Blocks Generated : 3933 Fee Earned : 60,718 NXT this is a nicer hack just before source release.. great!! devs, please take a look into this ASAP, that person just generated another block. They are obviously gaming the system somehow. The balance on that acct has never been very high, yet they forge TONS of blocks
|
|
|
wow, very odd, hope we can find an answer
|
|
|
so are you guys just waiting on NXT source code to be released, and then clone it as VRC? You do realize the NXT code will be released with 3 bugs in it right?
|
|
|
I have just read the last 50 pages of this topic and wow this is crazy.
First of all yes the client was posted by me and I added some code that would send the secrets to my server. A week ago there were all the ddos issues and billions created which led to a lot of client updates. During these updates I noticed a lot of those clients had different hashes which made me wondering how easy it would be to modify the client and get it circulated. So that is what I did. I quoted the official post made by jean-luc on 31/12 and changed the url. Setting this all up took less then an hour. The server was only online for about an hour and I decided to shut it down after I had gotten access to about 10 accounts.
Now here is what is odd. Yes I got access to some accounts but not those people here who are claiming they got hacked. The accounts that I got access to never had more then 1000 nxt in them and I never had the intention of taking it. To the people who got hacked before 0.4.8 I can say that it was definetly not me who could have stolen your coins.
Normally at this point I was going to post details about how easy it is to steal nxt and how people have to be aware about where they download their client instead if only focussing only on their pass strength. That point has been made very clear now in an unfortunate way.
To be honest if I had found an account containing a 50 million next I would have probably taken it and diseappeared but that was not the case. I am human after all.
I know there are other modified clients around whether they use the same type of attack I don't know. Digitalocean has also contacted me that people here have sent complaints and that different IP's have logged in on my account. Whether someone else had access to my vps, people downloaded a different infected client or someone is playing it smart letting me take the blame I do not know.
People are angry and ofcourse I can understand that but the only thing I can do is tell my story and hope a correct explanation for these thefts will appear.
wow and so now you take us for idiots?
|
|
|
Are you sure? that page has a post about you upgrading your VPSs to 0.4.8, so I would think it happened before that
|
|
|
I think I downloaded the bad client zip from here: http://www.nxtcrypto.org/I can't be sure yet and I still don't understand some of my timestamps, but I see in my browser logs that I accessed that page at around the time I updated to 0.4.8 and I'm pretty sure I remember using the link on that page. EDIT: I think I even remember laughing about how silly it was that that page pointed to an IP address for the download. this is extremely disconcerting to me.. As far as I know there is only 1 person who has access to do stuff on www.nxtcrypto.orgKeep in mind we have www.nxtcrypto.org and also we host the files at info.nxtcrypto.org and at forums.nxtcrypto.org So please be 100% sure you got it at the www site because then we will be in a bind as to what do do about the person who runs it (QBTC at nextcoin). Ive had to reason so far to mistrust her. I notice that paulyc says he did not get his from nxtcrypto.org but that he got it from a mega link. So basically we have 4 different people saying they got it from 3 different places. 1 person on a wget using the IP address 1 person from mega.co 1 person from nxtcrypto.org 1 person from nextcoin.org What a mess. Hopefully you guys can figure out where it really came from?
|
|
|
well at this point I think we all need to stop and take a step back and determine how to best handle new client releases moving forwards. CfB had to stop using his DL link due to bandwidth problems. Maybe dev team needs to run a dedicated VPS to host releases on? Maybe the unused coins can go to fund that?
Obviously all WWW/info/forums/WIKI sites need to be updated with VERY STRONG LANGUAGE regarding checksums
My suggestion is for when dev team releases a new client, to post in this thread a reply with a link and checksums. then any site out there that wishes to host the file should also post a link back to the thread where the new client was released so the downloader can see the checksum?
Any more thoughts on how to best mitigate this theft risk?
|
|
|
can you get a timestamp from the file or some autid log that you can correlate in your web browser?
|
|
|
I'm sorry, I didn't know you r the admin of nxtcrypto.org DNS, but In my post, I didn't accuse the DNS admin either, I just talked about the possibilities, and now you elliminated one(I trust you from your eliear posts!). the thief might be an expert on computer/networks, he might have some skills we don't understand. the chrome history is ok, I didn't miss anything, but the thief might changed the history, that's also an possibility
I didnt take it as accusation. but we MUST KNOW where you and paulyc got the link from!!!! And where EXACTLY you clicked all around. Come on guys we need to track this down.
|
|
|
By the way, I just checked and Drexme was last online here two hours ago. There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
And just how many accounts is he gonna plunder, I wonder? This is gonna get really, really bad... I will be the first to ask the question "Do we wanna stop the blockchain and roll it back?" At this point, I don't think there are more than a few cases. The thief will certainly take the fund right when he gets the pass. We have two reported cases so far. It is important to locate the source of the bogus link. 1. What about that guy who lost 250k of coins? Total is about 300K, there are many reports on nextcoin.org forum. 2. Already located. 1. Can you give me the link to 250k loss case. 2. We still don't know where it was posted. Nextcoin or nxtcrypto or where ? I would support a roll-back if that much money involved. in fact I almost feel like taking all of my VPSs offline until firm rollback has been initiated network wide
|
|
|
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well. Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down But as far as I know, dex has still not returned the donation NXT. well, I didn't mean that, I didn't accussed anyone or any site. in fact, the current IP of info.nxtcrypto.org is 46.28.204.121, and it's different from 162.243.246.223, that's where I downloaded the malware Im the DNS admin for all nxtcrypto.org sites. 46.28.204.121 has always been the address, since info got created; its never been 162.243.246.223. No one else has access to change the records. Someone else admins the info website, the guy Intel from these forums here. So did you ever download 0.4.8 from any other place than the info site? If that is the only place you downloaded from then there are only 2 explanations I can think of. Either I changed the IP in DNS temporarily to make people download a bogus client, or intel made a temporary redirect to a bogus client at 162.243.246.223. Which would have been dumb, it would have been much much simpler for him to just temporarily post a bogus client directly on his info site. So step back, take a few deep breaths, go through your chrome history, and be detailed and tell us how you got the bogus client.
|
|
|
Please edit your post, it looks like you are saying there is bogus software at info.nxtcrypto.org It looks like you got the bogus software directly from the thief. My guess is that is where paulyC got his as well. Some folks are claiming that dextern is involved and changed the link on nextcoin - i dont believe that is the case, Graviton removed his moderator access when that mess went down But as far as I know, dex has still not returned the donation NXT.
|
|
|
I created a new account under 0.4.7e and transfered ALL NXT to the new ID. This should work out. Let's just wait for the Aliases Transfer. :p
Also: Is it just a NXT Keylogger or does it log the whole system? :s
from the code just a NXT logger
|
|
|
I dont run the www site. QBTC over at nextcoin.org runs the WWW site. I will hit her up to fix that ASAP. (remember, Im really just running DNS here, and trying to coordinate between all the other sites) good catch though, definitely need to get her to fix it NOW In fact 0.4.8 is http://info.nxtcrypto.org/nxt-client-0.4.8.zipIve already asked her to update the download that is manually mirrored on her www site.
|
|
|
can I get some SSH remote command help here? on a box, I can do lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249to see the stats for the 79.102.159.249 peer if it is connected. The results look like this (notice I had to escape the & there): {"platform":"?","application":"NRS","weight":0,"state":1,"announcedAddress":""," downloadedVolume":8758,"version":"0.4.7e","uploadedVolume":12675225}
why can I not use this to do a remote SSH command? root@vps1:~# ssh -i .ssh/vps root@vps1 lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249 {"errorCode":3,"errorDescription":"\"peer\" not specified"} root@vps1:~#
Try: ssh root@vps1 -t -C 'curl "http://localhost:7874/nxt?requestType=getPeer&peer=79.102.159.249"'
More eye pleasing. curl --silent "http://localhost:7874/nxt?requestType=getPeer&peer=79.102.159.249" | python -m json.tool Edit: Added --silent option very cool thanks a ton guys
|
|
|
I dont run the www site. QBTC over at nextcoin.org runs the WWW site. I will hit her up to fix that ASAP. (remember, Im really just running DNS here, and trying to coordinate between all the other sites) good catch though, definitely need to get her to fix it NOW
|
|
|
can I get some SSH remote command help here? on a box, I can do lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249to see the stats for the 79.102.159.249 peer if it is connected. The results look like this (notice I had to escape the & there): {"platform":"?","application":"NRS","weight":0,"state":1,"announcedAddress":""," downloadedVolume":8758,"version":"0.4.7e","uploadedVolume":12675225}
why can I not use this to do a remote SSH command? root@vps1:~# ssh -i .ssh/vps root@vps1 lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249 {"errorCode":3,"errorDescription":"\"peer\" not specified"} root@vps1:~#
|
|
|
1 min between blocks.
what mechanism is it that causes the timing to drift? sometimes there are blocks every few seconds, sometimes every 15 mins, etc.
|
|
|
Id like to get the API in the wiki. They've built some impressive functionality into the API.
|
|
|
|