dMania is online again, more or less

in #dmania6 years ago

This wasn't a good week for dMania, not at all. Three days ago a mining script got onto the website. I tried to find out how it got there, but couldn't find the problem and decided to take down the website. Before that, some people had problems accessing the website. Then I had problems getting everything up and running again. All in all, a lot of shit happend at once. The project hasn't had any problems like that since the beginning. It was definitely a busy and exhausting week for me 😢.

I have analyzed all libraries and found no reference to a mining script. I checked all the code for XSS vulnerabilities, but found none.  I checked if the server was compromised, but found nothing. The files on the server were exactly the files I have uploaded.
I have a javascript file with the injected mining code that I got from the browser. The file contains some obfuscated javascript and webassembly code that runs the miner and was attached at the end of the original file. I couldn't find any reference to the source.

How did the mining script get there?


Since I have taken down the website the miner hasn't shown up again. I couldn't identify the cause of the mining script, but it is gone for now. At the moment I have only a theory how it got there.
I think the mining script got injected from dMania's domain provider Njalla. Njalla is a relatively new and unknown domain provider run by Peter Sunde, co-founder of PriateBay. PirateBay has injected crypto miner without telling their users before ->https://www.theinquirer.net/inquirer/news/3019068/the-pirate-bay-caught-mining-crypto-coin-in-secret-again.
If Njalla is actually a malicious domain provider, they could have done a MITM attack and inject the mining script.
The miner hasn't shown up since and I couldn't verify my theory yet. What I know is that something is wrong with Njalla. Several users couldn't access the site this week, because there was something wrong with the DNS entries. The SSL certificate wasn't renewed as it should have been and atm I can't renew it for dmania.lol.

Maybe it is far fetched, but from all the things I have seen it would fit. Maybe I am just getting paranoid because I didn't get enough sleep the last few days 😅 . It could just be some other vulnerability that I haven't found. At least everything looks fine for now and there is no mining script on dMania.

New domain for now

Because of the issues with the domain provider, I have created a new domain -> https://dmania.io.

I am transferring dmania.lol to a new provider, but it will take a few days.  Atm http://dmania.lol works, but https://dmania.lol doesn't. I know that breaks the Steemit links to dMania. I will try to fix it as soon as possible.

Until everything is back to normal, the bot won't upvote. I will start the dMania bot when I know everything is up and running again.


Sort:  

it must have been hectic days, good work @zombee You are Appreciated

Awesome update @zombee Get yourself some well deserved rest ! And best of luck to you moving forward ! Im looking forward to the return of dMania ! upped and resteemed 👍👍👍😀

Thanks a lot for the update @zombee, dmania is an awesome project and I can see you care deeply. Best regards 26d4dj.jpg

The important thing is Dmania is back.Problems will come but we have to go forward.I hope Dmania will be even more successful.Thanks for sharing with us.

Oh good news, what happened with dmania? I waited for dMania. Thank you @zombee for sharing this good news. Welcome to back again @dmania.

Definitely a busy day, nice work @ zombee, I love it you are appreciated

really great job and i ever respect a man like you @zombee

I'm glad you find the solution to run dMania again. Hopefully everything will be OK soon.

Good work! You are really doing great job! @zombee

Coin Marketplace

STEEM 0.35
TRX 0.12
JST 0.040
BTC 70597.89
ETH 3559.60
USDT 1.00
SBD 4.77