solo20
|
|
May 28, 2014, 01:31:17 AM |
|
Did anyone have their DRK pool wipe out their account balance even from mining last month. Im hoping its temporary while the chain catches up perhaps. Only DRK coins I have left now were mined in the last 24hr
no you are not the only one. you mean the wallet correct I updated and my coins are not there and I have the wallet dat file
|
|
|
|
reda
|
|
May 28, 2014, 01:34:49 AM |
|
hello there is a a backdoor in the version 10.8.8 i have been stolen 999 dark coin from my master node here is my wallet address http://chainz.cryptoid.info/drk/address.dws?XfNfxwfQpVKccGprG6PdRWT2UtMGoM9gCL.htm
it has been moved to this wallet XwKx3mWB9ncJo5ZudqyEZ1MoQWMSmE3CwP
it seems either the devs or someone who gave the version given on darkcoin.io got a backdoor
here is the log of my masternode server st login : from 192.162.103.175 Can you give a little more info, did you have the wallet encrypted? How was your darkcoin.conf setup? DRK on the MN? Not hardened? We need more info. Calling it a backdoor up front suggests you don't know how to secure your serve and were also fool enough to have your DRK ON the server instead of remote MN w/ cold wallet... You're sounding like a troll. We don't want to write you off if it's true, but so far... That may be precisely your troll tactic. I'm trying to figure out my own weird-ass darksend problem... are you on skype can you come i am with friend trying to figure out how this could happend i don't know what to do i have lost 1000k all what i mined and bought so far please help !
|
|
|
|
InternetApe
|
|
May 28, 2014, 01:36:32 AM |
|
hello there is a a backdoor in the version 10.8.8 i have been stolen 999 dark coin from my master node here is my wallet address http://chainz.cryptoid.info/drk/address.dws?XfNfxwfQpVKccGprG6PdRWT2UtMGoM9gCL.htm
it has been moved to this wallet XwKx3mWB9ncJo5ZudqyEZ1MoQWMSmE3CwP
it seems either the devs or someone who gave the version given on darkcoin.io got a backdoor
here is the log of my masternode server st login : from 192.162.103.175 Can you give a little more info, did you have the wallet encrypted? How was your darkcoin.conf setup? the wallet was encrypted by a hard password the wallet was started as use and not root i have changed the ssh port from 22 to another installed fail2ban did all security thing and still got hacked the starge thing is that it has been sent only 999 and not all of the darks which is 1000.6 the walet that received the dark is XwKx3mWB9ncJo5ZudqyEZ1MoQWMSmE3CwP is there anything to do to block that wallet adress? before he move it somewhere else and sell ? The ONLY way I can see that someone could do that is if you left the RPC port open in firewall and the rpcuser and rpcpassword was really easy. Even then they would have to know the password that you encrypted the wallet with. Did you maybe use the same password for rpcuser and the password you used to encrypt the wallet? Are you running apache on the server and maybe the user that you started apache with has read access to the directory where you conf file is? Need more info
|
|
|
|
reda
|
|
May 28, 2014, 01:39:04 AM |
|
there is no apache, wallet password is not same as rpc password the rpc password is very complex
|
|
|
|
InternetApe
|
|
May 28, 2014, 01:40:19 AM |
|
there is no apache, wallet password is not same as rpc password the rpc password is very complex
I sent you a PM,
|
|
|
|
camosoul
|
|
May 28, 2014, 01:40:33 AM |
|
is there anything to do to block that wallet adress? before he move it somewhere else and sell ?
RED FLAG. You run a MN and you ask these two questions? Not-sure-if-serious turns into this-can't-be-real. Use a code block to show us your darkcoin.conf and any relevant sshd.conf
|
. .OROCOIN. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ |
|
|
|
reda
|
|
May 28, 2014, 01:44:06 AM |
|
is there anything to do to block that wallet adress? before he move it somewhere else and sell ?
RED FLAG. You run a MN and you ask these two questions? Not-sure-if-serious turns into this-can't-be-real. I'll let InternetApe play with this... i will give access to internet ape to my vps he will see it byhimself after this i will reinstall my vps and stop renting it i really dunno hat to do now .....
|
|
|
|
sin242
|
|
May 28, 2014, 01:44:45 AM |
|
I would think that if this was an actual backdoor it would have been more than 1 compromised node
|
Dark: Xk9BoVerBd41JCjWQEhnxoowP7YNUK439z BTC: 1JzPN2h8WGSi7kQeY5wuP4PjVD2hxkHJQM
|
|
|
camosoul
|
|
May 28, 2014, 01:46:48 AM |
|
I would think that if this was an actual backdoor it would have been more than 1 compromised node
I think the report itself makes it clear that this was not a backdoor. Seems to know what to say to make himself sound legit, then out of the blue, block the address request? Lolwut? DarkCoin is Checkbook? Call the bank and cancel payment? I'm not calling him a troll, but I'm really, really close... Don't make me bust out the neurotypical linguistics again... I can't see how that would even be possible if the remote MN option had been used. Not using it is another RED FLAG. Who would do that? Even with it, I'm not going MN until next RC... We'll see what InternetApe finds...
|
. .OROCOIN. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ |
|
|
|
HiddenDark
|
|
May 28, 2014, 01:49:43 AM |
|
I'm getting an odd problem with my client.
Every time I try to send, it alters the amount to 0 and erases the address, calls it a send to self of 0DRK and still shows confirms... Damn strange.
Restarted client. Now different effect...
Only applies to using darksend. regular send works fine.
Waiting for entries 1/3. Stays that way until a block pops, then says idle and poof, like the darksend attempt never happened... Absolutely no log output in regard to it.
I'm not even sure where to look... Fuckin' weird...
Now spontaneously back to "payment to yourself" shit... Address is definitely not mine...
Darksend is just plain broken.
I've had these same problems.
|
|
|
|
Sleepyx
Member
Offline
Activity: 112
Merit: 10
|
|
May 28, 2014, 01:51:07 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol Hope it works out for you
|
|
|
|
camosoul
|
|
May 28, 2014, 01:54:50 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol
That may be troll objective... His statements don't add up... But if you left your DRKs hanging int he breeze, I guess that's all it would take to spook you, or me... Which is why I don't leave my DRKs hanging in the breeze...
|
. .OROCOIN. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ | | █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ █ |
|
|
|
Sapereaude
|
|
May 28, 2014, 01:55:58 AM |
|
Many of you have reached out to me about supporting development efforts and looking for an address of mine? XpAy7r5RVdGLnnjWNKuB9EUDiJ5Tje9GZ8 This will be my development donation address if you're so inclined This community is really amazing, I really do appreciate the support Chucked in 50 : D
|
|
|
|
Sleepyx
Member
Offline
Activity: 112
Merit: 10
|
|
May 28, 2014, 01:56:29 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol
That may be troll objective... His statements don't add up... But if you left your DRKs hanging int he breeze, I guess that's all it would take to spook you, or me... Which is why I don't leave my DRKs hanging in the breeze... Im just a paranoid person. Wonder if he had linked his bash to /dev/null or at least cleared history
|
|
|
|
Ozziecoin
|
|
May 28, 2014, 01:58:58 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol
That may be troll objective... His statements don't add up... But if you left your DRKs hanging int he breeze, I guess that's all it would take to spook you, or me... Which is why I don't leave my DRKs hanging in the breeze... Im just a paranoid person. Wonder if he had linked his bash to /dev/null or at least cleared history He should've just closed port 22 and the other ports altogether. Also, the fact that they knew his wallet passphrase indicates inside job. It is not possible to crack a 15 string encryption password.
|
|
|
|
oblox
Legendary
Offline
Activity: 1442
Merit: 1018
|
|
May 28, 2014, 01:59:49 AM |
|
Transferring in 25 BTC to scoop up some of these cheap ass coins.
|
|
|
|
slinger1015
Member
Offline
Activity: 112
Merit: 10
|
|
May 28, 2014, 02:00:39 AM |
|
Swisscex Just picked up DRK
|
|
|
|
coastermonger
Sr. Member
Offline
Activity: 367
Merit: 250
Find me at Bitrated
|
|
May 28, 2014, 02:00:53 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol
That may be troll objective... His statements don't add up... But if you left your DRKs hanging int he breeze, I guess that's all it would take to spook you, or me... Which is why I don't leave my DRKs hanging in the breeze... Im just a paranoid person. Wonder if he had linked his bash to /dev/null or at least cleared history He should've just closed port 22 and the other ports altogether. Also, the fact that they knew his wallet passphrase indicates inside job. It is not possible to crack a 15 string encryption password. If someone else helped him set it up, that's the person I would be looking at.
|
Bitrated user: Rees.
|
|
|
Sleepyx
Member
Offline
Activity: 112
Merit: 10
|
|
May 28, 2014, 02:00:58 AM |
|
I dont think anyone could ever shut down a server and transfer drk to a new wallet as fast as I just did lol
That may be troll objective... His statements don't add up... But if you left your DRKs hanging int he breeze, I guess that's all it would take to spook you, or me... Which is why I don't leave my DRKs hanging in the breeze... Im just a paranoid person. Wonder if he had linked his bash to /dev/null or at least cleared history He should've just closed port 22 and the other ports altogether. Also, the fact that they knew his wallet passphrase indicates inside job. It is not possible to crack a 15 string encryption password. Yeah you's are right it'll most likely turn out to be fear mongering or a dumb mishap.
|
|
|
|
philipmicklon
|
|
May 28, 2014, 02:03:23 AM |
|
If someone had their masternode coins stolen it was probably due to poor security on their box.
With almost 400 masternodes I'd be shocked if someone didn't have their coins stolen.
For people's peace of mind, I still think the private keys should never need to touch the masternode. All thats needed to validate ownership of coins is a signed message. The user should be able to sign a message using Darkcoin QT on an offline computer and then transfer the signed message to the masternode using a USB drive. This signed message contains all the proof that the network needs for authorizing the masternode to receive dividends and process darksends.
|
|
|
|
|