Bitcoin Forum
March 19, 2024, 08:51:31 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
Author Topic: bitfloor needs your help!  (Read 177364 times)
1nject0r
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile WWW
September 04, 2012, 06:04:00 PM
 #41

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking
1710838291
Hero Member
*
Offline Offline

Posts: 1710838291

View Profile Personal Message (Offline)

Ignore
1710838291
Reply with quote  #2

1710838291
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710838291
Hero Member
*
Offline Offline

Posts: 1710838291

View Profile Personal Message (Offline)

Ignore
1710838291
Reply with quote  #2

1710838291
Report to moderator
1710838291
Hero Member
*
Offline Offline

Posts: 1710838291

View Profile Personal Message (Offline)

Ignore
1710838291
Reply with quote  #2

1710838291
Report to moderator
1710838291
Hero Member
*
Offline Offline

Posts: 1710838291

View Profile Personal Message (Offline)

Ignore
1710838291
Reply with quote  #2

1710838291
Report to moderator
jojo69
Legendary
*
Offline Offline

Activity: 3122
Merit: 4271


diamond-handed zealot


View Profile
September 04, 2012, 06:07:07 PM
 #42

fucks sake 1nject0r

at least turn off the bold

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
BadBear
v2.0
Legendary
*
Offline Offline

Activity: 1652
Merit: 1127



View Profile WWW
September 04, 2012, 06:08:38 PM
 #43

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

Are you even reading what you're replying to?

And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.

1Kz25jm6pjNTaz8bFezEYUeBYfEtpjuKRG | PGP: B5797C4F

Tired of annoying signature ads? Ad block for signatures
epetroel
Sr. Member
****
Offline Offline

Activity: 431
Merit: 251


View Profile
September 04, 2012, 06:11:27 PM
 #44

1nject0r,

The grown ups are talking please STFU!  The nonsensical ramblings of a 2bit warez seller are not welcome or needed.


fastcash4bitcoins.com lOl javascript 1njection lOL

Quote
<snip standard ASP.NET error page>

All this shows is that you managed to create a server-side error and he doesn't have any custom error pages.  

As a matter of fact, the server side error generated was probably because of your attempt at Javascript injection (caught harmlessly by ASP.NET)

So what exactly are you trying to show with this?
mufa23
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001


I'd fight Gandhi.


View Profile
September 04, 2012, 06:11:34 PM
 #45

Shtylman, thanks for coming clean rather then pulling an MtGox and leaving everyone in the dark for weeks.

I have a question for you, I'll PM it.

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
vampire
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
September 04, 2012, 06:12:02 PM
 #46

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

So did you hack fastcash4bitcoins yet? No? Then STFU script kiddo. The server is properly configured not to display errors, and that what I do when someone tries to exploits the normal operation of the site - display a generic error page and log the attacker's information.
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
September 04, 2012, 06:12:57 PM
 #47

Quote

No shit sherlock, but that's is irrelevant to my question.  He claims "this box was not public facing", then provides an ip that the attacker connected from.  So which is it?  How did the attacker connect to a box that was not accessible?


there are no proof that hacker hack his site maybe some other problem he faced but hacker didnot hack his website no record of hacker or hacking

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
greyhawk
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1009


View Profile
September 04, 2012, 06:15:34 PM
 #48

I think what Bilaal here is trying to imply is that he thinks there was no hacker at all and it was a inside job (another mybitcoin/zhoutong situation). Which is the only way a non-public facing system could be compromised.
jojo69
Legendary
*
Offline Offline

Activity: 3122
Merit: 4271


diamond-handed zealot


View Profile
September 04, 2012, 06:16:50 PM
 #49

ignore button engaged

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile WWW
September 04, 2012, 06:18:56 PM
 #50

ignore button engaged

man, that was easy

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
September 04, 2012, 06:19:03 PM
 #51

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.
mufa23
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001


I'd fight Gandhi.


View Profile
September 04, 2012, 06:22:01 PM
 #52

And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.
yeah i know what i have wrote  and if bold is not allowed why dont u disable bold tags instead of saying to me ?

inb4 ban

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
notme
Legendary
*
Offline Offline

Activity: 1904
Merit: 1002


View Profile
September 04, 2012, 06:27:24 PM
 #53

Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.

Thanks for confirming.  This is why I prefer no incoming connections allowed on the secure box.  If you must have occasional ssh, you can have it enabled on boot and then login to disable it.  That way you can reboot first if you must login.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
mc_lovin
Legendary
*
Offline Offline

Activity: 1190
Merit: 1000


www.bitcointrading.com


View Profile WWW
September 04, 2012, 06:37:36 PM
 #54

ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..
Tuxavant
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000

Bitcoin Mayor of Las Vegas


View Profile WWW
September 04, 2012, 06:41:03 PM
 #55

So I got a grand in USD in my account. How do I get it back asap?

smickles
Sr. Member
****
Offline Offline

Activity: 446
Merit: 250



View Profile WWW
September 04, 2012, 06:43:32 PM
 #56

ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..
what makes you so sure it was learned? This occurrence seems to indicate that hot wallets are still used or at least used improperly.

whitslack
Full Member
***
Offline Offline

Activity: 120
Merit: 144



View Profile
September 04, 2012, 06:44:55 PM
 #57

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.
Severian
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
September 04, 2012, 06:49:04 PM
 #58

Sorry to hear this, shtylman. Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

Much luck to you all.
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
September 04, 2012, 06:51:12 PM
 #59

Very sorry to hear that.  Sad

IveBeenBit
Sr. Member
****
Offline Offline

Activity: 449
Merit: 250



View Profile
September 04, 2012, 06:53:14 PM
 #60

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.

I agree. I hope you can recover from this and re-emerge as a viable exchange. There is very little you can do right now and holding onto our USD will not help get the stolen bitcoins back. Making it difficult or a PITA for us to recover our USD, however will be detrimental to the Bitfloor brand and good will that you have earned in the past.

If you could reenable the site so we can make withdrawal requests that would be nice. I'd also like to double check if I had a bitcoin balance on your site. I'm pretty sure I don't, but need to log on to verify.

Rebuilding your exchange will probably take months. Delaying our USD withdrawals will not speed that up any.
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!