Bitcoin Forum
November 13, 2024, 09:48:21 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: cryptocoin.info hacked?  (Read 1945 times)
drakahn (OP)
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
April 11, 2012, 09:26:42 AM
 #1

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
blablahblah
Hero Member
*****
Offline Offline

Activity: 775
Merit: 1000


View Profile
April 11, 2012, 10:18:39 AM
 #2

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 11, 2012, 10:47:41 AM
 #3

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
blablahblah
Hero Member
*****
Offline Offline

Activity: 775
Merit: 1000


View Profile
April 11, 2012, 11:17:09 AM
 #4

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Nice work! I have much to learn. Question is, why would they bother? They've clearly only just learnt to spell, but haven't done capitalisation or punctuation yet... It doesn't make sense! Unless the hack was done by someone who only wanted to look like a 12 year old...
ysoliman
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
April 11, 2012, 01:33:22 PM
Last edit: April 11, 2012, 01:46:14 PM by ysoliman
 #5

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?
Quote
Apache Server at cryptocoin.info Port 80

Also has a standard FTP server with authentication...
Anonymous login with username "anonymous" leads to error...

184.172.150.4 leads to a default page..

The 404 page is on filenetworking.com - as mentioned above..
http://cryptocoin.info/404
http://filenetworking.com/404.jpg

Directories:
http://filenetworking.com/cgi-sys/ - forbidden, same on CC
http://filenetworking.com/etc/ - forbidden, same on CC
http://filenetworking.com/images/ - OPEN directory, but http://cryptocoin.info/images/ is forbidden.
http://filenetworking.com/.htaccess - forbidden, same on CC
ysoliman
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
April 11, 2012, 06:29:57 PM
Last edit: April 12, 2012, 05:10:42 AM by ysoliman
 #6

Is this what cryptocoin.info used to be like?

Subdomain lookup on filenetworking.com

http://f.filenetworking.com

EDIT: This is not actually there anymore... did the hacker remove it?
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 12, 2012, 04:08:57 AM
 #7

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Actually, I'm pretty sure it was the DNS that was hacked, not the websever. The original site is probably still online, feeling sad that nobody's able to connect to it anymore.

Anyway, I've been doing a more, uh, "thorough" investigation into the site, and I've come across a few... interesting anomalies. I'll have more information later.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
ysoliman
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
April 12, 2012, 04:57:07 AM
Last edit: April 12, 2012, 05:13:31 AM by ysoliman
 #8

Edit: http://f.filenetworking.com is down.
Cryptocoin.info/filenetworking.com has changed. Orange background with additions and removals of text:

Quote
Attention Cryptocoins like Bitcoin, Namecoin,

Litecoin, RUcoin, and Solidcoin are a scam!
 
Avoid all Cryptocoins!
 

Background is orange.
Title is Do not Buy Bitcoins.
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 12, 2012, 06:31:56 AM
 #9

Okay, it appears the filenetworking.com server has been up for at least 9 days (which is consistent with the time the cryptocoin.info domain was changed) and is running either an old version of Linux (< 2.5, most likely 2.4) or a recent version patched to behave like an old version. That's about all I can determine with any accuracy. It's a highly unusual setup, that's for sure.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
blablahblah
Hero Member
*****
Offline Offline

Activity: 775
Merit: 1000


View Profile
April 12, 2012, 09:21:43 AM
 #10

It's almost like they've been reading this thread and trying to lift their game. So it might even be possible to catch the little pricks (or at least narrow down the pool of suspects) when the site owner comes back from holiday (or wherever).
ysoliman
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
April 12, 2012, 10:35:38 AM
 #11

That's what I thought.
How else would they know that there was a backdoor into the original site?
ysoliman
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
April 13, 2012, 05:55:42 AM
 #12

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 13, 2012, 06:40:03 AM
 #13

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh

Looks like HostGator (their hosting provider) got wise to their little scheme. In retrospect, it might have been an idea to just tell them what their servers were being used for, but I just assumed they were in on it the whole time. Why else would anyone use a commercial hosting company for a highly public hack? HostGator doesn't accept bitcoins, either, so I wonder if the hackers were also dumb enough to pay for the hosting with an account in their own name... now that would be ironic. Grin

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
Cosbycoin
Hero Member
*****
Offline Offline

Activity: 980
Merit: 506



View Profile
April 17, 2012, 12:53:41 AM
 #14

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

They were 25% right....Solidcoin is a scam. =)
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!