Zugg Software :: View topic

Posted: Fri Oct 15, 2004 5:57 pm

In case anyone is able to get to these forums via the www.emobius.com server, please note that the main www.zuggsoft.com server is currently down for an unknown amount of time. It seems to have got hit with a trojan horse from within the Superb.net network, even though we had all of the latest patches installed. The whole system is trashed and I don't know how long it's going to take to get it back up.

I might just end up switching the entire site over to this WolfPaw server if I have to. Stay tuned for more details.

Wizard Joined: 14 Oct 2000 Posts: 1368

That's not fun. What is scary these days is that even if you have a firewall there is still the possibility for the buffer overflow exploits to cause issues.

What is even more annoying here is that you realize that the web server is probably coded in C++. C++ does not provide any range checking by default. It is odd that Microsoft doesn't seem to add any range checking manually to software used by so many.

Magician Joined: 09 Oct 2003 Posts: 459 Location: USA

They are building it into their newer compilers (which is why XP Service Pack 2 is so huge, because they recompiled a bunch of items even if there were no particular fixes) to stop a lot of these kinds of issues. Unfortunately it is one of those things that they realized much too late.

Posted: Fri Oct 15, 2004 7:23 pm

It's unusual to find something that still effects Windows NT though, especially WinNT with all the patches.

Somehow something called DameWare Remote controller (DWMRCS) got installed, along with a service called "Snake SockProxy". Looks like it happened at about 2am last night. So, something got in and took control of the system.

My guess is that some other computer on the Superb.net network got infected and then it used more of a local LAN exploit to get in. Either that or the Superb admins have an easily guessable system password. The one I use certainly is not.

I've gotten rid of this stuff, but the RPC Service isn't running so I can't get IIS to run yet. I don't know what happened to RPC and why the service isn't working yet.

I'd kill whoever is responsible for this. I DON"T HAVE TIME to deal with this crap.

Posted: Fri Oct 15, 2004 7:28 pm

Geez, Superb wants to charge $180/hr to reinstall the system. That's ridiculous. I can't afford that right now.

And yes, RPC is completely gone. The system is hosed. And I can't do anything remotely. I am SOOOOO MAD right now!!!!!!!!!!!

Posted: Fri Oct 15, 2004 8:02 pm

Great. I just called the head of Customer Service for Superb. He basically says "it's not out fault. if you want to switch to another provider, go ahead".

Gee, isn't that a wonderful customer service attitude.

I've had it with these guys. Looks like I'll be cancelling all of my plans for the next few days and trying to migrate this stuff to a linux server somewhere.

Posted: Fri Oct 15, 2004 8:54 pm

Yep, looks like we are going to have to switch servers. This is going to take a while. At least you can access the forums via the www.emobius.com site or the forums.zuggsoft.com site. I've updated the DNS entry for www.zuggsoft.com to point to the www.emobius.com server for now. Once the DNS propogates I'll put up the zuggsoft home page for people.

The only stuff on the site that was still using ASP was the ecommerce and some of the download pages. The download pages were just keeping track of download counters, so that's easy to remove for now. Getting the ecommerce system up and running on linux is going to take more time, and it also requires me to transfer the SSL certificate somehow.

The other impact will be the map databases used by zExplorer. Those map databases will be down until I can get the new server up and running. Since not many people are using the Horizons and SWG map databases, I don't expect this to be a big issue.

The main problem is going to be surviving on even fewer zMUD purchases while I get the ecommerce system moved.

I'm also planning to spend some time with the log files on the zuggsoft.com server. If I find out who is responsible for hacking the server, they are REALLY going to be sorry. I'll get the entire MUD community to go after them.

Posted: Sat Oct 16, 2004 1:17 am

Looks like they left some tracks to follow. I've got some log files showing the remote software being installed on the zuggsoft.com computer last night. I've been able to find the IP address, machine name, username, Windows license ID and timestamp for this occurence. It came from an ISP in France. I have emailed details of the occurence to their abuse department and we'll see if they are able to do anything. It will depend upon what kind of log files they keep of their dialup lines.

Posted: Sat Oct 16, 2004 1:57 am

Good thing MySql doesn't need RPC to run. Do you know how hard it is to transfer databases when you can't use FTP at all?? Fortunately, the wonderful MySQL-Front software has a way to transfer tables from one server to another directly. Took me a while to find this. Most of the help on the web involves doing a mysqldump to a file, then transferring that file to the target machine and using mysql to import it. But you can't do this without FTP access and I have no way of getting any files off of the dead zuggsoft.com server. I can log in and get to the command prompt to do stuff, but that's it.

So, I'm transferring across some of the databases, like the Orders database and the zExplorer map databases. This will take many hours unfortunately. WolfPaw has the new server up and running already so as soon as the DNS propogates tonight then people will at least be able to get to most of the site again while I convert the remaining ASP scripts into PHP and find a new ecommerce solution.

It's going to take me days to get this all working again. Yet more delays for eMobius.

Beginner Joined: 27 Feb 2004 Posts: 13

I, for one, will patiently wait for you to fix it all.
And try not to ask too many stupid questions on the forum :-)

Sorry this happened man...

Posted: Sat Oct 16, 2004 8:44 pm

We've got most of the site transferred to a temporary server now. Wolfpaw will have our dedicated linux server up by the end of the day and the move to that should be transparent.

I've checked most of the links. Any old ASP page will partially display (without the scripts). I'll be converting the ASP pages to PHP over the next couple of days. My main priority today is the Downloads page.

The Order page is down until I can sort out what I need to do with the ecommerce system. The old system used Windows DLL files. I am working with eLicense on some new solutions for this linux server but it might take a couple of days. In the meantime, to buy zMUD, please just download it, then run it, then click the Buy Now button on the trial screen.

Thanks for your patience and understanding.

Posted: Sun Oct 17, 2004 4:19 am

The Download pages are up and running now. I've also put the files into the Download manager of the MX Portal system. So, you can either download files using the normal "Download" link in the main toolbar, or you can go to the Home portal, then select Downloads in the left navigation box and get files from there.

The portal download system also allows file UPLOADS now. So, users who have written plugins can go into the zMUD Plugins category and upload their files (limit of 1 MB size) and they will get posted after I have approved them. If you have a plugin, give this a try and let me know how it works.

Both download pages use the same database to track download counts now also.

Posted: Tue Oct 19, 2004 3:31 am

The backend scripts handling PayPal order processing are online now. If you make an order via PayPal and don't get an email with your zMUD reg code, please email me at support@zuggsoft.com.

Posted: Wed Oct 20, 2004 2:20 am

Bug tracking system is back online.

Newbie Joined: 20 Oct 2004 Posts: 5

I was wondering if there was any information about the person who did this to you?

The last update was nearly a month ago.

Isop

Posted: Thu Oct 21, 2004 4:57 pm

Newbie Joined: 20 Oct 2004 Posts: 5

Oops.. I'm looking at the date you joined the forum. Rolling Eyes

Please excuse my stupidity. Razz

Isop