cryptocoin.info hacked? | Bitcointalksearch.org

Cosbycoin

hero member

Activity: 980

Merit: 506

Quote from: drakahn on April 11, 2012, 04:26:42 AM

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote

Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

They were 25% right....Solidcoin is a scam. =)

Foxpup

legendary

Activity: 4536

Merit: 3188

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: ysoliman on April 13, 2012, 12:55:42 AM

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains. Huh

Looks like HostGator (their hosting provider) got wise to their little scheme. In retrospect, it might have been an idea to just tell them what their servers were being used for, but I just assumed they were in on it the whole time. Why else would anyone use a commercial hosting company for a highly public hack? HostGator doesn't accept bitcoins, either, so I wonder if the hackers were also dumb enough to pay for the hosting with an account in their own name... now that would be ironic. Grin

ysoliman

member

Activity: 85

Merit: 10

Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains. Huh

ysoliman

member

Activity: 85

Merit: 10

That's what I thought.
How else would they know that there was a backdoor into the original site?

blablahblah

hero member

Activity: 775

Merit: 1000

Quote from: ysoliman on April 11, 2012, 11:57:07 PM

Edit: http://f.filenetworking.com is down.

It's almost like they've been reading this thread and trying to lift their game. So it might even be possible to catch the little pricks (or at least narrow down the pool of suspects) when the site owner comes back from holiday (or wherever).

Foxpup

legendary

Activity: 4536

Merit: 3188

Vile Vixen and Miss Bitcointalk 2021-2023

Okay, it appears the filenetworking.com server has been up for at least 9 days (which is consistent with the time the cryptocoin.info domain was changed) and is running either an old version of Linux (< 2.5, most likely 2.4) or a recent version patched to behave like an old version. That's about all I can determine with any accuracy. It's a highly unusual setup, that's for sure.

ysoliman

member

Activity: 85

Merit: 10

Edit: http://f.filenetworking.com is down.
Cryptocoin.info/filenetworking.com has changed. Orange background with additions and removals of text:

Quote

Attention Cryptocoins like Bitcoin, Namecoin,

Litecoin, RUcoin, and Solidcoin are a scam!

Avoid all Cryptocoins!

Background is orange.
Title is Do not Buy Bitcoins.

Foxpup

legendary

Activity: 4536

Merit: 3188

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: ysoliman on April 11, 2012, 08:33:22 AM

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Actually, I'm pretty sure it was the DNS that was hacked, not the websever. The original site is probably still online, feeling sad that nobody's able to connect to it anymore.

Anyway, I've been doing a more, uh, "thorough" investigation into the site, and I've come across a few... interesting anomalies. I'll have more information later.

ysoliman

member

Activity: 85

Merit: 10

Is this what cryptocoin.info used to be like?

Subdomain lookup on filenetworking.com

http://f.filenetworking.com

EDIT: This is not actually there anymore... did the hacker remove it?

ysoliman

member

Activity: 85

Merit: 10

It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Quote

Apache Server at cryptocoin.info Port 80

Also has a standard FTP server with authentication...
Anonymous login with username "anonymous" leads to error...

184.172.150.4 leads to a default page..

The 404 page is on filenetworking.com - as mentioned above..
http://cryptocoin.info/404
http://filenetworking.com/404.jpg

Directories:
http://filenetworking.com/cgi-sys/ - forbidden, same on CC
http://filenetworking.com/etc/ - forbidden, same on CC
http://filenetworking.com/images/ - OPEN directory, but http://cryptocoin.info/images/ is forbidden.
http://filenetworking.com/.htaccess - forbidden, same on CC

blablahblah

hero member

Activity: 775

Merit: 1000

Quote from: Foxpup on April 11, 2012, 05:47:41 AM

Quote from: blablahblah on April 11, 2012, 05:18:39 AM

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Nice work! I have much to learn. Question is, why would they bother? They've clearly only just learnt to spell, but haven't done capitalisation or punctuation yet... It doesn't make sense! Unless the hack was done by someone who only wanted to look like a 12 year old...

Foxpup

legendary

Activity: 4536

Merit: 3188

Vile Vixen and Miss Bitcointalk 2021-2023

Quote from: blablahblah on April 11, 2012, 05:18:39 AM

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

blablahblah

hero member

Activity: 775

Merit: 1000

Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

drakahn

hero member

Activity: 504

Merit: 500

http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote

Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

Topic: cryptocoin.info hacked? (Read 1946 times)