Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Project Euler has been hacked (projecteuler.net)
80 points by donutboy on Aug 2, 2015 | hide | past | favorite | 35 comments


One of my side-projects was to convert all of Project Euler into a straightforward offline flat text file:

http://kmkeen.com/local-euler/

At the time of the last hacking incident, this was pretty much the only mirror of PE. Since then the textfile has been updated and includes some (hashed) answers.


Thanks for doing this!

Project Euler people, there's no shame in unbundling your problem set and your web app. Actually, those are two different projects, so unbundling them would be technically sweet. Release your problems on GitHub or wherever. Do the webapp as a related project.

keenerd, any chance you saved the HTML for the problems as well? If so could you release it? As nice as it is to have text versions of the problems, I'm suspicious some things were lost in the transition, e.g. if they used italics anywhere.


Took this screenshot last night: https://i.imgur.com/pl22srz.png

I would have reported it to someone at project euler but couldn't find any contact information beyond a link to an inactive forum.


WHOIS is usually useful in these cases:

    $ whois projecteuler.net | grep -i email
    Registrar Abuse Contact Email: support@domainbox.com
    Registrant Email: projecteuler.net@...
    Admin Email: projecteuler.net@...
    Tech Email: projecteuler.net@...


Yea, I saw it too.


It's sad that someone would hack a site like this. The only thing they could possibly want are the email and password combinations. I hope they are stored in a secure way.


There are plenty of other motivations. It could be:

1) a novice hacker looking for experience 2) an automated bot that scanned IPs for some vulnerability and acted on its own when it found one 3) someone looking to extort the owner for money 4) someone with a personal vendetta against the owner 5) someone looking to secretly plant bitcoin mining software on the servers (who got caught) 6) someone looking to alter their own score to help them get some sort of math job

I could probably go on for a while, but you get the point. It's hard to ascribe intent to this sort of thing without more information.


5) The Bitcoin mining thing is a bit of a historic artifact, today you could barely achieve a cent per month on even the very fastest of cpus


Or 7) someone who did it for teh lulz. While rare, this also happens. But I agree; it's hard to guess motivations behind the attack without more info.


8) Waterholing targeting a user or group that frequents the site?

I like #2 though, or as I'd put it: flotsam of the internet, like how slammer ended up at davis besse.


As Project Euler is completely free and has a positive impact on the programming community, it would be very sad if the reasons for the hacking were 3) or 4).


I would discard 1) cause a real hacker, even if novice, would enter without damaging or stopping the service. He/She would maybe report to the owner the vulnerability or even would keep it secret.


It was posted elsewhere that visiting the hacked site triggered downloads of "flash_updater.exe" type trojans, so maybe one reason for the hack was to spread malware.


Think about agencies, not private actors — then this site makes a perfect target. Recruit and subvert are basic tasks for these agenices, and to do so you need information about the candidates. This website had probably a significantly higher proportion of interesting prospects.


But what information was even held on the website. Wasn't it just a public listing of usernames with the score.

According to this https://news.ycombinator.com/item?id=8181773 then don't even store emails anymore.


What kind of a world do we live in, when a guy can't even run an educational mathematics website without getting hassled?


I blame Project Quaternion.


Again? Why do people do this? It'd probably be easier to export everything to static HTML with solutions hidden, and serve just that.


You mean it has been hacked in the past?


Last time it was hacked about a year ago. This is the relevant HN discussion when the site went back again:

https://news.ycombinator.com/item?id=8181773


Yeeeep. It got hacked in the past and was down for awhile cause of the hack too.


How would that help? If someone hacks the server they can change it to serve whatever they want.


Because a static HTML server can't be hacked unless there's some vulnerability in Nginx/Apache/whatever HTTP server (which are rare and a very big deal).


If this has happened before I don't see why they're not trying to take steps to avoid this in the future. I imagine their codebase ought to be inspected, if that was the root of both hacks. Otherwise, they should consider updating their systems more frequently. Maybe they should reach out to their community, it's a sizable site that could probably receive help to strengthen security. Ah well.


What kind of sickos would hack project euler.


Wait. That was a problem that shouldn't be solved?


Came to know about projecteuler just now and found the site has been hacked. What a pity. Hope it gets back live again.


"Es gibt schon schöne Trotteln!" (Armin Wolf)


Ganz genau ;)


Man, I'd just solved one of the problems. Hope I get a chance to find out how I did.


SAD! Wish Project Euler quick recovery


It's back online!


Can't login though.


Checking answers is possible though.


Hasn't this happened before? Clearly they have security issues abound.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: