Topic: [ANN] Crypto Rush - Crypto to Crypto exchange - page 67. (Read 141812 times)
Balance page is ok for me....
It seems to me that the page is actually available, it's just very very very slow 
Have you withdrawn any funds?
Yes, I was successfull after several attempts.
Can anybody contact devs..? When balance page will work?
balance page work !
many times site offline cloudflare !!!!!
ever i press withdraw the site down......
please FIX
sell all my altcoins yesterday i need to WD my BTC
Can anybody contact devs..? When balance page will work?
I didn't think this could get any more exciting but it just keeps coming. Since the site seems to be still running (can't tell for sure with it being barely responsive) I take it they didn't heed r3wt's warning and it's open season for script kiddies around the world... or maybe it's been pwned long ago and just keeps collecting coins while it can.
It seems to me that the page is actually available, it's just very very very slow
Have you withdrawn any funds?
The balances page does not work. Even if it did, you still couldn't withdraw BTC.
It seems to me that the page is actually available, it's just very very very slow
Have you withdrawn any funds?
when will u get online again?
nice exchange
It seems to me that the page is actually available, it's just very very very slow
Lol, I just lost 55 LTC with markets.cx
Please don't let me lose additional 250 Million Karmacoins with cryptorush.in
Please don't let me lose additional 250 Million Karmacoins with cryptorush.in
Getting concerned that I still cant withdraw my btc. They shouldn't come back online until all issues are resolved. The Twitter account is giving false hope.
BlackCoin (BC) Maintenance Maintenance MaintenanceFlappyCoin
(FLAP) Offline Offline Offline
HunterCoin (HUC) Maintenance Maintenance Maintenance
(FLAP) Offline Offline Offline
HunterCoin (HUC) Maintenance Maintenance Maintenance
All coins are stolen!!!! 
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
Code:
session_regenerate_id(true);
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
If this is true... Everyone should get OUT of CR
Crypto Rush website is not working.They stole my coins.
dear cryptorush "devs". you copied your website from my openex beta source code. you should take the website down immediately.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
at the very least, you need to do the following:
find on login php where the $loggedInUser Object is created for the loggedinuser class. prior to setting the session add this line.
Code:
session_regenerate_id(true);
as a quick fix you can cut/paste this into config.php of the models directory, however for performance and the sake of doing it the "right way", these values should be set in php.ini
the real way to prevent session fixation and hijacking in php
Code:
ini_set('session.cookie_httponly', 1);//prevent hijacking
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
ini_set('session.entropy_file', '/dev/urandom');//choose a source to pull entropy from
ini_set('session.entropy_length', 16);//integer amount in bytes to read from dev/random
ini_set('session.hash_function', 'sha256');//prevents fixation as bruteforcing is pointless at this point.
for your sake, i hope you switched to bcrypt or mcrypt for password hashing as well.
I'm not trying to be rude, but the code is full of race conditions and lacks any protection against sql injection. it also doesn't use transactions. you will have a constant nightmare as long as you use that source code. for the sake of your users, take the site down, pay someone to fix it or wait until i've finished with the new openex source code before someone loses big money and sues your ass.
also, your source code is likely vulnerable to malleated transactions unless you added a secondary table to check against changes in tx hash for the same amount/account timestamp. this is an issue that was brought to my attention earlier today. there is much more. if you would like to talk you know where to find me.
Support here? Could you look at the ticket #445916 ?
Any update? The website has been down most of the day.
"failed to send withdrawl to specified account error try to withdraw BTC. WTF?
yep, got that on my last 5 attempts. It's getting from annoying to worriesome...
time to put the eggs back home...
Jump to: