• If you need help or want to discuss things, you now can also join us on our Discord Server!
  • A first preview of the unlimited version of SinusBot can be found in the Upcoming Changes thread. A version for Windows will follow, but we don't have a release date, yet.

Music Bots Getting Stolen.

Status
Not open for further replies.

iTaskmanager

Well-Known Member
Tier II
Tier III
Tier I
Insider
"Nobody knows my password", blah blah and last time, they started SinusBot with root, right?
 

Felaex

Member
My bot is also hacked.
Admin and user logins not functional.
Yesterday I was logged in and someone (not me or my other admin) changed the server ip to "n00b".

Can someone help me?
 

OsoBradas

Member
My bot is also hacked.
Admin and user logins not functional.
Yesterday I was logged in and someone (not me or my other admin) changed the server ip to "n00b".

Can someone help me?

You can reset your admin password with the following linux command: ./sinusbot -pwreset=foobar
NOTE: This only works on Linux, the Windows version doesn't has this (as fas as i know)

If you're running SinusBot on windows there's another way, but it takes some time. Contact me through PM if you need help with that.
 

Xenthys

Member
I've got the same problem. Bot is joining some blackfields network ts server, and I can't login to the webpanel. There was no person on earth who could know my admin password.

Hi, sorry for the very late reply. I just saw this thread thanks to another forum user and I will talk in the name of Blackfields Network.

The guy who created the script first had it to probe SinusBot installations on the default port, he then tried to use the default login and he's been pretty surprised to access that many bots.
He then got the idea to park them somewhere, and needed a server for that. As we are a non-profit with a NPL, he decided to use our server as a default server with 32 slots was obviously too little.
I asked him to use another server, which he did (his server magically got thousands of slots) at a later time, which is the ddns.net address you talked about.

This is the reason why you have probably seen our name, your bot was among the first ones to be "stolen" and therefore redirected to us by his script.

I am available if you have any question about that story. Please keep in mind that I did not use that script, I did not create it and I do not endorse it.
The only "hack" I know at this date is the one using the default password, and no, I do not have that script, I just met the creator.
I am therefore not linked with any "raid", and nor is Blackfields Network.
 
Last edited:

AmericanSprite

New Member
how about adding some anti bruteforce options into the bot? And how about making the html/php script public, so we could edit it or at least run it on another webservice like apache2 / nginx?

running 0.9.15 and pretty pissed to read that. I was just about to make the port public. ://


edit: just a quick thought: would it be possible to set up a http auth before the webapp loginpage?
 

AmericanSprite

New Member
webpage wont run properly on port 80. So no reverseproxy with auth for it on iis.. ://

the hole webpanel is just unreachable at port 80 even local on the same machine.i have no other known webservers installed on that machine. running ubuntu 16.04.1
 

flyth

is reticulating splines
Staff member
Developer
Contributor
how about adding some anti bruteforce options into the bot? And how about making the html/php script public, so we could edit it or at least run it on another webservice like apache2 / nginx?

running 0.9.15 and pretty pissed to read that. I was just about to make the port public. ://


edit: just a quick thought: would it be possible to set up a http auth before the webapp loginpage?

First: The bot is no 'script'. It's a compiled application. Not everything on the Internet is PHP that has to use an external webserver to be served.

Second: That was an attack using the default credentials that were used on install until 0.9.11. Until then, obviously not FORCING people to change it, was not the best design choice in terms of security. That however changed since 0.9.12 some months ago.

Third: The bot doesn't prevent brute force itself (yet), but it logs failed attempts including the source IP - with that it is pretty simple to e. g. build a module for fail2ban, which is pretty common for blocking brute force attacks. I'm sure some people are already using it.

Actually, I see no reason to be 'pissed', IF you changed the password, should they ever were admin/foobar on your system at all.
 
Status
Not open for further replies.
Top