Bitcoin Forum
November 19, 2024, 03:24:06 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Please Help My Faucet Was Hacked And 4337500 Satoshi Stolen  (Read 1235 times)
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
July 19, 2016, 03:39:06 PM
 #1

I need the help of kind individuals and generous faucet owners who have build security around their faucet to help me out with any available and working security measure that could be implemented to secure faucets from hack and bot activities.

On 1st of July 2016, it was just like a dream to me when I checked my balance and it was reading 456 satoshi whereas the night before i went to bed it was 4 337 968 satoshi: https://postimg.org/image/f99gg063r

Though I wish to continue, but I really worried at the moment. There is something I tried to understand in this whole issue. 2 weeks before this very hack, I experienced such attempt, 5, 600 000 satoshi disapeared from my balance, but immediately I reported the issue to faucet box not up to 5 minutes the balance was returned, and faucetbox did not return a mail to this effect till today.

When the second one happened, I was already sleeping but once I noticed it and mailed them, the same scenario happened agained. After 3 minutes of sending the mail to faucetbox, when I checked my faucet site, I discovered the balance was returned again. Then I logged into faucetbox account area, to confirm the balance, unfortunately it didn't reflect. I returned back to my faucet site, the balance returned to 456. I was on a confused state. Another mail to faucetbox returned a reply:

"Hello,

We cancel this payout and returned coins to you.

Kind regards
Marcin"

I returned another mail with explanation of what I noticed and informed him that the balance is back to 456 satoshi.

This was his reply againn on the second of July 2016

"Hello,

We're really sorry, but there's nothing we can do now. The 0.04340155 BTC which was claimed by 18aewAbuAoHwQ3icyng6ykYj1NfUH6bQnJ was payout before you send us a message.

It looks like someone have access to your faucet's admin panel or know your api key. Why don't you have ACL enabled? Have you set up Send Limits? If you're using our Faucet Script you can also disable admin panel i config.php.

Kind regards
Marcin"



He gave me some security tips and I tried all, but I am not comfortable with the response because my hosting company told me they saw some vulnerability in funcaptcha.php.


Hi there,  After thorough analyzing the logs, our technicians didn't find any vulnerability or any suspicious activity on server from the given dates. But instead, vulnerability was found on the codes (in file /libs/funcaptcha.php => function => getIP( )).  Please consider to check this from your end.
Best regards  Michael


public function getIP() { if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { return $_SERVER["HTTP_X_FORWARDED_FOR"]; } else if (isset($_SERVER["REMOTE_ADDR"])) { return $_SERVER["REMOTE_ADDR"]; } else if (isset($_SERVER["HTTP_CLIENT_IP"])) { return $_SERVER["HTTP_CLIENT_IP"]; }

Greetings,  Thank you for contacting email support services.  HTTP_X_FORWARDED_FOR should never be used as a means to validate the user’s IP and if the coder outputs this data then there would be a problem of attacker being able to fake their IP but the "safe" data becomes a XSS injection point.  So filtration of all user supplied data including User-agent etc is needed. PHP code with just $_SERVER[‘HTTP_X_FORWARDED_FOR’] shouldn't be blindly trusted.  You may try to do a Google search for "XSS injection point" for more information about this vulnerability.  Please do not hesitate to contact us again via our chat or email support services as we are more than willing to assist you with any concern you may have regarding your account with us.
Best regards


I'm not a coder, I don't know much of this. This info was forwarded to faucetbox but uptil date they have not returned a mail with any detail.

This gives me so much worries, as I don't know what to hold on or even trust. I think of switching to another script.

I will appreciate if there are kind hearted faucet owners here that could help me with any security advice, general advice about switching to another script that is more secure if any, or just anything that could help me move on with this.

Thank you
socks435
Legendary
*
Offline Offline

Activity: 2058
Merit: 1030

I'm looking for free spin.


View Profile
July 19, 2016, 04:06:54 PM
 #2

What script did you use? did you use the faucet script from faucetbox. or you down the script from share by someone?

Decided to end it with zer0 profit.
jagu359
Member
**
Offline Offline

Activity: 462
Merit: 10


View Profile
July 19, 2016, 04:53:39 PM
 #3

I think you have used same passwords for all accounts , some one who knows ur password as accessed ur faucet box and withdrawn your balance or used ur API key and withdrawn all ..

U can use faucet box script only but with some measures ,
Change password for admin panel
Change faucet box password
Enable 2FA authentication on faucet login
Set limit for withdraw within 30 minutes
Block TOR browsing
Block VPN
Block IP address in .htacess file (search for avoid bot articles on forum)

You can contact any time for any suggestions.

Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
July 19, 2016, 10:13:04 PM
 #4

Make sure you dont have a keylogger installed on your computer !!
donaldbitcoin
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


TomyGame.com => Win Bitcoin


View Profile WWW
July 20, 2016, 11:36:09 AM
 #5

i got similar problem long time ago,

it's solved once i Enable 2FA authentication on faucet login  Wink

▓▓▓ ➤ Top Paying Bitcoin Site ▓▓▓▓▓▓ Best Bitcoin Scripts for Website Owners ▓▓▓
alfaboy23
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500



View Profile
July 20, 2016, 01:17:05 PM
 #6

...

U can use faucet box script only but with some measures ,
Change password for admin panel
Change faucet box password
Enable 2FA authentication on faucet login
Set limit for withdraw within 30 minutes
Block TOR browsing
Block VPN
Block IP address in .htacess file (search for avoid bot articles on forum)

...


Additional to that is, DO NOT put too much funds on your faucet. Too much amount of funds on faucet can also attract stealers.
IMO, it is better to refill your funds daily with very small amounts than fill your faucet with big amount in one shot.
marlboroza
Legendary
*
Offline Offline

Activity: 1932
Merit: 2272


View Profile
July 20, 2016, 02:29:31 PM
 #7

It seems that your faucet isn't drained by bot, someone has your passwords. Run AV, enable 2FA, change passwords and that should solve problem.
~Bitcoin~
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
July 20, 2016, 05:22:53 PM
 #8

It seems that your faucet isn't drained by bot, someone has your passwords. Run AV, enable 2FA, change passwords and that should solve problem.
This is not a usual bot attack where bot uses different proxies and claim in different addresses. I think your faucetbox account got hacked and hacker had made manual payment to his address.

probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
July 27, 2016, 10:02:51 AM
 #9

What script did you use? did you use the faucet script from faucetbox. or you down the script from share by someone?

The first time, it was the fiverr guy who installed the script, so I do't know the version of faucetbox script he used, the second time, the guy in guru and freelancer did, same thing, but the third one, I did it myself using the most current faucetbox script. Yet I got attacked.
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
July 27, 2016, 10:12:03 AM
 #10

I think you have used same passwords for all accounts , some one who knows ur password as accessed ur faucet box and withdrawn your balance or used ur API key and withdrawn all ..

U can use faucet box script only but with some measures ,
Change password for admin panel
Change faucet box password
Enable 2FA authentication on faucet login
Set limit for withdraw within 30 minutes
Block TOR browsing
Block VPN
Block IP address in .htacess file (search for avoid bot articles on forum)

You can contact any time for any suggestions.



The guy from fiverr who first install the script had my database password. the scond guy from guru and freelancer also had my passwords, I don't use same password for all logins, the problem is that, I gave him all passwords related to my domain to enable him do the job, then I forgot to change database password, I left fttp access open. So it is easy for anyone who has faucetscript database info to access admin panel. Though my faucetbox account itself is secured, no one can access it because I didn't share the password and Im using a unic ogin info. But I didn't control payout limit from faucetbox account section. So I have learnt alot after these attacks and Im still learning. The big problem is that you can find anyone trust worthy in this niche to help, everyone with evil and negative interest even when you are paying.


Right now I want to install the ntibot link script,
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
July 27, 2016, 10:18:29 AM
 #11

...

U can use faucet box script only but with some measures ,
Change password for admin panel
Change faucet box password
Enable 2FA authentication on faucet login
Set limit for withdraw within 30 minutes
Block TOR browsing
Block VPN
Block IP address in .htacess file (search for avoid bot articles on forum)

...


Additional to that is, DO NOT put too much funds on your faucet. Too much amount of funds on faucet can also attract stealers.
IMO, it is better to refill your funds daily with very small amounts than fill your faucet with big amount in one shot.

Thank you alfaboy23, I have learn a lot of lessons which will help me as I make progress. I am trying to install antibot link now
wintermeasures
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
July 28, 2016, 04:59:05 AM
 #12

Bro You made a Big Mistake That You are Funding Your Faucet with Very High Amounts Because if you Fund Your Faucet with High Amounts It will Attract Scammers to Steal your Faucet Balance So I Suggest you to Fund your Faucet With Small amounts daily and Also Enable 2FA Authentication for Faucet Login.....
bitkilo
Legendary
*
Offline Offline

Activity: 1638
Merit: 1010


https://www.bitcoin.com/


View Profile WWW
July 28, 2016, 05:09:58 AM
 #13

Bro You made a Big Mistake That You are Funding Your Faucet with Very High Amounts Because if you Fund Your Faucet with High Amounts It will Attract Scammers to Steal your Faucet Balance So I Suggest you to Fund your Faucet With Small amounts daily and Also Enable 2FA Authentication for Faucet Login.....
That was the first thing i noticed too, a faucet with a balance of 0.04btc plus, not many faucets would need that much to get through a day or 2
Try topping up more regularly with smaller amounts., good luck.

maxibitcoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile WWW
July 28, 2016, 05:14:28 AM
 #14

check your login history : https://faucetbox.com/en/dashboard/security/login-history   Grin
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 12, 2016, 12:14:30 PM
 #15

Hello everyone,

I want to thank you all who contributed in one way or the other in my case.

Most of the advice you gave had been implemented before I made this post, I also got other advice from you which helped me to implement more security measures.

Really the hack wasn't a bot, it was the guy from gurru.com and freelancer.com who installed the faucetbox script the second time on my domain that hacked and stole the coin through my faucetbox admin panel. I have a chat script on my faucet, this script gives me details about live visitors on my site. This thief after stealing my coin droped me a message on the chat, and his IP was recorded, but the chat company sent his message to me via email since I was not online at that time. When I checked the email header, the IP was russia, then from that time we kept communicating. hE Had sent me this mail to tell me that I am scaming people with my faucet, trying to present himself as the owner of coinrotator.com. I was very careful with him as he tried to offer me assistance to install my faucet with antibot link script. Here is the site he claim to be his own: http://www.satoshiworld.club

His name on file while using my faucet chat tool is Edward Kenny, so it was recorded, then one day I saw the same name navigating through my site and I said you are the same edward who has been mailing me, behold the edward was now living in bangladesh, while his email header read russia. I was so angry and I attacked him with words and he later accepted that he hacked my faucetbox admin through recaptcha php, see his mail bellow:


Re: Responding To Your Message About Bitcoin Lordz
6 August 2016  13:26  49 KB
From:
Edward Kenway
To:
@bitcoinlordz.com

"Please Think that I have borrowed your money...

On Fri, Aug 5, 2016 at 3:58 PM, Edward Kenway <edwardkenwaywd@gmail.com> wrote:
Don't worry dear. Yes, I have stolen 0.04340155 BTC from you via recaptcha.php. I have invested it into a market. I didn't want to steal it, but some occurrence made me to do this. And when I stole it, I thought that, when I will return your money, I will return the double. Remember, I will return your money. I don't want to make you cry. I thought that, you are very rich person and 20$ would not be a lot of money to you. But, now I understood and Acknowledge that what have I done. I am sorry. I will not return the money, but return the double, I promise. But, I need somedays to collect money.

On Fri, Aug 5, 2016 at 12:57 AM, Bitcoin Lordz <@bitcoinlordz.com> wrote:

what interest do you get in doing all these? These satoshis you go about stealing from people who working hard to invest will not take you anywhere, rather it will only destroy you and your generation and anyone you spend them on. You claim to be from islamic religion and you say it is a religion of peace, but I see so many people in the islamic religion doesn't have human feelings, they don't have good heart for others and they are very mean in all attitude deep inside their hart is black. But I keep asking what gain in all these? The same religion hate stealing, lies, inpersonification, and all kinds of wickedness yet you indulge in them. Remember that whatever you do to someone somewhere, might be done to you or even to a member of your family and even worst. God is able to punish you in his own way. He can decide to take your life, the life of your child, your mother, your father or any one you love, especially those that compromise with you in your evils and even eat of out the things or money you steal, either online or physically.

I did nothing wrong to you. Your intention from day one was very clear, though I didn't know, I trusted you blindly and gave all my passwords outs and you thought I was a fool by doing that.

But all I can tell you is that you should repent while there is still time. Because I'm going to start seeking God about this, and my God who is the creator of heaven and earth, who knows I suffered to earn money, and didn't steal anyone, will surely hear my cry and will deal with you at the right time that pleases Him.

Please repent because God sees you and he will judge you soon or later. I don't know you, even if I knew you, I will never fight you, but someone is greater than you and I, the one who gave you and I the breath we have, who have power to take it any time.

Think twice and be wise. Look for something good doing and stop this.

On 27 July 2016 at 07:48:50 -00:00, Edward Kenway <edwardkenwaywd@gmail.com> wrote:"

Due to this attacks and botting, my faucet is no more getting traffic, thus I will appreciate the help of kind hearted people here to help me with a backlink if possible: here is my faucet: https://bitcoinlordz.com

Thank you all
Lexiatel
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 12, 2016, 12:45:54 PM
 #16

Oh... he won't care at all, he stole $20, and now is trying to say "I do you good", k, whatever, dude.

Karma is a bitch, especially to those who make it look like they did it out of the kindness of their hearts.

Thanks for the info, good luck with your faucet. Sad
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 12, 2016, 01:23:30 PM
 #17

Oh... he won't care at all, he stole $20, and now is trying to say "I do you good", k, whatever, dude.

Karma is a bitch, especially to those who make it look like they did it out of the kindness of their hearts.

Thanks for the info, good luck with your faucet. Sad

Thank you Lexiatel,

This dude is trully wicked, he is constantly on my faucet everytime and will even send me messages, saying why did you unblock me, etc. But I have tried to block all proxies and vps from my faucet and keep monitoring.

I need support from everyone to help boost my faucet trafffic now!

Thank you once more
Lexiatel
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 12, 2016, 03:00:09 PM
 #18

From what I read, yes, he is very twisted in the head.

I went there, I love the anti-bot reset feature. Thanks for the 90 satoshi, hope your site gets it traffic back.
probctbiz (OP)
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 12, 2016, 05:46:03 PM
 #19

From what I read, yes, he is very twisted in the head.

I went there, I love the anti-bot reset feature. Thanks for the 90 satoshi, hope your site gets it traffic back.

Thank you too

Cheers!
Gifted
Hero Member
*****
Offline Offline

Activity: 504
Merit: 501



View Profile
August 13, 2016, 09:43:15 PM
 #20

What script did you use? did you use the faucet script from faucetbox. or you down the script from share by someone?

The first time, it was the fiverr guy who installed the script, so I do't know the version of faucetbox script he used, the second time, the guy in guru and freelancer did, same thing, but the third one, I did it myself using the most current faucetbox script. Yet I got attacked.
If they know the password to see your SQL Database they can read your password there very easy to get Admin control or even add their own Admin name and password!   Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes Roll Eyes :8
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!