btc-arbs.com - Update: dead HYIP, Refund progress: BTC-arbs still doing refunds

[micers]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.


NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:02
Scanning 111.90.150.219 [4 ports]
Completed Ping Scan at 23:02, 0.34s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:02
Completed Parallel DNS resolution of 1 host. at 23:02, 0.40s elapsed
Initiating SYN Stealth Scan at 23:02
Scanning mail.btc-arbs.com (111.90.150.219) [1000 ports]
Discovered open port 22/tcp on 111.90.150.219
Discovered open port 993/tcp on 111.90.150.219
Discovered open port 587/tcp on 111.90.150.219
Discovered open port 110/tcp on 111.90.150.219
Discovered open port 25/tcp on 111.90.150.219
Discovered open port 80/tcp on 111.90.150.219
Discovered open port 995/tcp on 111.90.150.219
Discovered open port 143/tcp on 111.90.150.219
Discovered open port 443/tcp on 111.90.150.219
Discovered open port 111/tcp on 111.90.150.219
Discovered open port 21/tcp on 111.90.150.219
Discovered open port 53/tcp on 111.90.150.219
Discovered open port 26/tcp on 111.90.150.219
Discovered open port 465/tcp on 111.90.150.219
Completed SYN Stealth Scan at 23:02, 7.33s elapsed (1000 total ports)
Initiating Service scan at 23:02
Scanning 14 services on mail.btc-arbs.com (111.90.150.219)
Completed Service scan at 23:02, 14.29s elapsed (14 services on 1 host)
Initiating OS detection (try #1) against mail.btc-arbs.com (111.90.150.219)
Initiating Traceroute at 23:02
Completed Traceroute at 23:02, 3.02s elapsed
Initiating Parallel DNS resolution of 16 hosts. at 23:02
Completed Parallel DNS resolution of 16 hosts. at 23:02, 11.04s elapsed
NSE: Script scanning 111.90.150.219.
Initiating NSE at 23:02
Completed NSE at 23:04, 110.97s elapsed
Nmap scan report for mail.btc-arbs.com (111.90.150.219)
Host is up (0.26s latency).
Not shown: 981 closed ports
PORT     STATE    SERVICE     VERSION
21/tcp   open     tcpwrapped
22/tcp   open     tcpwrapped
25/tcp   open     smtp        Postfix smtpd
|_smtp-commands: Couldn't establish connection on port 25
26/tcp   open     tcpwrapped
53/tcp   open     tcpwrapped
80/tcp   open     http        Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
|_http-title: Did not follow redirect to https://mail.btc-arbs.com/
110/tcp  open     tcpwrapped
111/tcp  open     tcpwrapped
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
143/tcp  open     tcpwrapped
| imap-capabilities:
|_  ERROR: Failed to connect to server
443/tcp  open     ssl/http    Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
|_http-methods: No Allow or Public header in OPTIONS response (status code 500)
|_http-title: 500 Internal Server Error
| ssl-cert: Subject: commonName=btc-arbs.com
| Issuer: commonName=PositiveSSL CA 2/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2014-02-14T00:00:00+00:00
| Not valid after:  2015-02-14T23:59:59+00:00
| MD5:   1b49 96d4 de3c 022b 640a 1bfd 41a2 682f
|_SHA-1: d43b 2f3b 4929 2f2c c76a 698d 7045 f52a 996e 70f3
|_ssl-date: 2014-04-17T03:02:52+00:00; +5s from local time.
|_sslv2: server supports SSLv2 protocol, but no SSLv2 cyphers
465/tcp  open     tcpwrapped
|_smtp-commands: Couldn't establish connection on port 465
587/tcp  open     tcpwrapped
|_smtp-commands: Couldn't establish connection on port 587
993/tcp  open     tcpwrapped
995/tcp  open     tcpwrapped
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered irc
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.1 - 3.4
Uptime guess: 6.316 days (since Thu Apr 10 15:29:06 2014)
Network Distance: 18 hops
TCP Sequence Prediction: Difficulty=247 (Good luck!)
IP ID Sequence Generation: All zeros

[crayboy29]

Dear Lord,

Plz bring btc-arbs.com back online.

Amen.

[daynomate]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

[micers]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

and by the way NO THEY ARE NOT MOSTLY MAIL RELATED SERVICES...

Now as far as exactly what each service is, I can detail them as well as you can.

Discovered open port 22/tcp on 111.90.150.219   Secure shell
Discovered open port 993/tcp on 111.90.150.219 IMAP over SSL (hope it was patched for HeartBleed)
Discovered open port 587/tcp on 111.90.150.219 Secure Mail (IMAP)
Discovered open port 110/tcp on 111.90.150.219 POP (mail)
Discovered open port 25/tcp on 111.90.150.219  SMTP (mail)
Discovered open port 80/tcp on 111.90.150.219  HTTP
Discovered open port 995/tcp on 111.90.150.219 MAIL
Discovered open port 143/tcp on 111.90.150.219 IMAP
Discovered open port 443/tcp on 111.90.150.219 HTTPS
Discovered open port 111/tcp on 111.90.150.219 RPC
Discovered open port 21/tcp on 111.90.150.219 FTP
Discovered open port 53/tcp on 111.90.150.219 DNS
Discovered open port 26/tcp on 111.90.150.219 RSFTP
Discovered open port 465/tcp on 111.90.150.219 SMTP SSL (hope it was patched for HeartBleed)

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 12 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

[daynomate]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

Now as far as exactly what each service is, I can detail them as well as you can.

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 20 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

What on earth are you babbling on about. Who said the services aren't needed? Who said it's even on the same server? Have you heard of NAT? These are common external facing protocols. Get a clue!

[micers]

What on earth are you babbling on about. Who said the services aren't needed? Who said it's even on the same server? Have you heard of NAT? These are common external facing protocols. Get a clue!

FYI

Discovered open port 22/tcp on 111.90.150.219   Secure shell
Discovered open port 993/tcp on 111.90.150.219 IMAP over SSL (hope it was patched for HeartBleed)
Discovered open port 587/tcp on 111.90.150.219 Secure Mail (IMAP)
Discovered open port 110/tcp on 111.90.150.219 POP (mail)
Discovered open port 25/tcp on 111.90.150.219  SMTP (mail)
Discovered open port 80/tcp on 111.90.150.219  HTTP
Discovered open port 995/tcp on 111.90.150.219 MAIL
Discovered open port 143/tcp on 111.90.150.219 IMAP
Discovered open port 443/tcp on 111.90.150.219 HTTPS
Discovered open port 111/tcp on 111.90.150.219 RPC
Discovered open port 21/tcp on 111.90.150.219 FTP
Discovered open port 53/tcp on 111.90.150.219 DNS
Discovered open port 26/tcp on 111.90.150.219 RSFTP
Discovered open port 465/tcp on 111.90.150.219 SMTP SSL (hope it was patched for HeartBleed)

These ports are world facing and NOT filtered.

This machine is basically a Linux box built for the purpose by someone who could not secure it but who could do an installation and get software running.  It may be hosted somewhere.  It maybe some guy with his own dedicated IP address but he is running all this shit on one server and most of it should not be available to world access.

This is another classic case of someone who can build a web server and make it work but who has absolutely NO CLUE how to properly secure the box he is running.

We are seeing too many of these in the community.  This shit HAS TO STOP, if we are to be accepted as a viable force in the economic community.

[Slipknot79]

Guys its over, accept the fact. "We have been hacked, we shut down server for security reasons, will be back soon blablabla"

Some of you are falling in this "all will be fine"-hope-state, searching for reasons coz your not ready to accept the truth about this scam-site.

[octopus1]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

Now as far as exactly what each service is, I can detail them as well as you can.

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 20 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

Why do you assume that the web interface is on the same server as the arbitrage app? Or the database? or even the web app? I maintain deployment processes for the fortune 500 financial company I work for. Not saying we can't be hacked, but our security is among the best out there. Your diagnostics would show at least as many ports as you see here. However, if you broke in through them, you would get nothing of use. The public facing server is essentially a proxy. It filters and monitors requests, and asks other servers behind a firewall to deliver the content. No way you can tell that from the outside.

Beyond other firewalls, on other servers, are the logic, databases and applications. You are making assumptions that you have no way of proving, unless you have hacked through at least the world-facing layer. For all you can see from the outside, the public web address could contain essentially nothing.

Yes, I was mocking those saying the site was a scam. If it is a scam, why play the server up, server down game? A scammer would just shut it down without any games and take your money. T

The evidence posted on this thread shows nothing other than a dns problem followed by some server issues. It does not show a scam, or negligence, or incompetence. There is absolutely no way you can tell, unless you get on that server and poke around from the inside.

As for those worried about Maybe the alarmists are right, but they have yet to show any evidence of that on this thread.

[jgm_coin]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

Now as far as exactly what each service is, I can detail them as well as you can.

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 20 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

Why do you assume that the web interface is on the same server as the arbitrage app? Or the database? or even the web app? I maintain deployment processes for the fortune 500 financial company I work for. Not saying we can't be hacked, but our security is among the best out there. Your diagnostics would show at least as many ports as you see here. However, if you broke in through them, you would get nothing of use. The public facing server is essentially a proxy. It filters and monitors requests, and asks other servers behind a firewall to deliver the content. No way you can tell that from the outside.

Beyond other firewalls, on other servers, are the logic, databases and applications. You are making assumptions that you have no way of proving, unless you have hacked through at least the world-facing layer. For all you can see from the outside, the public web address could contain essentially nothing.

Yes, I was mocking those saying the site was a scam. If it is a scam, why play the server up, server down game? A scammer would just shut it down without any games and take your money. T

The evidence posted on this thread shows nothing other than a dns problem followed by some server issues. It does not show a scam, or negligence, or incompetence. There is absolutely no way you can tell, unless you get on that server and poke around from the inside.

As for those worried about Maybe the alarmists are right, but they have yet to show any evidence of that on this thread.

I posit that the site being down coupled to the lack of announcement by their staff anywhere on the net suggests that they are done.  I hope I'm wrong but unless we get information from the inside soon, a scam seems a likely explanation. 

[dyask]

Well at this point it is pretty safe to assume it is over.   Even if they come back, there will probably be a run on the bank.  

[micers]

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

Now as far as exactly what each service is, I can detail them as well as you can.

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 20 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

Why do you assume that the web interface is on the same server as the arbitrage app? Or the database? or even the web app? I maintain deployment processes for the fortune 500 financial company I work for. Not saying we can't be hacked, but our security is among the best out there. Your diagnostics would show at least as many ports as you see here. However, if you broke in through them, you would get nothing of use. The public facing server is essentially a proxy. It filters and monitors requests, and asks other servers behind a firewall to deliver the content. No way you can tell that from the outside.

Beyond other firewalls, on other servers, are the logic, databases and applications. You are making assumptions that you have no way of proving, unless you have hacked through at least the world-facing layer. For all you can see from the outside, the public web address could contain essentially nothing.

Yes, I was mocking those saying the site was a scam. If it is a scam, why play the server up, server down game? A scammer would just shut it down without any games and take your money. T

The evidence posted on this thread shows nothing other than a dns problem followed by some server issues. It does not show a scam, or negligence, or incompetence. There is absolutely no way you can tell, unless you get on that server and poke around from the inside.

As for those worried about Maybe the alarmists are right, but they have yet to show any evidence of that on this thread.

I completely agree with the argument you have made.  Technically your analysis is flaweless. The most alarming thing for me is the lack of any other contact points between the staff of the site and the customers of the site.

[octopus1]

Well at this point it is pretty safe to assume it is over.   Even if they come back, there will probably be a run on the bank.  

Yep, run on the bank is my biggest worry at this point. All the talk about scams could be a self-fulfilling prophesy. I still posit that no scam was intended, at least at this point. A scammer would not have had intermittent problems before going offline. They would have taken the money and abandoned the site.

If they were well run, they were making a ton of cash, and will have enough to cover. Unfortunately, we have no way of knowing if they were or not. The returns they were generating were quite possible via arbitrage between sites. All you have to do is chart out the prices on the three major exchanges for a day, and see they often differ by a percent or more. If you have both cash and money on all three, you wait for a one percent difference, and make a balanced trade. Then, move money and coin around to balance what is on each exchange, which takes a couple of hours, and do it again.

If you don't believe me, back test it over a couple of days. If they have a few hundred coin and a few tens of thousands of dollars, they are earning a bigger percent than they are are paying. Also, notice that when they figure the payouts, they are truncating, rather than rounding. That alone covers any transaction fees, and skimming 0.1 - 1 percent before posting the payouts they make easily makes a great profit for them, while still maintaining the payouts they offer members.

If they are scamming, they are extremely lazy and killing the goose that lay the golden egg. I have done the math. The payouts are not high if they have sufficient capital to work with. The only risk to their capital is theft, or a Mt Gox type situation. If I had the cash, I'd do it myself, rather than through them. I've thought of creating a similar service to raise the cash, but I would quickly lose patience with the doubters that would claim I was trying to scam people without knowing anything about me. That annoyance is just not worth the money.

Dishonest people are a small minority, but it doesn't take many to make raging paranoid lunatics out of otherwise reasonable people. As with any investment, don't put in more than you can comfortably afford to lose, diversify your holdings, and you will still do well despite the occasional scam.

[clevernut]

A few days my arbs account was robbed for 1btc.. And now this......

So much for having faith...

[vach]

Internal Server Error. Seems that ponzi worked?

[octopus1]

I completely agree with the argument you have made.  Technically your analysis is flaweless. The most alarming thing for me is the lack of any other contact points between the staff of the site and the customers of the site.

Yes, the lack of contact is troubling. Fingers crossed, they are too busy focusing on the problem. Just because the worst case cannot be proven at this point, does not make it wrong. Rather than jumping to conclusions, the wisest course of action is to wait and see. If they come back, I personally plan to reward them with more capital. If not, I'm one of the lucky ones who retrieved my initial investment before it was too late. Investments such as this are certainly not without risk. Anyone who risks more on an investment of this than they can afford to graciously lose is a fool, as is anyone who assumes up front it is a scam. With the possibility of reward comes risk. If people can't accept that, they should keep all assets under a mattress in a fortified bunker.

My take is that there are an uncountable amount of potentially lucrative investments. Diversify among a large number of them that are unrelated, and barring an end to all social order, you will do okay. Get greedy, and put everything in the highest return investment you can find, and you run a good chance of losing everything. Like everything else in life, the key is moderation, and emotional equanimity. Investors in anything that panic at the first sign of reversal, or go all in when things look hot, Inevitably buy high, sell low, and lose their shirts sooner or later.

I've made investments where I have lost everything, investments where I've profited 10 fold, and investments that did nothing but languish. The only times I've lost in aggregate is when I've gotten too excited or too scared and over reacted. It's not easy to keep your head when others are panicking. It's not easy to resist going all in on something that looks like a no-brainer, but forcing ones self to do so almost always is the wise decision. I lost a good chunk of money in the 2008 crash, but not as much as some, because I avoided putting everything in stocks. When things crashed, I took the Warren Buffet advice, and bought with both hands to keep myself diversified in the same proportions as I was before the crash. I am far worse off than the minority that timed everything right, but far better off than the majority that panicked. I have a lot more now than I did before the crash.

It all comes down to whether you want a 1 in 10 chance of getting rich quickly vs getting poor quickly, or a 10 to one chance of merely doing very well, vs losing a minor portion of your wealth. I'm no super investor. I've given in to both greed and fear, and generally regretted it. The longer I've been doing it though, the more I've learned to fight those inclinations. In 20/20 hindsight, if I'd gone all in on some investments that paid out 10 fold, I'd be a rich man, but experience has proven to me that the only way to know which investments those are, is after it is too late.

If the site folds, anyone severely hurt should thank them for the lesson in moderation. If it doesn't then hopefully the scare will teach them the same thing. If the site comes back, and anyone becomes rich off from putting too many eggs in this one basket, then if they don't change, they will soon lose it all. Just my opinion.

IMO, Everyone should just dial back the the paranoia, hope things work out, and be prepared if they don't.By jumping the gun, they only make failure of the site more likely, and hurt themselves along with the whole community.

[vach]

I've withdrawn all my money yesterday (1.6BTC) before they shut down. The question is, if they were to pull the plug why should they process any withdrawal if they know they're finishing the game tomorrow...

Thus I think there is a chanse they are actually having problems, anyway I'm fine with any result.

[Slipknot79]

The question is, if they were to pull the plug why should they process any withdrawal if they know they're finishing the game tomorrow...

Every ponzi ends like this one: suddenly, and without any announcement.

[vach]

The question is, if they were to pull the plug why should they process any withdrawal if they know they're finishing the game tomorrow...

Thats stupid to return any money day before the crush.
Every ponzi ends like this one: suddenly, and without any announcement.

[zimmah]

I'm keeping my bitcoin in and here's why:

If they are a scam, it would not matter if I tried to withdraw, they'd simply run with it and I'm screwed

If they are an honest business, my money is pretty safe, so withdrawing would not make sense then.

[crazyivan]

I'm keeping my bitcoin in and here's why:

If they are a scam, it would not matter if I tried to withdraw, they'd simply run with it and I'm screwed

If they are an honest business, my money is pretty safe, so withdrawing would not make sense then.

Withdraw from where?