Bitcoin Forum
December 03, 2016, 03:58:00 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MtGox really secure now  (Read 3797 times)
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
June 21, 2011, 06:40:15 PM
 #1

Quote
   Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/1040): Too many connections in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 25

    Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26

Thanks for the informative error message mtgox, I'm sure displaying stack trace to random visitors is really secure

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480780680
Hero Member
*
Offline Offline

Posts: 1480780680

View Profile Personal Message (Offline)

Ignore
1480780680
Reply with quote  #2

1480780680
Report to moderator
1480780680
Hero Member
*
Offline Offline

Posts: 1480780680

View Profile Personal Message (Offline)

Ignore
1480780680
Reply with quote  #2

1480780680
Report to moderator
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 21, 2011, 06:43:00 PM
 #2

Quote
I'm just waiting for hackers to release my proof information any time now
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 21, 2011, 06:46:03 PM
 #3

The great silent comedy continues...

The MTGox crisis in pictures...

http://www.youtube.com/watch?v=RWZD_bkNK-c

lets hope the ending is as good....
Tasty Champa
Member
**
Offline Offline

Activity: 84


View Profile
June 21, 2011, 06:56:03 PM
 #4

OP just added 3 more days.

Good Job!

arkados
Newbie
*
Offline Offline

Activity: 18


View Profile
June 21, 2011, 07:21:49 PM
 #5

Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip

200 OK
Got from support desk.
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!

Oh look look !!!
Quote
  <!--[if lt IE 9]>
  <script src="https://assets.zendesk.com/javascripts/vendor/html5_shiv.js?1308347461" type="text/javascript"></script>
  <![endif]-->
They actually hotlink javascript from zendesk's website for Internet Explorer users, in plain text in the HTML source code for everyone to see !! I shit in my pants, this is now the end of the world !!!!1

/joke


>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 21, 2011, 07:30:04 PM
 #6



Who is this twat?
TonyHoyle
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 21, 2011, 07:32:10 PM
 #7

No setting display_errors=Off is an amateur error that should never happen on a production site.  Information leak is the first stage to being hacked.
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 21, 2011, 07:40:25 PM
 #8

Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip

200 OK
Got from support desk.
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!

Oh look look !!!
Quote
  <!--[if lt IE 9]>
  <script src="https://assets.zendesk.com/javascripts/vendor/html5_shiv.js?1308347461" type="text/javascript"></script>
  <![endif]-->
They actually hotlink javascript from zendesk's website for Internet Explorer users, in plain text in the HTML source code for everyone to see !! I shit in my pants, this is now the end of the world !!!!1

/joke


>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now

Zendesk hosts the support desk by them selves. Mt. Gox simply CNAME "support.mtgox.com" to their servers.

BioMike
Legendary
*
Offline Offline

Activity: 1256


View Profile
June 21, 2011, 07:45:24 PM
 #9

Information leak is the first stage to being hacked.

Yes, that's just how security through obscurity works!

At least they use mysqli (which increases the chance that they used parametrized SQL).
Don't know if there are reported security issues with nginx 0.8.53.
kokojie
Legendary
*
Offline Offline

Activity: 1498



View Profile WWW
June 21, 2011, 07:57:34 PM
 #10

Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip

200 OK
Got from support desk.
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!

Oh look look !!!
Quote
  <!--[if lt IE 9]>
  <script src="https://assets.zendesk.com/javascripts/vendor/html5_shiv.js?1308347461" type="text/javascript"></script>
  <![endif]-->
They actually hotlink javascript from zendesk's website for Internet Explorer users, in plain text in the HTML source code for everyone to see !! I shit in my pants, this is now the end of the world !!!!1

/joke


>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now

Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.

If my post has been helpful, send me some love -> BTC: 1kokojUapmWqCqPw3Ch2rjcVh57tJEzka | PPC: PDyXAgA8eH47gokVW6zVZPSuu15aao5nZF | Bitshares: kokojie
My reputation
Freakin
Full Member
***
Offline Offline

Activity: 140


View Profile
June 21, 2011, 08:22:14 PM
 #11

Quote

Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.

What do they care?  They're making $30k/day...  they don't need a real job
gentakin
Member
**
Offline Offline

Activity: 98


View Profile
June 21, 2011, 08:31:47 PM
 #12

0.8.54 is the current "legacy stable" release of nginx. It contains 3 bug fixes, where only one might be security-related (segfault). So the MtGox web server is fine.

Printing out stack traces is bad. Let's hope they fixed the other things.

1HNjbHnpu7S3UUNMF6J9yWTD597LgtUCxb
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 21, 2011, 08:40:01 PM
 #13


Oh, thats rich!
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 21, 2011, 08:41:30 PM
 #14

Quote

Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.

What do they care?  They're making $30k/day...  they don't need a real job

not. any. more.....
Desu
Newbie
*
Offline Offline

Activity: 28



View Profile
June 21, 2011, 08:45:02 PM
 #15

So bad. Why do people still use this site, are they stupid.
Amen, +1

Tip me?
1KBuL4At3kKEsBbDwAqKa16CG4nbyjosdD
That's right, I'm a girl on the Interwebz
http://flipforbits.com/?id=1570
Spend cheaply, Win More. : ]
arkados
Newbie
*
Offline Offline

Activity: 18


View Profile
June 21, 2011, 08:54:46 PM
 #16

So bad. Why do people still use this site, are they stupid.
They want their money back.  Roll Eyes
That doesn't mean they aren't stupid.
But many of them still want to use Mt.Gox in the future.
That doesn't mean they are stupid.

Just sayin'...
Freakin
Full Member
***
Offline Offline

Activity: 140


View Profile
June 21, 2011, 08:58:48 PM
 #17

Quote

Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.

What do they care?  They're making $30k/day...  they don't need a real job

not. any. more.....

 Grin
Batouzo
Member
**
Offline Offline

Activity: 70


View Profile
June 21, 2011, 09:20:20 PM
 #18

Quote
   Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/1040): Too many connections in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 25

    Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26

Thanks for the informative error message mtgox, I'm sure displaying stack trace to random visitors is really secure

bbjansen
Newbie
*
Offline Offline

Activity: 14


View Profile
June 21, 2011, 09:47:32 PM
 #19

The twat who was CEO of HB Garry, a federal security firm, and got hacked by Anonymous when he claimed he knew the "leaders" entities.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!