This wasn't a good week for dMania, not at all. Three days ago a mining script got onto the website. I tried to find out how it got there, but couldn't find the problem and decided to take down the website. Before that, some people had problems accessing the website. Then I had problems getting everything up and running again. All in all, a lot of shit happend at once. The project hasn't had any problems like that since the beginning. It was definitely a busy and exhausting week for me 😢.
I have analyzed all libraries and found no reference to a mining script. I checked all the code for XSS vulnerabilities, but found none. I checked if the server was compromised, but found nothing. The files on the server were exactly the files I have uploaded.
How did the mining script get there?
Since I have taken down the website the miner hasn't shown up again. I couldn't identify the cause of the mining script, but it is gone for now. At the moment I have only a theory how it got there.
I think the mining script got injected from dMania's domain provider Njalla. Njalla is a relatively new and unknown domain provider run by Peter Sunde, co-founder of PriateBay. PirateBay has injected crypto miner without telling their users before ->https://www.theinquirer.net/inquirer/news/3019068/the-pirate-bay-caught-mining-crypto-coin-in-secret-again.
If Njalla is actually a malicious domain provider, they could have done a MITM attack and inject the mining script.
The miner hasn't shown up since and I couldn't verify my theory yet. What I know is that something is wrong with Njalla. Several users couldn't access the site this week, because there was something wrong with the DNS entries. The SSL certificate wasn't renewed as it should have been and atm I can't renew it for dmania.lol.
Maybe it is far fetched, but from all the things I have seen it would fit. Maybe I am just getting paranoid because I didn't get enough sleep the last few days 😅 . It could just be some other vulnerability that I haven't found. At least everything looks fine for now and there is no mining script on dMania.
New domain for now
Because of the issues with the domain provider, I have created a new domain -> https://dmania.io.
I am transferring dmania.lol to a new provider, but it will take a few days. Atm http://dmania.lol works, but https://dmania.lol doesn't. I know that breaks the Steemit links to dMania. I will try to fix it as soon as possible.
Until everything is back to normal, the bot won't upvote. I will start the dMania bot when I know everything is up and running again.