Bitcoin Forum
April 24, 2014, 11:00:08 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
Author Topic: bitfloor needs your help!  (Read 92950 times)
1nject0r
Newbie
*
Offline Offline

Activity: 28


View Profile WWW

Ignore
September 04, 2012, 06:04:00 PM
 #41

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

Buy premium script shopping item and much more via LR AND BITCOIN http://searchnow.pro Donate Us via Liberty reserve account U5110163 Or Bitcoin 1NecBPZ7mvJ37bJLFSpWf9pNezpcQQU6NU If u wanna donate Us via Western Union contact Us on lovecreatmafia@gmail.com
1398337208
Hero Member
*
Offline Offline

Posts: 1398337208

View Profile Personal Message (Offline)

Ignore
1398337208
Reply with quote  #2

1398337208
Report to moderator
Buy a Blade, Get a 5-Chip Free!
Start Mining with GAWMiners.com
24/7 Live Phone & Tech Support
Free Hosting & Electricity for 1 Year!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398337208
Hero Member
*
Offline Offline

Posts: 1398337208

View Profile Personal Message (Offline)

Ignore
1398337208
Reply with quote  #2

1398337208
Report to moderator
1398337208
Hero Member
*
Offline Offline

Posts: 1398337208

View Profile Personal Message (Offline)

Ignore
1398337208
Reply with quote  #2

1398337208
Report to moderator
jojo69
Hero Member
*****
Offline Offline

Activity: 672



View Profile

Ignore
September 04, 2012, 06:07:07 PM
 #42

fucks sake 1nject0r

at least turn off the bold

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
BadBear
Global Moderator
Hero Member
*
Online Online

Activity: 952



View Profile

Ignore
September 04, 2012, 06:08:38 PM
 #43

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

Are you even reading what you're replying to?

And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.

1P1GwVpbTY6gcg8dX4nKzE5D6W8SCAzyZB
epetroel
Sr. Member
****
Offline Offline

Activity: 428


View Profile

Ignore
September 04, 2012, 06:11:27 PM
 #44

1nject0r,

The grown ups are talking please STFU!  The nonsensical ramblings of a 2bit warez seller are not welcome or needed.


fastcash4bitcoins.com lOl javascript 1njection lOL

Quote
<snip standard ASP.NET error page>

All this shows is that you managed to create a server-side error and he doesn't have any custom error pages.  

As a matter of fact, the server side error generated was probably because of your attempt at Javascript injection (caught harmlessly by ASP.NET)

So what exactly are you trying to show with this?
mufa23
Hero Member
*****
Offline Offline

Activity: 742


I'd fight Gandhi.


View Profile

Ignore
September 04, 2012, 06:11:34 PM
 #45

Shtylman, thanks for coming clean rather then pulling an MtGox and leaving everyone in the dark for weeks.

I have a question for you, I'll PM it.

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile

Ignore
September 04, 2012, 06:12:02 PM
 #46

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

So did you hack fastcash4bitcoins yet? No? Then STFU script kiddo. The server is properly configured not to display errors, and that what I do when someone tries to exploits the normal operation of the site - display a generic error page and log the attacker's information.
notme
Hero Member
*****
Offline Offline

Activity: 938


View Profile

Ignore
September 04, 2012, 06:12:57 PM
 #47

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

While no idea is perfect, some ideas are useful.
Programmer/Math Nerd
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
greyhawk
Hero Member
*****
Offline Offline

Activity: 728


View Profile

Ignore
September 04, 2012, 06:15:34 PM
 #48

I think what Bilaal here is trying to imply is that he thinks there was no hacker at all and it was a inside job (another mybitcoin/zhoutong situation). Which is the only way a non-public facing system could be compromised.

Stop sending me Bitcoins! 1HNLqLrPEwMk8woA91qwX9sRkatRfQik2T
Click here to get hacked
jojo69
Hero Member
*****
Offline Offline

Activity: 672



View Profile

Ignore
September 04, 2012, 06:16:50 PM
 #49

ignore button engaged

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 756



View Profile WWW

Ignore
September 04, 2012, 06:18:56 PM
 #50

ignore button engaged

man, that was easy

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
shtylman
Sr. Member
****
Offline Offline

Activity: 243



View Profile

Ignore
September 04, 2012, 06:19:03 PM
 #51

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.
mufa23
Hero Member
*****
Offline Offline

Activity: 742


I'd fight Gandhi.


View Profile

Ignore
September 04, 2012, 06:22:01 PM
 #52

And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.
yeah i know what i have wrote  and if bold is not allowed why dont u disable bold tags instead of saying to me ?

inb4 ban

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
notme
Hero Member
*****
Offline Offline

Activity: 938


View Profile

Ignore
September 04, 2012, 06:27:24 PM
 #53

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.

Thanks for confirming.  This is why I prefer no incoming connections allowed on the secure box.  If you must have occasional ssh, you can have it enabled on boot and then login to disable it.  That way you can reboot first if you must login.

While no idea is perfect, some ideas are useful.
Programmer/Math Nerd
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
mc_lovin
Hero Member
*****
Offline Offline

Activity: 938


www.bitcointrading.com


View Profile WWW

Ignore
September 04, 2012, 06:37:36 PM
 #54

ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..

Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
September 04, 2012, 06:41:03 PM
 #55

So I got a grand in USD in my account. How do I get it back asap?

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
smickles
Sr. Member
****
Offline Offline

Activity: 446



View Profile WWW

Ignore
September 04, 2012, 06:43:32 PM
 #56

ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..
what makes you so sure it was learned? This occurrence seems to indicate that hot wallets are still used or at least used improperly.

whitslack
Member
**
Offline Offline

Activity: 112



View Profile

Ignore
September 04, 2012, 06:44:55 PM
 #57

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.
Severian
Sr. Member
****
Offline Offline

Activity: 336


anarchistic marketist


View Profile WWW

Ignore
September 04, 2012, 06:49:04 PM
 #58

Sorry to hear this, shtylman. Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

Much luck to you all.

"The synonym of usury is ruin." -Samuel Johnson
davout
Staff
Hero Member
*****
Offline Offline

Activity: 1148


1davout


View Profile WWW

Ignore
September 04, 2012, 06:51:12 PM
 #59

Very sorry to hear that.  Sad

IveBeenBit
Sr. Member
****
Offline Offline

Activity: 443



View Profile

Ignore
September 04, 2012, 06:53:14 PM
 #60

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.

I agree. I hope you can recover from this and re-emerge as a viable exchange. There is very little you can do right now and holding onto our USD will not help get the stolen bitcoins back. Making it difficult or a PITA for us to recover our USD, however will be detrimental to the Bitfloor brand and good will that you have earned in the past.

If you could reenable the site so we can make withdrawal requests that would be nice. I'd also like to double check if I had a bitcoin balance on your site. I'm pretty sure I don't, but need to log on to verify.

Rebuilding your exchange will probably take months. Delaying our USD withdrawals will not speed that up any.
Pages: 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!