Atlayo hacked? (Full story)

Posted January 1,2019 in Other.

2350 Followers 1321 Views
Atlayo hacked? (Full story)

Greetings to all readers and faithful users.

This article details what has happened last month (and all).

It is written year 2017 is January and at that time one user send me a file. I'm a complete beginner in the Tor community, and I open that file and nothing happend so I'm ignore it and I delete that file.

Surprisingly, it was a virus, he picked from my computer (at that time) important documents such as TO-DO List.txt, in which I had all the data, passwords and other ideas.
After this find out all the passwords and export entire Database and the current delete.. a lots everything..

I feel really terrible, I've lost something I care so much..

I made contact with the hacker and the led hour conversation..I tried different ways to get everything back..and then..actually I did it!

We started to work on the Encrypt module, which would protect all the users here.
I really did a lot of tests on all possible ways for best secure encrypt.
Then.. I met with the very rare user who has in Encryption very good experience.
We started to work together and constantly figuring out how to do it all.. During the test I started to test the encrypt module and sometime in January 2017 I created in the root file encrypt_db.php and this file save us now...

Occurs day 1/6/19, when I realease Update (*Image*) in which each user could upload the file as he wished.

And I make a Hole, in which I forgot to disable uploading .PHP files.
Hackers will take advantage of that and upload here the Exploit, which enables Show all files and folders. (Something like  file manager)
They look at the file config.php and will download again the entire database and also files like index.php, encrypt_db.php
With the feeling that the encrypt_db.php contains everything to decrypt the database.

But unsuccessfully.. Downloaded year old script, which contained a 1nd generation of de/encryption here.

All keys for En/Decrypt are hidden deep in the network, so there is no possibility to get them through any attack.

Shared key (contains content of file encrypt_db.php), which you can find on the DeepPaste and similar sites are wrong, through these keys you never decrypt anything, it is only the illusion of how to Make our network a bad name.

I also noticed the Release of my name and Address on some pages, that's too bad.. These text files do not contain any personal information about me. These data are collected only on the pages of entrepreneurs such as HERE.

Never take seriously what people write.
Look for ways to verify if this is all true.