• If you need help or want to discuss things, you now can also join us on our Discord Server!
  • A first preview of the unlimited version of SinusBot can be found in the Upcoming Changes thread. A version for Windows will follow, but we don't have a release date, yet.

Music Bots Getting Stolen.

Status
Not open for further replies.

Flelux

Member
My music bot left my server saying requested via api.

And it joined a server called blackfield.net without my perm.
and i was talking to people on the server who are having the same issue.

they have a channel called #opsinusbots and it has LOADS of other peoples sinusbots with their ip as their nickname.

It appears they are somehow stealing other peoples bots.
 
Last edited:

mxschmitt

Moderator
Staff member
is awesome!
V.I.P.
is uber awesome!
Contributor
Insider
Did you not change your default password?
 

Flelux

Member
Whoops!
Yeah i did forget.
I just didn't expect anyone to find my ip and know it had a bot on it.

Anyhow My Bad :D.

Thanks for the reply.
 

flyth

is reticulating splines
Staff member
Developer
Contributor
Could you please provide some logs and the version of the bot?
 

flyth

is reticulating splines
Staff member
Developer
Contributor
If you haven't specified a log file it's in the window. Or inside the interface bot/instance log.
 

OsoBradas

Member
Got some bad news and good news.
Bad news: I specified the log file but the only thing that's inside of it is "aaaaaaaaaaaa.aa". And becuase i shut the sinusbot down i also don't have a windowlog.
Good news: Some strange things are happening at my console right now, i hope it's something that helps!

Question: How do i reset my admin-password on a Windows 2012 Sinusbot? Because the -pwreset doen't seem to be available on windows?
 

Attachments

  • Sinusbot Hacked 4.PNG
    Sinusbot Hacked 4.PNG
    157.7 KB · Views: 89

flyth

is reticulating splines
Staff member
Developer
Contributor
Hmm someone is controlling your bot, yes (but with a valid login). Sad that there's no log. 0.9.8 didn't have a preset, sorry.
 

OsoBradas

Member
I hope we'll find someone else with a working log!

After looking around, i found lots of TS3 client logs from the bot. If you need those, hit me up! Because i'm not gonna share those in public.
 

flyth

is reticulating splines
Staff member
Developer
Contributor
Botlog as well, please. :)
Also: any info on which user you know and which you don't? Also: did you ever change your password?
 
only have the instance log im afraid, i will grab the botlog if it happens again. i know all the users in the log, i think it had the defaults for the password
 

Flelux

Member
Unfortunately i didnt save the log (which i should of) when it happend so i can only provide basic info like.

OS: Ubuntu 14.04 64bit
Port: 8087
It happend at around 21/06/2016 4:20pm

Im not sure if it will help, but more info the better :D.
 
My Bot got "hacked" too. Same as above. But i have an own password that nobody can know. So there is a security hole in the sinusbot.

Latest Sinusbot on Ubuntu 14.04

Bot connects to: jpserv.ddns.net and changeyourpassword.ddns.net

Im trying to find the Botlogs
 

OsoBradas

Member
There are 2 people doing this. One of which is just trying to help everyone with the default password problem. When you join the jpserv.ddns.net ts3 server wou"ll find someone called config.json. He's the creator of a small script that did 50% of this "raid". hes a good guy and he said that he did this for learning purposes.

You should only be scared when your bots are connecting to different servers than the ddns.net ones. Because this is the other guy behind all this, and he's abusing a bug he says. Only thing he would tell me is that he ISN'T using a default password session for the bots. But something else he found a couple weeks ago.
 
Last edited:

cappyof

Member
I've got the same problem. Bot is joining some blackfields network ts server, and I can't login to the webpanel. There was no person on earth who could know my admin password.
 
Status
Not open for further replies.
Top