Music Bots Getting Stolen.

[Flelux]

My music bot left my server saying requested via api.

And it joined a server called blackfield.net without my perm.
and i was talking to people on the server who are having the same issue.

they have a channel called #opsinusbots and it has LOADS of other peoples sinusbots with their ip as their nickname.

It appears they are somehow stealing other peoples bots.

 

[mxschmitt]

Did you not change your default password?

 

[Flelux]

Whoops!
Yeah i did forget.
I just didn't expect anyone to find my ip and know it had a bot on it.

Anyhow My Bad .

Thanks for the reply.

 

[flyth]

Could you please provide some logs and the version of the bot?

 

[OsoBradas]

Ofcourse, where can i find the logs?

 

[OsoBradas]

I'am running SinusBot 0.9.8 on Windows Server 2012

 

[flyth]

If you haven't specified a log file it's in the window. Or inside the interface bot/instance log.

 

[OsoBradas]

Got some bad news and good news.
Bad news: I specified the log file but the only thing that's inside of it is "aaaaaaaaaaaa.aa". And becuase i shut the sinusbot down i also don't have a windowlog.
Good news: Some strange things are happening at my console right now, i hope it's something that helps!

Question: How do i reset my admin-password on a Windows 2012 Sinusbot? Because the -pwreset doen't seem to be available on windows?

 

[flyth]

Hmm someone is controlling your bot, yes (but with a valid login). Sad that there's no log. 0.9.8 didn't have a preset, sorry.

 

[OsoBradas]

I hope we'll find someone else with a working log!

After looking around, i found lots of TS3 client logs from the bot. If you need those, hit me up! Because i'm not gonna share those in public.

 

[bradstheannoying]

i have the same issue as above, if i can provide logs to help i will but i hope something can be found out about this

 

[OsoBradas]

Could you please provide the logs? Cause i'm quite curious aswel!

 

[bradstheannoying]

instance log is the one you want?

pastebin.com/8Tz07bG9

 

[flyth]

Botlog as well, please.
Also: any info on which user you know and which you don't? Also: did you ever change your password?

 

[bradstheannoying]

only have the instance log im afraid, i will grab the botlog if it happens again. i know all the users in the log, i think it had the defaults for the password

 

[Flelux]

Unfortunately i didnt save the log (which i should of) when it happend so i can only provide basic info like.

OS: Ubuntu 14.04 64bit
Port: 8087
It happend at around 21/06/2016 4:20pm

Im not sure if it will help, but more info the better .

 

[Flelux]

Also thanks OsoBradas i'll try that now.

 

[thetruestarr1337]

My Bot got "hacked" too. Same as above. But i have an own password that nobody can know. So there is a security hole in the sinusbot.

Latest Sinusbot on Ubuntu 14.04

Bot connects to: jpserv.ddns.net and changeyourpassword.ddns.net

Im trying to find the Botlogs

 

[OsoBradas]

There are 2 people doing this. One of which is just trying to help everyone with the default password problem. When you join the jpserv.ddns.net ts3 server wou"ll find someone called config.json. He's the creator of a small script that did 50% of this "raid". hes a good guy and he said that he did this for learning purposes.

You should only be scared when your bots are connecting to different servers than the ddns.net ones. Because this is the other guy behind all this, and he's abusing a bug he says. Only thing he would tell me is that he ISN'T using a default password session for the bots. But something else he found a couple weeks ago.

 

[cappyof]

I've got the same problem. Bot is joining some blackfields network ts server, and I can't login to the webpanel. There was no person on earth who could know my admin password.