Bitcoin Forum
April 18, 2014, 12:15:05 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: China biggest bitcoin portal www.hxtop.com was hacked!  (Read 36139 times)
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 01:54:57 PM
 #1

BTCThe china's largest and earliest bitcoin website information portal http://www.hxtop.com as hackers through sql injection bug get the control of the virtual host(windows2003 system) hxtop.com unable to access normally now.
hxtop.com website source code stolen or be deleted by the hacker
Virtual host provider said that virtual host was hacked,but a few days have not recovered.as the backup data above the same server too , so the recovery time is longer,Maybe a lot of data will be lost said the virtual host provider.
The recovery time of the website is not clearly determined, provided that the data is restored first.
The hxtop.com webmaster "swemp" has actively coordinate the handling of data recovery, and intends to replace it with a new web hosting space.
The bitcoin community development so far, security event incidents continue.
In order to better service the website viewers of hxtop.com We will try to resume as soon as possible.said the webmaster "swemp"  if some idea please mailto:swemp@qq.com

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
1397780105
Hero Member
*
Offline Offline

Posts: 1397780105

View Profile Personal Message (Offline)

Ignore
1397780105
Reply with quote  #2

1397780105
Report to moderator
1397780105
Hero Member
*
Offline Offline

Posts: 1397780105

View Profile Personal Message (Offline)

Ignore
1397780105
Reply with quote  #2

1397780105
Report to moderator
Satoshi is no god. He did not come down from the mountain with 10 golden rules engraved in stone for no one to question.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397780105
Hero Member
*
Offline Offline

Posts: 1397780105

View Profile Personal Message (Offline)

Ignore
1397780105
Reply with quote  #2

1397780105
Report to moderator
kiba
Hero Member
*****
Offline Offline

Activity: 980


View Profile

Ignore
September 23, 2012, 02:57:03 PM
 #2

Winblow and SQL injection really???  Roll Eyes

CIYAM
Hero Member
*****
Offline Offline

Activity: 910


Ian Knowles - CIYAM Lead Developer


View Profile WWW

Ignore
September 23, 2012, 03:03:08 PM
 #3

If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Severian
Sr. Member
****
Offline Offline

Activity: 336


anarchistic marketist


View Profile WWW

Ignore
September 23, 2012, 03:07:18 PM
 #4

I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China. Wink

"The synonym of usury is ruin." -Samuel Johnson
Raoul Duke
aka psy
Global Moderator
Hero Member
*
Offline Offline

Activity: 1078


XBT.pt - BTC/DOGE


View Profile WWW

Ignore
September 23, 2012, 03:08:20 PM
 #5


The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


That's not a weakness. It's a deal breaker. Wink

CIYAM
Hero Member
*****
Offline Offline

Activity: 910


Ian Knowles - CIYAM Lead Developer


View Profile WWW

Ignore
September 23, 2012, 03:11:55 PM
 #6

That's not a weakness. It's a deal breaker. Wink

For the website in question I'd guess so. Smiley

Am actually hoping to go up against the likes of Diaspora by having private content securely encrypted over plain HTTP (a feature recently developed).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
cedivad
Hero Member
*****
Offline Offline

Activity: 630



View Profile

Ignore
September 23, 2012, 03:15:17 PM
 #7

If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


Don't lose your (worthy) time.

My anger against what is wrong in the Bitcoin community is productive:
Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)
Hashfast.org - Wiki for screwed customers
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:15:57 PM
 #8

SQL injection get the db rights and then got the admin password of the host?
In china more and more website gus like to  use the same Virtual host runing the website.
so the problem is each website code Not safe enough.

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:16:47 PM
 #9

If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


Don't lose your (worthy) time.


Thank you for reminding me

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
goodlord666
Sr. Member
****
Offline Offline

Activity: 434


100%


View Profile

Ignore
September 23, 2012, 03:18:09 PM
 #10

If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).

The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Smiley


Don't lose your (worthy) time.

Care to explain?


hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:19:03 PM
 #11

That's not a weakness. It's a deal breaker. Wink

For the website in question I'd guess so. Smiley

Am actually hoping to go up against the likes of Diaspora by having private content securely encrypted over plain HTTP (a feature recently developed).

(a feature recently developed)?

did you have any detail for me.thank you much

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:21:32 PM
 #12

I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China. Wink
bitcoin has arrived in China long time just you never know it or less know it.

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
Severian
Sr. Member
****
Offline Offline

Activity: 336


anarchistic marketist


View Profile WWW

Ignore
September 23, 2012, 03:24:13 PM
 #13

bitcoin has arrived in China long time just you never know it or less know it.

"Arrived" is also an American idiom that means, "has come of age" or "has come into its own".

It's a good thing.Smiley

"The synonym of usury is ruin." -Samuel Johnson
CIYAM
Hero Member
*****
Offline Offline

Activity: 910


Ian Knowles - CIYAM Lead Developer


View Profile WWW

Ignore
September 23, 2012, 03:27:12 PM
 #14

did you have any detail for me.thank you much

Sure - when you provide a password to "log in" then this is hashed along with a UUID to then encrypt an AJAX type request.

Your request will just look like rubbish to any MITM watcher and all content returned via the AJAX request (which is all the content and why Google can't see anything) is encrypted not with the same key but with another hash (determined client side from the original).

Due to the use of a UUID it is not possible to use a "replay" attack from watching the original login post (hope this makes sense).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Desolator
Sr. Member
****
Offline Offline

Activity: 378



View Profile

Ignore
September 23, 2012, 03:27:46 PM
 #15

There's a way I learned in programming class that's much better and leaves your site google index-able.  It's called don't code it like a dumbass and don't leave it open to SQL injections.  Handle all characters related to SQL statement strings and they'll never hit the database!

Also, don't use server 03 lol.  Since this was china, I guarantee it was an illegal copy too so it was probably missing all service packs, lol.

If you really, really, really wuv me, you can send me BTC Cheesy 1E9KYg64m1fceAXTsLY2VfXK5u2eL7a3St
CIYAM
Hero Member
*****
Offline Offline

Activity: 910


Ian Knowles - CIYAM Lead Developer


View Profile WWW

Ignore
September 23, 2012, 03:30:22 PM
 #16

There's a way I learned in programming class that's much better and leaves your site google index-able.ably missing all service packs, lol.

Actually I am building CMS extensions that will generate real pages that can be indexed by Google, etc. (has just not been my priority).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
BCB
CTG
VIP
Hero Member
*
Offline Offline

Activity: 728


BCJ


View Profile

Ignore
September 23, 2012, 03:32:09 PM
 #17

I'm certain you could have public facing and searchable pages and use your encryption starting a log in.  Why would google need to index your protected pages as long as the public urls say where it is and what it does.
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:33:09 PM
 #18

There's a way I learned in programming class that's much better and leaves your site google index-able.ably missing all service packs, lol.

Actually I am building CMS extensions that will generate real pages that can be indexed by Google, etc. (has just not been my priority).


My website is the use of CMS
base PHP and ASP

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
hxtop
Hero Member
*****
Offline Offline

Activity: 608


The Chinese Bitcoin information port www.hxtop.com


View Profile WWW

Ignore
September 23, 2012, 03:35:08 PM
 #19

bitcoin has arrived in China long time just you never know it or less know it.

"Arrived" is also an American idiom that means, "has come of age" or "has come into its own".

It's a good thing.Smiley
China is a big market, any product can find business opportunities in China. BITCOIN precisely

Welcome to chinese bitcoin website: http://www.hxtop.com  ;I am planing for bitcoin business in china,if you interesting mail me:swemp@qq.com or skype: swemp.chen QQ:970617
CIYAM
Hero Member
*****
Offline Offline

Activity: 910


Ian Knowles - CIYAM Lead Developer


View Profile WWW

Ignore
September 23, 2012, 03:35:59 PM
 #20

I'm certain you could have public facing and searchable pages and use your encryption starting a log in.  Why would google need to index your protected pages as long as the public urls say where it is and what it does.

Yes - this is under development (just not a big priority yet).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!