[ANN] | freshmarket.co.in - Closed. Refunds till 10/02/14

[filipej]

My coins was refund !!!  Thx you!

Please return from you marketplace quickly !! Eliminate all errors, raise your level of safety and back online!!

All the best for futures!

[tsjaar]

My coins was refund !!!  Thx you!

Please return from you marketplace quickly !! Eliminate all errors, raise your level of safety and back online!!

All the best for futures!

+1 concept is good.

[coinmarket.io]

Running an exchange on PHP is as smart as it gets.
Not salting the passwords before hashing is ... plain stupid.
Allowing an SQL injection to happen is ... amateurish.

People, you cannot run a mission-critical application on a LAMP stack that has tens of 0-day exploits flying around every day.

[fud_etra]

Still waiting for my coins to be back. Hope you can solve it soon, will update whenever I receive the coins. Thanks for your hard work.

[def_ender]

Running an exchange on PHP is as smart as it gets.
Not salting the passwords before hashing is ... plain stupid.
Allowing an SQL injection to happen is ... amateurish.
People, you cannot run a mission-critical application on a LAMP stack that has tens of 0-day exploits flying around every day.

>not salting
Individual salt, sha-512
And we still haven't found sql-injection in code. I just don't know what exactly happened, and can only guess.

[coinmarket.io]

And we still haven't found sql-injection in code. I just don't know what exactly happened, and can only guess.

What happened? Did the coindaemons balance just drop or did the hacker access the users accounts and emptied some of them?

We know one possible attack scenario that has been used on many of the new exchanges, including ours (we survived the attacks).
Any place where we can inspect the source code of a withdrawal script? It would really be intresting to find out some truth about this "hack".

[coinmarket.io]

all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money

So you did not have any bruteforce protection on the login side?

[def_ender]

And we still haven't found sql-injection in code. I just don't know what exactly happened, and can only guess.

What happened? Did the coindaemons balance just drop or did the hacker access the users accounts and emptied some of them?
We know one possible attack scenario that has been used on many of the new exchanges, including ours (we survived the attacks).
Any place where we can inspect the source code of a withdrawal script?

Nice idea, but later. Just now devs are too busy making refunds, and i don't have source code.

[def_ender]

all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money

So you did not have any bruteforce protection on the login side?

As i see - we made it. But you got to speak with devs about it.

[ovichef]

account name:ovichef please refund my UTC about 710 to my wallet UmADikawUKmdnGcZq5cwU4AjQqCnWyqNfr and nutcoin i dont remenber how much i hope you can see my balance send to this
NX7VGwEm45FxsvZT7T6MyiEakCJrNQwaTg

[DarkHunter04]

account name:ovichef please refund my UTC about 710 to my wallet UmADikawUKmdnGcZq5cwU4AjQqCnWyqNfr and nutcoin i dont remenber how much i hope you can see my balance send to this
NX7VGwEm45FxsvZT7T6MyiEakCJrNQwaTg

Read this: https://bitcointalk.org/index.php?topic=431365.msg4949863#msg4949863

[herbitcoins]

Confirmation :


LTC refund : ok received
UTC refund : Not yet ok received

updated

[sarlangg]

Hello again.
So we have 84% LTC, 64% of all LEAF and 100% of all other currencies.
We have found more than 400 LTC from our own wallets to refund as much as we can.
You have to email to support@freshmarket.co.in with:
your account name
what money and how much you had
adresses for withdrawal for all money.

I want you to make it public - obvsly there will be tonn of trolls like "I SENT IT WHERE IS MY MONEY", so i want you to post your taken withdrawals.
If your account was hacked - we cant refund you anything, because if we don't see money on your balance we can't really check if it was hacked or you just say you were hacked. We haven't stored passwords, so (as i see) only chance is brutefoce.

Refunds will start just now.

I already sent an E-mail with my E-mail account that was registered.

Username:  sarlangg

Potcoin address: PLzeDdT4jvZss3nERwpwKVyHdaiSdTtAA9
About 4,380?  I cant remember the exact number.

Litecoin address: LakfxNoutVhTSbiT3rRcKPe9EkeyJ87iWM
About 5.4?  I can't remember exact number either.




Also the above amounts are guestimations based on what I remember.  I do know the exact amounts I had 2 days ago:
Potcoin:  3137.96977479 POT
Litecoin:  6.13163135 LTC

I know I had a ton of POT/LTC buy orders in and I had some successful trades, hence why I can't remember the exact amount.

[michielcoin]

i have my UTC back!

Thanks for the fast refund!

[Real1Guy]

Hello again.
So we have 84% LTC, 64% of all LEAF and 100% of all other currencies.
We have found more than 400 LTC from our own wallets to refund as much as we can.
You have to email to support@freshmarket.co.in with:
your account name
what money and how much you had
adresses for withdrawal for all money.

I want you to make it public - obvsly there will be tonn of trolls like "I SENT IT WHERE IS MY MONEY", so i want you to post your taken withdrawals.
If your account was hacked - we cant refund you anything, because if we don't see money on your balance we can't really check if it was hacked or you just say you were hacked. We haven't stored passwords, so (as i see) only chance is brutefoce.

Refunds will start just now.

sent e-mail
user : konjina

[DarkHunter04]

Hello again.
So we have 84% LTC, 64% of all LEAF and 100% of all other currencies.
We have found more than 400 LTC from our own wallets to refund as much as we can.
You have to email to support@freshmarket.co.in with:
your account name
what money and how much you had
adresses for withdrawal for all money.

I want you to make it public - obvsly there will be tonn of trolls like "I SENT IT WHERE IS MY MONEY", so i want you to post your taken withdrawals.
If your account was hacked - we cant refund you anything, because if we don't see money on your balance we can't really check if it was hacked or you just say you were hacked. We haven't stored passwords, so (as i see) only chance is brutefoce.

Refunds will start just now.

Username:  sarlangg

Potcoin address: PLzeDdT4jvZss3nERwpwKVyHdaiSdTtAA9
About 4,380?  I cant remember the exact number.

Litecoin address: LakfxNoutVhTSbiT3rRcKPe9EkeyJ87iWM
About 5.4?  I can't remember exact number either.




Also the above amounts are guestimations based on what I remember.  I do know the exact amounts I had 2 days ago:
Potcoin:  3137.96977479 POT
Litecoin:  6.13163135 LTC

I know I had a ton of POT/LTC buy orders in and I had some successful trades, hence why I can't remember the exact amount.

Send an email - I think they have only time for email refunds

[bcpete]

if I wait.....will my balance be still the same???or is it a must for me to get a refund?

[def_ender]

if I wait.....will my balance be still the same???or is it a must for me to get a refund?

Sorry, i don't understand the question.

Just now processed 48/111 more unprocessed.

[rze]

All sent, thank you! (3.068814 LTC of 3.647 LTC)

[jetlee]

if I wait.....will my balance be still the same???or is it a must for me to get a refund?

Sorry, i don't understand the question.

Just now processed 48/111 more unprocessed.

i think he mean if he is willing to wait until the website is fixed and restored, is it gona get full refund into his account?