phants
|
|
March 25, 2014, 09:59:13 AM |
|
Support here? Could you look at the ticket #445916 ?
|
|
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
r3wt
|
|
March 25, 2014, 10:11:07 AM |
|
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately. at the very least, you need to do the following: find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line. session_regenerate_id(true);
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini the real way to prevent session fixation and hijacking in php ini_set('session.cookie_httponly', 1);//prevent hijacking ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well. I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass. also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
sebalino
|
|
March 25, 2014, 01:44:01 PM |
|
Crypto Rush website is not working.They stole my coins.
|
|
|
|
PhilippeStevens
|
|
March 25, 2014, 01:51:01 PM |
|
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately. at the very least, you need to do the following: find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line. session_regenerate_id(true);
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini the real way to prevent session fixation and hijacking in php ini_set('session.cookie_httponly', 1);//prevent hijacking ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well. I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass. also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me. If this is true... Everyone should get OUT of CR
|
|
|
|
|
sebalino
|
|
March 25, 2014, 02:16:58 PM |
|
BlackCoin (BC) Maintenance Maintenance MaintenanceFlappyCoin (FLAP) Offline Offline Offline HunterCoin (HUC) Maintenance Maintenance Maintenance
|
|
|
|
cryptonewbie
|
|
March 25, 2014, 02:23:18 PM |
|
Getting concerned that I still cant withdraw my btc. They shouldn't come back online until all issues are resolved. The Twitter account is giving false hope.
|
|
|
|
perhan007
|
|
March 25, 2014, 02:33:21 PM |
|
Lol, I just lost 55 LTC with markets.cx Please don't let me lose additional 250 Million Karmacoins with cryptorush.in
|
|
|
|
perhan007
|
|
March 25, 2014, 02:37:39 PM |
|
It seems to me that the page is actually available, it's just very very very slow
|
|
|
|
newtypeseed
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 25, 2014, 02:49:09 PM |
|
nice exchange
|
|
|
|
niki25
Legendary
Offline
Activity: 1036
Merit: 1000
|
|
March 25, 2014, 02:50:54 PM |
|
when will u get online again?
|
|
|
|
cryptonewbie
|
|
March 25, 2014, 03:05:19 PM |
|
It seems to me that the page is actually available, it's just very very very slow Have you withdrawn any funds?
|
|
|
|
waqas
|
|
March 25, 2014, 03:09:27 PM |
|
It seems to me that the page is actually available, it's just very very very slow Have you withdrawn any funds? The balances page does not work. Even if it did, you still couldn't withdraw BTC. Its new exchange but have many bugs I lost nearly 1 million zeit and no one taking responsibility and its shameful
|
|
|
|
suchmoon
Legendary
Offline
Activity: 3654
Merit: 8922
https://bpip.org
|
|
March 25, 2014, 03:38:57 PM |
|
I didn't think this could get any more exciting but it just keeps coming. Since the site seems to be still running (can't tell for sure with it being barely responsive) I take it they didn't heed r3wt's warning and it's open season for script kiddies around the world... or maybe it's been pwned long ago and just keeps collecting coins while it can.
|
|
|
|
Kn_os
Legendary
Offline
Activity: 1055
Merit: 1002
|
|
March 25, 2014, 03:59:34 PM |
|
Can anybody contact devs..? When balance page will work?
|
|
|
|
MUBBLE86
Full Member
Offline
Activity: 126
Merit: 100
1
|
|
March 25, 2014, 04:18:17 PM |
|
Can anybody contact devs..? When balance page will work?
balance page work ! many times site offline cloudflare !!!!! ever i press withdraw the site down...... please FIX sell all my altcoins yesterday i need to WD my BTC
|
|
|
|
perhan007
|
|
March 25, 2014, 04:54:53 PM |
|
It seems to me that the page is actually available, it's just very very very slow Have you withdrawn any funds? Yes, I was successfull after several attempts.
|
|
|
|
avanda1121
|
|
March 25, 2014, 04:55:44 PM |
|
Balance page is ok for me....
|
|
|
|
Kn_os
Legendary
Offline
Activity: 1055
Merit: 1002
|
|
March 25, 2014, 04:56:32 PM |
|
Balance page is ok for me....
I can't get access to it for 1 hour already it constatly shows offline. This page ( https://cryptorush.in/index.php?p=balances) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare
|
|
|
|
menzo
Full Member
Offline
Activity: 196
Merit: 100
CapriPay
|
|
March 25, 2014, 06:03:47 PM |
|
Balance page is ok for me....
I can't get access to it for 1 hour already it constatly shows offline. This page ( https://cryptorush.in/index.php?p=balances) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by CloudFlare online for me, but very slow :S from canaries
|
CapriPay - Fast, Secure and Easy
CapriPay is a Free Payment Solution Provider supported by an integrated cashback solution and merchant marketing system through FREE mobile applications.
|
|
|
|