All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Server hacked?
Installed was only bitcoin core, wtf?
Hi, visit http://pastebin.com/raw/Sh5SYvR7 for instructions on how to get your files back
Hi,
Your server has been hacked, your files have been backed up to a server that we control and finally deleted from your server.
We are happy to inform you that you have two weeks starting from now to get your files back, at the end of the two weeks, all files are removed from our server after they have been leaked through various networks if you have not paid. When you pay, the files are not leaked and they are removed.
We want 3 BTC in return for your files, send the BTC here: 12ZJxnCBjfyE7bmh7zmrkKfXp1pHdpZaSk
When you have sent the requested payment, e-mail [email protected] with the transaction ID and you will receive a tarball with your files inside.
You can e-mail us with custom requests, but we won't give any files before payment.
Comments
Hmm whats this one ?
READ-THIS.txt is that text i posted above
so he runs via _GET or _POST "http://testp5.mielno.lubin.pl/testproxy.php" in my php script or so and then he hacked server? hmm
I swear to GOD that i am goin after that mothafuker and i will kill em, stfu stupid lame hacker lol
LOL
nice job you got the cryptolocker or cryptowall virus lol.
its on server, so how? if my bitcoin (bitcoind) full node was hacked then anyone can be then ...
I get those all the time on my honeypot, it's so damn beautiful to watch me email them with cat photos and a note that says "OMG NOT ME PUURFECT FILES OMG NO NO PLA DONT DEETE" and then restoring the honeypot
but do you see "15:31:10 - http://testp5.mielno.lubin.pl/testproxy.php" and 15:35 READ-THIS.txt, just matter of minutes and he is in, fak it i did not have any of important files there, but will no more run bitcoin full node ever
Reinstall, restore from backups and rethink security basics - for anything involving money take extra care! SSH keys, VPN only access for SSH/admin stuff etc
Lol all I got to say is I hope you got backups!
OP you should report to the FBI or your local equivalent, since there's a crime involved and you're a victim.
I need to setup one of those. The best allow login and simulated shell to really consume time.
It's fun, I wrote my own in NodeJS
I love honeypots... seeing all the script kiddies trying to delete everything. Once, a "hacker" tried to do "rm /rf" instead of "rm -rf /"
Care to share be interesting to see how or what you've done in NodeJS
It's clear that the server was hacked, so you should take some steps to secure it next time and then to also report it to the FBI as was suggested.
Your server returned a 403 error. I don't think it was this that caused the problem.
Yeah I see those testproxy.php requests in my nginx logs all the time on my sites
OP seems to think that a bot testing sites to see if they're an open reverse proxy has installed crypo locker software on the box, we'll just leave it at that as OPs password was probably 1234
I always make sure to add an extra 5678
I also add double-ROT-13 for increased strength.
Do not pay these idiots!
They will not send your files back.
I know, one of my clients did paid them although I say him not to.
And he got nothing in return...
Some details: Server hacked because of open REDIS installation,
http://blog.jobbole.com/94518/
this is exactly what they used to hack this server:
translated: https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=tr&ie=UTF-8&u=http://blog.jobbole.com/94518/&edit-text=
My customer negotiated with them and they say ok for 1 BTC to give files back.
after 1 BTC send to them, they want 2 BTC more.
after a lot of mails, they stop responding and my customer finally curse the whole world to them and case closed without any files.
They use Tor network to communicate with you, so Ip's can not be contacted.
I have got strong suspicion that at least one people who replies to mails at [email protected] email address is an Indian guy.
Because after cursing to his elephant god he stopped responding
if someone interested I can paste the whole mail conversation with these idiots of script kiddies....
I am curious... cryptolocker / cryptowall viruses can run on *nix based servers?
That is likely the issue...there were no security lock-downs in place.
Live and learn!
That would be an interesting read, you may.
well.. someone paid!...
https://blockchain.info/address/12ZJxnCBjfyE7bmh7zmrkKfXp1pHdpZaSk
I was just about to post this. Use the other payments block chain as proof for your payment, usually after they get $1200 they aren't going to care if they give the unlock to two people with the same block chain. I've saved a friend with this before.
I feel bad for that poor
suckeridiot :d@Grizzly i did not paid probably they hacked more servers at once, someone paid, i had backups, lost nothing, just mailed those mothafucka hackers that they can have fun with my files, nothing important tho, just they steal my work of numerous coding in php etc, but fuk em, KARMA IS FREE AN INSTANT
On a public forum... Enjoy.
Today you learned: Server Security should be taken seriously.
anytime you set up a server, your first priority should be security. Secure passwords, reading up on any new exploits and some ssh keys are a must. Don't just use root and leave it there, some hardening is necessary