SCAMMER TradeFortress P-T'ed my site without permission, no damage afaik. CLOSED

[MoneypakTrader.com]

[...] I don't owe you a single satoshi. I have never agreed to a refund for starters, so by that definition I don't owe you anything.
[...]

I hereby withdraw my offer for your P/T of my site, if you can prove to have conducted the P/T and produced the fixes and related work prior to now, I will credit your debt appropriately.

If anyone wants to assume TF debt, I am willing to assign it to an appropriate charity for collections.

[1714891593]

1714891593

[1714891593]

1714891593

[1714891593]

1714891593

[MPOE-PR]

I'm replying to a CLOSED thread, I'm such a rebel.

Lol. So much for having this thread locked.

OPs implementation of thread locking has a serious vulnerability. Here's a bounty of 15 OMG WTF BBQ for anyone fixing it to be called a scammer.

[MoneypakTrader.com]

[...] I don't owe you a single satoshi. I have never agreed to a refund for starters, so by that definition I don't owe you anything.
[...]

I hereby withdraw my offer for your P/T of my site, [...]

My site received P/T's from 3 different new accounts since I withdrew the offer.
Total vulnerabilities = 0
Site has been upgraded to IMPENETRABLE status.

[raze]

[...] I don't owe you a single satoshi. I have never agreed to a refund for starters, so by that definition I don't owe you anything.
[...]

I hereby withdraw my offer for your P/T of my site, [...]

My site received P/T's from 3 different new accounts since I withdrew the offer.
Total vulnerabilities = 0
Site has been upgraded to IMPENETRABLE status.

3 failed pentests make it impenetrable?

1. "Don't practice until you succeed, practice until you can't fail". I hate to burst your impenetrable bubble, but it only takes one person who knows something the others don't to exploit a site/server.

2. There's no such thing as impenetrable status. If you're smart, you'll stop taunting people to try and exploit your site.

3. You're naive enough to assume that you can keep a totally 100% hack-proof invulnerable site of awesomeness, but no-one else can? Even if there were no vulnerabilities found in your site now, what about tomorrow? Next week? New vulns are found every single day and made public, you can't be safe forever.

So just stop.

[🏰 TradeFortress 🏰]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

[MoneypakTrader.com]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

Hey Dumbass,
 I already know you're a lying scammer, my memory isn't that bad. Go Fuck off, because we both know my site is rock-solid secure since I hardened it from when you used that simple sql exploit that my original programmer failed to account for. It's been fixed and YOU ARE IMPOTENT.
 You got in once, congrats. If you weren't lying out your assface, you could easily post some *recent* info from the admin panel, maybe a couple lines of the tests I've been running as admin since there's no sensitive info in that.
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

[raze]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

Hey Dumbass,
 I already know you're a lying scammer, my memory isn't that bad. Go Fuck off, because we both know my site is rock-solid secure since I hardened it from when you used that simple sql exploit that my original programmer failed to account for. It's been fixed and YOU ARE IMPOTENT.
 You got in once, congrats. If you weren't lying out your assface, you could easily post some *recent* info from the admin panel, maybe a couple lines of the tests I've been running as admin since there's no sensitive info in that.
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

Eesh, for a professional account, you should probably lay off with those sort of attacks. By all means speak your mind, but just be a little more civil, yeah? You're making your business look bad.

[🏰 TradeFortress 🏰]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

Hey Dumbass,
 I already know you're a lying scammer, my memory isn't that bad. Go Fuck off, because we both know my site is rock-solid secure since I hardened it from when you used that simple sql exploit that my original programmer failed to account for. It's been fixed and YOU ARE IMPOTENT.
 You got in once, congrats. If you weren't lying out your assface, you could easily post some *recent* info from the admin panel, maybe a couple lines of the tests I've been running as admin since there's no sensitive info in that.
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

First of all, I did not use a SQL injection, I used XSS. Get your facts right.

Do you want to escrow? I send 27 BTC to John. You send 10 BTC. If I break into your site again, I get your 10 BTC. If I fail to do so within a week (and the site has being up), you get 27 BTC.

Also, why the fuck would I steal your coins. I don't do that.

[r3wt]

I got my money on Tradefortress!!!

[MoneypakTrader.com]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

[...]
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

[...] If I break into your site again, I get your 10 BTC. If I fail to do so within a week (and the site has being up), you get 27 BTC.

So I can either lose 10 btc if you're right (which is less than a 1% possibility) or I can gain nothing if I'm right because it would go to charity (99%+ possibility). Even at those excellent odds it's a losing proposition.
Please STFU and stop harassing my baby with your BS claims.

Also, why the fuck would I steal your coins. I don't do that.

Let's see, maybe because you're a thief and it's in your nature? That's why you defrauded the 27 bitcoins from me with the promise of a functional website (similar to the one I have now) which you could have easily hosted to show you actually did it, but can't because in reality you're incapable to code a bitcoin ecommerce website.

[🏰 TradeFortress 🏰]

I'll send 50 BTC to John. You send 10 BTC to John. I hack your site, I get your 10 BTC and my 50 BTC. I can't hack your site, you get my 50 BTC and your 10 BTC.

When are we doing this? I always love free money

[matt4054]

You had written CLOSED in the subject. You should have sticked to it. You are ridiculing yourself, IMHO. And really... read your FAQ again.... WTF is this

12. I need to know your business incorporation details and/or personal info before I invest. If you don't provide this I'm going to call you a scammer and flame you in the forums or otherwise blackmail you.

No, we won't be providing any of this info or otherwise cooperating with your blackmail attempts. If you persist in attempting to blackmail us, we will respond with countermeasures.

Do you know the difference between a commercial website, a forum post, and a PM?
I would never trust your website after reading such things. Your attitude is childish.
You can call me names now and prove me right, or you could learn a lesson and make some progress...

[MoneypakTrader.com]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

[...]
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

[...] If I break into your site again, I get your 10 BTC. If I fail to do so within a week (and the site has being up), you get 27 BTC.

So I can either lose 10 btc if you're right (which is less than a 1% possibility) or I can gain nothing if I'm right because it would go to charity (99%+ possibility). Even at those excellent odds it's a losing proposition.
Please STFU and stop harassing my baby with your BS claims.

Also, why the fuck would I steal your coins. I don't do that.

Let's see, maybe because you're a thief and it's in your nature? That's why you defrauded the 27 bitcoins from me with the promise of a functional website (similar to the one I have now) [but] in reality you're incapable to code a bitcoin ecommerce website.

Maybe I didn't make it clear: I have no intention of ever doing any kind of business with you ever again.
The fact that the scumbag who scammed me out of 27 BTC is asking me to send coins to someone makes me sick.
You defrauded me out of 27 BTC, congrats, I'm not going to take any risk of legitimizing your theft.
I overlooked the fact that you illegally hacked into my site with a simple exploit, I even reduced your debt.
I also gave you the opportunity to come clean and reveal any information you have about site vulnerabilities for more debt reduction. You refused and that deal is now over so go fuck yourself you sorry scamming bastard.

[MoneypakTrader.com]

BTW, your offer sounds just like the time:
A) you offered to pay for arbitration,
B) You NEVER filed the case, so I filed one with the option of splitting the fee
C) I paid half the fee after you refused to pay the full fee as you originally promised
D) You then REFUSED to pay even half the arbitration fee
E) Then you REFUSED to participate in arbitration blaming the arbitrator for taking to long

It's all in the forum records. . .

I have learned to give your promises the appropriate weight they deserve.

[🏰 TradeFortress 🏰]

tl;dr: MPT blundered by making statements that he now backtracks.

I'm happy to do this through an escrow.

[whiskers75]

TF: Stop writing "has been" as "has being"!
Erm.... TradeFortress, prove that you can hack in by, I don't know, changing the admin user's name?

[MoneypakTrader.com]

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

[...]
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

[...] If I break into your site again, I get your 10 BTC. If I fail to do so within a week (and the site has being up), you get 27 BTC.

So I can either lose 10 btc if you're right (which is less than a 1% possibility) or I can gain nothing if I'm right because it would go to charity (99%+ possibility). Even at those excellent odds it's a losing proposition.
Please STFU and stop harassing my baby with your BS claims.

Also, why the fuck would I steal your coins. I don't do that.

Let's see, maybe because you're a thief and it's in your nature? That's why you defrauded the 27 bitcoins from me with the promise of a functional website (similar to the one I have now) [but] in reality you're incapable to code a bitcoin ecommerce website.

Maybe I didn't make it clear: I have no intention of ever doing any kind of business with you ever again.
The fact that the scumbag who scammed me out of 27 BTC is asking me to send coins to someone makes me sick.
You defrauded me out of 27 BTC, congrats, I'm not going to take any risk of legitimizing your theft.
I overlooked the fact that you illegally hacked into my site with a simple exploit, I even reduced your debt.
I also gave you the opportunity to come clean and reveal any information you have about site vulnerabilities for more debt reduction. You refused and that deal is now over so go fuck yourself you sorry scamming bastard.

TF, you sound like a rapist trying to get into a victims house after having already raped the victim before, not gonna happen.

You show how much of a scumbag you are by attempting to extort more money having already scammed me for supposedly coding a complete site. And now you want more coin for making the site more secure after already fraudulently stolen more than enough coin to cover security updates (even though you are unwelcome from participating in the site at all, but you persist in harassing me about the site).
Attacking someone's site without permission and then trying to extort money from them is a real scumbag move, even though you're bullshitting and especially because you've already stolen enough to cover security fixes.
Fortunately, there's no evidence you have any current access to the admin panel or user accounts or you could verify it by posting some *recent* activity. Although the ethical thing to do is disclose the vulnerability, which you could even do publicly. But you're an unethical criminal who likes making easy coins by stealing them from me as you did with your fraudulent "I'm a web developer who can code a bitcoin accepting website" bullshit. Hard to imagine anyone can go through the whole history and take your side on this issue. . .
The code has been fixed and the site is secure, so Go Fuck Yourself.