Topic: DailyBitcoins Was Down Because of a Vulnerability (Read 496 times)
DailyBitcoins rings a bell, I'm gonna have to check if I have an account over there. thanks for posting the thread, and sharing the info. Good to know it's not offline anyways.
The error I encountered was a 404 error and nothing being able to load. I think its safe for registered users and non registered users to continue using the site.
Was it just over an hour ago? I think I saw that...
The DailyBitcoins page had an error on top of the usual menu bar and the bitcoin prize image didn't load,
so I had to close the window and go to DailyBitcoins again, then it was fine.
I do not have an account there, have always used a bitcoin address instead, should I be worried??
The DailyBitcoins page had an error on top of the usual menu bar and the bitcoin prize image didn't load,
so I had to close the window and go to DailyBitcoins again, then it was fine.
I do not have an account there, have always used a bitcoin address instead, should I be worried??
I was on PeerBet just looking around while reading the chat. 'giantdragon' was on talking about how he just fixed a vulnerability on DailyBitcoins. A hacker apparently uploaded a malicious script through the banner upload which he has now fixed.
He might also be the owner of Bitships.
Chatlog (Cleaned up version):
Cheeseheaven: did dailybitcoin.org crash or something?
giantdragon: Daily Bitcoins is hacked again
giantdragon: I am trying to fix
Cheeseheaven: ah so that's what's happening :S
whitebeard: another bitcoin incursion!
giantdragon: Daily Bitcoins is online again
giantdragon: I hope hacker will be unable to intrude again...
Cheeseheaven: giantdragon could you make it easier to merge codes?
Cheeseheaven: for bitships? S: i am very lazy at stuff ....
giantdragon: at first I need to fix security issues...
giantdragon: there was a bug that allowed to upload malicious PHP file
giantdragon: it is fixed now but seems that hacker stole some passwords
giantdragon: I changed MySQL pass and user pass
Me: Is giantdragon the owner of Dailybitcoins?
giantdragon: yes, I am
saromman: and bitships?
giantdragon: attack was via banner
Me: I didn't think that was possible. Do you have it set to only allow certain file types?
gho57: Not the banner itself, but the upload script?
giantdragon: I did, but this hacker found some way to bypass it
Cheeseheaven: i didn't know you were the owner of dailybitcoins.org
cool!
giantdragon: now I added .htaccess file to block PHP execution on uploaded banners directory
He might also be the owner of Bitships.
Chatlog (Cleaned up version):
Cheeseheaven: did dailybitcoin.org crash or something?
giantdragon: Daily Bitcoins is hacked again
giantdragon: I am trying to fix
Cheeseheaven: ah so that's what's happening :S
whitebeard: another bitcoin incursion!
giantdragon: Daily Bitcoins is online again
giantdragon: I hope hacker will be unable to intrude again...
Cheeseheaven: giantdragon could you make it easier to merge codes?
Cheeseheaven: for bitships? S: i am very lazy at stuff ....
giantdragon: at first I need to fix security issues...
giantdragon: there was a bug that allowed to upload malicious PHP file
giantdragon: it is fixed now but seems that hacker stole some passwords
giantdragon: I changed MySQL pass and user pass
Me: Is giantdragon the owner of Dailybitcoins?
giantdragon: yes, I am
saromman: and bitships?
giantdragon: attack was via banner
Me: I didn't think that was possible. Do you have it set to only allow certain file types?
gho57: Not the banner itself, but the upload script?
giantdragon: I did, but this hacker found some way to bypass it
Cheeseheaven: i didn't know you were the owner of dailybitcoins.org
cool!giantdragon: now I added .htaccess file to block PHP execution on uploaded banners directory
Jump to: