Author

Topic: DailyBitcoins Was Down Because of a Vulnerability (Read 509 times)

member
Activity: 70
Merit: 10
December 13, 2013, 05:32:07 PM
#4
DailyBitcoins rings a bell, I'm gonna have to check if I have an account over there.  thanks for posting the thread, and sharing the info.  Good to know it's not offline anyways.
newbie
Activity: 10
Merit: 0
The error I encountered was a 404 error and nothing being able to load. I think its safe for registered users and non registered users to continue using the site.
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
Was it just over an hour ago? I think I saw that...

The DailyBitcoins page had an error on top of the usual menu bar and the bitcoin prize image didn't load,
so I had to close the window and go to DailyBitcoins again, then it was fine.

I do not have an account there, have always used a bitcoin address instead, should I be worried??
newbie
Activity: 10
Merit: 0
I was on PeerBet just looking around while reading the chat. 'giantdragon' was on talking about how he just fixed a vulnerability on DailyBitcoins. A hacker apparently uploaded a malicious script through the banner upload which he has now fixed.

He might also be the owner of Bitships.

Chatlog (Cleaned up version):
Cheeseheaven: did dailybitcoin.org crash or something?
giantdragon: Daily Bitcoins is hacked again
giantdragon: I am trying to fix
Cheeseheaven: ah so that's what's happening :S
whitebeard: another bitcoin incursion!
giantdragon: Daily Bitcoins is online again
giantdragon: I hope hacker will be unable to intrude again...
Cheeseheaven: giantdragon could you make it easier to merge codes? Tongue
Cheeseheaven: for bitships? S: i am very lazy at stuff ....
giantdragon: at first I need to fix security issues...
giantdragon: there was a bug that allowed to upload malicious PHP file
giantdragon: it is fixed now but seems that hacker stole some passwords
giantdragon: I changed MySQL pass and user pass
Me: Is giantdragon the owner of Dailybitcoins?
giantdragon: yes, I am
saromman: and bitships?
giantdragon: attack was via banner
Me: I didn't think that was possible. Do you have it set to only allow certain file types?
gho57: Not the banner itself, but the upload script?
giantdragon: I did, but this hacker found some way to bypass it
Cheeseheaven: i didn't know you were the owner of dailybitcoins.org Shocked cool!
giantdragon: now I added .htaccess file to block PHP execution on uploaded banners directory
Jump to: