hxtop (OP)
|
|
September 23, 2012, 01:54:57 PM |
|
BTCThe china's largest and earliest bitcoin website information portal http://www.hxtop.com as hackers through sql injection bug get the control of the virtual host(windows2003 system) hxtop.com unable to access normally now. hxtop.com website source code stolen or be deleted by the hacker Virtual host provider said that virtual host was hacked,but a few days have not recovered.as the backup data above the same server too , so the recovery time is longer,Maybe a lot of data will be lost said the virtual host provider. The recovery time of the website is not clearly determined, provided that the data is restored first. The hxtop.com webmaster "swemp" has actively coordinate the handling of data recovery, and intends to replace it with a new web hosting space. The bitcoin community development so far, security event incidents continue. In order to better service the website viewers of hxtop.com We will try to resume as soon as possible.said the webmaster "swemp" if some idea please mailto:swemp@qq.com
|
|
|
|
|
|
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
September 23, 2012, 02:57:03 PM |
|
Winblow and SQL injection really???
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:03:08 PM |
|
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection). The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL).
|
|
|
|
Severian
|
|
September 23, 2012, 03:07:18 PM |
|
I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
September 23, 2012, 03:08:20 PM |
|
The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). That's not a weakness. It's a deal breaker.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:11:55 PM |
|
That's not a weakness. It's a deal breaker. For the website in question I'd guess so. Am actually hoping to go up against the likes of Diaspora by having private content securely encrypted over plain HTTP (a feature recently developed).
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
September 23, 2012, 03:15:17 PM |
|
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection). The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Don't lose your (worthy) time.
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:15:57 PM |
|
SQL injection get the db rights and then got the admin password of the host? In china more and more website gus like to use the same Virtual host runing the website. so the problem is each website code Not safe enough.
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:16:47 PM |
|
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection). The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Don't lose your (worthy) time. Thank you for reminding me
|
|
|
|
goodlord666
Sr. Member
Offline
Activity: 434
Merit: 250
100%
|
|
September 23, 2012, 03:18:09 PM |
|
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection). The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). Don't lose your (worthy) time. Care to explain?
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:19:03 PM |
|
That's not a weakness. It's a deal breaker. For the website in question I'd guess so. Am actually hoping to go up against the likes of Diaspora by having private content securely encrypted over plain HTTP (a feature recently developed). (a feature recently developed)? did you have any detail for me.thank you much
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:21:32 PM |
|
I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China. bitcoin has arrived in China long time just you never know it or less know it.
|
|
|
|
Severian
|
|
September 23, 2012, 03:24:13 PM |
|
bitcoin has arrived in China long time just you never know it or less know it.
"Arrived" is also an American idiom that means, "has come of age" or "has come into its own". It's a good thing.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:27:12 PM |
|
did you have any detail for me.thank you much
Sure - when you provide a password to "log in" then this is hashed along with a UUID to then encrypt an AJAX type request. Your request will just look like rubbish to any MITM watcher and all content returned via the AJAX request (which is all the content and why Google can't see anything) is encrypted not with the same key but with another hash (determined client side from the original). Due to the use of a UUID it is not possible to use a "replay" attack from watching the original login post (hope this makes sense).
|
|
|
|
Desolator
|
|
September 23, 2012, 03:27:46 PM |
|
There's a way I learned in programming class that's much better and leaves your site google index-able. It's called don't code it like a dumbass and don't leave it open to SQL injections. Handle all characters related to SQL statement strings and they'll never hit the database!
Also, don't use server 03 lol. Since this was china, I guarantee it was an illegal copy too so it was probably missing all service packs, lol.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:30:22 PM |
|
There's a way I learned in programming class that's much better and leaves your site google index-able.ably missing all service packs, lol.
Actually I am building CMS extensions that will generate real pages that can be indexed by Google, etc. (has just not been my priority).
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
September 23, 2012, 03:32:09 PM |
|
I'm certain you could have public facing and searchable pages and use your encryption starting a log in. Why would google need to index your protected pages as long as the public urls say where it is and what it does.
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:33:09 PM |
|
There's a way I learned in programming class that's much better and leaves your site google index-able.ably missing all service packs, lol.
Actually I am building CMS extensions that will generate real pages that can be indexed by Google, etc. (has just not been my priority). My website is the use of CMS base PHP and ASP
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:35:08 PM |
|
bitcoin has arrived in China long time just you never know it or less know it.
"Arrived" is also an American idiom that means, "has come of age" or "has come into its own". It's a good thing. China is a big market, any product can find business opportunities in China. BITCOIN precisely
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:35:59 PM |
|
I'm certain you could have public facing and searchable pages and use your encryption starting a log in. Why would google need to index your protected pages as long as the public urls say where it is and what it does.
Yes - this is under development (just not a big priority yet).
|
|
|
|
URSAY
Legendary
Offline
Activity: 1946
Merit: 1000
|
|
September 23, 2012, 03:36:08 PM |
|
Could this have anything to do with the recent sell off?
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:37:51 PM |
|
Could this have anything to do with the recent sell off? I very much doubt that - the volume on btcchina has been well under 1000 btc per day for quite a while.
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:39:46 PM |
|
I'm certain you could have public facing and searchable pages and use your encryption starting a log in. Why would google need to index your protected pages as long as the public urls say where it is and what it does.
Yes - this is under development (just not a big priority yet). That a good idea if got any progress please note me.
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:43:38 PM |
|
Could this have anything to do with the recent sell off? I very much doubt that - the volume on btcchina has been well under 1000 btc per day for quite a while. By comparing last year's transaction data (btcchina.com) 1000 btc per day has been great progress. That means the Chinese market gradually bigger . dod't you think?
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 23, 2012, 03:46:24 PM |
|
By comparing last year's transaction data (btcchina.com) 1000 btc per day has been great progress. That means the Chinese market gradually bigger . dod't you think?
For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume).
|
|
|
|
hxtop (OP)
|
|
September 23, 2012, 03:51:51 PM |
|
By comparing last year's transaction data (btcchina.com) 1000 btc per day has been great progress. That means the Chinese market gradually bigger . dod't you think?
For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume). China is a traditional country, and the country's legal and institutional severe restrictions "free", BITCOIN's spirit of freedom, so the national government can not let you "free". But we will try to make more and more Chinese people receive BITCOIN and use it. There is so much trading volume, and I think that also need more foreigners to cooperate or help us to open this big market in China.
|
|
|
|
lebing
Legendary
Offline
Activity: 1288
Merit: 1000
Enabling the maximal migration
|
|
September 23, 2012, 06:10:42 PM |
|
The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). That's not a weakness. It's a deal breaker. Actually, google isnt the biggest engine in china...
|
Bro, do you even blockchain? -E Voorhees
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
September 23, 2012, 06:18:33 PM |
|
The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). That's not a weakness. It's a deal breaker. Actually, google isnt the biggest engine in china... If google can't index it neither can any other search engine.
|
|
|
|
Otoh
Donator
Legendary
Offline
Activity: 3024
Merit: 1105
|
|
September 23, 2012, 07:48:46 PM |
|
I'm sorry to hear it but to take a positive view, this means that bitcoin has arrived in China. bitcoin has arrived in China long time just you never know it or less know it. China <3 bitcoin long time http://bitcoincharts.com/charts/btcnCNY#igDailyztgSzm1g20zm2g50zvzl but mostly last June was the hottest
|
|
|
|
Ubrixorg
Newbie
Offline
Activity: 16
Merit: 0
|
|
September 23, 2012, 08:23:58 PM |
|
Linux r0x.
|
|
|
|
Desolator
|
|
September 23, 2012, 09:10:24 PM |
|
Yeah, use parameters in the database and/or remove all double quotes from all input fields anywhere on the website. Any site that gets hit by an SQL injection fired a programmer that graduated at least a decade ago because nobody these days is that stupid.
|
|
|
|
n8rwJeTt8TrrLKPa55eU
|
|
September 23, 2012, 09:21:04 PM Last edit: September 23, 2012, 09:33:08 PM by n8rwJeTt8TrrLKPa55eU |
|
Yeah, use parameters in the database and/or remove all double quotes from all input fields anywhere on the website. Any site that gets hit by an SQL injection fired a programmer that graduated at least a decade ago because nobody these days is that stupid.
Right, the history of programming incompetence at Bitcoin websites is astounding, especially for businesses dealing with money. Assuming typical Microsoft service stack of 2003/SQL/IIS/ASP.NET, .NET has had a built-in query framework called LINQ for quite a few years, which does proper parametrization automatically. I'm sure we will next hear that the hacked machine had a 100% hot wallet on it.
|
|
|
|
hxtop (OP)
|
|
September 24, 2012, 12:17:36 AM |
|
The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). That's not a weakness. It's a deal breaker. Actually, google isnt the biggest engine in china... Actually, google isnt the biggest engine in china... that correct google.com can not be accessed because of a national firewall in China, Chinese users can only access with google.cn, however, limited functionality, a lot of good foreign websites are filtered!
|
|
|
|
MemoryDealers
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
September 24, 2012, 01:44:26 AM |
|
For sure the volume has greatly increased since last year - but nothing has dramatically changed very recently (was actually a little surprised that the "memorydealers" visit seemingly had no effect this time when last time it caused a huge jump in volume).
I actually wasn't able to go earlier this moth as I had planned. I'm sure I will make another visit to China again soon.
|
|
|
|
flower1024
Legendary
Offline
Activity: 1428
Merit: 1000
|
|
September 24, 2012, 06:42:55 AM |
|
If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection). The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL). how are you doing this? select * from users where user='flower' and pwd='flower' select * from users where user='flower' and pwd='flower' or ''='' how does your layer detect the second fraudulent call?
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 24, 2012, 06:46:06 AM |
|
select * from users where user='flower' and pwd='flower' select * from users where user='flower' and pwd='flower' or ''=''
how does your layer detect the second fraudulent call?
There are no SQL queries manually coded anywhere in my system - all SQL is generated by the application server so the above simply could not occur. A big advantage to this approach (apart from security) is that fields can be renamed without having to manually change any code (after renaming a "regenerate" performs all require changes).
|
|
|
|
flower1024
Legendary
Offline
Activity: 1428
Merit: 1000
|
|
September 24, 2012, 06:51:51 AM |
|
select * from users where user='flower' and pwd='flower' select * from users where user='flower' and pwd='flower' or ''=''
how does your layer detect the second fraudulent call?
There are no SQL queries manually coded anywhere in my system - all SQL is generated by the application server so the above simply could not occur. A big advantage to this approach (apart from security) is that fields can be renamed without having to manually change any code (after renaming a "regenerate" performs all require changes). ok, but this requires a rewrite of all sql statements of the existing site. so their is no need for your layer - just go with named parameters then and you are fine
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 24, 2012, 07:00:40 AM |
|
ok, but this requires a rewrite of all sql statements of the existing site. so their is no need for your layer - just go with named parameters then and you are fine
Well not a rewrite of SQL statements (as there are none in my system) but it would be an entirely new application so I do understand that it's probably more likely that some sort of minimal approach (as you suggest) to fixing things up would be taken.
|
|
|
|
flower1024
Legendary
Offline
Activity: 1428
Merit: 1000
|
|
September 24, 2012, 07:04:14 AM |
|
ok, but this requires a rewrite of all sql statements of the existing site. so their is no need for your layer - just go with named parameters then and you are fine
Well not a rewrite of SQL statements (as there are none in my system) but it would be an entirely new application so I do understand that it's probably more likely that some sort of minimal approach (as you suggest) to fixing things up would be taken. ah ok now understand you. you offer a middleware/appserver which exposes some functions (like Authenticate(user, pwd)) and you do all the fancy sql stuff in there? personally i dont like seperate server (esp. not if using asp.net), but anyhow its a working solution.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 24, 2012, 07:14:26 AM |
|
It's perhaps a little more like a complete platform (such as Ruby on Rails) and sure I understand not everyone wants to learn how to work with such a beast. The really good thing about the system/platform is that you can build complete web applications without writing code at all.
|
|
|
|
flower1024
Legendary
Offline
Activity: 1428
Merit: 1000
|
|
September 24, 2012, 07:18:22 AM |
|
The really good thing about the system/platform is that you can build complete web applications without writing code at all. thats the reason i dont like it but anyway: good work; if you could make it bitcoin aware (eg provide functions/triggers which communicate directly with bitcoind) i might take a look instead of reinventing the wheel.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1075
Ian Knowles - CIYAM Lead Developer
|
|
September 24, 2012, 07:28:55 AM |
|
but anyway: good work; if you could make it bitcoin aware (eg provide functions/triggers which communicate directly with bitcoind) i might take a look instead of reinventing the wheel.
Thanks - I will be adding support for "bitcoind" calls as part of the first application I intend to promote with the launch of the system later this year (can't say much about the application itself). Apart from the "secret application" it already has Forum and Blog packages and it will also have a complete webmail application as well (with GPG support).
|
|
|
|
the_thing
Sr. Member
Offline
Activity: 546
Merit: 252
Proof-of-Stake Blockchain Network
|
|
September 24, 2012, 01:46:04 PM |
|
Could this have anything to do with the recent sell off? No. The recent sell off has been caused by finding out that BFL is a scam and there will be no ASIC.
|
|
|
|
|
,gaaaaaaaagaaaaaaaaaaaaagaaaaaaaag, ,aP8b _,dYba, ,adPb,_ d8Ya, ,aP" Yb_,dP" "Yba, ,adP" "Yb,_dP "Ya, ,aP" _88" )888( "88_ "Ya, ,aP" _,dP"Yb ,adP"8"Yba, dP"Yb,_ "Ya, ,aPYb _,dP8 Yb ,adP" 8 "Yba, dP 8Yb,_ dPYa, ,aP" YdP" dP YbdP" 8 "YbdP Yb "YbP "Ya, I8aaaaaa8aaa8baaaaaa88aaaaaaaa8aaaaaaaa88aaaaaad8aaa8aaaaaa8I `Yb, d8a, Ya d8b, 8 ,d8b aP ,a8b ,dP' "Yb,dP "Ya "8, dI "Yb, 8 ,dP" Ib ,8" aP" Yb,dP" "Y8, "YaI8, ,8' "Yb, 8 ,dP" `8, ,8IaP" ,8P" "Yb, `"Y8ad' "Yb,8,dP" `ba8P"' ,dP" "Yb, `"8, "Y8P" ,8"' ,dP" "Yb, `8, 8 ,8' ,dP" "Yb, `Ya 8 aP' ,dP" "Yb, "8, 8 ,8" ,dP" "Yb, `8, 8 ,8' ,dP" "Yb, `Ya 8 aP' ,dP" "Yb, "8, 8 ,8" ,dP" "Yb,`8, 8 ,8',dP" "Yb,Ya8aP,dP" "Y88888P" "Y8P" "
| | Free TON
| │ │ │
| PEER-TO-PEER MULTY-BLOCKCHAIN SYSTEM ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬. ▬▬▬TON SURF - OFFICIAL WALLET. | │ │ │
| ▄███████████████████▄ █████████████████████ ▄█████ █████████████████████ ██████ ████ ████ ███ █████████████████████ ██████ ████ ████ ██████ █████████████████████ ███ █████████████████████ ███████ ▀███████████████████▀ ▀███████▄▄▄▄▄▄▄ ▀████ ████▌ ██ ▐██▌ █▌
| | | | │ │ │
| | | | │ │ │
| | TELEGRAM FORUM WIKI |
|
|
|
flower1024
Legendary
Offline
Activity: 1428
Merit: 1000
|
|
September 24, 2012, 01:47:06 PM |
|
Could this have anything to do with the recent sell off? No. The recent sell off has been caused by finding out that BFL is a scam and there will be no ASIC. LoL
|
|
|
|
|