Somebody is spaming orders and effectively clearing transaction history...
We have punished that user by CLEARING HIS BALANCE (not much).
It's written on the front page: Trying to abuse or flood our system will result in account/balance loss!
yessss
Topic: [ANN - NEW EXCHANGE] | www.CoinMarket.io | OFFICIAL THREAD - page 75. (Read 143440 times)
We have punished that user by CLEARING HIS BALANCE (not much).
It's written on the front page: Trying to abuse or flood our system will result in account/balance loss!
yessss
Somebody is spaming orders and effectively clearing transaction history...
We have punished that user by CLEARING HIS BALANCE (not much).
It's written on the front page: Trying to abuse or flood our system will result in account/balance loss!
scroll down, press cancel 
nothing
Somebody is spaming orders and effectively clearing transaction history...
Dev, can you verify emails are going out for withdrawal confs? I want to try my withdrawal again and don't want it to get stuck again.
When SMTP does not accept our mail for delivery, we get notified. Hasnt happened, please be patient and check spam folder too.
Dev, can you verify emails are going out for withdrawal confs? I want to try my withdrawal again and don't want it to get stuck again.
Upcoming opt-in security feature: authorization of IP addresses via e-mail.
When enabled, you wont be able to log in from new IP addresses unless you click an autorization link in e-mail.
Clicking the link will whitelist that IP address. Removing from the whitelist will be possible form the settings page.
When enabled, you wont be able to log in from new IP addresses unless you click an autorization link in e-mail.
Clicking the link will whitelist that IP address. Removing from the whitelist will be possible form the settings page.
And why in the world do you need to make deposits every few minutes?
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
I guess the coins are in the limbo. Thank you very much for your help anyway. Don't worry, I won't bother you again.
Very fast exchange. No slow dialup connection as coinedup ... :-)
Good work.
Good work.
And why in the world do you need to make deposits every few minutes?
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
Those two are flagged as "credited" in our database, the flagging happens AFTER an update to the balances table.
Wierd.
Any status on the account belonging to last night;s hacker? Has he withdrawn coins or are trades still reversable? If so, what is wallet ID stolen funds were sent to?
This can be found out easily by looking at the time and price of trades. Please look into this
This can be found out easily by looking at the time and price of trades. Please look into this
My CON deposit is still missing after 2 hours.
This dude has made 325 deposits while we are asking not to use pool payouts...
This dude make most of his deposits from his wallets, sometimes from pools, every 5 or 6 minutes. Sometimes even more frequently, to six different exchanges. I did not know you have a problem with the frequency of deposits. Thank you for your answer full of constructive criticism.
BTW, that CON deposit is still missing. Thank you for your time again.
EDIT: And thank you for your threats, very refreshing. And constructive too.
My CON deposit is still missing after 2 hours.
This dude has made 325 deposits while we are asking not to use pool payouts...
If you continue to make small payouts from pools, your account will be disabled for trading and only withdrawing will be an option.
Looking for your deposit.
Withdrawals confimed. PM me your next email address.
If you could please confirm my withdrawal of 50k NOBL from yesterday I would really appreciate it. No conf email since yesterday. I think I've asked like 4 times already. Thx.
Great, thank you! So now I see them back in my wallet. I'm a bit worried if I try to withdraw now, I won't get the conf email again. Wut to do?
Since the glitch I have a 5.21550639 CON unconfirmed deposit that seems stuck:
user: Taxidermista
Txid: 9c26b2dfe3fa0a04d404ee52fab840d00f202e53a8d680d984010e6e7444af56
And another 7.1208608 CON deposit missing:
Txid: 3218f11327eff094b8db0db7cc653c47d2699f1ad8b0f30e90d878f531b317e1
user: Taxidermista
Txid: 9c26b2dfe3fa0a04d404ee52fab840d00f202e53a8d680d984010e6e7444af56
And another 7.1208608 CON deposit missing:
Txid: 3218f11327eff094b8db0db7cc653c47d2699f1ad8b0f30e90d878f531b317e1
My CON deposit is still missing after 1 hour.
My CON deposit is still missing after 2 hours.
Withdrawals confimed. PM me your next email address.
Dear developers. My account is oleander.
There were three withdrawals initiated and there have been no confirmations so far. If it can be changed somehow please let me change my email address, maybe that will do the trick. Also, If you can, please confirm manually my pending withdrawals. If everything will be ok tomorrow, I'll make a nice donation for this exchange development. Sorry for the trouble and good luck!
There were three withdrawals initiated and there have been no confirmations so far. If it can be changed somehow please let me change my email address, maybe that will do the trick. Also, If you can, please confirm manually my pending withdrawals. If everything will be ok tomorrow, I'll make a nice donation for this exchange development. Sorry for the trouble and good luck!
I would think this has been suggested but I will suggest it anyway.
Is there any possibility to alphabetize the wallet and market??
Thanks
Is there any possibility to alphabetize the wallet and market??
Thanks
Due to alot of FUD, we are releasing parts of the code responsible for logging the users in.
https://gist.github.com/anonymous/0ea4963391498b35ce96
Code, that is responsible for logging users in and maintaining their session:
Edit: formatting lost while copying from github
/////////////////////////////////////////
// FILE 1: a route handler called "login"
/////////////////////////////////////////
module.exports = function(req, res) {
/* removed meaningless anti-bruteforce code from this sector */
if (req.params.logout) {
// handle loging the user aout
req.session.account = null;
req.session.user = null
delete req.session.account;
delete req.session.user;
res.redirect('/');
return;
}
/* removed hard-coded IP bans from sector */
if (req.body.username && req.body.password) {
// if the FORM was posted, then call the exchange.login method
exchange.login(req.body.username, req.body.password, function(err, user) {
if (err) {
// login failed, redirect
res.redirect('/');
}
else { // <- this means that exchange.login method called the callback without an error
// login OK, set session data and redirect
req.session.account = user.id.toString();
req.session.user = user;
res.redirect('/');
}
}, req /* pass connection to login handler */);
}
else {
// no login data in POST, redirect to /
res.redirect('/');
}
};
/////////////////////////////////////////
// FILE 2: a method called exchange.login
/////////////////////////////////////////
Exchange.prototype.login = function(username, password, callback, request) {
// salt password to protect from rainbow attack on a leaked database
password = this.saltPassword(username, password);
// hash it with SHA-1 to check against the database
password = crypto.createHash('sha1').update(password).digest("hex");
this.numLogins++; // increment login counter for stats
var exchange = this;
var query = 'SELECT * FROM accounts WHERE username = ? AND password = ?';
db.query(query, [username, password], function(err, rows) {
// if the database query returns error or no rows, then:
if (err || !rows || !rows.length) {
callback(err.toString());
return; // EXECUTION STOPS HERE
}
// code below executes only when a match was found (a row returned from the database)
var user = rows[0];
db.query('INSERT INTO logins VALUES (NULL, ?, ?, NOW())', [user.id, request.connection.remoteAddress]);
callback(null, user); // pass control back to the route handler (FILE 1)
exchange.numLoginsSuccess++; // increment successful login counter for stats
});
}
/////////////////////////////////////////
How do we check if an user is logged in?
We simply check for the session variables in every handler.
https://gist.github.com/anonymous/0ea4963391498b35ce96
Code, that is responsible for logging users in and maintaining their session:
Edit: formatting lost while copying from github
/////////////////////////////////////////
// FILE 1: a route handler called "login"
/////////////////////////////////////////
module.exports = function(req, res) {
/* removed meaningless anti-bruteforce code from this sector */
if (req.params.logout) {
// handle loging the user aout
req.session.account = null;
req.session.user = null
delete req.session.account;
delete req.session.user;
res.redirect('/');
return;
}
/* removed hard-coded IP bans from sector */
if (req.body.username && req.body.password) {
// if the FORM was posted, then call the exchange.login method
exchange.login(req.body.username, req.body.password, function(err, user) {
if (err) {
// login failed, redirect
res.redirect('/');
}
else { // <- this means that exchange.login method called the callback without an error
// login OK, set session data and redirect
req.session.account = user.id.toString();
req.session.user = user;
res.redirect('/');
}
}, req /* pass connection to login handler */);
}
else {
// no login data in POST, redirect to /
res.redirect('/');
}
};
/////////////////////////////////////////
// FILE 2: a method called exchange.login
/////////////////////////////////////////
Exchange.prototype.login = function(username, password, callback, request) {
// salt password to protect from rainbow attack on a leaked database
password = this.saltPassword(username, password);
// hash it with SHA-1 to check against the database
password = crypto.createHash('sha1').update(password).digest("hex");
this.numLogins++; // increment login counter for stats
var exchange = this;
var query = 'SELECT * FROM accounts WHERE username = ? AND password = ?';
db.query(query, [username, password], function(err, rows) {
// if the database query returns error or no rows, then:
if (err || !rows || !rows.length) {
callback(err.toString());
return; // EXECUTION STOPS HERE
}
// code below executes only when a match was found (a row returned from the database)
var user = rows[0];
db.query('INSERT INTO logins VALUES (NULL, ?, ?, NOW())', [user.id, request.connection.remoteAddress]);
callback(null, user); // pass control back to the route handler (FILE 1)
exchange.numLoginsSuccess++; // increment successful login counter for stats
});
}
/////////////////////////////////////////
How do we check if an user is logged in?
We simply check for the session variables in every handler.
Jump to: