Bitcoin Forum

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says


Hacked? Or what could they have "found out"?

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php (http://cryptocoin.info/index.php). Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com (http://filenetworking.com/), which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. (https://www.dotster.com/) and Domain.com, LLC (http://www.domain.com/)), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Nice work! I have much to learn. Question is, why would they bother? They've clearly only just learnt to spell, but haven't done capitalisation or punctuation yet... It doesn't make sense! Unless the hack was done by someone who only wanted to look like a 12 year old...

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Also has a standard FTP server with authentication...
Anonymous login with username "anonymous" leads to error...

184.172.150.4 leads to a default page..

The 404 page is on filenetworking.com - as mentioned above..
http://cryptocoin.info/404
http://filenetworking.com/404.jpg

Directories:
http://filenetworking.com/cgi-sys/ - forbidden, same on CC
http://filenetworking.com/etc/ - forbidden, same on CC
http://filenetworking.com/images/ - OPEN directory, but http://cryptocoin.info/images/ is forbidden.
http://filenetworking.com/.htaccess - forbidden, same on CC

Is this what cryptocoin.info used to be like?

Subdomain lookup on filenetworking.com

http://f.filenetworking.com

EDIT: This is not actually there anymore... did the hacker remove it?

Actually, I'm pretty sure it was the DNS that was hacked, not the websever. The original site is probably still online, feeling sad that nobody's able to connect to it anymore.

Anyway, I've been doing a more, uh, "thorough" investigation into the site, and I've come across a few... interesting anomalies. I'll have more information later.

Edit: http://f.filenetworking.com is down.
Cryptocoin.info/filenetworking.com has changed. Orange background with additions and removals of text:


Background is orange.
Title is Do not Buy Bitcoins.

Okay, it appears the filenetworking.com server has been up for at least 9 days (which is consistent with the time the cryptocoin.info domain was changed) and is running either an old version of Linux (< 2.5, most likely 2.4) or a recent version patched to behave like an old version. That's about all I can determine with any accuracy. It's a highly unusual setup, that's for sure.

It's almost like they've been reading this thread and trying to lift their game. So it might even be possible to catch the little pricks (or at least narrow down the pool of suspects) when the site owner comes back from holiday (or wherever).

That's what I thought.
How else would they know that there was a backdoor into the original site?

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  ???

Looks like HostGator (http://www.hostgator.com/) (their hosting provider) got wise to their little scheme. In retrospect, it might have been an idea to just tell them what their servers were being used for, but I just assumed they were in on it the whole time. Why else would anyone use a commercial hosting company for a highly public hack? HostGator doesn't accept bitcoins, either, so I wonder if the hackers were also dumb enough to pay for the hosting with an account in their own name... now that would be ironic. ;D

They were 25% right....Solidcoin is a scam. =)