Logo

Site Incident - 2022-05-10

Register Log In Back To Forums

Post #1 · Posted at 2022-05-10 04:29:28pm 4.7 months ago

Offline al2k4
al2k4 Avatar Admin
9,336 Posts
United Kingdom
Reg. 2006-05-01
Log in to send this user a private messageDiscord: al2k4#0144Twitter: al2k4
Xbox Gamer Tag: al2k4Nintendo Switch Friend Code: SW-6451-2397-9509Steam: al2k4
"BEMANI Sound Team"
A script was injected onto a few pages on the site which caused some pages to not load correctly.

The pages affected was limited to what admins could edit; in this case the script was injected to a few sections of the homepage and a forum category name.

As a precaution, I have hardened security on the server and changed various passwords and have advised moderators with admin privileges to also change their passwords.

I will be adding directives to the site so unapproved scripts will not be able to run.

Let me know in this thread if you have any questions or concerns.

Post #2 · Posted at 2022-05-11 12:26:59pm 4.6 months ago

Offline AxelWasHere
AxelWasHere Avatar Member
1,489 Posts
United States
Reg. 2012-07-13
Log in to send this user a private message
Steam: bright151
"No."
Legit question, does this pose a threat to our emails / passwords?
https://i.imgur.com/vnrpBDk.gif

Post #3 · Posted at 2022-05-11 01:21:38pm 4.6 months ago

Offline travelsonic
travelsonic Avatar Member
177 Posts
Not Set
Reg. 2006-10-18
Log in to send this user a private message
Steam: terminalcancer
Quote
A script was injected onto a few pages on the site which caused some pages to not load correctly.

Can you elaborate more on this? If not, as in for legitimate reasons, dun worry, but I am curious about what happened (and if pages not loading correctly was the extent of it).

Post #4 · Posted at 2022-05-11 06:46:36pm 4.6 months ago

Offline SocialDragon322
SocialDragon322 Avatar Member
157 Posts
United Kingdom
Reg. 2019-09-13
Log in to send this user a private message
Sorry then...

Post #5 · Posted at 2022-05-11 08:17:02pm 4.6 months ago

Offline al2k4
al2k4 Avatar Admin
9,336 Posts
United Kingdom
Reg. 2006-05-01
Log in to send this user a private messageDiscord: al2k4#0144Twitter: al2k4
Xbox Gamer Tag: al2k4Nintendo Switch Friend Code: SW-6451-2397-9509Steam: al2k4
"BEMANI Sound Team"
Quote: AxelWasHere
Legit question, does this pose a threat to our emails / passwords?

I don't believe any credentials were compromised as the script would not have access to the database.

Quote: travelsonic
Can you elaborate more on this? If not, as in for legitimate reasons, dun worry, but I am curious about what happened (and if pages not loading correctly was the extent of it).

From what I can see in the script, it seemed to try and inject ads onto the site based on which page users visited.

Post #6 · Posted at 2022-05-12 03:59:05am 4.6 months ago

Offline SomethingRandom
SomethingRandom Avatar Member
2,705 Posts
United States
Reg. 2015-02-21
Log in to send this user a private messageDiscord: SomethingRandom#3719
Game Center Nickname: blearymoos
"bootylicious "

Post #7 · Posted at 2022-05-12 04:42:19am 4.6 months ago

Offline aidan9030
aidan9030 Avatar Member
374 Posts
Canada
Reg. 2015-02-15
Log in to send this user a private messageSoundcloud
CROSS×BEATS User ID: gone...
"3.6 not great not TERRIBLE ok."

Last updated: 2022-05-12 04:48am
is now the time to point out their extensive history of thread (necro)bumping & out-of-context posts?

Post #8 · Posted at 2022-05-23 04:06:20pm 4.2 months ago

Offline DDR Addict
DDR Addict Avatar Member
1,454 Posts
United States
Reg. 2009-09-23
Log in to send this user a private messageTwitter: https://twitter.com/Trot100NewsYouTube
Nintendo Network ID: RimeTM3DS Friend Code: 3454-0657-8756
"Let's Do the Rain Dance"
Yesterday, there was an outage for several hours that didn't use the bespoke page regarding server load. Maybe it's just me being too antsy, but can we get assurance that this wasn't another script injection attack that may have been more effective than the last one?

Post #9 · Posted at 2022-05-23 05:20:13pm 4.2 months ago

Offline SocialDragon322
SocialDragon322 Avatar Member
157 Posts
United Kingdom
Reg. 2019-09-13
Log in to send this user a private message
And a war attack that won't happen again?

Post #10 · Posted at 2022-05-24 12:20:14am 4.2 months ago

Offline Sigrev2
Sigrev2 Avatar Member+
4,047 Posts
United States
Reg. 2009-10-17
Log in to send this user a private messageSkype: slimetimeplayerDiscord: DJ Vortivask #6276Twitter: djvortivaskSoundcloudTumblrYouTube
Xbox Gamer Tag: Sigrev2PlayStation Network: Sigrev2Nintendo Network ID: Sigrev2Nintendo Switch Friend Code: SW-2884-7660-3799Steam: Sigrev23DS Friend Code: 3883-7652-3160
"suffering from success"
Someone let the mice into the machine again smh what did I tell you about cleaning out the crumbs

Post #11 · Posted at 2022-05-25 01:11:55pm 4.2 months ago

Offline RGTM
RGTM Avatar Moderator+
7,078 Posts
United States
Reg. 2007-07-19
Log in to send this user a private messageDiscord: RGTM#2428FacebookTwitter: xRGTMxSoundcloudYouTubeTwitch
Nintendo Network ID: xRGTMxNintendo Switch Friend Code: SW-6034-2315-7724Steam: xRGTMxGame Center Nickname: xRGTMx
"BBCode Not Allowed"

Last updated: 2022-05-25 01:24pm
According to al2k4, the incident that occurred last Sunday (May 22, 2022) was caused by the same kind of injection attack, affecting various back-end admin files. This time, .htaccess was edited in a way that was invalid for Apache, leading to the 500 Internal Server Errors. He's currently unsure if there's a vulnerability in ZIv's scripts, or within Apache itself.

At the current moment, Alan said this is going to give him a push to rewrite most of the code for the website, as v5.2 is running off spaghetti dating back to 2006-09 🤢. As such, it's looking like v5.3 is now in development.

ZIv's website files are now being backed up daily, but due to the immense size, the simfile database is not. However, Alan and I brainstormed solutions on how to reduce the current size of this section (473 GB currently). Most of the size is due to duplication, as almost all simfiles are individually zipped, with categories having their own large pack zips. I brought up the idea of having a temporary zip application, which would create zip files upon request. This would only apply to individual simfiles, as temporary pack zips would bog down the website. If temp zips are applied, this would dramatically reduce the size of the simfile database, and would allow room for routine backups. Please do note that this may or may not actually take shape, as it's simply an idea for now.

Please bear with us; there's lots of cleanup in the back end to be done. 🙏
ZIv Mod Squad: "occassional shenanigan maker"
https://cdn.discordapp.com/attachments/248198333200465920/1024369508640632952/EC2E821F-8C1F-4894-9E77-59CB48D2FD35.gif
Register Log In Back To Forums

0 User(s) Viewing This Thread (Past 15 Minutes)

©2006-2022 Zenius -I- vanisher.com -5th style- IIPrivacy Policy
Web Server: 1% · Database: 4% · Server Time: 2022-09-29 10:41:46
This page took 0.009 seconds to execute.
Theme: starlight · Language: german
Reset Theme & Language