1nject0r
Newbie
 Offline
Activity: 28
Merit: 0
|
 |
September 04, 2012, 06:04:00 PM |
|
No shit sherlock, but that's is irrelevant to my question. He claims "this box was not public facing", then provides an ip that the attacker connected from. So which is it? How did the attacker connect to a box that was not accessible?
there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking |
|
|
|
|
jojo69
Legendary
Offline
Activity: 3360
Merit: 4663
diamond-handed zealot
|
|
September 04, 2012, 06:07:07 PM |
|
fucks sake 1nject0r
at least turn off the bold
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
September 04, 2012, 06:08:38 PM |
|
No shit sherlock, but that's is irrelevant to my question. He claims "this box was not public facing", then provides an ip that the attacker connected from. So which is it? How did the attacker connect to a box that was not accessible?
there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hackingAre you even reading what you're replying to? And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway. |
|
|
|
|
epetroel
|
|
September 04, 2012, 06:11:27 PM |
|
1nject0r,
The grown ups are talking please STFU! The nonsensical ramblings of a 2bit warez seller are not welcome or needed.
fastcash4bitcoins.com lOl javascript 1njection lOL <snip standard ASP.NET error page>
All this shows is that you managed to create a server-side error and he doesn't have any custom error pages. As a matter of fact, the server side error generated was probably because of your attempt at Javascript injection (caught harmlessly by ASP.NET) So what exactly are you trying to show with this? |
|
|
|
|
mufa23
Legendary
Offline
Activity: 1022
Merit: 1001
I'd fight Gandhi.
|
|
September 04, 2012, 06:11:34 PM |
|
Shtylman, thanks for coming clean rather then pulling an MtGox and leaving everyone in the dark for weeks.
I have a question for you, I'll PM it.
|
Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
|
|
|
|
vampire
|
|
September 04, 2012, 06:12:02 PM |
|
No shit sherlock, but that's is irrelevant to my question. He claims "this box was not public facing", then provides an ip that the attacker connected from. So which is it? How did the attacker connect to a box that was not accessible?
there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hackingSo did you hack fastcash4bitcoins yet? No? Then STFU script kiddo. The server is properly configured not to display errors, and that what I do when someone tries to exploits the normal operation of the site - display a generic error page and log the attacker's information. |
|
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
September 04, 2012, 06:12:57 PM |
|
No shit sherlock, but that's is irrelevant to my question. He claims "this box was not public facing", then provides an ip that the attacker connected from. So which is it? How did the attacker connect to a box that was not accessible?
there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hackingStill irrelevant. Maybe try understanding the question. It still won't help though since the question isn't directed to you and you don't know the answer. A system, holding an unencrypted copy of the keys was hacked. He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP. If the system was not public facing, how did the attacker connect to it? |
|
|
|
|
greyhawk
|
|
September 04, 2012, 06:15:34 PM |
|
I think what Bilaal here is trying to imply is that he thinks there was no hacker at all and it was a inside job (another mybitcoin/zhoutong situation). Which is the only way a non-public facing system could be compromised.
|
|
|
|
|
jojo69
Legendary
Offline
Activity: 3360
Merit: 4663
diamond-handed zealot
|
|
September 04, 2012, 06:16:50 PM |
|
ignore button engaged
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
|
|
|
shtylman (OP)
|
|
September 04, 2012, 06:19:03 PM |
|
Still irrelevant. Maybe try understanding the question. It still won't help though since the question isn't directed to you and you don't know the answer. A system, holding an unencrypted copy of the keys was hacked. He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP. If the system was not public facing, how did the attacker connect to it?
The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes. |
|
|
|
|
mufa23
Legendary
Offline
Activity: 1022
Merit: 1001
I'd fight Gandhi.
|
|
September 04, 2012, 06:22:01 PM |
|
And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.
yeah i know what i have wrote and if bold is not allowed why dont u disable bold tags instead of saying to me ?inb4 ban |
Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
September 04, 2012, 06:27:24 PM |
|
Still irrelevant. Maybe try understanding the question. It still won't help though since the question isn't directed to you and you don't know the answer. A system, holding an unencrypted copy of the keys was hacked. He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP. If the system was not public facing, how did the attacker connect to it?
The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes. Thanks for confirming. This is why I prefer no incoming connections allowed on the secure box. If you must have occasional ssh, you can have it enabled on boot and then login to disable it. That way you can reboot first if you must login. |
|
|
|
mc_lovin
Legendary
Offline
Activity: 1190
Merit: 1000
www.bitcointrading.com
|
|
September 04, 2012, 06:37:36 PM |
|
ouch. best of luck resolving this one.. another lesson learned by server admins about hot wallets..
|
|
|
|
|
|
Tuxavant
|
|
September 04, 2012, 06:41:03 PM |
|
So I got a grand in USD in my account. How do I get it back asap?
|
|
|
|
|
smickles
|
|
September 04, 2012, 06:43:32 PM |
|
ouch. best of luck resolving this one.. another lesson learned by server admins about hot wallets..
what makes you so sure it was learned? This occurrence seems to indicate that hot wallets are still used or at least used improperly. |
|
|
|
|
whitslack
|
|
September 04, 2012, 06:44:55 PM |
|
I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.
|
|
|
|
|
|
Severian
|
|
September 04, 2012, 06:49:04 PM |
|
Sorry to hear this, shtylman. Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.
Much luck to you all.
|
|
|
|
|
davout
Legendary
Offline
Activity: 1372
Merit: 1008
1davout
|
|
September 04, 2012, 06:51:12 PM |
|
Very sorry to hear that.  |
|
|
|
|
IveBeenBit
|
|
September 04, 2012, 06:53:14 PM |
|
I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.
I agree. I hope you can recover from this and re-emerge as a viable exchange. There is very little you can do right now and holding onto our USD will not help get the stolen bitcoins back. Making it difficult or a PITA for us to recover our USD, however will be detrimental to the Bitfloor brand and good will that you have earned in the past. If you could reenable the site so we can make withdrawal requests that would be nice. I'd also like to double check if I had a bitcoin balance on your site. I'm pretty sure I don't, but need to log on to verify. Rebuilding your exchange will probably take months. Delaying our USD withdrawals will not speed that up any. |
|
|
|
|
|
