38 comments

[ 2.2 ms ] story [ 31.8 ms ] thread
Man, I'd just solved one of the problems. Hope I get a chance to find out how I did.
Wait. That was a problem that shouldn't be solved?
It's sad that someone would hack a site like this. The only thing they could possibly want are the email and password combinations. I hope they are stored in a secure way.
(comment deleted)
Think about agencies, not private actors — then this site makes a perfect target. Recruit and subvert are basic tasks for these agenices, and to do so you need information about the candidates. This website had probably a significantly higher proportion of interesting prospects.
There are plenty of other motivations. It could be:

1) a novice hacker looking for experience 2) an automated bot that scanned IPs for some vulnerability and acted on its own when it found one 3) someone looking to extort the owner for money 4) someone with a personal vendetta against the owner 5) someone looking to secretly plant bitcoin mining software on the servers (who got caught) 6) someone looking to alter their own score to help them get some sort of math job

I could probably go on for a while, but you get the point. It's hard to ascribe intent to this sort of thing without more information.

Or 7) someone who did it for teh lulz. While rare, this also happens. But I agree; it's hard to guess motivations behind the attack without more info.
8) Waterholing targeting a user or group that frequents the site?

I like #2 though, or as I'd put it: flotsam of the internet, like how slammer ended up at davis besse.

5) The Bitcoin mining thing is a bit of a historic artifact, today you could barely achieve a cent per month on even the very fastest of cpus
As Project Euler is completely free and has a positive impact on the programming community, it would be very sad if the reasons for the hacking were 3) or 4).
I would discard 1) cause a real hacker, even if novice, would enter without damaging or stopping the service. He/She would maybe report to the owner the vulnerability or even would keep it secret.
It was posted elsewhere that visiting the hacked site triggered downloads of "flash_updater.exe" type trojans, so maybe one reason for the hack was to spread malware.
Again? Why do people do this? It'd probably be easier to export everything to static HTML with solutions hidden, and serve just that.
How would that help? If someone hacks the server they can change it to serve whatever they want.
Because a static HTML server can't be hacked unless there's some vulnerability in Nginx/Apache/whatever HTTP server (which are rare and a very big deal).
One of my side-projects was to convert all of Project Euler into a straightforward offline flat text file:

http://kmkeen.com/local-euler/

At the time of the last hacking incident, this was pretty much the only mirror of PE. Since then the textfile has been updated and includes some (hashed) answers.

Thanks for doing this!

Project Euler people, there's no shame in unbundling your problem set and your web app. Actually, those are two different projects, so unbundling them would be technically sweet. Release your problems on GitHub or wherever. Do the webapp as a related project.

keenerd, any chance you saved the HTML for the problems as well? If so could you release it? As nice as it is to have text versions of the problems, I'm suspicious some things were lost in the transition, e.g. if they used italics anywhere.

Get off the internet noobz, or people will do it for you.

Teaches them right! They think they know how to host websites, but they are wrong.

Your computer is not yours if you don't know how it works. Same thing with web servers. No control=No ownership.

I hope this teaches them a lesson. If you want to host content on the Net, pay someone to do it. You don't have any clue what you are doing.

Period!

Took this screenshot last night: https://i.imgur.com/pl22srz.png

I would have reported it to someone at project euler but couldn't find any contact information beyond a link to an inactive forum.

WHOIS is usually useful in these cases:

    $ whois projecteuler.net | grep -i email
    Registrar Abuse Contact Email: support@domainbox.com
    Registrant Email: projecteuler.net@...
    Admin Email: projecteuler.net@...
    Tech Email: projecteuler.net@...
What kind of sickos would hack project euler.
"Es gibt schon schöne Trotteln!" (Armin Wolf)
What kind of a world do we live in, when a guy can't even run an educational mathematics website without getting hassled?
I blame Project Quaternion.
Came to know about projecteuler just now and found the site has been hacked. What a pity. Hope it gets back live again.
Hasn't this happened before? Clearly they have security issues abound.
If this has happened before I don't see why they're not trying to take steps to avoid this in the future. I imagine their codebase ought to be inspected, if that was the root of both hacks. Otherwise, they should consider updating their systems more frequently. Maybe they should reach out to their community, it's a sizable site that could probably receive help to strengthen security. Ah well.