Author

Topic: cryptocoin.info hacked? (Read 1949 times)

hero member
Activity: 980
Merit: 506
April 16, 2012, 07:53:41 PM
#14
http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?

They were 25% right....Solidcoin is a scam. =)
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
April 13, 2012, 01:40:03 AM
#13
Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh

Looks like HostGator (their hosting provider) got wise to their little scheme. In retrospect, it might have been an idea to just tell them what their servers were being used for, but I just assumed they were in on it the whole time. Why else would anyone use a commercial hosting company for a highly public hack? HostGator doesn't accept bitcoins, either, so I wonder if the hackers were also dumb enough to pay for the hosting with an account in their own name... now that would be ironic. Grin
member
Activity: 85
Merit: 10
April 13, 2012, 12:55:42 AM
#12
Another update:

cryptocoin.info and
filenetworking.com are down with all associated subdomains.  Huh
member
Activity: 85
Merit: 10
April 12, 2012, 05:35:38 AM
#11
That's what I thought.
How else would they know that there was a backdoor into the original site?
hero member
Activity: 775
Merit: 1000
April 12, 2012, 04:21:43 AM
#10
It's almost like they've been reading this thread and trying to lift their game. So it might even be possible to catch the little pricks (or at least narrow down the pool of suspects) when the site owner comes back from holiday (or wherever).
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
April 12, 2012, 01:31:56 AM
#9
Okay, it appears the filenetworking.com server has been up for at least 9 days (which is consistent with the time the cryptocoin.info domain was changed) and is running either an old version of Linux (< 2.5, most likely 2.4) or a recent version patched to behave like an old version. That's about all I can determine with any accuracy. It's a highly unusual setup, that's for sure.
member
Activity: 85
Merit: 10
April 11, 2012, 11:57:07 PM
#8
Edit: http://f.filenetworking.com is down.
Cryptocoin.info/filenetworking.com has changed. Orange background with additions and removals of text:

Quote
Attention Cryptocoins like Bitcoin, Namecoin,

Litecoin, RUcoin, and Solidcoin are a scam!
 
Avoid all Cryptocoins!
 

Background is orange.
Title is Do not Buy Bitcoins.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
April 11, 2012, 11:08:57 PM
#7
It's also an Apache server - any vulnerabilities that could enable a hacker to get in?

Actually, I'm pretty sure it was the DNS that was hacked, not the websever. The original site is probably still online, feeling sad that nobody's able to connect to it anymore.

Anyway, I've been doing a more, uh, "thorough" investigation into the site, and I've come across a few... interesting anomalies. I'll have more information later.
member
Activity: 85
Merit: 10
April 11, 2012, 01:29:57 PM
#6
Is this what cryptocoin.info used to be like?

Subdomain lookup on filenetworking.com

http://f.filenetworking.com

EDIT: This is not actually there anymore... did the hacker remove it?
member
Activity: 85
Merit: 10
April 11, 2012, 08:33:22 AM
#5
It's also an Apache server - any vulnerabilities that could enable a hacker to get in?
Quote
Apache Server at cryptocoin.info Port 80

Also has a standard FTP server with authentication...
Anonymous login with username "anonymous" leads to error...

184.172.150.4 leads to a default page..

The 404 page is on filenetworking.com - as mentioned above..
http://cryptocoin.info/404
http://filenetworking.com/404.jpg

Directories:
http://filenetworking.com/cgi-sys/ - forbidden, same on CC
http://filenetworking.com/etc/ - forbidden, same on CC
http://filenetworking.com/images/ - OPEN directory, but http://cryptocoin.info/images/ is forbidden.
http://filenetworking.com/.htaccess - forbidden, same on CC
hero member
Activity: 775
Merit: 1000
April 11, 2012, 06:17:09 AM
#4
Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.

Nice work! I have much to learn. Question is, why would they bother? They've clearly only just learnt to spell, but haven't done capitalisation or punctuation yet... It doesn't make sense! Unless the hack was done by someone who only wanted to look like a 12 year old...
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
April 11, 2012, 05:47:41 AM
#3
Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)

Try index.php. Anyway, judging by the fact that the 404 error message is hosted on filenetworking.com, which has the same IP address (184.172.150.4) and nameservers (NS2849.HOSTGATOR.COM and NS2850.HOSTGATOR.COM) as cryptocoin.info even though the two domain names were registered through two different companies (Dotster, Inc. and Domain.com, LLC), plus the fact that the cryptocoin.info domain was recently (2 April 2012) changed for no obvious reason, I'm guessing it was hacked.
hero member
Activity: 775
Merit: 1000
April 11, 2012, 05:18:39 AM
#2
Looks weird. The source isn't even proper HTML.

"index.htm" and "index.html" give me 404 errors. (It makes me respect Firefox a bit more for somehow rendering it.)
hero member
Activity: 504
Merit: 500
April 11, 2012, 04:26:42 AM
#1
http://cryptocoin.info/

Normally has, well info about cryptocoins on it, now it says

Quote
Attention Cryptocoins like

Bitcoin, Litecoin, RUcoin, and Solidcoin

Are a scam, so watch out!

We no longer encourage the use of cryptocoins

We found out they are just a scam

Hacked? Or what could they have "found out"?
Jump to: