1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice
  2. The hosting section is sponsored by Hostwinds visit the BHW Partnership program for your exclusive BHW member hosting benefit today.
    MUST be signed into your BHW account.
    Dismiss Notice

Someone hacked my database and he asked me 0.04 BTC to recover it

Discussion in 'Web Hosting' started by userAnonyme, Jun 19, 2019.

  1. userAnonyme

    userAnonyme BANNED BANNED

    Joined:
    Aug 14, 2016
    Messages:
    325
    Likes Received:
    97
    Gender:
    Male
    hi guys,
    This is true, Someone just hacked my database in AWS,and he asked me 0.04 BTC to recover it , luckily I have another version in my PC.

    Note:
    the message of hacker :
    To recover your lost Database and avoid leaking it: Send us 0.04 Bitcoin (BTC) to our Bitcoin address 1Msg3ribW4CpEUgCJwdLVhN4p3fuHWpXLy and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: db_m2c. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise.


    [​IMG]
     
  2. Wow 2300 results lol, guess you're not the only one.

    [​IMG]
     
    • Thanks Thanks x 2
  3. userAnonyme

    userAnonyme BANNED BANNED

    Joined:
    Aug 14, 2016
    Messages:
    325
    Likes Received:
    97
    Gender:
    Male
    I don't know how he do it, the database is secured with password, I used aws to host the database, I'm using ubuntu.
    Pobably he scan ports.
     
  4. kickthat

    kickthat Jr. VIP Jr. VIP

    Joined:
    Sep 18, 2014
    Messages:
    707
    Likes Received:
    1,001
    Gender:
    Male
    Location:
    UK
    Do you have forms that are insecure and vulnerable to SQL injection attack?
     
  5. Razen666

    Razen666 Senior Member

    Joined:
    Feb 2, 2017
    Messages:
    829
    Likes Received:
    396
    Gender:
    Male
    Occupation:
    making money
    Location:
    somewhere
    I have this dude emailing me everyday saying that he got my nudes lmfaaao .. I guess this type of messages are stupid.Maybe u should call amazon
     
    • Thanks Thanks x 2
  6. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    10,604
    Likes Received:
    3,079
    it all done via low security password .

    also come down to the way you hide the database url or ip from public eyes .

    all mixed ...

    uppercase
    lowercase
    number
    symbol
    8 charecters long

    best way to password anythink
     
  7. userAnonyme

    userAnonyme BANNED BANNED

    Joined:
    Aug 14, 2016
    Messages:
    325
    Likes Received:
    97
    Gender:
    Male
    I'm using just http://localhost:4200/ to test my project, and the database in AWS.
     
  8. Badboy Enterprise

    Badboy Enterprise Jr. VIP Jr. VIP

    Joined:
    Jan 24, 2015
    Messages:
    1,196
    Likes Received:
    267
    there is some h4x baller cracking everyone servers lol
     
    • Thanks Thanks x 1
  9. userAnonyme

    userAnonyme BANNED BANNED

    Joined:
    Aug 14, 2016
    Messages:
    325
    Likes Received:
    97
    Gender:
    Male
    My password:[email protected]
     
    • Thanks Thanks x 1
  10. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    10,604
    Likes Received:
    3,079
    so the phpmyadmin public url is your domain and port to get into phpmyadmin login screen
    did you no that?

    then they run a script to brute force the password.

    then they backup all your database info and then !!ransom!! you with a email.
     
    • Thanks Thanks x 1
  11. chickab00m

    chickab00m Newbie

    Joined:
    Apr 6, 2019
    Messages:
    38
    Likes Received:
    9
    Gender:
    Male
    Ruthless...tools for finding sites with vulnerabilities are getting better and probably cheaper.

    I'm currently building an Ecom site on a new VPS. First time doing it this way, always went with shared host in the past. It's easy to get lost in speed optimization when setting everything up, and thus overlook all the little details that hacker love to exploit. This post definitely has me more worried about best practices for server security (or rather what I need to be asking my database guy to setup.)

    Does anyone with database security chops have any good tips for preventing hacks like the one OP encountered?
     
  12. userAnonyme

    userAnonyme BANNED BANNED

    Joined:
    Aug 14, 2016
    Messages:
    325
    Likes Received:
    97
    Gender:
    Male
    My phpmyadmin url is public.
    the [email protected] has automated the process.
     
  13. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    10,604
    Likes Received:
    3,079
    this is what i would do.
    below example .
    https://www.digitalocean.com/commun...install-and-secure-phpmyadmin-on-ubuntu-18-04

    you use .htacces to restric phpmyadmin while online and restrict the file it in.

    only you the logged into the computer can access them files only .
     
    • Thanks Thanks x 1
    Last edited: Jun 19, 2019
  14. redarrow

    redarrow Elite Member

    Joined:
    Apr 1, 2013
    Messages:
    10,604
    Likes Received:
    3,079
    i no that what i said password brute forced .
     
    • Thanks Thanks x 1
  15. Aaric

    Aaric Jr. VIP Jr. VIP

    Joined:
    Mar 7, 2010
    Messages:
    2,836
    Likes Received:
    1,688
    Gender:
    Male
    Occupation:
    Vendor to ORM Experts. GMB, Yelp, Trustp, Angies
    Location:
    Riverside, CA
    Home Page: