[ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 130.

chiznitz

hero member

Activity: 574

Merit: 500

Quote from: busoni on May 02, 2014, 11:34:44 PM

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

The provider, as most providers do, allowed booting into "recovery mode." They did this first via support tickets, then got on the phone to get the password reset. Ordinarily, firewalls are up at all times on all servers.

So you are confirming that there are no network level protections in place? You are relying solely on the host firewall? Or did the provider also bring down the network level firewall for this user?

chiznitz

hero member

Activity: 574

Merit: 500

Quote from: ?? on ??

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

That is a good point, the sshd_conf should be locked down..

Password authentication should be turned off immediately. Shell keys should be used otherwise _YOU HAVE ZERO SECURITY_.

I love Poloniex and Busoni, Angela, all of them, but seriously guys, a wallet server that you do not own, that means the host always has root access.

Either you own the server and co-locate, which isn't happening right now, or someone else owns the server and co-locates and you rent it from them, which is what is happening right now.

They will ALWAYS have a backdoor into the server, they have to since they own it. I work for a webhost and this is exactly how we (and all others) have to do it.

So, you need to turn off password authentication in sshd_conf , turn off root login too. Set up an account in the wheel group (su privileges) and create shell keys for that user. Log in to that user with your shell keys and su to root. You host will have to do the same thing if they log in for tech support.

I hope this helps.

Well thats a good start but seriously, the entire internet shouldn't be able to get that far, thats what firewalls are for. The firewall should have ssh access locked to only the IPs of personnel who should be accessing it.

busoni

sr. member

Activity: 364

Merit: 250

Owner of Poloniex

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

The provider, as most providers do, allowed booting into "recovery mode." They did this first via support tickets, then got on the phone to get the password reset. Ordinarily, firewalls are up at all times on all servers.

chiznitz

hero member

Activity: 574

Merit: 500

Quote from: YoyodyneSystems on May 02, 2014, 11:28:46 PM

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.

blitz78

newbie

Activity: 50

Merit: 0

Quote from: mugwampbro on May 02, 2014, 11:25:37 PM

Quote from: ?? on ??

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha

Odd, never usually get logged out. Captcha takes about 5s Roll Eyes

it would be ok if they at least gave you the option "keep me logged in for____ mins.

make a suggestion to one of the mods in trollbox or email it busoni is always open to new ideas

YoyodyneSystems

legendary

Activity: 1386

Merit: 1023

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

GiorgosK

sr. member

Activity: 478

Merit: 253

thanks for the update
hope all funds are safe for cryptos sake

mugwampbro

full member

Activity: 182

Merit: 100

Quote from: ?? on ??

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha

Odd, never usually get logged out. Captcha takes about 5s Roll Eyes

it would be ok if they at least gave you the option "keep me logged in for____ mins.

YoyodyneSystems

legendary

Activity: 1386

Merit: 1023

Quote from: dload.1 on May 02, 2014, 11:06:01 PM

Quote from: blitz78 on May 02, 2014, 10:28:00 PM

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.

And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

gonna hold ya to that mate

buy up to at least .01 i think we would have made it this morning but polo went down

Yeah. I was thinking of strategy for the day's trading for XBC when I got to the comp and saw the site was down
but the CMC listing had just gone up. Bad timing.

But 0.01 is not far off at all. I think there was only a dozen of so BTC left up to
that mark and then pretty much we get to a whole new level after that.

I started getting a bit exited with the thought that Bitcoin Scrypt got to a 4 million dollar market cap totally out of nowhere.
That would be a 20x increase for XBC. And XBC has community, Dev, and a massive following on Polo. Etc...etc..

Anyways shameless plug over.

I'll be watching the twitter. Polo and Busoni have my highest level of trust. Just want to get back in there and do some battle.

IBGigglin

legendary

Activity: 910

Merit: 1006

BCH Advocate.

Quote from: busoni on May 02, 2014, 05:44:03 PM

All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Top notch owner. I feel safe after easily finding this. You rock.

chiznitz

hero member

Activity: 574

Merit: 500

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

wemine

newbie

Activity: 56

Merit: 0

Quote from: qiwoman on May 02, 2014, 11:12:40 PM

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..

+1 it's dead again

kyma

sr. member

Activity: 479

Merit: 250

Quote from: mugwampbro on May 02, 2014, 11:09:51 PM

Quote from: Mimon on May 02, 2014, 06:24:19 PM

Poloniex is simply amazing, highly dedicated hard working mods and the super human Busoni.

only exchange i have coins on, now i feel much better about my storage choice!

great work my friends.

POLO OR GTFO.

Already GTFO because of constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha (intentionally mis-spelled)..LOVE THAT

extra security measures are always a bad thing! Cry

poor soul

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.
And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

In all seriousness Polo and it's trollbox are like my drug of choice.
I am having withdrawal symptoms. Must ... have... my Polo.

Be sure to turn on XBC market first please.

hahaha i love this +1 Grin

dload.1

legendary

Activity: 994

Merit: 1004

BTC

Quote from: qiwoman on May 02, 2014, 11:12:40 PM

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..I got migraine anyway so cant troll at all plus we had death in family so i will pop back tomorrow.

hi quiwoman hope you feel better soon. and sorry to hear about your aunt. Sad

qiwoman

sr. member

Activity: 294

Merit: 250

Weird. I just saw polo with a dysfunctional trollbox and many markets frozen and logged and now it's gone again lol..I got migraine anyway so cant troll at all plus we had death in family so i will pop back tomorrow.

kryptologist

hero member

Activity: 714

Merit: 500

@kryptographer

I'm glad I pulled most of my BTC after that 1400 XBC heist a few nights ago. I would have pulled it all but the mods assured me everything was good. Damn my fault the warning signs were there. I hope everyone gets their coins back.

mugwampbro

full member

Activity: 182

Merit: 100

Quote from: Mimon on May 02, 2014, 06:24:19 PM

Poloniex is simply amazing, highly dedicated hard working mods and the super human Busoni.

only exchange i have coins on, now i feel much better about my storage choice!

great work my friends.

POLO OR GTFO.

Already GTFO because of constantly having to sign in if you leave the page for a minute or two. Oh and that sign in Craptcha (intentionally mis-spelled)..LOVE THAT

dload.1

legendary

Activity: 994

Merit: 1004

BTC

Quote from: blitz78 on May 02, 2014, 10:28:00 PM

Quote from: YoyodyneSystems on May 02, 2014, 10:25:53 PM

Go party on this lovely Friday night and come back later.

And while you are partying I will login the first minute the site is up and buy any and all XBC that are left.

gonna hold ya to that mate

buy up to at least .01 i think we would have made it this morning but polo went down

BrewCrewFan

hero member

Activity: 672

Merit: 501

Fricken idiots that do garbage like this keep putting bad names on cryptos over all. Who wants to deal with cryptos when attacks like this always happen? Scares people away and really hurts everyone including themselves in the long run.

blitz78

newbie

Activity: 50

Merit: 0

Quote from: andyatcrux on May 02, 2014, 10:31:03 PM

Quote from: codmaster on May 02, 2014, 10:05:21 PM

quote, unquote, "technically", "us "(the people), cannot be, "because we are, people," unquote, bend each other over, in an enviroment, where , "we" the people, are (A) ment to, take "b" the power away from "c".unts" the governtments, to "C" how we can free ourslelfs from, "cunts", and sort our shit out and work together

.....................

Meth?

lol cooked hard

Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 130. (Read 272454 times)