthink from the point of  editing, to the closest free space to the last entry's address would get repointed forward/backwards depending on space needed... and if space is mapped after patches are added, then that could mean the patches are also repointed. (:o)
June 20, 2017, 08:29:03 AM
Fox: Well, I mean if I map the space out the same way Atrius did it.
June 20, 2017, 08:26:41 AM
Fox: I have a hunch... when I add Map Palette editing the way I'm thinking about... it will cause all patches that repoint to after the MFT to break.... Especially if Atrius's editor wasn't used beforehand. Etc.
June 20, 2017, 07:27:17 AM
Fox: Hmmm... Let's see... regardless of method, I think I still do want to take some of Atrius's Space Manager code... Hmm.....
June 20, 2017, 07:07:27 AM
Fox: say*
June 20, 2017, 07:07:19 AM
Fox: I'd go so far as to see.. even if you are trying to be accurate, there could still be inaccuracies... However, that one was just an example where it was clearly intentional.
June 20, 2017, 07:04:03 AM
Fox: Like*
June 20, 2017, 07:03:55 AM
Fox: Let that one time where they tried to clip a guy out... To put it as short and vague as possible.
June 20, 2017, 06:58:52 AM
Fox: But in case you do watch it... I do know the story on TV that they tell... is not always accurate to what actually happened... (From what one can find out from the feed.) ... but usually the fansites will let you know about that.
June 20, 2017, 06:37:54 AM
Fox: Depends, as each person may have a different opinion... (I'm thinking you might find it like other "reality" shows..)  ... I'm not really into Survivor at current.... I also question if it was something about Julie Chen that made it a little more interesting.... .being the an iconic host that she is.. Weird.
June 19, 2017, 11:57:31 PM
Dendrophiliafish_the_skull_licker_xxXXDx101XyeahbabyyeahxxXX: Honest opinion but is it any good or is it just like all other "reality" television?
June 19, 2017, 11:57:00 PM
Dendrophiliafish_the_skull_licker_xxXXDx101XyeahbabyyeahxxXX: I have a friend who is obsessed with that show and Survivor and he wants me to watch with him.
June 19, 2017, 07:47:18 PM
Fox: So.. as soon as I saw the cast of BB19, I wanted to try to pick my favs on first impression... And I'm curious about these: Elena Davies (Female pick, maybe.) and Kevin Schlehuber (Male pick, maybe. - He's the oldest.) ... whether they even get close to the end or not... I have no idea. Would have to watch them play the game.

Affiliates
Temple of Kraden Golden Sunrise
Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.064 seconds with 21 queries.