[ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 130.

chiznitz

hero member

Activity: 574

Merit: 500

Quote from: YoyodyneSystems on May 02, 2014, 11:28:46 PM

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.

blitz78

newbie

Activity: 50

Merit: 0

Quote from: mugwampbro on May 02, 2014, 11:25:37 PM

Quote from: ?? on ??

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha

Odd, never usually get logged out. Captcha takes about 5s Roll Eyes

it would be ok if they at least gave you the option "keep me logged in for____ mins.

make a suggestion to one of the mods in trollbox or email it busoni is always open to new ideas

YoyodyneSystems

legendary

Activity: 1386

Merit: 1023

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

GiorgosK

sr. member

Activity: 478

Merit: 253

thanks for the update
hope all funds are safe for cryptos sake

mugwampbro

full member

Activity: 182

Merit: 100

Quote from: ?? on ??

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha

Odd, never usually get logged out. Captcha takes about 5s Roll Eyes

it would be ok if they at least gave you the option "keep me logged in for____ mins.

YoyodyneSystems

legendary

Activity: 1386

Merit: 1023

Quote from: dload.1 on May 02, 2014, 11:06:01 PM

Quote from: blitz78 on May 02, 2014, 10:28:00 PM

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.

And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

gonna hold ya to that mate

buy up to at least .01 i think we would have made it this morning but polo went down

Yeah. I was thinking of strategy for the day's trading for XBC when I got to the comp and saw the site was down
but the CMC listing had just gone up. Bad timing.

But 0.01 is not far off at all. I think there was only a dozen of so BTC left up to
that mark and then pretty much we get to a whole new level after that.

I started getting a bit exited with the thought that Bitcoin Scrypt got to a 4 million dollar market cap totally out of nowhere.
That would be a 20x increase for XBC. And XBC has community, Dev, and a massive following on Polo. Etc...etc..

Anyways shameless plug over.

I'll be watching the twitter. Polo and Busoni have my highest level of trust. Just want to get back in there and do some battle.

IBGigglin

legendary

Activity: 910

Merit: 1006

BCH Advocate.

Quote from: busoni on May 02, 2014, 05:44:03 PM

All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Top notch owner. I feel safe after easily finding this. You rock.

chiznitz

hero member

Activity: 574

Merit: 500

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

wemine

newbie

Activity: 56

Merit: 0

Quote from: qiwoman on May 02, 2014, 11:12:40 PM

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..

+1 it's dead again

kyma

sr. member

Activity: 479

Merit: 250

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

Quote from: Mimon on May 02, 2014, 06:24:19 PM

Poloniex is simply amazing, highly dedicated hard working mods and the super human Busoni.

only exchange i have coins on, now i feel much better about my storage choice!

great work my friends.

POLO OR GTFO.

Already GTFO because of constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha (intentionally mis-spelled)..LOVE THAT

extra security measures are always a bad thing! Cry

poor soul

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.
And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

In all seriousness Polo and it's trollbox are like my drug of choice.
I am having withdrawal symptoms. Must ... have... my Polo.

Be sure to turn on XBC market first please.

hahaha i love this +1 Grin

dload.1

legendary

Activity: 994

Merit: 1004

BTC

Quote from: qiwoman on May 02, 2014, 11:12:40 PM

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..I got migraine anyway so cant troll at all plus we had death in family so i will pop back tomorrow.

hi quiwoman hope you feel better soon. and sorry to hear about your aunt. Sad

qiwoman

sr. member

Activity: 294

Merit: 250

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..I got migraine anyway so cant troll at all plus we had death in family so i will pop back tomorrow.

kryptologist

hero member

Activity: 714

Merit: 500

@kryptographer

I'm glad I pulled most of my BTC after that 1400 XBC heist a few nights ago. I would have pulled it all but the mods assured me everything was good. Damn my fault the warning signs were there. I hope everyone gets their coins back.

mugwampbro

full member

Activity: 182

Merit: 100

Quote from: Mimon on May 02, 2014, 06:24:19 PM

Poloniex is simply amazing, highly dedicated hard working mods and the super human Busoni.

only exchange i have coins on, now i feel much better about my storage choice!

great work my friends.

POLO OR GTFO.

Already GTFO because of constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha (intentionally mis-spelled)..LOVE THAT

dload.1

legendary

Activity: 994

Merit: 1004

BTC

Quote from: blitz78 on May 02, 2014, 10:28:00 PM

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.

And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

gonna hold ya to that mate

buy up to at least .01 i think we would have made it this morning but polo went down

BrewCrewFan

hero member

Activity: 672

Merit: 501

Fricken idiots that do garbage like this keep putting bad names on cryptos over all. Who wants to deal with cryptos when attacks like this always happen? Scares people away and really hurts everyone including themselves in the long run.

blitz78

newbie

Activity: 50

Merit: 0

Quote from: andyatcrux on May 02, 2014, 10:31:03 PM

Quote from: codmaster on May 02, 2014, 10:05:21 PM

quote, unquote, "technically", "us "(the people), cannot be, "because we are, people," unquote, bend each other over, in an enviroment, where , "we" the people, are (A) ment to, take "b" the power away from "c".unts" the governtments, to "C" how we can free ourslelfs from, "cunts", and sort our shit out and work together

.....................

Meth?

lol cooked hard

ErnieRox

full member

Activity: 222

Merit: 101

Novus ordo seclorum

Quote from: rapeghost on May 02, 2014, 10:27:10 PM

Quote from: Mortimer452 on May 02, 2014, 10:19:14 PM

Wow, that is unbelievable. So you're saying that someone called your hosting provider, posed as a Poloniex employee, and actually managed to convince the support staff to give them access to one of your servers? Holy hell. One would think there would be some authentication measure in place to prevent such a thing (there probably are, they just weren't followed).

Glad to hear you are taking your business elsewhere.

You'd be surprised man. Lots of times companies are so anxious to 1. get you off the phone 2. get issues handled quickly so they dont get bitched. Stuff slips through the cracks all the time. I used to work at a host and we had ZERO authentication methods when I started. Luckily I changed policy and made that impossible but some places just dont even think of it.

yep that's happened to a few businesses Tongue

k!lowatts

member

Activity: 98

Merit: 10

3rd time the charm Roll Eyes

andyatcrux

legendary

Activity: 938

Merit: 1000

Quote from: codmaster on May 02, 2014, 10:05:21 PM

quote, unquote, "technically", "us "(the people), cannot be, "because we are, people," unquote, bend each other over, in an enviroment, where , "we" the people, are (A) ment to, take "b" the power away from "c".unts" the governtments, to "C" how we can free ourslelfs from, "cunts", and sort our shit out and work together

.....................

Meth?

Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 130. (Read 272605 times)