Topic: [ANN] | freshmarket.co.in - Closed. Refunds till 10/02/14 - page 18. (Read 41800 times)

Just now we have ~75% of all money needed and looking for sponsors to help us refund customers money.
We will start refunds in a few hours, i will make a message.

Just now we have ~75% of all money needed and looking for sponsors to help us refund customers money.
We will start refunds in a few hours, i will make a message.

Just now we have ~75% of all money needed and looking for sponsors to help us refund customers money.
We will start refunds in a few hours, i will make a message.

Oh nice ok and when?

Didnt read your posts, because I think its just an troll and you should ignore him

As i said, you can get all currencies esle leaf/ltc in full (we found some sponsor of NYAN so we will fully refund it too). Leaf and ltc will be partially refunded.

Get we our LTC/other coins back? Or are they stolen? :/

Get we our LTC/other coins back? Or are they stolen? :/

R3wt,
>4
EC2 AWS Amazon security groups preferencies
>5
Base is available only from server.

I'm still waiting for hacker move.

>you need to check auth.log to make sure it wasn't ssh
No logins on ssh, it's certificate-proven and listening to only one port from only one ip-adress.
>other than that the only possible entry for sql injection was newticket.php,
Fixed it.
>bruteforcing accounts then draining the accounts
We have fail2ban to unable bruteforce.

Man, we used all security features i know, and i want to hear from hacker how this was done.
Also, i still don't see what i have to do to to prove this cryptsy account belongs to me.

ufw allow from 127.0.0.1 to 127.0.0.1 port 3306 proto tcp

i told you to upgrade to our latest code, you wouldn't listen.

also there is not malware in the source. you clearly have no idea what you are talking about, and its not sql injection either, unless its something arbirtrary you and your "devs" added to your source.Now before you try and blame me, i want you to open our github readme and read the very first sentence, aloud to yourself.
"THIS IS BETA SOFTWARE. USE AT YOUR OWN RISK"

It was never our intension for a handful of greedy people to clone our repo and start up fly by night exchanges, but hey they did and now you are paying the price for it. you need to check auth.log to make sure it wasn't ssh. or chech your mysql configuration. its possible you had mysql listening on something other than localhost and they bruteforced your db.

finally check your ufw configuration or whatever other firewall you use.

other than that the only possible entry for sql injection was newticket.php, and you said you fixed it when i tweeted you about it. in the end, it is very likely the attacker was simply bruteforcing accounts then draining the accounts. similar thing was happening at openex, probably same hacker, so we reacted by upping the security.

i think i even mentioned to you about the need to tighten down bruteforce protection on all the forms. this is the risk you run cloning my repo while we are still in beta. this is the exact reason openex doesn't allow withdrawals without admin approval, and ip bans on 3 strikes on all forms where  apassword is required. it is imperative to stay ahead of the game, and cloning my repo in beta is the equivalent of jumping off a cliff with a backpack.

the point is, not that you are stupid. but this is a cat and mouse game and you cna't be running one of these things if you are prepared to fight with the hackers to defend your site. they are smart and if they cna't find a crack to exploit, they will make one.

Litecoins from my address were sent here http://ltc.block-explorer.com/address/LTGURgLGtSD76LP2f9rrGCnFDVLtiTZG5x

[  Posting from hacked up account of bitcointalk. I hope that the owner does not object and it will not edit declaration. Someone, to if you please, repost this. ]

Thus, to us it is necessary to establish the record directly on this before history it goes out of control. People must know, when exchange became the victim of theft, and when exchange itself it stole coins.

I am the hacker, who sent communication. I took less than 200 LTC. I am confident, that no one yet stole 1000 LTC, if this was not in the last hour. How I can be so confident?  Freshmarket it did not have somewhere closely to 1200 LTC until only pair of hours back. Their maximum balance LTC was 260 LTC before I began consuming them. The only time, when it obtained more than 1000 LTC was in the pair of hours back, because some player added 1000+ LTC.

So that I think that def_ender saw the possibility to require the hacker it stole all his coins, when hacker did not steal that it is much. In reality, def_ender, possibly, planned this during several days. You do see, def_ender was known about 5 days that the site was completely broken up. I stole 50 LTC from his account of administrator first. He understood in 12 hours and changed his password. By that time I stole 100 LTC. I assumed that he will be closed exchange, because he clearly could see what occurs. But this did not make. So that I stole 100 additional LTC during the next several days. Entire time of def_ender message to bitcointalk about how there were 1 or 2 accounts, which lost 0,4 LTC or 0,8 LTC. He knew always that 200 LTC disappeared, including 50 LTC of his own!

Thus, once he saw the enormous player: 1000+ LTC, he used possibility in order to require that hackers they stole. This is what I think.

def_ender, if I make mistakes, this is easy for you in order to prove. You said that 1200 LTC it composed 40% of the sum total. This means that you must have 1800 LTC to the left. I speak, you never had it.  If you are actual, place reference to your LTC address, which has, the 1800 of balance. Do transaction on 1,337 to prove this your account. I bet, you will not be able.

The proof that this is I: defender buddha55 [email protected]

I'm really sorry to say this, but it seems that our security system wasn't enough.
Just now i received a message from someone that he has hacked our exchange, and if we want to stop this, we have to pay 10 BTC. Obviously, we are not going to pay our users' money, and we temporarily closed the exchange. We have made an secutity audit to see what's missing, and found ~1200 LTC stolen (nearly 40% of all LTC),  nearly ~50% of LEAFcoins, and ~20% NYANcoins. All other currencies remained nearly unchanged.
Just now we deciding what refund can we make (dev team has nearly 200 LTC on their own, and i can give up some too). We will make a message after we have an agreement. We will 100% refund all other (not-leaf, nyan or LTC) currencies, and try to refund as much ltc as we can.
As i see, it was sql-injection, but it doesn't helped him much - all passwords are stored as hashed ones. So he just brute-forced all low-security passwords to steal their money. So if you haven't got email auth - it is possible that your account was just jacked.

I also have possible ideas about openex malware in source code, but without proofs i can't do anything.