How was I hacked? | Bitcointalksearch.org

diegocosta

newbie

Activity: 42

Merit: 0

Quote from: jerol31 on March 21, 2015, 09:28:33 AM

You must have better secure password, including characters, letters, numbers.
That is very important in order to be more secure. Also try to change your password once in a while.

what you have suggested would only help if they cracked the password by brute-force which it appears they didnt do

spin

sr. member

Activity: 362

Merit: 261

Could be phpmyadmin vulnerability if your version is out of date.

ak111in

full member

Activity: 180

Merit: 1003

Quote from: fast2fix on March 21, 2015, 01:08:56 PM

Quote from: ak111in on March 21, 2015, 03:39:32 AM

Quote from: notlist3d on March 21, 2015, 12:25:29 AM

I would say most likely it was a exploit to gain acess. Bruteforcing a 17 char password is something you really could not do espically if you are trying against a place online. Unless just horrible security it would stop IP access if you just keep hitting it with wrong passwords.

Yes I realize now that brute force has a slim chance, I was kind of hoping that it was brute force because then I can fix it relatively easily but now I am not sure how he got access and just trying out everything just hoping to fix the website.

i think your website is vulnerable, are you running a faucet website or something?

Yes something similar, looking out for vulnerabilities and trying to fix them.

fast2fix

legendary

Activity: 1612

Merit: 1001

Quote from: ak111in on March 21, 2015, 03:39:32 AM

Quote from: notlist3d on March 21, 2015, 12:25:29 AM

I would say most likely it was a exploit to gain acess. Bruteforcing a 17 char password is something you really could not do espically if you are trying against a place online. Unless just horrible security it would stop IP access if you just keep hitting it with wrong passwords.

Yes I realize now that brute force has a slim chance, I was kind of hoping that it was brute force because then I can fix it relatively easily but now I am not sure how he got access and just trying out everything just hoping to fix the website.

i think your website is vulnerable, are you running a faucet website or something?

jerol31

member

Activity: 84

Merit: 10

You must have better secure password, including characters, letters, numbers.
That is very important in order to be more secure. Also try to change your password once in a while.

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: MUFC on March 21, 2015, 07:34:51 AM

Quote from: Sarthak on March 20, 2015, 10:07:06 PM

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

He could be using tor or a VPN. If he was smart he would be but you never know. He could also be using bots to rape the faucet.

Quote from: ak111in on March 21, 2015, 03:35:40 AM

Quote from: Sarthak on March 20, 2015, 10:07:06 PM

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

Thanks I will try and contact earnfreebitcoins.com, the tragedy is that a cheaper hacker was able to get complete access to the database but in the end his stupidity saved my bitcoins.

I doubt they will just give out a users IP address to some random person, but hope you track him down. You should look into his address and see if it is spendlinked to others. You might be able to track him down to this forum or some other sites online.

Most likely you will need to turn it into some authority. (IE police or other agency). They will be able to possibly get information such as IP.

If you do it yourself they will not give you a IP address of someone, most likely.

MUFC

hero member

Activity: 500

Merit: 500

Quote from: Sarthak on March 20, 2015, 10:07:06 PM

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

He could be using tor or a VPN. If he was smart he would be but you never know. He could also be using bots to rape the faucet.

Quote from: ak111in on March 21, 2015, 03:35:40 AM

Quote from: Sarthak on March 20, 2015, 10:07:06 PM

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

Thanks I will try and contact earnfreebitcoins.com, the tragedy is that a cheaper hacker was able to get complete access to the database but in the end his stupidity saved my bitcoins.

I doubt they will just give out a users IP address to some random person, but hope you track him down. You should look into his address and see if it is spendlinked to others. You might be able to track him down to this forum or some other sites online.

diegocosta

newbie

Activity: 42

Merit: 0

hire a group of white hat hackers to test your site out, when they find possible exploits, fix them

Vezalke

member

Activity: 76

Merit: 10

To bruteforce 17 char password it would take years!

ak111in

full member

Activity: 180

Merit: 1003

Quote from: notlist3d on March 21, 2015, 12:25:29 AM

I would say most likely it was a exploit to gain acess. Bruteforcing a 17 char password is something you really could not do espically if you are trying against a place online. Unless just horrible security it would stop IP access if you just keep hitting it with wrong passwords.

Yes I realize now that brute force has a slim chance, I was kind of hoping that it was brute force because then I can fix it relatively easily but now I am not sure how he got access and just trying out everything just hoping to fix the website.

ak111in

full member

Activity: 180

Merit: 1003

Quote from: Sarthak on March 20, 2015, 10:07:06 PM

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

Thanks I will try and contact earnfreebitcoins.com, the tragedy is that a cheaper hacker was able to get complete access to the database but in the end his stupidity saved my bitcoins.

ak111in

full member

Activity: 180

Merit: 1003

Quote from: rax on March 20, 2015, 06:42:58 PM

SSH (/etc/ssh/sshd_config)

1. Disable root SSH access.

Code:

PermitRootLogin no

2. Disable password-based SSH logins, use public keys instead.

Code:

PubkeyAuthentication yes
ChallengeResponseAuthentication no
PasswordAuthentication no

Learn more about key-based authentication here. Even better, read the whole Linux Crypto post series.

Other services

3. Remove phpMyAdmin. If you need to fuck shit up just log into the database server and issue plain SQL queries using mysql-client. Bottom line: don't expose any service to the internet other than SSH, HTTPS and/or HTTP.

4. Setup a firewall using ufw.

Passwords

5. Change every single password in the system. Follow the Diceware approach to password generation. Use 8 to 10 characters at least. Do write down your passwords. Paper will work, an encrypted file using your (properly stored) GPG key would be even better.

6. Hope for the best.

Thanks done some of them , working on doing others.

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: ak111in on March 20, 2015, 05:58:18 AM

Hi,
Today my bitcoin based website was hacked. The hacker changed the password of admin and other major accounts and changed the withdrawal bitcoin address of all accounts which had major balance. Though I did not lose any bitcoins as he broke the website by messing up the database and I became aware of the hack. The hacker was able to access my database , I suppose through phpmyadmin but I think he was not able to get ssh root access.

So I want to know how feasible it is to brute force a 17 character password having numbers+characters+symbol or should I look for any other way the hacker may have got in.

Hacker bitcoin address to which all the withdrawal addresses were set: 1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Regards

I would say most likely it was a exploit to gain acess. Bruteforcing a 17 char password is something you really could not do espically if you are trying against a place online. Unless just horrible security it would stop IP access if you just keep hitting it with wrong passwords.

Sarthak

hero member

Activity: 518

Merit: 501

Error 404: there seems to be nothing here.

Thats Hackers address?
I found something interesting!

http://earnfreebitcoins.com/address/1A8AzZSQp2oxzdSJeUUpoNmeff9bLQKBRo

Contact the admin of earnfreebitcoins.com for the hackers ip! I don't think the hacker used any software like Tor when he used to visit sites to earn free bitcoins! The hacker is a cheap one! He just earned 0.0000083 from that free bitcoin site xD

bitmarket.io

legendary

Activity: 1204

Merit: 1001

cuz you's a dumbfuk

rax

member

Activity: 86

Merit: 12

SSH (/etc/ssh/sshd_config)

1. Disable root SSH access.

Code:

PermitRootLogin no

2. Disable password-based SSH logins, use public keys instead.

Code:

PubkeyAuthentication yes
ChallengeResponseAuthentication no
PasswordAuthentication no

Learn more about key-based authentication here. Even better, read the whole Linux Crypto post series.

Other services

3. Remove phpMyAdmin. If you need to fuck shit up just log into the database server and issue plain SQL queries using mysql-client. Bottom line: don't expose any service to the internet other than SSH, HTTPS and/or HTTP.

4. Setup a firewall using ufw.

Passwords

5. Change every single password in the system. Follow the Diceware approach to password generation. Use 8 to 10 words at least. Do write down your passwords. Paper will work, an encrypted file using your (properly stored) GPG key would be even better.

6. Hope for the best.

ak111in

full member

Activity: 180

Merit: 1003

Quote from: Professor Plums on March 20, 2015, 11:55:20 AM

Quote from: ak111in on March 20, 2015, 05:58:18 AM

So I want to know how feasible it is to brute force a 17 character password having numbers+characters+symbol or should I look for any other way the hacker may have got in.

It doesn't matter how long or complex your password is if you've got a keylogger or spyware. Have you scanned your comp for viruses?

Yes nothing there. I keylogger would have caused bigger problems.

Professor Plums

member

Activity: 105

Merit: 10

Quote from: ak111in on March 20, 2015, 05:58:18 AM

So I want to know how feasible it is to brute force a 17 character password having numbers+characters+symbol or should I look for any other way the hacker may have got in.

It doesn't matter how long or complex your password is if you've got a keylogger or spyware. Have you scanned your comp for viruses?

abyrnes81

hero member

Activity: 714

Merit: 500

Quote from: ak111in on March 20, 2015, 06:22:29 AM

Quote from: abyrnes81 on March 20, 2015, 06:14:33 AM

Have you checked your e-mail address? Has been it compromise or not? Maybe the hacked 'caught' the access to your address and requested a password reset for you admin vps account.

There are no signs that my email has been compromised, since all the changes were made only in database I think he did not get access to my vps account or ssh but only got through phpmyadmin.

Quote from: zetaray on March 20, 2015, 06:11:46 AM

A long password takes too long to bruteforce. Hackers usually go for faster and easier ways. if the site is important to you, spend some btc and hire a white hat hacker to hack your site. Then you will know.

Can you suggest someone or where can I find one

Then yes, the malicious user has granted the access through the phpmyadmin panel. Maybe your password was 'weak' now you should improve your security.

ak111in

full member

Activity: 180

Merit: 1003

Quote from: EcuaMobi on March 20, 2015, 10:56:47 AM

Quote from: ak111in on March 20, 2015, 10:48:01 AM

Quote from: EcuaMobi on March 20, 2015, 10:14:16 AM

Are you using the latest version of phpMyAdmin? I think an older version had a security bug.
Also is it installed on tje default /phpmyadmim? Try a unique URL. Just to confirm I guess it uses SSL right?
And finally make sure to use .htpasswd besides the normal DB password. Were you already using it?

Have updated everything now, but do not have SSL or .htpasswd

If you think the hacker may have accessed the DB that way you should definitely add those. Regarding SSL a self signed certificate would do, just to prevent your DB password from being sent as plain text.

Thanks will add SSL to the website.

Topic: How was I hacked? (Read 1668 times)