Bitcoin Forum
November 17, 2024, 01:22:44 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
Author Topic: Openex hacked but coins recovered  (Read 14317 times)
pedemaann
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
January 14, 2014, 08:18:09 AM
 #61

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

Hide me now !!

support free ,I'm expert about security on Linux.

greece pool http://greece.xpoolcoin.com ! 0.5 FEE
titanium pool http://titanium.xpoolcoin.com ! 0.5 FEE

Forum:http://forum.xpoolcoin.com
Twitter :https://twitter.com/xpoolcoin
Email :support@xpoolcoin.com
phil92
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
January 14, 2014, 08:22:27 AM
 #62

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

smh
I'm mixing some plutonium and uranium in my bathroom right now trying to build a nuclear weapon. Don't know if this is gonna work but let's give it a try.
allyouracid
Legendary
*
Offline Offline

Activity: 2321
Merit: 1292


Encrypted Money, Baby!


View Profile
January 14, 2014, 08:39:00 AM
 #63

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.
Hello r3wt,

first of all: great that the attacker hasn't moved the BTC yet and you were able to recover them.

But also - and i don't want to sound insulting - if that was really your first server, i would really not run something important on it, especially if it "stores" money of other people.
Meanwhile, i have multiple years of Linux server experience and i'd say i know pretty well what i do. But under no circumstances i would run something myself which could affect others, especially when it comes down to money. And, as others have already said, there were some general failures (no need to repeat them over and over) which should not have happened.

Server administration is nothing to just try and grow with it... learning by doing just cannot be applied here.

Please, for the sake of your users, get an admin whom you trust to handle such stuff. Just installing some kind of "auto-admin-tool" really is not a solution.

Again, i don't want to sound insulting (i really don't). But when it comes down to money, people become very creative.

Don't visit my shitcoin blog: OCOIN.DEV
Use cointracking.info for tax declaration & tracking of your trades!
phil92
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
January 14, 2014, 08:51:58 AM
 #64

* SSH server with root access

* with password auth

* no backups

=> get your coins out of this disaster and fast. The owner has no clue to what he is doing.

it's my first server, doesn't mean i'm incapable of learning i just don't know because i'm not experienced. maybe i'll find someone who is and hire them to teach me how to properly secure the server.

smh
I'm mixing some plutonium and uranium in my bathroom right now trying to build a nuclear weapon. Don't know if this is gonna work but let's give it a try.

So far so g
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
January 14, 2014, 09:00:57 AM
 #65

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
evoked22
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
January 14, 2014, 09:13:38 AM
 #66

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

You can always place a bounty and ask people to try and get into the system before putting it live. You can even ask people what are the best methods of applying security.

Im sure people would be happy to support a new exchange.

SnZN5o2ePUgtr9roQyavBC3r41vz7p63ne
pedemaann
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
January 14, 2014, 09:18:11 AM
Last edit: January 14, 2014, 09:37:13 AM by pedemaann
 #67

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

greece pool http://greece.xpoolcoin.com ! 0.5 FEE
titanium pool http://titanium.xpoolcoin.com ! 0.5 FEE

Forum:http://forum.xpoolcoin.com
Twitter :https://twitter.com/xpoolcoin
Email :support@xpoolcoin.com
SweetLou
Full Member
***
Offline Offline

Activity: 210
Merit: 100

http://Sweet.Domains


View Profile WWW
January 14, 2014, 10:43:07 AM
 #68

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

well according to his post that you quoted, in the morning.

I sell domain names, check out my thread here or you can also visit my website Sweet.Domains.
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
January 14, 2014, 10:48:02 AM
 #69

all the btc is confirmed. i'll start sending out payments in the morning.

we are gonna go back to work and take every step to ensure when we reopen the exchange it will run more smoothly and be more secure.

hi,

 I withdrew money from  you server but it still pending . When I can coin ?

Thanks

well according to his post that you quoted, in the morning.

i have your request to. really i'm just letting them build up. i'm bout to drink my coffee. i couldn't sleep so i'm going to send whatevers in the queue after i drink my coffee.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 14, 2014, 10:48:51 AM
 #70

Try some basic digital ocean tutorials. I have much more security on a bitcoin node that has no funds and you didnt even change the ssh port or use keys? Thats insane.

CatCoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
January 14, 2014, 10:51:21 AM
 #71

Why is it that the entire crypto community seems to be security-challenged?  That's a serious question.  It's absolutely pathetic that the people representing crypto seem to generally have the experience level of "derp, where did they take my megahortz?"

If you don't know exactly how to lock a server down, *** you sure as hell shouldn't start by trying to run one that stores other peoples' money ***

The scary thing is, thanks to overconfident new school "developers", all of us are at risk no matter how careful we are personally.  Somewhere out there, your personal data is about to be "put in the cloud" by one of these people who have convinced your doctor, your lawyer, your bank, your credit card company, etc... that that's the way of the future... and there's nothing you can do to stop it.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 14, 2014, 11:00:26 AM
 #72

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."

It also bothers me the elite developers keep inventing new crap like nodejs when we haven't learned the simplest of things.

CatCoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
January 14, 2014, 11:03:24 AM
 #73

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."
I've unfortunately seen how some of them do it, and it's by hiring others who have tricked them into believing that they're cut out for the job to do it for them.  I just got done cleaning up the mess from one of these instances for someone who was fooled.  Same deal, SSH on port 22, MySQL open to the outside world with admin/mysql or something similar as a password setup.  Drupal with similarly stupid passwords, etc..

The best part was that they paid this moron $2,500 to do that for them.  $2,500 for about 10 minutes of following a tutorial written by a moron who shouldn't be writing tutorials.

It's really, really not funny at this point.  It makes me want to smash my head off a brick wall repeatedly until it stops.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 14, 2014, 11:04:47 AM
 #74

I don't see how these people even get servers running. On tutorial sites I've seen comments such as "do I also type in the eg."
I've unfortunately seen how some of them do it, and it's by hiring others who have tricked them into believing that they're cut out for the job to do it for them.  I just got done cleaning up the mess from one of these instances for someone who was fooled.  Same deal, SSH on port 22, MySQL open to the outside world with admin/mysql or something similar as a password setup.  Drupal with similarly stupid passwords, etc..

It's really, really not funny at this point.  It makes me want to smash my head off a brick wall repeatedly until it stops.

I suck at Linux but I always change my port, configure ufw and use keys. I feel stupid for not doing more but it seems I'm in the 99% percentile. No wonder target got hacked.

r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
January 14, 2014, 11:05:46 AM
 #75

Catcoin bitpop, you're both full of shit. enjoy your day in the sun where you get to sit high and mighty. it won't last long.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 14, 2014, 11:10:48 AM
 #76

Catcoin bitpop, you're both full of shit. enjoy your day in the sun where you get to sit high and mighty. it won't last long.

Relax you got a free lesson. You do have to admit it was incompetent though. I'm not sitting high, I would never attempt what you did even with what i know.

CatCoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
January 14, 2014, 11:11:14 AM
 #77

What are you even talking about?  "It won't last long"?  You're welcome to dispute anything I said, but there's nothing to dispute.  

You got in over your head.  That's life.  I respect that you're aiming to pay people back.  Learn from your mistakes and don't do it again.  
Snail2
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile
January 14, 2014, 11:14:58 AM
 #78

I'm astounded.  root login, password ugh!

1) non-standard port
2) no root login
3) ssh key entry only
4) iptables ip restriction


+ syslog export to a separate server with different credentials and strict IP restrictions.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 14, 2014, 11:15:24 AM
 #79

Op, there was another underage kid that lost 100k btc a year ago. The younger generation is very eager but reckless.

CatCoin
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
January 14, 2014, 11:22:16 AM
 #80

Let's play "cutting corners with the Millenials"

1.)  Learns about bitcoin

2.)  Writes "hello world" using javascript
(optional / 2a) - Starts accepting investments  *edit*  holy shit, I was joking, but this really happened.

3.)  Opens an internet currency exchange

Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!