|
kapetan
|
 |
December 23, 2014, 10:49:41 PM |
|
i propose login only with Https protocol ! https://ltcgear.com/ change login password and put something difficult use a password generator or something and of course change your btc and ltc wallet adreess lockdown will start STATUS: Payment lockdown in action for another 22 hour(s) monitor your shares if missing and your btc and ltc address time to time for any changes also consider mail password change (login only with Https protocol !) dont open strange mails and scan your pc with an antivirus for keyloggers or something suspicious also consider second antivirus for extra security like HitmanPro , Panda Cloud Cleaner and Malwarebytes Anti-Malware also we will wait for Chris announcement about this |
|
|
|
ThinkI
Member
 Offline
Activity: 65
Merit: 10
|
|
December 23, 2014, 11:34:14 PM |
|
The mass changing of the addresses, combined with no lockdown on the accounts point towards a direct database injection (also known as SQL Injection). Chris mentioned that he will be doing some migrating on the website, that of course includes databases migrating. I highly doubt this was malicious database injection and most likely the actuall reason is an error during the migration or some wrong command executed.
Yes the scale of the 'attack' suggests 3 options 1) Hacker using data injection as opper says. 2) Hacker with direct access to the database (data injection does not require direct access). This occurs when one or more of the software stack has been successfully attacked and the hacker can gain full control. Probably inserted control panel code into the admin section of the web site so he/she can do what ever he/she likes when he/she likes until it is removed. Given the software stack has probably not been upgraded for 2 years this is quite a likely scenario. 3) defaulting of the addresses by admin (deliberate or not) For 1 and 2 Payment has to stop until the hack is removed. If Chris is working from a snap shot of the accounts then he can still payout this week but next week he has to fix the hack. The hack is quite likely since the hacker has not been paid for his work yet. Lets hope its option 3, though, and its accidental. |
|
|
|
djm34
Legendary
Offline
Activity: 1400
Merit: 1050
|
|
December 24, 2014, 12:33:46 AM |
|
The mass changing of the addresses, combined with no lockdown on the accounts point towards a direct database injection (also known as SQL Injection). Chris mentioned that he will be doing some migrating on the website, that of course includes databases migrating. I highly doubt this was malicious database injection and most likely the actuall reason is an error during the migration or some wrong command executed.
Yes the scale of the 'attack' suggests 3 options 1) Hacker using data injection as opper says. 2) Hacker with direct access to the database (data injection does not require direct access). This occurs when one or more of the software stack has been successfully attacked and the hacker can gain full control. Probably inserted control panel code into the admin section of the web site so he/she can do what ever he/she likes when he/she likes until it is removed. Given the software stack has probably not been upgraded for 2 years this is quite a likely scenario. 3) defaulting of the addresses by admin (deliberate or not) For 1 and 2 Payment has to stop until the hack is removed. If Chris is working from a snap shot of the accounts then he can still payout this week but next week he has to fix the hack. The hack is quite likely since the hacker has not been paid for his work yet. Lets hope its option 3, though, and its accidental. not sure if the hacker scenario is plausible. I have an account I created and never used, it has no share, never received any payment (so totally unknown from the outside), but still the btc address was changed (I had put a btc address) the ltc address which I left blank was left blank after the changed. (As I didn't access this account last week, the account went into lock down when I logged in. ) So, unless the hacker have accessed to the full database, they wouldn't have any way of knowing and altering this account. (unless I am mistaken on how they would proceed) That's why I think it is Chris who reset somehow the accounts. |
djm34 facebook pageBTC: 1NENYmxwZGHsKFmyjTc5WferTn5VTFb7Ze Pledge for neoscrypt ccminer to that address: 16UoC4DmTz2pvhFvcfTQrzkPTrXkWijzXw
|
|
|
|
dyask
|
|
December 24, 2014, 01:01:13 AM |
|
The mass changing of the addresses, combined with no lockdown on the accounts point towards a direct database injection (also known as SQL Injection). Chris mentioned that he will be doing some migrating on the website, that of course includes databases migrating. I highly doubt this was malicious database injection and most likely the actuall reason is an error during the migration or some wrong command executed.
Yes the scale of the 'attack' suggests 3 options 1) Hacker using data injection as opper says. 2) Hacker with direct access to the database (data injection does not require direct access). This occurs when one or more of the software stack has been successfully attacked and the hacker can gain full control. Probably inserted control panel code into the admin section of the web site so he/she can do what ever he/she likes when he/she likes until it is removed. Given the software stack has probably not been upgraded for 2 years this is quite a likely scenario. 3) defaulting of the addresses by admin (deliberate or not) For 1 and 2 Payment has to stop until the hack is removed. If Chris is working from a snap shot of the accounts then he can still payout this week but next week he has to fix the hack. The hack is quite likely since the hacker has not been paid for his work yet. Lets hope its option 3, though, and its accidental. not sure if the hacker scenario is plausible. I have an account I created and never used, it has no share, never received any payment (so totally unknown from the outside), but still the btc address was changed (I had put a btc address) the ltc address which I left blank was left blank after the changed. (As I didn't access this account last week, the account went into lock down when I logged in. ) So, unless the hacker have accessed to the full database, they wouldn't have any way of knowing and altering this account. (unless I am mistaken on how they would proceed) That's why I think it is Chris who reset somehow the accounts. Thanks for sharing, that is good to know. |
|
|
|
|
|
zerocoder
|
|
December 24, 2014, 01:33:18 AM |
|
Somebody changed my BTC and LTC addresses and we don't even know who this Chris guy is, we have no evidence to track that guy, we don't even have an address. So what will happen now, just re changed my btc and ltc addresses but that's bullshit. Seems like that ponzi collapse  |
"Break the Big Banks" - http://BERN.cash - #NotMeUS #rEVOLution BERN BRpJhL4VVsJPwVnHc26iqG3kxxKtF6UEFo |
|
|
davidwpenny
Newbie
Offline
Activity: 37
Merit: 0
|
|
December 24, 2014, 01:43:50 AM |
|
Somebody changed my BTC and LTC addresses and we don't even know who this Chris guy is, we have no evidence to track that guy, we don't even have an address. So what will happen now, just re changed my btc and ltc addresses but that's bullshit. Seems like that ponzi collapse then get out while you can. |
|
|
|
|
ThinkI
Member
Offline
Activity: 65
Merit: 10
|
|
December 24, 2014, 01:51:33 AM |
|
The mass changing of the addresses, combined with no lockdown on the accounts point towards a direct database injection (also known as SQL Injection). Chris mentioned that he will be doing some migrating on the website, that of course includes databases migrating. I highly doubt this was malicious database injection and most likely the actuall reason is an error during the migration or some wrong command executed.
Yes the scale of the 'attack' suggests 3 options 1) Hacker using data injection as opper says. 2) Hacker with direct access to the database (data injection does not require direct access). This occurs when one or more of the software stack has been successfully attacked and the hacker can gain full control. Probably inserted control panel code into the admin section of the web site so he/she can do what ever he/she likes when he/she likes until it is removed. Given the software stack has probably not been upgraded for 2 years this is quite a likely scenario. 3) defaulting of the addresses by admin (deliberate or not) For 1 and 2 Payment has to stop until the hack is removed. If Chris is working from a snap shot of the accounts then he can still payout this week but next week he has to fix the hack. The hack is quite likely since the hacker has not been paid for his work yet. Lets hope its option 3, though, and its accidental. not sure if the hacker scenario is plausible. I have an account I created and never used, it has no share, never received any payment (so totally unknown from the outside), but still the btc address was changed (I had put a btc address) the ltc address which I left blank was left blank after the changed. (As I didn't access this account last week, the account went into lock down when I logged in. ) So, unless the hacker have accessed to the full database, they wouldn't have any way of knowing and altering this account. (unless I am mistaken on how they would proceed) That's why I think it is Chris who reset somehow the accounts. Thanks for sharing, that is good to know. On the other hand, changing all the addresses to false ones, is a good way to see which accounts are active and which are not. Active ones get their addresses updated and then get their payouts. Inactive accounts get ignored/ email sent to user to activate (change the address) again. Hacked accounts will not payout to hackers. The hackers, like us, have no idea what is going on. Now that would be put a positive spin on the whole thing... |
|
|
|
david123
Legendary
Offline
Activity: 1022
Merit: 1004
|
|
December 24, 2014, 01:56:44 AM |
|
Somebody changed my BTC and LTC addresses and we don't even know who this Chris guy is, we have no evidence to track that guy, we don't even have an address. So what will happen now, just re changed my btc and ltc addresses but that's bullshit. Seems like that ponzi collapse then get out while you can. I'm still buying at .000375  |
|
|
|
|
|
blg42598
|
|
December 24, 2014, 02:01:56 AM |
|
Anyone want to buy 2 BTC worth of Asic shares? I really need 2 BTC.
|
|
|
|
|
|
zerocoder
|
|
December 24, 2014, 02:03:17 AM |
|
Somebody changed my BTC and LTC addresses and we don't even know who this Chris guy is, we have no evidence to track that guy, we don't even have an address. So what will happen now, just re changed my btc and ltc addresses but that's bullshit. Seems like that ponzi collapse then get out while you can. I'm still buying at .000375 That's a nice offer. OK. So for 6000 shares you are going to pay 2.25 BTC am I right? |
"Break the Big Banks" - http://BERN.cash - #NotMeUS #rEVOLution BERN BRpJhL4VVsJPwVnHc26iqG3kxxKtF6UEFo |
|
|
david123
Legendary
Offline
Activity: 1022
Merit: 1004
|
|
December 24, 2014, 02:08:41 AM |
|
I'll pm you
|
|
|
|
|
jfabritz
Full Member
Offline
Activity: 141
Merit: 100
Cryptocoin Dabbler
|
|
December 24, 2014, 02:29:53 AM |
|
On the other hand, changing all the addresses to false ones, is a good way to see which accounts are active and which are not. Active ones get their addresses updated and then get their payouts. Inactive accounts get ignored/ email sent to user to activate (change the address) again. Hacked accounts will not payout to hackers. The hackers, like us, have no idea what is going on.
Now that would be put a positive spin on the whole thing...
Yes, that would be a slick way to determine which accounts are still being actively maintained. If he went back to auto-payout, any account with the 'default' addresses will get skipped for future review. However, it would be good for Chris to send emails to everyone letting them know to go back and double-check their account. |
|
|
|
|
|
bones
|
|
December 24, 2014, 07:19:41 AM |
|
Ive still not been paid so logged into my account.
My payment address was changed, so I set it back to my address.
The one it was changed to was not a unused one, so not sure if Chris had anything to do with it or not.
It was 1Nigp9grmwYGyU3Qt8vsaKeaksEsf8bzcQ
At least my payment was not sent to that address so Im sure Ill get it in time.
How do you tell when your acc is in lockdown? I know mine should be, but I see no ticker / timer.
Happy holidays to you all.
|
|
|
|
|
hashpower
Newbie
Offline
Activity: 59
Merit: 0
|
|
December 24, 2014, 08:05:45 AM |
|
Maintenance Posted on December 24, 2014 by Chris in Uncategorized Web server will be place in maintenance mode for about one hour at 12:00 UTC. I really wonder if this site will ever be back online again.......... i have fallen in a couple of ponzi schemes and i must admit this one looks as well although i really really hope i am wrong. i have way to many shares to loose here. |
|
|
|
|
cagrund
Legendary
Offline
Activity: 1372
Merit: 1000
CTO für den Bundesverband Bitcoin e. V.
|
|
December 24, 2014, 09:01:15 AM |
|
Hmm, Server is in "Short Maintenance" since 9:00 UTC.
|
|
|
|
|
mm5aes
|
|
December 24, 2014, 09:04:01 AM |
|
Hmm, Server is in "Short Maintenance" since 9:00 UTC.
It's fine here? Must have missed it |
|
|
|
|
|
copychicken
|
|
December 24, 2014, 09:45:09 AM |
|
if the database is messed...then its too difficult, to find a fast way of solving...it will probably take weeks to clear things out...
|
|
|
|
ThinkI
Member
Offline
Activity: 65
Merit: 10
|
|
December 24, 2014, 11:47:02 AM |
|
Going back to the instructions not to use TOR.
The only hackers interested in hacking TOR that I know of, are governments.
Anyone know any different?
|
|
|
|
|
mm5aes
|
|
December 24, 2014, 11:54:28 AM |
|
Going back to the instructions not to use TOR.
The only hackers interested in hacking TOR that I know of, are governments.
Anyone know any different?
Use mr google to search for 'tor exit node vulnerability' Here's a start. http://hackertarget.com/tor-exit-node-visualization/ |
|
|
|
|
pbleak
Legendary
Offline
Activity: 924
Merit: 1001
|
|
December 24, 2014, 12:57:58 PM |
|
Well it's past the downtime listed on the site. Anybody know what's up?
|
|
|
|
|
|
