Pages:
Author

Topic: [ANN] Crypto Rush - Crypto to Crypto exchange - page 67. (Read 141822 times)

full member
Activity: 124
Merit: 100
Balance page is ok for me....
sr. member
Activity: 518
Merit: 250
It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?

Yes, I was successfull after several attempts.
full member
Activity: 126
Merit: 100
1
Can anybody contact devs..? When balance page will work?

balance page work !

many times site offline cloudflare !!!!!

ever i press withdraw the site down......

please FIX

sell all my altcoins yesterday i need to WD my BTC
legendary
Activity: 1055
Merit: 1002
Can anybody contact devs..? When balance page will work?
legendary
Activity: 3654
Merit: 8909
https://bpip.org
I didn't think this could get any more exciting but it just keeps coming. Since the site seems to be still running (can't tell for sure with it being barely responsive) I take it they didn't heed r3wt's warning and it's open season for script kiddies around the world... or maybe it's been pwned long ago and just keeps collecting coins while it can.
sr. member
Activity: 378
Merit: 250
It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?

The balances page does not work. Even if it did, you still couldn't withdraw BTC.
Its new exchange but have many bugs I lost nearly 1 million zeit and no one taking responsibility and its shameful
full member
Activity: 434
Merit: 100
It seems to me that the page is actually available, it's just very very very slow Sad

Have you withdrawn any funds?
legendary
Activity: 1036
Merit: 1000
when will u get online again?
newbie
Activity: 56
Merit: 0
nice exchange
sr. member
Activity: 518
Merit: 250
It seems to me that the page is actually available, it's just very very very slow Sad
sr. member
Activity: 518
Merit: 250
Lol, I just lost 55 LTC with markets.cx

Please don't let me lose additional 250 Million Karmacoins with cryptorush.in Sad
full member
Activity: 434
Merit: 100
Getting concerned that I still cant withdraw my btc.  They shouldn't come back online until all issues are resolved.  The Twitter account is giving false hope.
full member
Activity: 182
Merit: 100
BlackCoin (BC)   Maintenance   Maintenance   MaintenanceFlappyCoin
(FLAP)   Offline   Offline   Offline
HunterCoin (HUC)   Maintenance   Maintenance   Maintenance
full member
Activity: 182
Merit: 100
All coins are stolen!!!! Angry Angry Angry
full member
Activity: 214
Merit: 100
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.

at the very least, you need to do the following:

find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.

Code:
session_regenerate_id(true);

as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini

the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.

for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.

I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.

also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.


If this is true... Everyone should get OUT of CR
full member
Activity: 182
Merit: 100
Crypto Rush website is not working.They stole my coins.
hero member
Activity: 686
Merit: 504
always the student, never the master.
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.

at the very least, you need to do the following:

find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.

Code:
session_regenerate_id(true);

as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini

the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.

for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.

I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.

also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
full member
Activity: 177
Merit: 100
Support here? Could you look at the ticket #445916  ?
full member
Activity: 434
Merit: 100
Any update?  The website has been down most of the day.
sr. member
Activity: 308
Merit: 250
"failed to send withdrawl to specified account error try to withdraw BTC. WTF?

yep, got that on my last 5 attempts. It's getting from annoying to worriesome...
time to put the eggs back home...
Pages:
Jump to: