printer friendly
Site wide search powered by YaCy*

Exit: WARNING

Intruder alert!

July 5th, 2020 by Holy at www.swordofmoonlight.net

So, it turns out when I migrated the site to a new host a while ago I didn’t know that the authz_svn_module module had to be configured to get vanilla protection of the Subversion files containing the Sword of Moonlight downloads, so it turns out somebody or something was making revisions to the files, so I’m scrambling to try to restore it.

If you had the misfortune of downloading these files, the first ones are listed on the full page of this post (go through the “Continued” link) so you can see if you have these among your personal files. If you do I recommend deleting your installation and go back through the download and install process.

I’ve ripped out all of the changes since I migrated. I’m going to put them back in as soon as possible, but in the meantime they’re missing. They’re listed below if you want to try to recover them, except for source code changes. I think this shouldn’t have happened if the Apache and Subversion teams were more humanistic in their software design practices. Something you often run into with open-source projects is a callous disregard for basic use cases.

Right now I can’t seem to synchronize my personal files with the hosted files because I had to rip the offending files out of the database, and unfortunately Subversion doesn’t provide a tool for this. I don’t know if it will work from a fresh download or not. My files think they’re out ahead of the real files which is a scenario TortoiseSVN doesn’t want to account for. If I had a back up handy I’d just restore it to the state before migration and start over, which is what I’m trying to do ASAP. That revision number is 361 and as soon as I get things back in order there will probably be a revision 362 with the files I had to remove yesterday.

(On the bright side, I guess our “intruders” can be credited with helping to highlight the hole in our defenses. A lot of the files were Windows style DLL files, so be careful in case any of them are malware.)

The list below is legit changes that are temporarily missing.

372
/data/menu/NWSE.bmp
/data/menu/NWSE.txr
/data/menu/NWSE1.mdo
/data/my/prof/Ex.ini
371
/data/my/prof/Ex.ini
370
/tool/SomEx.csv
369
/data/map/mhm/yk4220.mhm
/data/map/parts/0096.prt
/data/map/parts/0224.prt
/data/map/parts/0352.prt
/data/map/parts/0480.prt
/data/map/parts/0608.prt
368
/data/obj/prof/0012.prf
/data/obj/prof/0013.prf
/data/obj/prof/0014.prf
/data/obj/prof/0015.prf
/data/obj/prof/0174.prf
/data/obj/prof/0175.prf
/data/obj/prof/0222.prf
/data/obj/prof/0287.prf
/tool/SomEx.csv

This list is a subset of the offending files that you can use to determine if you have a compromised set of files. Really I suppose I could just list one of these, but it’s just a copy/paste job of the first revision with bad files. Some of these look like someone might have made a mistake, not knowing how to use SVN or something, however one (assuming they’re from the same party) modified SomEx.dll and some other executables and some of the language pack files, including adding some of the translation files to the versioned files that aren’t supposed to be. So you could be running these files unfortunately.

/HEAD
/config
/description
/hooks
/hooks/applypatch-msg.sample
/hooks/commit-msg.sample
/hooks/fsmonitor-watchman.sample
/hooks/post-update.sample
/hooks/pre-applypatch.sample
/hooks/pre-commit.sample
/hooks/pre-merge-commit.sample
/hooks/pre-push.sample
/hooks/pre-rebase.sample
/hooks/pre-receive.sample
/hooks/prepare-commit-msg.sample
/hooks/update.sample
/info
/info/exclude
/objects
/objects/info
/objects/pack
/refs
/refs/heads
/refs/tags
/svn
/svn/.metadata
/svn/refs
/svn/refs/remotes
/svn/refs/remotes/origin
/svn/refs/remotes/origin/git-svn
/svn/refs/remotes/origin/trunk
/svn/refs/remotes/origin/trunk/.rev_map.908064de-85fe-4402-a909-d45d0ebbf1e1

Forum Discussion

Leave a response



Exit | Forum | Sitemap | Main Index | Ex | Top