What to do if you can't access the website
Posted: Tue May 04, 2021 9:23 am
This post describes what to do if you can't access the website. You may have been directed here through a link in a support ticket or elsewhere in the forums.
Invalid captchas
For several months, for an unknown reason, about 1.2 million IP addresses sent login requests to Prohashing with random usernames and passwords. However, because Prohashing requires a captcha when a customer attempts to login without visiting the website first, all of the login attempts failed and no money was stolen. Even if a login attempt had been successful, the customer would have been notified by E-Mail that his or her payout addresses had been changed.
Most likely, a criminal paid money to a "botnet" operator, believing that (s)he could successfully hack Prohashing accounts through this automated method, but failed to realize that the captcha system would protect accounts. The criminals simply wasted a lot of money.
IP bans
While there was never any danger of money being lost, there have been about 1.2 billion requests, and processing so many requests caused high server load. To reduce load, Prohashing ignores network packets originating from IP addresses that repeatedly fail captcha requests. Simply mistyping your password will not result in a ban.
A common result of this ban method is that a home or office network will be banned, but a cell phone will still be able to access the site.
IP bans are only effective for access to the website, and not to any of Prohashing's other services, so customers can still submit support tickets and comment on the forums. If you are also unable to access any of Prohashing's services other than the website, then you have a different issue and you should submit a support ticket to start an investigation into that issue.
How this affects you
If you receive a "connection timed out" message while attempting to connect to Prohashing's website, then it is likely that your IP address was banned. The cause of the ban is that a computer using the IP address is infected with malware. Criminals are using the infected computer to steal credit card numbers, bitcoins, and identity information from Prohashing and other sites.
You need to take immediate action to clear the malware from your network. Otherwise, if it turns out that your computers are used to commit a crime, your ISP could terminate service to you, or the police could involve you in an investigation. It is very likely that the malware is not only sending bad requests to Prohashing, but also to hundreds of other websites simultaneously. The malware could also do things to your own computers, like delete data, or encrypt files and demand bitcoins in exchange for the decryption key.
Malware is also known to search for cryptocurrency wallet keys on local networks, and to modify system clipboards to paste different destination addresses.
How to find the malware
If your computer is connected directly to the ISP's router, like a single computer plugged directly into a cable modem using an Ethernet cable, then the infection source is your own computer. Scan the computer with a virus scanner, upgrade the operating system to the latest version with all updates, and reboot the computer.
If your have installed a router behind the ISP's router, then that router could be infected, or any device behind it could be infected. You need to scan every computer, tablet, and phone that has used the router for viruses, and upgrade all of them to the latest version of their operating systems. You should install the latest Windows updates, or the equivalent for Macs, on your devices, and then reboot all of them.
However, the most likely location for the malware is in surveillance cameras, lightbulbs, and the router itself. Upgrade all of these devices to the latest firmware. Additionally, check that the default password is not in use on any of these devices. Some routers, for example, have web interfaces that have a default password of "root," which hackers easily guess. Change the default password, upgrade the firmware, and reboot.
You must reboot all devices after upgrading them so that infections already in memory are removed.
What to do in offices
If you are trying to access Prohashing's website from an office, and the office's IP address is banned, then you should notify your supervisor that a device in the office is infected.
After detecting the infection
After you've determined the source of the infection, submit a support ticket to Prohashing and Chris will remove the ban from the website.
You must determine the cause of the infection before Chris can remove the ban because if you do not, the infected computer will continue to overload the website with requests. To provide great service to other customers, we need to reduce load on the website as low as possible. Chris is willing to work with you if your IP address is banned a second time to continue the research into which computer is infected.
Conclusion
Thanks for your understanding in helping us protect Prohashing's services, and feel free to submit a support ticket if you have specific questions about malware issues.
Invalid captchas
For several months, for an unknown reason, about 1.2 million IP addresses sent login requests to Prohashing with random usernames and passwords. However, because Prohashing requires a captcha when a customer attempts to login without visiting the website first, all of the login attempts failed and no money was stolen. Even if a login attempt had been successful, the customer would have been notified by E-Mail that his or her payout addresses had been changed.
Most likely, a criminal paid money to a "botnet" operator, believing that (s)he could successfully hack Prohashing accounts through this automated method, but failed to realize that the captcha system would protect accounts. The criminals simply wasted a lot of money.
IP bans
While there was never any danger of money being lost, there have been about 1.2 billion requests, and processing so many requests caused high server load. To reduce load, Prohashing ignores network packets originating from IP addresses that repeatedly fail captcha requests. Simply mistyping your password will not result in a ban.
A common result of this ban method is that a home or office network will be banned, but a cell phone will still be able to access the site.
IP bans are only effective for access to the website, and not to any of Prohashing's other services, so customers can still submit support tickets and comment on the forums. If you are also unable to access any of Prohashing's services other than the website, then you have a different issue and you should submit a support ticket to start an investigation into that issue.
How this affects you
If you receive a "connection timed out" message while attempting to connect to Prohashing's website, then it is likely that your IP address was banned. The cause of the ban is that a computer using the IP address is infected with malware. Criminals are using the infected computer to steal credit card numbers, bitcoins, and identity information from Prohashing and other sites.
You need to take immediate action to clear the malware from your network. Otherwise, if it turns out that your computers are used to commit a crime, your ISP could terminate service to you, or the police could involve you in an investigation. It is very likely that the malware is not only sending bad requests to Prohashing, but also to hundreds of other websites simultaneously. The malware could also do things to your own computers, like delete data, or encrypt files and demand bitcoins in exchange for the decryption key.
Malware is also known to search for cryptocurrency wallet keys on local networks, and to modify system clipboards to paste different destination addresses.
How to find the malware
If your computer is connected directly to the ISP's router, like a single computer plugged directly into a cable modem using an Ethernet cable, then the infection source is your own computer. Scan the computer with a virus scanner, upgrade the operating system to the latest version with all updates, and reboot the computer.
If your have installed a router behind the ISP's router, then that router could be infected, or any device behind it could be infected. You need to scan every computer, tablet, and phone that has used the router for viruses, and upgrade all of them to the latest version of their operating systems. You should install the latest Windows updates, or the equivalent for Macs, on your devices, and then reboot all of them.
However, the most likely location for the malware is in surveillance cameras, lightbulbs, and the router itself. Upgrade all of these devices to the latest firmware. Additionally, check that the default password is not in use on any of these devices. Some routers, for example, have web interfaces that have a default password of "root," which hackers easily guess. Change the default password, upgrade the firmware, and reboot.
You must reboot all devices after upgrading them so that infections already in memory are removed.
What to do in offices
If you are trying to access Prohashing's website from an office, and the office's IP address is banned, then you should notify your supervisor that a device in the office is infected.
After detecting the infection
After you've determined the source of the infection, submit a support ticket to Prohashing and Chris will remove the ban from the website.
You must determine the cause of the infection before Chris can remove the ban because if you do not, the infected computer will continue to overload the website with requests. To provide great service to other customers, we need to reduce load on the website as low as possible. Chris is willing to work with you if your IP address is banned a second time to continue the research into which computer is infected.
Conclusion
Thanks for your understanding in helping us protect Prohashing's services, and feel free to submit a support ticket if you have specific questions about malware issues.