Bitcoin Forum

I just found a script running from /tmp/kpoll mining litecoin @ give-me-coins.com on my server due to an exploit in a bad php-script. Got that closed fast! :)

If I report the SOB will GMC lock his account?(Provided I give them proof = serverlog/username etc)

He'll probably just open a new one, but he sure as hell shouldn't get anything from abusing my server!

What do you guys think?

UPDATE:

give-me-coins.com acted instantly and deleted his botnet account :)

Yeah... I just got cleaned out of everything I'd mined there.   Happily I had just started mining litecoins there a few days ago, so it wasn't much.  I'm not a programmer, but my wife is and she's always told me that PHP has some serious security issues.  I don't really know much about it, but my understanding is it's almost impossible to block all the ways to hack PHP.  She really has never learned PHP for this reason.  She is usually dealing with sites that need high security.  It may be faster and easier to program with... but there is a price.


Korxax



1NtV1q29FtRAYAkMJHMYbASZLiLur2FQe

Well PHP itself doesn't have any security issues - but a lot of sites that use PHP do.

It's kinda like Bitcoin:

Bitcoin is easier to use for criminal purposes but that doesn't make Bitcoin criminal.
PHP is easier to use to write crappy insecure code(or install someone else's insecure code like I did) but that doesn't make PHP insecure.

All right, I'll take your word for it.  Like I said I'm not a programmer and my wife hasn't ever used PHP, she's just seen many security issues with it.  She's very aware of sloppy code being a security issue, she has to clean up and secure other people's code all the time.  She mostly works in .Net and SQL though.  Occasionally she still gets someone using classic ASP too.

I looked when I got a chance this morning and I see that I was credited back the partial coin I had mined, so I started mining with you again.  I sure hope you didn't have to refund everyone out of your own pocket, that would suck.  But if you did, I'm sure everyone really appreciates it and it should go far to re-establish trust.

 I hope you were able to figure out who the bastard was that hacked the site and send the police his way.  I don't know how much he got away with, but if he got enough it would be grand theft along with all the computer crime laws that were violated.  I don't know where you are, but if you are in the US I think it would be the FBI that you contact.  Whether they would really do anything about it is another matter though...

I wish you the best of luck getting the issues patched.

Now if I could just get my 2 computers with nVidia cards to connect and mine...

Korxax


1NtV1q29FtRAYAkMJHMYbASZLiLur2FQe

Oh, you misunderstood :-) He didn't get my wallet or anything - he was just able to run a mining script and use my server resources for a while until I caught him. So just a few watts in the middle of the night :-)

huh, I was talking about how give-me-coins.com had everyone mining litecoins accounts cleaned out of all their mined coins that had not been sent to their wallets yet.  Apparently all the coins were sent to one individual that hacked the site last evening.  This morning all the accounts are being credited back with all the lost coins.  I don't know any other details really.  I just assumed that's what you were talking about.  I had just started mining litecoins there a few days ago.  I'm still pretty new to mining, I started mining bitcoins few months ago.  So I really don't know what's going on, but somehow they are manually giving everyone their coins back that were lost.  I sure hope they got the money back from the bastard that took them and didn't have to come up with it out of their own pockets.

I just did a search on "give-me-coins hack" after I found out about it and your thread showed up so I thought that's what you were talking about.


Korxax


1NtV1q29FtRAYAkMJHMYbASZLiLur2FQe