|
you mean.. like it is now?
|
|
|
|
yes.. down caused by server problems.. But it is back again in about an hour..  |
|
|
|
I`m on it to correct this.. if it works better I`ll post to this thread |
|
|
|
It never works right for me. What exactly is the problem? |
|
|
|
Thanks so much Does someone know any Java Code to detect tor exit nodes?
Thanks in advance..
if you look at https://check.torproject.org/cgi-bin/TorBulkExitList.py can help you, https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=<ip address> #can help you contact the service within java |
|
|
|
Thanks.. First I have to improve some other things.. but look will change soon btw.. what browser do you use? |
|
|
|
|
Does someone know any Java Code to detect tor exit nodes?
Thanks in advance..
|
|
|
|
|
We are talking about the scripts running on fiveminutecoin.com
|
|
|
|
|
Vielen Dank für die netten Worte.. ich hoffe du verzeihst mir die momentanen Probleme mit der Seite.. einige Angriffe haben echten Schaden angerichtet und ich bin immernoch am testen und Fehler ausbessern..
|
|
|
|
I'm not clear what you're asking here. Are you giving us permission to pentest your website?
(And BTW, it returns a 404 right now.)
I know this because I`m uploading the new Version right now.. Are you checking if the 300 seconds passed in your backend?
Because if not, then it's simple to create an automated tool.
You just need to look at the request that gets send out.
Yes,of course I do check it on the backend.. so I dont know how this could even be possible!? I use a ip blacklist now.. maybe it works!?! I bet the guy was using tor so ip blacklist will not work on that, cause the user can change the ip and there is so many nodes, so look into blocking the whole tor network, I know there a way to do that. ok.. I`m gonna implement that too.. thanks for your suggestion!  Also make sure your scripts can only be accessed from other scripts like it sounds like you just allowed anyone to execute it, you need to use .htaccess file to make sure only scripts and your site can execute those files individually Can you tell me where to find some information about detecting tor exit nodes? I tried it with google but there is no useful info.. |
|
|
|
Yes,of course I do check it on the backend.. so I dont know how this could even be possible!?
I use a ip blacklist now.. maybe it works!?!
If I understand your site correctly, I can request 0.0025btc instantly without having to wait the 5 minutes. If I wait, I can get 0.005btc instead. I'd start with a little math: Captcha solving costs something between $1-$2 per 1000 captches. 1000 successful requests mean 2.5btc when you don't bother to wait. Assuming ~$5/btc, you make $12.50 while paying $2, resulting in a $10.50 profit. You can always try to change the captcha, although I think that won't be much of a success since solvers offer a professional service dealing with them. Probably a good idea is to look around for a good real-time blacklist of proxies and block them. Or, instead of blocking, accept the request but don't send it out. That costs whoever does that money. I`ll keep that in mind and maybe I`m gonna implement this tomorrow if the site works fine again.. |
|
|
|
|
If you send me your ip you can try again..
|
|
|
|
|
Please try to clear your cache.. if it doesnt change anything please tell it to me again..
|
|
|
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there?  your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for? you should have a database on your side that keeps track of the times for every ip that comes on the site, this looks like some kid found out a part of your script that doesn't do what you thought it did, I would suggest you do more testing to make sure, all your links and scripts are being secured from the outside so they can't be runned by any ip but only by other scripts, add tokens to make sure they person is who they are. things like that this database already exists.. I also use 2 analysis tools to get notice of the ip addresses. What exactly do you mean by tokens? |
|
|
|
I'm not clear what you're asking here. Are you giving us permission to pentest your website?
(And BTW, it returns a 404 right now.)
I know this because I`m uploading the new Version right now.. Are you checking if the 300 seconds passed in your backend?
Because if not, then it's simple to create an automated tool.
You just need to look at the request that gets send out.
Yes,of course I do check it on the backend.. so I dont know how this could even be possible!? I use a ip blacklist now.. maybe it works!?! I bet the guy was using tor so ip blacklist will not work on that, cause the user can change the ip and there is so many nodes, so look into blocking the whole tor network, I know there a way to do that. ok.. I`m gonna implement that too.. thanks for your suggestion! |
|
|
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. it was security issue in your code, and these things just don't go away you better start auditing it and making sure that is was the issue you were thinking I already did.. or do you know more about it?!Do you know where to look for? |
|
|
|
Da hast du Recht! Aber mir schadet das.. PRESTIGE |
|
|
|
Did anyone experience the same? Bitcoin server crashes for some unknown reason? Edit: Ok.. I know it now.. someone tried to cash me out..!! I cant imagine how this could happen.. there are captchas?!!? Does anyone know what to do and how to prevent such attacks? Someone used a lot of proxies and many different ips and it was possible to get some of my coins.. Is there any help out there? your bitcoind wasn't secure enough, your site should be the only incoming and out going packets from your bitcoind, everything else should be blocked, and logged by your firewall. Also I would make the bitcoind it's own user and so it can't be run from a normal user or even sudo user. Also connections to your bitcoind shouldn't be on an obvious port either. You should change all passwords right now! There are different users and bitcoind has its own.. It wasnt a server security related issue.. it was a coding issue.. But I hope it is gone now.. |
|
|
|
|
There were several attacks so I had to go offline while improving the code..
It is up running again and hopefully such attacks will never happen again!
Edit: please report every bug or every problem..
|
|
|
|
|
Show Posts
