Bitcoin Forum
December 08, 2016, 06:33:10 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: cryptocoin.info hacked?  (Read 1750 times)
drakahn
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 11, 2012, 09:26:42 AM
 #1

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481221990
Hero Member
*
Offline Offline

Posts: 1481221990

View Profile Personal Message (Offline)

Ignore
1481221990
Reply with quote  #2

1481221990
Report to moderator
1481221990
Hero Member
*
Offline Offline

Posts: 1481221990

View Profile Personal Message (Offline)

Ignore
1481221990
Reply with quote  #2

1481221990
Report to moderator
blablahblah
Legendary
*
Offline Offline

Activity: 775


View Profile
April 11, 2012, 10:18:39 AM
 #2

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 11, 2012, 10:47:41 AM
 #3

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
blablahblah
Legendary
*
Offline Offline

Activity: 775


View Profile
April 11, 2012, 11:17:09 AM
 #4

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Nice work! I have much to learn. Question is, why would they bother? They've clearly only just learnt to spell, but haven't done capitalisation or punctuation yet... It doesn't make sense! Unless the hack was done by someone who only wanted to look like a 12 year old...
ysoliman
Member
**
Offline Offline

Activity: 86


View Profile
April 11, 2012, 01:33:22 PM
 #5

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?
Quote
Apache Server at cryptocoin.info Port 80

Also has a standard FTP server with authentication...
Anonymous login with username "anonymous" leads to error...

184.172.150.4 leads to a default page..

The 404 page is on filenetworking.com - as mentioned above..
http://cryptocoin.info/404
http://filenetworking.com/404.jpg

Directories:
http://filenetworking.com/cgi-sys/ - forbidden, same on CC
http://filenetworking.com/etc/ - forbidden, same on CC
http://filenetworking.com/images/ - OPEN directory, but http://cryptocoin.info/images/ is forbidden.
http://filenetworking.com/.htaccess - forbidden, same on CC
ysoliman
Member
**
Offline Offline

Activity: 86


View Profile
April 11, 2012, 06:29:57 PM
 #6

Is this what cryptocoin.info used to be like?

Subdomain lookup on filenetworking.com

http://f.filenetworking.com

EDIT: This is not actually there anymore... did the hacker remove it?
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 12, 2012, 04:08:57 AM
 #7

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Actually, I'm pretty sure it was the DNS that was hacked, not the websever. The original site is probably still online, feeling sad that nobody's able to connect to it anymore.

Anyway, I've been doing a more, uh, "thorough" investigation into the site, and I've come across a few... interesting anomalies. I'll have more information later.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
ysoliman
Member
**
Offline Offline

Activity: 86


View Profile
April 12, 2012, 04:57:07 AM
 #8

Edit: http://f.filenetworking.com is down.
Cryptocoin.info/filenetworking.com has changed. Orange background with additions and removals of text:

Quote
Attention Cryptocoins like Bitcoin, Namecoin,

Litecoin, RUcoin, and Solidcoin are a scam!
 
Avoid all Cryptocoins!
 

Background is orange.
Title is Do not Buy Bitcoins.
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 12, 2012, 06:31:56 AM
 #9

Okay, it appears the filenetworking.com server has been up for at least 9 days (which is consistent with the time the cryptocoin.info domain was changed) and is running either an old version of Linux (< 2.5, most likely 2.4) or a recent version patched to behave like an old version. That's about all I can determine with any accuracy. It's a highly unusual setup, that's for sure.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
blablahblah
Legendary
*
Offline Offline

Activity: 775


View Profile
April 12, 2012, 09:21:43 AM
 #10

It's almost like they've been reading this thread and trying to lift their game. So it might even be possible to catch the little pricks (or at least narrow down the pool of suspects) when the site owner comes back from holiday (or wherever).
ysoliman
Member
**
Offline Offline

Activity: 86


View Profile
April 12, 2012, 10:35:38 AM
 #11

That's what I thought.
How else would they know that there was a backdoor into the original site?
ysoliman
Member
**
Offline Offline

Activity: 86


View Profile
April 13, 2012, 05:55:42 AM
 #12

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 13, 2012, 06:40:03 AM
 #13

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh

Looks like HostGator (their hosting provider) got wise to their little scheme. In retrospect, it might have been an idea to just tell them what their servers were being used for, but I just assumed they were in on it the whole time. Why else would anyone use a commercial hosting company for a highly public hack? HostGator doesn't accept bitcoins, either, so I wonder if the hackers were also dumb enough to pay for the hosting with an account in their own name... now that would be ironic. Grin

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Cosbycoin
Full Member
***
Offline Offline

Activity: 140


View Profile
April 17, 2012, 12:53:41 AM
 #14

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

They were 25% right....Solidcoin is a scam. =)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!