Bitcoin Forum
November 11, 2024, 02:50:44 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 [99] 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 ... 193 »
  Print  
Author Topic: [ANN][Pool][Profit-Switch][Optional Auto-Exchange per Coin][Vardiff] ~ Hashcows  (Read 347329 times)
socket
Sr. Member
****
Offline Offline

Activity: 259
Merit: 250


View Profile
December 26, 2013, 05:35:10 PM
 #1961

My guess is SQL injection via unsanitized inputs... I'd imagine if you can get unfettered access to the database that's all you need to accomplish what they did.
Icon
Hero Member
*****
Offline Offline

Activity: 821
Merit: 503



View Profile
December 26, 2013, 05:35:55 PM
 #1962

Well just an FYI i am still loged in on my Ipad (not on computer) and can check my account balances/etc and shocker they didn't mess with my account address or payout , but i always have payout set at .001.. and i don't mine here anymore.. guess that helped a bit too Tongue

But i do hope you guys come back up.. competition is always a good thing.


Icon

jedimstr
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000



View Profile
December 26, 2013, 05:42:39 PM
 #1963

This thread is starting to sound like this:

1. The color is red.
2. Official Admin Post - Yeah the color is red. We're looking into it after Xmas.
3. Hey, did anyone know the color is red?
4. Just wanted to check here, did anyone notice the color is red.
5. I hate that the color is red.
6. Does anyone know what color it is?
7. *Bangs Head on table* - don't you all read, the color is red dammit!!!
8. Hey, I read every post and couldn't find the answer... Is the color red?
...snip...
10003029. Read my blog post: " the color red vs the color blue, a retrospective"
10003030. You know what, I think... Yes.. It seems the color is red.
10003031. Can someone tell me if the color is red or not?

renodaret
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


View Profile
December 26, 2013, 05:42:51 PM
 #1964

yeah i didnt know because i have the coin balances page favorated and its only on the homepage
jedimstr
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000



View Profile
December 26, 2013, 05:47:30 PM
 #1965

yeah i didnt know because i have the coin balances page favorated and its only on the homepage

It's also on every page of this thread for about 10 or so pages worth and even mentioned on this very page on every single post before yours.  No excuse.  It's like someone staring at a stop sign for an hour and saying, "hey, is that a stop sign?"

thecoinrunner
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 26, 2013, 05:55:28 PM
 #1966

There is one thing that worries me seriously.   
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.
mattopia
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
December 26, 2013, 06:12:40 PM
 #1967

There is one thing that worries me seriously.   
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.

Disagree.  I suspect there's a table of payouts to process, and a script that executes those payouts that runs via cron every few minutes.  All someone would need is a way to add entries to the payout table and a way to update the payout addresses for everyone (one query, possibly...  update blahtable set payout_address='BadGuysBTCAddress' or whatever, exclude a 'where' and it'll update every row).  If sql injection is possible, depending on the design of the database, this would have been quite easy.  It could possibly be done with just two queries.  I have no knowledge of the hashcows db, just thinking of "how i would have built it"

Big companies and financial institutions sniff and log their sql and other interactions between the front-end and back-end, and have lots of rules and regulations they must abide by to be part of the financial system.  As has been said, this is the wild west, anything is possible - there is a high risk, but potential high reward, and this kind of stuff will be happening again and again.
jerrybusey
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
December 26, 2013, 07:56:52 PM
 #1968

There is one thing that worries me seriously.    
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.

Disagree.  I suspect there's a table of payouts to process, and a script that executes those payouts that runs via cron every few minutes.  All someone would need is a way to add entries to the payout table and a way to update the payout addresses for everyone (one query, possibly...  update blahtable set payout_address='BadGuysBTCAddress' or whatever, exclude a 'where' and it'll update every row).  If sql injection is possible, depending on the design of the database, this would have been quite easy.  It could possibly be done with just two queries.  I have no knowledge of the hashcows db, just thinking of "how i would have built it"

Big companies and financial institutions sniff and log their sql and other interactions between the front-end and back-end, and have lots of rules and regulations they must abide by to be part of the financial system.  As has been said, this is the wild west, anything is possible - there is a high risk, but potential high reward, and this kind of stuff will be happening again and again.
It was mentioned a few pages back that before the lockdown addresses were reverting to the attacker's address even after manually changing it. I have no idea about the veracity of that claim.

BTC love: 13pBauoSCJBF5Vdb1AuMYg1kDvrKzNSthU
thecoinrunner
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 26, 2013, 08:04:55 PM
 #1969

That might be simply because db changes were disabled already.
Just guessing :-)
_Crash_
Full Member
***
Offline Offline

Activity: 133
Merit: 100


View Profile
December 26, 2013, 08:08:07 PM
 #1970

Cant register on the site either.

MiningSpace.net - MULTI-COIN / MULTI-POOL :: Miners Paid TX Fees! :: Europe :: Most Profitable Pool! :: Gigabit Connectivity :: 0% Fee!
GoldBit89
Hero Member
*****
Offline Offline

Activity: 526
Merit: 500


Its all about the Gold


View Profile
December 26, 2013, 08:14:46 PM
 #1971

There is one thing that worries me seriously.   
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.

Bitcointalk Forum,Inputio,KBVE,HASHCOWS and many others---all same person/persons committing the crime......

FTC  6nvzqqaCEizThvgMeC86MGzhAxGzKEtNH8 |WDC WckDxipCes2eBmxrUYEhrUfNNRZexKuYjR  |BQC bSDm3XvauqWWnqrxfimw5wdHVDQDp2U8XU
BOT EjcroqeMpZT4hphY4xYDzTQakwutpnufQR |BTG geLUGuJkhnvuft77ND6VrMvc8vxySKZBUz |LTC  LhXbJMzCqLEzGBKgB2n73oce448BxX1dc4
BTC 1JPzHugtBtPwXgwMqt9rtdwRxxWyaZvk61  |ETH 0xA6cCD2Fb3AC2450646F8D8ebeb14f084F392ACFf
jedimstr
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000



View Profile
December 26, 2013, 08:21:32 PM
 #1972

There is one thing that worries me seriously.   
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.

Bitcointalk Forum,Inputio,KBVE,HASHCOWS and many others---all same person/persons committing the crime......

Possible... Probably behind the Dogecoin Christmas heist too: http://gizmodo.com/millions-of-meme-based-dogecoins-stolen-on-christmas-da-1489819762

uh60james
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
December 26, 2013, 08:24:14 PM
 #1973

Cant register on the site either.

I wouldn't recommend it anyway until there are some answers and fixes in place.

LTC: LVjM7UJUedLgfeYztFaLc7J5ND35wo4qoP
FTC: 6tX9SmXhTxcpSsuNpCtkrKMxKxHbicPNpt
SBC: sewXveFW8XNBw5tGPabPTQD33iHJikwr2a
socket
Sr. Member
****
Offline Offline

Activity: 259
Merit: 250


View Profile
December 26, 2013, 08:30:02 PM
 #1974

There is one thing that worries me seriously.   
The hack job was not a simple SQL insertion or whatever.
My auto-payout was switched off (never used it) -- I lost a balance of BTC 0.36 (ouch!).
What I noticed after the hack, was that the booking was a regular one, with the AT_DEBIT code and including the BTC 0.0001 fee.
The charge of the fee means that the hacker launched existing scripts, or stored procedures, to perform the transactions. And never mind passwords or PINs, his level of control was too high for that.
Also note the bookings were done in a short amount of time (thus automated). And at a moment everybody was busy with Christmas shopping to minimize the chance of getting caught.
The hacker certainly took his time to prepare all of this and has gain top-level access to the system.
I would suggest that aTriz and nearmiss study very closely what happened, and make sure the hacker lost his control.
Imagine him having access all over Christmas time and work on backdoors... horrible idea.

Disagree.  I suspect there's a table of payouts to process, and a script that executes those payouts that runs via cron every few minutes.  All someone would need is a way to add entries to the payout table and a way to update the payout addresses for everyone (one query, possibly...  update blahtable set payout_address='BadGuysBTCAddress' or whatever, exclude a 'where' and it'll update every row).  If sql injection is possible, depending on the design of the database, this would have been quite easy.  It could possibly be done with just two queries.  I have no knowledge of the hashcows db, just thinking of "how i would have built it"

Big companies and financial institutions sniff and log their sql and other interactions between the front-end and back-end, and have lots of rules and regulations they must abide by to be part of the financial system.  As has been said, this is the wild west, anything is possible - there is a high risk, but potential high reward, and this kind of stuff will be happening again and again.

It's the easiest most common attack vector.  99.9% of all attacks these days are SQL injection and/or XSS.  Zero day remote code execution (buffer overflows and the like) wouldn't be used for something like this.
rascal777
Full Member
***
Offline Offline

Activity: 132
Merit: 100


View Profile
December 26, 2013, 09:16:08 PM
 #1975

hashcows needs to wipe their computers and reload their software.

I lost .3 BTC.  I was not mining for days there.  What irritates me was that when I stopped looking at hashcows, they were auto paying out every day.

Same payout address  13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH




BTC TIPS  19n2ienyueN4RiC38KFSZMQMgrNLgu9Uuc
hotwired007
Hero Member
*****
Offline Offline

Activity: 585
Merit: 500


View Profile
December 26, 2013, 10:09:42 PM
 #1976

https://blockchain.info/address/13R87ropkDKzDEuVeQoX64kkcLvPWVdTKH

Current balance is  40.78672487 BTC and every transaction for the address (755) was the 24th Dec by the looks of it.


This account was hacked & possibly sold during the period of August 1st and October 24th 2017.
Anything done or said in this period wasnt me.
Many thanks to Cyrus for his help restoring access to my account.
socket
Sr. Member
****
Offline Offline

Activity: 259
Merit: 250


View Profile
December 26, 2013, 10:11:15 PM
 #1977

Also, consider that if it was a root level compromise why not just clear out the hot wallet in one transaction? The attacker had to work inside the website's withdrawal system.. again likely an injection attack that targeted the tables for payout address and manual payout queue.
kalus
Sr. Member
****
Offline Offline

Activity: 420
Merit: 263

let's make a deal.


View Profile
December 26, 2013, 10:19:10 PM
 #1978

Cant register on the site either.
lol last on the internet to know.

DC2ngEGbd1ZUKyj8aSzrP1W5TXs5WmPuiR wow need noms
mattopia
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
December 26, 2013, 10:25:11 PM
 #1979

Also, consider that if it was a root level compromise why not just clear out the hot wallet in one transaction? The attacker had to work inside the website's withdrawal system.. again likely an injection attack that targeted the tables for payout address and manual payout queue.

Exactly.  Why go through the trouble of using "the system" to payout from each individual account if you have a greater level of access.  As far as the lock-down, it looks to me like they just set the relevant database tables to read only in some way (either by granting read only privileges to the frontend's database user, or, simply making the db files read only..)  An appropriate response until they find and patch the vulnerability. 

No amount of anything in the front end (two factor, pin codes, etc) will mitigate it if the database is easily compromised via sql injection.  I am hoping a re-design of the database is in the cards - there are ways to build the back-end to mitigate or eliminate these types of possibilities.
Tasweb
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
December 26, 2013, 10:48:44 PM
 #1980


As far as the lock-down, it looks to me like they just set the relevant database tables to read only in some way (either by granting read only privileges to the frontend's database user, or, simply making the db files read only..)  An appropriate response until they find and patch the vulnerability. 

No amount of anything in the front end (two factor, pin codes, etc) will mitigate it if the database is easily compromised via sql injection.  I am hoping a re-design of the database is in the cards - there are ways to build the back-end to mitigate or eliminate these types of possibilities.

I agree with you however if the whole database is read only why are they still encouraging us to mine? This is the bit that is worrying me and the reason I have moved my one little miner elsewhere.

On your second point, it is the front end design that allows sql injection attacks to happen, not database design. The database just does whatever it is told to do by the website or a command line interface. If this was an injection attack then it was either a coding error in the website or an out of date/misconfigured PHP installation that allowed the "hackers" to most likely dump the database and then go through the tables to identify the payout addresses and the mechanism used to initiate manual payouts. They would have done this by manipulating the address bar in a browser by adding special characters or by experimenting with special characters or buffer overflows with very long entries in text entry fields on the website. All of this would be captured in the access logs for the website unless they were able to gain shell access and modify/delete the logs.

I suspect the reason the site is still locked down is because the guys are still working out how the attack happened and the best way to prevent it from happening again.

Note that the site code doesn't look particularly professional. Should we really be able to view the password policy?

 password1: {
          minlength: 6,
          maxlength: 20,
          required: true

Hmmm, nice use of language there!!

$('#accountTab a').bind('click', function (e) {
           e.preventDefault()
        //alert('fuuuuck');

And again..

$('#statsTab a').bind('click', function (e) {
           e.preventDefault()
        //alert('fuuuuck');




Pages: « 1 ... 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 [99] 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 ... 193 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!