Topic: [ANN] Crypto Rush - Crypto to Crypto exchange - page 66. (Read 141812 times)
i managed to withdrawal all my alt coins but it took me the whole day to catch "live" pages again and again
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
Code:
session_regenerate_id(true);
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
I have been doing this all day. i waste time and money of this shit withdrawal fail!!!
Devianttwo told Link to come clean multiple times regarding the lies.
They are true. Open your eyes and get out while you still can.
Convert your btc to any coin you can and get out now.
i have still been able to withdraw alt coins, when you can actually get onto a live version of the site that is . btc wont withdraw tho
I just logged to thier IRC and asked
Hello when I will get my coins back ?
And I was kicked
Well ... dear cryptorush users, looks like we lost our coins
Hello when I will get my coins back ?
And I was kicked
Well ... dear cryptorush users, looks like we lost our coins
"failed to send withdrawl to specified account error try to withdraw BTC. When is Crypto Rush going to start processing withrdawls? Tried several times, and each time I receive an error message.
Another Mt. Gox and coinmarket.io ...
Another Mt. Gox and coinmarket.io ...
Ok, tried to withdraw BTC and got an invalid address error.
Converted BTC to VTC and tried to withdraw that, but got same error.
Been going on like this all day.
I'm surprised more people aren't screaming about it.........
SORT YOUR SHIT OUT CRYPTORUSH, FOR FUCKS SAKE !!!!!
EDIT:
OK, if this helps anyone, I've been getting an invalid address format error all day while trying to withdraw BTC and VTC from cryptorush.
I just managed to get VTC out by generating a new VTC address in my wallet and then using that to withdraw to - inexplicably, it worked!
Converted BTC to VTC and tried to withdraw that, but got same error.
Been going on like this all day.
I'm surprised more people aren't screaming about it.........
SORT YOUR SHIT OUT CRYPTORUSH, FOR FUCKS SAKE !!!!!
EDIT:
OK, if this helps anyone, I've been getting an invalid address format error all day while trying to withdraw BTC and VTC from cryptorush.
I just managed to get VTC out by generating a new VTC address in my wallet and then using that to withdraw to - inexplicably, it worked!
CrytoRush Exchange is actually quite good, I don't think its dying lol
Stucked deposits adn withdrawals, coin voting frauds, lack of customer support .... they issued some "shares" to get some fast money ... poor
People be careful in this dying exchange, there is high chance you lost your coins !!!
I just re-quote my previous post
...Withdrawals still dont work !!!!
Extreme caution with this dying exchange ! ! !
CR.Gox
WD is working with luck !
i WD my BTC NOW
i WD my BTC NOW
i just try ed, still dont work
WD is working with luck !
i WD my BTC NOW
i WD my BTC NOW
CrytoRush Exchange is actually quite good, I don't think its dying lol
Stucked deposits adn withdrawals, coin voting frauds, lack of customer support .... they issued some "shares" to get some fast money ... poor
People be careful in this dying exchange, there is high chance you lost your coins !!!
I just re-quote my previous post
...
I got my EAC out...
Sell your BTC for any other altcoin and get them out!!!
Sell your BTC for any other altcoin and get them out!!!
Is this site save or not as i have coins still in there?. 
same, i can't access anymore the balance page, wtf, who is REAL thief, BC coin Dev Or CryptoRush!?
I just want get back my 0.6 BTC!
I just want get back my 0.6 BTC!
I found http://www.cryptocoinsnews dot com/2014/03/25/cryptorush-loses-millions-of-blackcoins/
posted 6 hrs ago already discussed here in the forum as "Official BlackCoin statement from CryptoRush - Very shocking information"
the website could be offline because of this event.
posted 6 hrs ago already discussed here in the forum as "Official BlackCoin statement from CryptoRush - Very shocking information"
the website could be offline because of this event.
I do not understand how you get in.. i sometimes can access to exchange but i can't get to balance page even for one sec, i am trying do it constatly for 3 fucking hour already.
Balance page is ok for me....
I can't get access to it for 1 hour already
it constatly shows offline.
This page (
https://cryptorush.in/index.php?p=balances
) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by
CloudFlare
online for me, but very slow :S from canaries
Balance page is ok for me....
I can't get access to it for 1 hour already
it constatly shows offline.
This page (
https://cryptorush.in/index.php?p=balances
) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Always Online™ is powered by
CloudFlare
Jump to: