"Nobody knows my password", blah blah and last time, they started SinusBot with root, right?
-
If you need help or want to discuss things, you now can also join us on our Discord Server!
-
A first preview of the unlimited version of SinusBot can be found in the Upcoming Changes thread. A version for Windows will follow, but we don't have a release date, yet.
- Status
OsoBradas
Member
You can reset your admin password with the following linux command: ./sinusbot -pwreset=foobar
NOTE: This only works on Linux, the Windows version doesn't has this (as fas as i know)
If you're running SinusBot on windows there's another way, but it takes some time. Contact me through PM if you need help with that.
Xenthys
Member
Hi, sorry for the very late reply. I just saw this thread thanks to another forum user and I will talk in the name of Blackfields Network.
The guy who created the script first had it to probe SinusBot installations on the default port, he then tried to use the default login and he's been pretty surprised to access that many bots.
He then got the idea to park them somewhere, and needed a server for that. As we are a non-profit with a NPL, he decided to use our server as a default server with 32 slots was obviously too little.
I asked him to use another server, which he did (his server magically got thousands of slots) at a later time, which is the ddns.net address you talked about.
This is the reason why you have probably seen our name, your bot was among the first ones to be "stolen" and therefore redirected to us by his script.
I am available if you have any question about that story. Please keep in mind that I did not use that script, I did not create it and I do not endorse it.
The only "hack" I know at this date is the one using the default password, and no, I do not have that script, I just met the creator.
I am therefore not linked with any "raid", and nor is Blackfields Network.
Last edited:
AmericanSprite
New Member
how about adding some anti bruteforce options into the bot? And how about making the html/php script public, so we could edit it or at least run it on another webservice like apache2 / nginx?
running 0.9.15 and pretty pissed to read that. I was just about to make the port public. ://
edit: just a quick thought: would it be possible to set up a http auth before the webapp loginpage?
running 0.9.15 and pretty pissed to read that. I was just about to make the port public. ://
edit: just a quick thought: would it be possible to set up a http auth before the webapp loginpage?
proxy pass on nginx + basic http auth
AmericanSprite
New Member
webpage wont run properly on port 80. So no reverseproxy with auth for it on iis.. ://
the hole webpanel is just unreachable at port 80 even local on the same machine.i have no other known webservers installed on that machine. running ubuntu 16.04.1
the hole webpanel is just unreachable at port 80 even local on the same machine.i have no other known webservers installed on that machine. running ubuntu 16.04.1
AmericanSprite
New Member
great got it up and running over https with basic auth and some other neats. 
Thanks for the reverseproxy idea!
What helped me:
https://forums.iis.net/t/1196942.aspx
BTW: port 80 is still fucked somehow.
Thanks for the reverseproxy idea!
What helped me:
https://forums.iis.net/t/1196942.aspx
BTW: port 80 is still fucked somehow.
First: The bot is no 'script'. It's a compiled application. Not everything on the Internet is PHP that has to use an external webserver to be served.
Second: That was an attack using the default credentials that were used on install until 0.9.11. Until then, obviously not FORCING people to change it, was not the best design choice in terms of security. That however changed since 0.9.12 some months ago.
Third: The bot doesn't prevent brute force itself (yet), but it logs failed attempts including the source IP - with that it is pretty simple to e. g. build a module for fail2ban, which is pretty common for blocking brute force attacks. I'm sure some people are already using it.
Actually, I see no reason to be 'pissed', IF you changed the password, should they ever were admin/foobar on your system at all.
- Status