Openex hacked but coins recovered

[pedemaann]

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

Hide me now !!

support free ,I'm expert about security on Linux.

[phil92]

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

smh
I'm mixing some plutonium and uranium in my bathroom right now trying to build a nuclear weapon. Don't know if this is gonna work but let's give it a try.

[allyouracid]

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

Hello r3wt,

first of all: great that the attacker hasn't moved the BTC yet and you were able to recover them.

But also - and i don't want to sound insulting - if that was really your first server, i would really not run something important on it, especially if it "stores" money of other people.
Meanwhile, i have multiple years of Linux server experience and i'd say i know pretty well what i do. But under no circumstances i would run something myself which could affect others, especially when it comes down to money. And, as others have already said, there were some general failures (no need to repeat them over and over) which should not have happened.

Server administration is nothing to just try and grow with it... learning by doing just cannot be applied here.

Please, for the sake of your users, get an admin whom you trust to handle such stuff. Just installing some kind of "auto-admin-tool" really is not a solution.

Again, i don't want to sound insulting (i really don't). But when it comes down to money, people become very creative.

[phil92]

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

smh
I'm mixing some plutonium and uranium in my bathroom right now trying to build a nuclear weapon. Don't know if this is gonna work but let's give it a try.

So far so g

[r3wt]

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

[evoked22]

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

You can always place a bounty and ask people to try and get into the system before putting it live. You can even ask people what are the best methods of applying security.

Im sure people would be happy to support a new exchange.

[pedemaann]

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

[SweetLou]

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

well according to his post that you quoted, in the morning.

[r3wt]

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

well according to his post that you quoted, in the morning.

i have your request to. really i'm just letting them build up. i'm bout to drink my coffee. i couldn't sleep so i'm going to send whatevers in the queue after i drink my coffee.

[bitpop]

Try some basic digital ocean tutorials. I have much more security on a bitcoin node that has no funds and you didnt even change the ssh port or use keys? Thats insane.

[CatCoin]

Why is it that the entire crypto community seems to be security-challenged?  That's a serious question.  It's absolutely pathetic that the people representing crypto seem to generally have the experience level of "derp, where did they take my megahortz?"

If you don't know exactly how to lock a server down, *** you sure as hell shouldn't start by trying to run one that stores other peoples' money ***

The scary thing is, thanks to overconfident new school "developers", all of us are at risk no matter how careful we are personally.  Somewhere out there, your personal data is about to be "put in the cloud" by one of these people who have convinced your doctor, your lawyer, your bank, your credit card company, etc... that that's the way of the future... and there's nothing you can do to stop it.

[bitpop]

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."

It also bothers me the elite developers keep inventing new crap like nodejs when we haven't learned the simplest of things.

[CatCoin]

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."

I've unfortunately seen how some of them do it, and it's by hiring others who have tricked them into believing that they're cut out for the job to do it for them.  I just got done cleaning up the mess from one of these instances for someone who was fooled.  Same deal, SSH on port 22, MySQL open to the outside world with admin/mysql or something similar as a password setup.  Drupal with similarly stupid passwords, etc..

The best part was that they paid this moron $2,500 to do that for them.  $2,500 for about 10 minutes of following a tutorial written by a moron who shouldn't be writing tutorials.

It's really, really not funny at this point.  It makes me want to smash my head off a brick wall repeatedly until it stops.

[bitpop]

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."

I've unfortunately seen how some of them do it, and it's by hiring others who have tricked them into believing that they're cut out for the job to do it for them.  I just got done cleaning up the mess from one of these instances for someone who was fooled.  Same deal, SSH on port 22, MySQL open to the outside world with admin/mysql or something similar as a password setup.  Drupal with similarly stupid passwords, etc..

It's really, really not funny at this point.  It makes me want to smash my head off a brick wall repeatedly until it stops.

I suck at Linux but I always change my port, configure ufw and use keys. I feel stupid for not doing more but it seems I'm in the 99% percentile. No wonder target got hacked.

[r3wt]

Catcoin bitpop, you're both full of shit. enjoy your day in the sun where you get to sit high and mighty. it won't last long.

[bitpop]

Catcoin bitpop, you're both full of shit. enjoy your day in the sun where you get to sit high and mighty. it won't last long.

Relax you got a free lesson. You do have to admit it was incompetent though. I'm not sitting high, I would never attempt what you did even with what i know.

[CatCoin]

What are you even talking about?  "It won't last long"?  You're welcome to dispute anything I said, but there's nothing to dispute.  

You got in over your head.  That's life.  I respect that you're aiming to pay people back.  Learn from your mistakes and don't do it again.  

[Snail2]

I'm astounded.  root login, password ugh!

1) non-standard port
2) no root login
3) ssh key entry only
4) iptables ip restriction

+ syslog export to a separate server with different credentials and strict IP restrictions.

[bitpop]

Op, there was another underage kid that lost 100k btc a year ago. The younger generation is very eager but reckless.

[CatCoin]

Let's play "cutting corners with the Millenials"

1.)  Learns about bitcoin

2.)  Writes "hello world" using javascript
(optional / 2a) - Starts accepting investments  *edit*  holy shit, I was joking, but this really happened.

3.)  Opens an internet currency exchange