Bitcoin Forum

We are currently having an issue with our service provider and our public IP space. All servers are functioning fine, all accounts are secure and all fund are safe. As soon as our providers fix the issue we will be back online. Thank you.

It's interesting that vircurex and bter are down at the same time.  ???

Thanks for the update, John.

We have no official word from provider on why the IP space is down. Though it seems obvious that it may be an attack at this point we cannot rule out coincidence.

Thanks for the updates, bloody computers they really no good for anything.

DDos!

Thanks for the update. Any ETA on when it might be back up?

prolly that same chinese ip address as the pwc attack

Our provider has hard reset the servers and is acknowledging that there is odd network activity at this time. Again much like many coins its pure speculation at this point :)

Provider is saying that there really isn't a bandwidth problem and that it may be a hardware issue. Still being worked at this time.

Can you estimate the time cryptsy will be back again ?

We have been escalated up the support ladder by the provider........ *insert favorite Muzak here*

Crackling so bad, terrible.. I hate that on hold music. :P

thanks for the updates :) hope it gets fixed soon :)

I can load the webpage, but vircurex and bter are down yet. I will wait with login until John approves.

all three YAC exchanges at the same time before YAC N changes to 10 .. coincidence ?! ;)

Big thanks to the guys at cryptsy for all their hard work and it is great to hear funds are safe. Try to see this as a good test of cryptsy's systems and when you are back running it will show what a professional site you guys run.

Can haz nullroute?

Provider is now officially calling it a DDOS again all funds are fine exchange is actually running just fine internally of course noone can get to it which is obviously an issue :)

thanks BitJohn for the official info


just keeping  calm and be patience :)

Good job :) Thanks for the update!

hmmmm... i'll stop the attack if you pay me 100 BTC!!! :P

Chrome just gave me a warning message when I tried to access cryptsy stating that the server was identified as secure.4rx.com. What's the deal with that?

I'll do it for 50 :D

Yeah I wouldn't log in until this question gets answered.

Expect another hour of downtime attack seems to be subsiding we are using the downtime to enable additional protections to prevent this in the future. Sorry for the delay. Some folks just want to see the world burn.

have you tried the ddos protect implementation in your htaccess file? i think apache comes with a template and tutorial that shows you how to do it.

Yes I just got the same thing. I cannot find anything on 4rx.

That sounds like a smart way to trick users into putting their data through another source.

I will announce when the site is fully operational. Again your funds and accounts are fine just a nice DDOS attack. We are implementing additional features with this downtime to deter this attack in the future.

its some kind of pharmaceutical phishing website

Good thing I didn't go on to the site then...

That will work vs script kiddies, not vs botnets.
Waiting for you to come back on :)

SSL is down
SSL requests not supported for www.cryptsy.com
The site is not configured with SSL support.

It is not down, it is serving an invalid SSL certificate issued to an unrelated entity (secure.4rx.com) which might indicate a quite serious man-in-the-middle attack (https://en.wikipedia.org/wiki/Man-in-the-middle_attack)


Nobody should try to login even if the site comes back until this is fully resolved

actually that does work versus botnets. if you recall trollzilla, my ddos protect stopped a flood of 1100+ chinese ips at my website. however they still chewed up 430 gb bandwidth in an hour attempting to flood the server. it worked and my account was cancelled.

I can confirm invalid SSL certificate. I'm getting SSL cert for *.professionalperformanceonline.nl -- definitely not going to log in.

Yes please wait until we confirm that our servers are back online.

Can you tell us who your service provider is?

UPDATE EDIT: now www.cryptsy.com resolves to IP 199.83.128.157, also Incapsula, North Carolina

Seems like Incapsula.com offers some DDoS protection and general web security and cryptsy.com just put them in front of their site? So at least not a MITM attack but possibly just some Incapsula fuckup

Please confirm BitJohn

still wading through details Ill have vern give the whole write up once the madness is over for now just wait for an official we are up before logging in

Hmmmmmmmmmm....

http://s21.postimg.org/rld9vgoyf/ooops.png

Mine is still pointing to secure.4rx.com over here. Interesting that you are getting something different.

Thank you for the update

Really? Do you really find that interesting?

Personally, it's not something I find at all interesting.

LOL...JK

For those of us with auto payout from pools sending directly to cryptsy deposit addresses, will those funds still transfer safely or at all? Should we stop the auto transfers until the site is back up?

John, can you please post the real IP address for cryptsy.com

I believe it is 166.78.0.180 but just want to confirm it.

~nh

Now that's weird


Seemingly unrelated to Incapsula..

but this:


resolves to 149.126.74.128, again Incapsula

Hopefully just some Incapsula issue

i cant speak for the cryptsy team, but i would atleast as a precautionary metric.

I'm not logging in yet, but at least now I see data ...

https://166.78.0.180/markets/view/43

~nhminer

Thanks for keeping everyone posted on the status of things!

You're sending it to their wallet not their website.. jeesh

Thanks for the update John!

Bad for letting the attack to happen.

Good for the constant communication and update, this is what's needed when this type of things happen.

waiting for bigsausagepizza.com to be the new re-route

I would highly advise against anyone using that link to attempt to login.  Especially since the SSL is not functioning.


I wouldn't necessarily blame the website operators for "letting" the attack happen, after all they are not the service provider.  I would assume they picked a provider who has some form of DDoS protection.

Yes our provider has DDOS protection however nothing is DDOS proof. We are implementing even more protections with this downtime and will be up VERY soon.

Agreed -- not for logging in, just to get data -- SSL certificate on this site will identify itself as cryptsy.com, which is correct -- the SSL match will fail b/c the link uses the IP address

~nh

Well, yeah from the weird SSL certs it kinda looks like the domain has been hijacked - possibly not, but without an official steer we're certainly in 'do not log in under any circumstances' territory.

If it *is* the case that the domain that got boosted but the real server hasn't been compromised (which if it has, is probably the case - there are far more elegant ways of doing this if you get control of the server) then your wallets are safe -  unless you log in, in which case the attacker would just scoop up your login details, use them to log into the real site, and drain your funds.

Didn't know if they had l33t online wallets or not. Good they didn't!!!

A record is: qrq4x.x.incapdns.net -> [ 149.126.77.157  ]
http://www.intodns.com/cryptsy.com

I logged in a few min ago to get my frank addy lol! Typed anyone home in the chat, lulz!

Hope you had 0 money in the account and had different passwords for other exchanges and used an account specific email and are now going to change all of that when the site is back to normal....

I agree on this one.
Else prepare to get hacked everywhere..

Hmm well I can access the site as per normal now, but ssl still isn't active and there's a little "Protected & Accelerated by Incapsula" pop-out on the side.

You lose at Internet.

Site is up waiting for SSL generation with new security service.

From BigVern on Cryptsy's Chatbox:

BigVern: @erpbridge: whoever made those screenshots prob has a virus then

....so I suggest you guys go get your virus scanners fixed.

Wrong that's coming from chroome and I had that a while ago too, now it's gone, and in my case it was a different url.. but heey i have a virus said the smart guy..
Tried again now it's another even more different url, but that's just my viruses..  ::)

Definitely not a virus, happened here on a stock iPad, a stock android device, and a clean win7 build.

Absolutely, categorically *not* a virus.

What does he say about the invalid certificate warnings regarding other domains, namely:


which several users here reported and which resolve to IPs associated with Incapsula.com, the DDoS mitigation service crytpsy are now apparently using as well?

If he thinks a virus is the most probable explanation then cryptsy needs a new security team. This should be fully resolved in cooperation with Incapsula, immediately, and a full attack mitigation statement and impact report be published here and on the site if there is any interested in maintaining a base level of user trust. The site doesn't even offer two-factor authentication and now a potential MITM is about to be swept under the "must be a virus" rug?

And nobody should login before any of that is resolved

not a virus, just looks like an invalid cert config

No, this is just a warning from chrome that your DNS record is still hosed.  It will take a while until the dns poisoning goes away

Yes, we are using Incapsula.   Still finishing the ssl setup with them.

Ip changes from time to time and you should not be accessing the site using the ip

BigVern

What is your SOA for DNS?  nslookup still returns the incapsula.com records

a:\BA\main>nslookup cryptsy.com 75.75.75.75
Server:  cdns01.comcast.net
Address:  75.75.75.75

Non-authoritative answer:
Name:    cryptsy.com
Addresses:  199.83.133.236
          199.83.134.32

I thought it was rackspace, but that wont' let me query it.

a:\BA\main>nslookup cryptsy.com ns1.rackspace.com
Server:  ns.rackspace.com
Address:  69.20.95.4

*** ns.rackspace.com can't find cryptsy.com: Query refused

it is my understanding that cryptsy will now operate under incapsulas dns protection layer/cdn network

Incapsula is the correct entry.   That is our new security service.

BigVern

Ok, but your cryptsy.co, is not valid for their certificate.

www.cryptsy.com uses an invalid security certificate.

The certificate is only valid for the following names:
  incapsula.com , *.aguasandinas.cl , *.aldimobile.com.au , *.alyn.org , *.api.sell-n.com , *.astabis.com , *.b54.com , *.bancdeswiss.com , *.banggood.com , *.bank54.com , *.careyou.com.au , *.chc.com.sg , *.e-c.co.il , *.empireoption.com , *.epaydataonline.com , *.forexmagnates.com , *.gcmforex.com , *.grouploop.com , *.hallmarkinstantstreaming.com , *.hallmarkspiritclips.com , *.ioption.com , *.kaboodlehq.com , *.kaboodlepilot.com , *.liderforex.com , *.manage.cm , *.minit.com , *.my.truck-n.com , *.ordertickets.ca , *.partitionhost.com , *.paycall.co.il , *.pinklily.com.au , *.rushmorebingo.com , *.servertastic.com , *.smarttradefx.com , *.spicy.com.br , *.stormbattle.net , *.tamuvu.com , *.traderush.com , *.traderxp.com , *.videntfinancial.com , *.vipbinary.com , *.winoptions.com , *.xfcu.org , *.yakitome.com , *.zenobiajewellery.com , aldimobile.com.au , alyn.org , api.sell-n.com , astabis.com , b54.com , bancdeswiss.com , banggood.com , careyou.com.au , chc.com.sg , cp.truststream.co.uk , elpmultimedia.com , empireoption.com , epaydataonline.com , forexmagnates.com , gcmforex.com , hallmarkinstantstreaming.com , hallmarkspiritclips.com , ioption.com , kaboodlehq.com , kaboodlepilot.com , liderforex.com , manage.cm , minit.com , my.truck-n.com , ordertickets.ca , partitionhost.com , paycall.co.il , pinklily.com.au , recettage.ria.neopod.fm-ged.com , redcappi.com , rushmorebingo.com , servertastic.com , smarttradefx.com , spicy.com.br , stormbattle.net , tamuvu.com , traderush.com , traderxp.com , videntfinancial.com , vipbinary.com , winoptions.com , www.e-c.co.il , www.elpmultimedia.com , www.homologpedidos.sodexho.com.br , www.redcappi.com , xfcu.org , yakitome.com , zenobiajewellery.com 

(Error code: ssl_error_bad_cert_domain)

~nh

just did a force refresh and got the same ^

Wow, is this real? They are using one SSL certificate for all of their customers which simply includes a giant list of all the domain names, meaning every Incapsula customer could potentially impersonate every other? So banggood.com can just MITM cryptsy.com if they manage to mess with their DNS records for example. Not sure if this is a CDN requirement or something but it does sound kinda shitty to me...

We are on a temporary certificate until a new one is generated for the new security provider. Wait until its in place.

good to know ya you are prolly catching unusual amount of traffic since ya'll are now linked to that satoshi mod'd thread...thanks

Yeah I'm waiting for a detailed report but in the meantime I am not talking about the fact that cryptsy.com is still missing from the list or that browsers are still giving a warning (because cryptsy.com is missing from the list) but I'm wondering why there is a certificate with a giant list in the first place (criticizing Incapsula)

Since they are using a temporary certificate they maybe all on the same temporary certificate. The sites listed could all currently be pending new certificates. That still leaves an open window for issues to occur if you knew about this exploit.

Yeah that could be, there is no good reason all the other sites would require a new certificate all at the same time though, unless there was some major incident, but let's wait and see.

We are still waiting for the correct ssl generation to remove that error.

BigVern

Not sure if whatever happened has been fixed, but the site seems to be working ok for me.

good times looks like the killer bath salts are flowing once again,,thanks team

I still getting an error (not in chrome but in Iexplorer and firefox) the message say that the cert was issued for another web address... weird that chrome show the cert as OK, anyone else having this issue?

Can I get out and push? Would it help? Generating a cert isn't THAT hard...

no we all good in the hood here swapped some pos dvc for ltc..thanks team

The get account information is no longer working, although the order book API seems to be.

I get this: <html><head><META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"></head><iframe src="/_Incapsula_Resource?CWUDNSAI=23_689B0D76&incident_id=32000010321540621-120418174173708308&edet=12&cinfo=acfaf6fdc753810520000000" frameborder=0 width="100%" height="100%" marginheight="0px" marginwidth="0px">Request unsuccessful. Incapsula incident ID: 32000010321540621-120418174173708308</iframe></html>

When I try and make a request for my account info.

Still getting an SSL error in google chrome.

Same here.

John and Vern

I hope I didint bring the big hammer of the USSA down on you ?

Here is what you have to say , state publicly that caps are to be used after the war.

And that you will have no retail market for them before so.

You have to play by the rules John.

** you know the rules John , they are the same ones Iraq and Lybia learned about.

Hi,

I still cannot access the API this morning. I tried HTTP instead of HTTPS incase it was the certificate, but still no joy.

I am guessing that the captcha thing in front of the site is now also in front of the API. Obviously having a "are you human" check in front of an API rather defeats the purpose! Please can you give me an idea of how soon that will be fixed?

Kate.

I'm having the same problem.

Still no certificate? ...

http://www.youtube.com/watch?v=qMy2ZbPkyvw&feature=player_detailpage

Mr Drake explains some stuff.

Comming from Mars.  ;D

You attempted to reach www.cryptsy.com, but instead you actually reached a server identifying itself as incapsula.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.cryptsy.com.
You should not proceed, especially if you have never seen this warning before for this site.

Can you tell me the time service will be OK?

Are there any issues with pending deposits? I have couple deposits with a lot more than 6 confirmations and still see it as 'pending' on cryptsy.

good work all working great now !

i have send 1 litecoin, but still my transaction, does not appear, and all 6 part are confirmed in my wallet
does cryptsy use the new client?

The website stopped working again.. I get "502 Bad Gateway"

DDOS round 2

i think the 502 is more due to the ssl coming back online. they adjusted their configuration to http and now they need to go back to ssl

Not sure about that man as http does not work.


Anyway its back now Woooo hooooo

yeah, but if when they setup ssl the dns changes to reroute through the ssl ip. until port configuration is changed from http to ssl you get a 502 bad gateway, because a http port and ssl port can't be open at the same time.

hope it gets back up today, i want make some trades ^^

It's down again  :D

that's what she said.

hilarious :)

502 Bad Gateway

Yep still down. Nothing on twitter either.

https://twitter.com/cryptsy

bummer ya i made one trade after the first dose monkey wrenchers busy around the clock...thanks

I have made Vern aware of the new issue more to follow once I have it.....

All is better thanks :)

Well it's back up, but I don't see my incoming pending coins. I had sent 900 MEM which already have 149 confirmations, but they don't show up at cryptsy. Do you have issues with your backend wallets and web?

Ok, I guess it was temporary. The coins showed up finally, let's see if new coins I just now sent also will show up.

Aaand they're not showing up...

It seems to be a common problem. People on the chat report delays with other coins too.

I transported Coin there over 1 hour ago and has not shown up , I've emailed support .

deposits not working at Cryptsy.com at the moment?

doesn't sound like i'd take the risk at the moment, but i'm sure they are working on it.

Now I'm kinda worried about weather I'm going to see these DGC again after 3 hours .

I've had no email back ,  might it be the case that DGC was attacked ?

Hi John, now cryptsy.com (or Incapsula on behalf of it) still uses a single shared SSL certificate which allows anybody on the following list to impersonate and potentially MITM anybody else:

DNS Name=incapsula.com
DNS Name=*.aguasandinas.cl
DNS Name=*.aldimobile.com.au
DNS Name=*.alyn.org
DNS Name=*.api.sell-n.com
DNS Name=*.astabis.com
DNS Name=*.b54.com
DNS Name=*.bancdeswiss.com
DNS Name=*.banggood.com
DNS Name=*.bank54.com
DNS Name=*.careyou.com.au
DNS Name=*.chc.com.sg
DNS Name=*.cryptsy.com
DNS Name=*.e-c.co.il
DNS Name=*.empireoption.com
DNS Name=*.epaydataonline.com
DNS Name=*.forexmagnates.com
DNS Name=*.gcmforex.com
DNS Name=*.grouploop.com
DNS Name=*.hallmarkinstantstreaming.com
DNS Name=*.hallmarkspiritclips.com
DNS Name=*.ioption.com
DNS Name=*.kaboodlehq.com
DNS Name=*.kaboodlepilot.com
DNS Name=*.liderforex.com
DNS Name=*.manage.cm
DNS Name=*.minit.com
DNS Name=*.my.truck-n.com
DNS Name=*.ordertickets.ca
DNS Name=*.partitionhost.com
DNS Name=*.paycall.co.il
DNS Name=*.pinklily.com.au
DNS Name=*.rushmorebingo.com
DNS Name=*.servertastic.com
DNS Name=*.smarttradefx.com
DNS Name=*.spicy.com.br
DNS Name=*.stormbattle.net
DNS Name=*.tamuvu.com
DNS Name=*.traderush.com
DNS Name=*.traderxp.com
DNS Name=*.videntfinancial.com
DNS Name=*.vipbinary.com
DNS Name=*.winoptions.com
DNS Name=*.xfcu.org
DNS Name=*.yakitome.com
DNS Name=*.zenobiajewellery.com
DNS Name=aldimobile.com.au
DNS Name=alyn.org
DNS Name=api.sell-n.com
DNS Name=astabis.com
DNS Name=b54.com
DNS Name=bancdeswiss.com
DNS Name=banggood.com
DNS Name=careyou.com.au
DNS Name=chc.com.sg
DNS Name=cp.truststream.co.uk
DNS Name=cryptsy.com
DNS Name=elpmultimedia.com
DNS Name=empireoption.com
DNS Name=epaydataonline.com
DNS Name=forexmagnates.com
DNS Name=gcmforex.com
DNS Name=hallmarkinstantstreaming.com
DNS Name=hallmarkspiritclips.com
DNS Name=ioption.com
DNS Name=kaboodlehq.com
DNS Name=kaboodlepilot.com
DNS Name=liderforex.com
DNS Name=manage.cm
DNS Name=minit.com
DNS Name=my.truck-n.com
DNS Name=ordertickets.ca
DNS Name=partitionhost.com
DNS Name=paycall.co.il
DNS Name=pinklily.com.au
DNS Name=recettage.ria.neopod.fm-ged.com
DNS Name=redcappi.com
DNS Name=rushmorebingo.com
DNS Name=servertastic.com
DNS Name=smarttradefx.com
DNS Name=spicy.com.br
DNS Name=stormbattle.net
DNS Name=tamuvu.com
DNS Name=traderush.com
DNS Name=traderxp.com
DNS Name=videntfinancial.com
DNS Name=vipbinary.com
DNS Name=winoptions.com
DNS Name=www.e-c.co.il
DNS Name=www.elpmultimedia.com
DNS Name=www.homologpedidos.sodexho.com.br
DNS Name=www.redcappi.com
DNS Name=xfcu.org
DNS Name=yakitome.com
DNS Name=zenobiajewellery.com


Is this a temporary workaround or the permanent approach?

Thanks

just slow, but it is working

The funds arrived , want to confirm . ! Just slowly.

Nope, definitely not. The User account info API is still not working.

Hi John

I found a bug in the UI: if you click on the amount of BTC available (or LTC for some markets) in the top right corner of the "SUBMIT NEW ORDER" form to buy the maximum amount of altcoins possible with your balance at a given price then it does not correctly calculate that number.

The onclick event handler of that span element currently reads:


but it should actually be:


Then it calculates the correct amount

The site is now completely down for me at the moment. Chrome says "Error 105 (net::ERR_NAME_NOT_RESOLVED)". isup.me confirms it's down as well.

There have been problems since yesterday. 20 hours back I tried to cancel a withdrawl (hadn't confirmed in the email) but couldn't see anything under pending withdrawls. Still waiting to get it sorted out, and for some reason the support is not responding  ???

down

I'm on Cryptsy so it isn't down, just seems to be a DNS issue for new queries coming in.

So it's down again.

I can still access it!

The dns is resolving to this IP Address  199.83.130.5

If you add an entry in your hosts file for www.crypsty.com with the IP Address 199.83.130.5 it should sort you out until the DNS change has propagated.

Definitely just a DNS issue, pinging it resolves no IP.  But my browser on my home PC that is already logged in is able to use the site. 

Thanks dude.   That is a more accurate calculation.

It has been implemented.


BigVern

Cool! np :)

ok, so.....Noirbits?

It seems to be mostly working now. Only the API remains broken.

work

Your funds are never safe on cryptsy... end of story.

502 Bad Gateway

Yep, problems again for Cryptsy...

well they're safe alright, safe from me being able too offload them :(

lol

502 Bad Gateway for me I cannot open the site.

They should really build the exchange again from the start. The excuse of the beta stage doesnt hold water any more...

cryptsy/\is rock solid in my book imho we should all help\/BTCjohn to improve the site..thanks team

Agree, but how can we help?

You guys help every day by spreading the word and keeping the record straight and we appreciate it. Some folks read the disinformation and buy into it. All I can say is give cryptsy.com a try.

cryptsy/\is great the only thing i can think if is remove temp~USD markets(coming soon)\/section..thanks

Excellent site. Please add more coins though  :)

I have to agree crypsty is definitely the best exchange.

Without them there would literally be no value in alt coins.

There's an option on the site to hide the coins your not interested in.

https://cryptsy.freshdesk.com/support/tickets/3097

I'm locked out of my account because the email that is being sent the 2factor code is inaccessible to me.  I've submitted photo ID scans and created a support ticket.  Please disable the 2factor email authentication so I can log in and change my email and password.

Thanks!

Anyone else having problems with the auto-sell not working?  Curious if it's just me.

Thanks.

JR

Ergo, Incapsula was the Cryptsy hacker ~1 month after the above posting, thus Paul Vernon can return home from China now.

Masterful detective work Gamow !
You finally found that damn pesky hacker  :)

Thanks for letting us all know and this so far is Bitcointalk Topic Bump of The Year.

Bitcointalk Topic Bump of The Year

! Incapsula !

(but really does anyone have an update on the remaining Cryptsy funds) ??