cryptsy | Bitcointalksearch.org

merelcoin

hero member

Activity: 675

Merit: 504

Quote from: SparkedDev on March 18, 2016, 10:01:18 AM

Quote from: Shibashi Dogemoto on March 18, 2016, 09:45:22 AM

Quote from: WORK4U on March 17, 2016, 04:56:59 AM

If you point me to the correct github I probably can compile this

Please read the full thread before you do... The original scripts had multiple SQL injection vulnerability's, and there was even some talk about backdoors and phone-home parts in the script (i never read the code, so i cannot verify this)

sql injection stuff is an easy fix
backdoors depending on how many files they got could be hard to find if you don't know what your looking for.

It's an easy fix, but very time consuming. I guess the best idear would be to rewrite all database calls to prepared statements, but this will take you a couple minutes every time there was a query executed in the script.

To find backdoors, you're right: somebody has to digg deep and really understand the inner workings of the script in order to properly fix everything.

Quote from: noel57 on March 23, 2016, 04:18:25 PM

https://github.com/crypto-maniac/Cryptsy-Clone is no longer available 404 error, is there anybody with this clone?

https://github.com/merelcoin/Cryptsy-Clone
Use it wisely, keep in mind: SQL injection, backdoor, phone-home . I just cloned it, didn't fix a single error!

noel57

sr. member

Activity: 392

Merit: 250

https://github.com/crypto-maniac/Cryptsy-Clone is no longer available 404 error, is there anybody with this clone?

SparkedDev

hero member

Activity: 896

Merit: 1000

Quote from: Shibashi Dogemoto on March 18, 2016, 09:45:22 AM

Quote from: WORK4U on March 17, 2016, 04:56:59 AM

If you point me to the correct github I probably can compile this

Please read the full thread before you do... The original scripts had multiple SQL injection vulnerability's, and there was even some talk about backdoors and phone-home parts in the script (i never read the code, so i cannot verify this)

sql injection stuff is an easy fix
backdoors depending on how many files they got could be hard to find if you don't know what your looking for.

Shibashi Dogemoto

hero member

Activity: 840

Merit: 1000

Quote from: WORK4U on March 17, 2016, 04:56:59 AM

If you point me to the correct github I probably can compile this

Please read the full thread before you do... The original scripts had multiple SQL injection vulnerability's, and there was even some talk about backdoors and phone-home parts in the script (i never read the code, so i cannot verify this)

WORK4U

newbie

Activity: 12

Merit: 0

If you point me to the correct github I probably can compile this

CB_project

member

Activity: 86

Merit: 10

Have some one compile this script? Is this still working?

davien

sr. member

Activity: 462

Merit: 250

Quote from: onlinedragon on January 29, 2016, 08:21:47 AM

I don't think Cryptsy still have an good name. Don't think also a cloned website will be trusted after all the troubles with Cryptsy.

+1 . Better redesign and rename it right now Cheesy

Shibashi Dogemoto

hero member

Activity: 840

Merit: 1000

Is there any other clone alive? I wouldn't want to start an exchange, but i'd be interested in installing a copy on one of my machines at home, just to see if i'd get it running

onlinedragon

hero member

Activity: 1036

Merit: 501

I don't think Cryptsy still have an good name. Don't think also a cloned website will be trusted after all the troubles with Cryptsy.

Nudies Fluffer

newbie

Activity: 40

Merit: 0

Interesting project you have going on here!

Must be a hell of an undertaking to write something like this script.
Did you just clone the front end and then have your friend do the back-end/engine?

I am going to look deeper into the code but so far doesn't look to terribly bad.

senyorito123

hero member

Activity: 1764

Merit: 505

20BET - Premium Casino & Sportsbook

anybody got the real source code ? please upload it

we will be grateful to download it

wowyeahthatsit

newbie

Activity: 11

Merit: 0

github link has been removed
any trust member send me via PM clean code without any callback to gov,fbi,log & other bullshits

alwinlinzee

sr. member

Activity: 434

Merit: 250

Quote from: yohanip on January 24, 2016, 10:34:48 AM

Unfortunately the link given by the thread starter is dead, and reading through a couple pages back the code was somehow had a backdoor or something related to it?

I guess as much because that script worth a fortune and for someone to want to give it away for free is suspicious at least he needs to recover his money somehow.

yohanip

member

Activity: 118

Merit: 100

A Programmer

Unfortunately the link given by the thread starter is dead, and reading through a couple pages back the code was somehow had a backdoor or something related to it?

alwinlinzee

sr. member

Activity: 434

Merit: 250

This without doubt is a good step in the right directions but what about the back doors and other hidden things that could make the website to be easy to attack.

tyz

legendary

Activity: 3360

Merit: 1533

Thanks for sharing your opinion. I looked into the source code a while ago, but I have never run a instance of the exchange.
I planned to do but your writing helps me the get an better opinion about it.

Quote from: JustBob on January 23, 2016, 03:53:13 AM

I managed to get an instance running here on my localnet to play with, but it took a bit of butchering to even get it running at all.
I also managed to get at least the trollbox, and probably user voting to run as well.(haven't tried the user voting yet)
Within a couple days I'll begin to go through the scripts and other various files to get rid of the crypto-maniac.com "rewrite" specifics.
Maybe then once I'm certain everything works "ok", I'll setup a repository, and maybe then, "we" can both start working where crypto-maniac left off, and maybe even toss him a bit for his fine efforts, as this exchange is actually pretty cool, and very well featured compared to most of the other "open source" offerings available.

And I don't mean to sound nasty.....but it's almost pathetic that folks chose to lambast his fine efforts here at "hate central" rather than to step in and help.

Anyways to get the chatbox/trollbox running one has to run the chat server is a seperate proccess.

On Ubuntu you call it, using either a terminal on the server version or an xterm on the desktop version using:

Code:

sudo php -q /path/to/chat/server.php

JustBob

member

Activity: 113

Merit: 10

Forgot to mention, once the chat server is running, the chat client just kinda' automagically appears in the lower right hand corner of all user screens.

JustBob

member

Activity: 113

Merit: 10

I managed to get an instance running here on my localnet to play with, but it took a bit of butchering to even get it running at all.
I also managed to get at least the trollbox, and probably user voting to run as well.(haven't tried the user voting yet)
Within a couple days I'll begin to go through the scripts and other various files to get rid of the crypto-maniac.com "rewrite" specifics.
Maybe then once I'm certain everything works "ok", I'll setup a repository, and maybe then, "we" can both start working where crypto-maniac left off, and maybe even toss him a bit for his fine efforts, as this exchange is actually pretty cool, and very well featured compared to most of the other "open source" offerings available.

And I don't mean to sound nasty.....but it's almost pathetic that folks chose to lambast his fine efforts here at "hate central" rather than to step in and help.

Anyways to get the chatbox/trollbox running one has to run the chat server is a seperate proccess.

On Ubuntu you call it, using either a terminal on the server version or an xterm on the desktop version using:

Code:

sudo php -q /path/to/chat/server.php

SparkedDev

hero member

Activity: 896

Merit: 1000

Quote from: Nexious on September 06, 2015, 02:34:06 AM

I would highly advise against using that source code in any production environment, none the less good on the creator for open sourcing it.

Aslong as its fixed and changed up nothing is wrong with using it.
Nothing in this source code can't be fixed im currently updating it to the latest version of php 5.6.14

Nexious

full member

Activity: 140

Merit: 100

Nexious.com Admin

I would highly advise against using that source code in any production environment, none the less good on the creator for open sourcing it.

SparkedDev

hero member

Activity: 896

Merit: 1000

Ill check the files and see whats up.

ZonedOutSpace

sr. member

Activity: 280

Merit: 250

From Russia with love

Quote from: tyz on September 05, 2015, 08:10:52 AM

Just went through some source code files and found this part. Grin

you should not visit this page...,

Your IP is logged
please visit our friends here ..

http://www.fbi.gov/"> http://www.fbi.gov/

Quote from: ZonedOutSpace on September 05, 2015, 07:40:50 AM

https://github.com/Frankenmint/Cryptsy-Clone

I think this is it

Yeah, i saw that as well lol

tyz

legendary

Activity: 3360

Merit: 1533

Just went through some source code files and found this part. Grin

you should not visit this page...,

Your IP is logged
please visit our friends here ..

http://www.fbi.gov/"> http://www.fbi.gov/

Quote from: ZonedOutSpace on September 05, 2015, 07:40:50 AM

https://github.com/Frankenmint/Cryptsy-Clone

I think this is it

ZonedOutSpace

sr. member

Activity: 280

Merit: 250

From Russia with love

https://github.com/Frankenmint/Cryptsy-Clone

I think this is it

tyz

legendary

Activity: 3360

Merit: 1533

I would be interested. Did you get the files somewhere. I know that a few people downloaded the script. It would be nice if they could share it with others.

Quote from: SparkedDev on August 29, 2015, 06:46:46 PM

If anyone has the files and are willing to work with us we would be happy to fix the code a push an updates with no holes.

nagatlakshmi

hero member

Activity: 616

Merit: 500

Quote from: SparkedDev on August 29, 2015, 06:46:46 PM

If anyone has the files and are willing to work with us we would be happy to fix the code a push an updates with no holes.

Have you got the script and can you share for us?

SparkedDev

hero member

Activity: 896

Merit: 1000

If anyone has the files and are willing to work with us we would be happy to fix the code a push an updates with no holes.

tyz

legendary

Activity: 3360

Merit: 1533

Yeap, it seems he took it offline. Maybe too much security holes and flaws in the script.

Quote from: Yofun on August 28, 2015, 01:29:13 PM

Hey OP? link to source code is broken?

Yofun

sr. member

Activity: 462

Merit: 250

Hey OP? link to source code is broken?

tyz

legendary

Activity: 3360

Merit: 1533

I know it some time ago of you post but could you point to the files and lines where you find these vulnerabilities?

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

Pab

legendary

Activity: 1862

Merit: 1012

Quote from: Pab on August 27, 2015, 08:50:24 PM

Hi ,thank you
i will let know some honest people about your work,ifanybody will be intersted in to run exchange,i will let you know.You really deserve to get some money,maybe in some future will be possible to make a kind of decantrelised ,secure exchange on that base

Your link is showing not found,i sent you pm

https://github.com/crypto-maniac/Cryptsy-Clone

Pab

legendary

Activity: 1862

Merit: 1012

Hi ,thank you
i will let know some honest people about your work,ifanybody will be intersted in to run exchange,i will let you know.You really deserve to get some money,maybe in some future will be possible to make a kind of decantrelised ,secure exchange on that base

tyz

legendary

Activity: 3360

Merit: 1533

Well, i would still like to know if someone installed and run the script in production?

Quote from: tyz on May 01, 2015, 04:56:16 PM

Has someone already installed the script? Is it working the way the creator is promising?

alwinlinzee

sr. member

Activity: 434

Merit: 250

This is not an open source entirely because someone still need to pay 0.50btc to activate it to full version which include voting and chatting stuffs but is that price negotiable and do you offer free installations?

diddledum

newbie

Activity: 2

Merit: 0

I would like to have this running on my site if there are no backdoors

I would appreciate some help from anyone to get this on a domain if all is ok

tyz

legendary

Activity: 3360

Merit: 1533

Has someone already installed the script? Is it working the way the creator is promising?

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Thx you R3wt of course i will accept your your pull request

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: Crypto-Maniac on April 20, 2015, 06:38:43 AM

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET to $POST

Looking through your source code, i found many of the same vulnerabilities that were in the original OpenEx scripts that i cowrote(In fact, some of the code is copied directly from OpenEx source code). To put it into perspective, i had no idea what i was doing back then(first experience with programming, delusional about my abilities). I do now:

https://github.com/OpenExLLC/web -- No Release candidate yet
https://github.com/OpenExLLC/live --0.1 Release
https://github.com/OpenExLLC/mail -- Release Candidate is untested

This exchange will be scalable, secure, and just generally awesome. If anyone wants to join this effort, you're more than welcome to. There are other components to the system, however these are the only ones i've made public at this time, Mostly because some are yet to be implemented or are waiting on other things to be completed so they can be tested.

mistercoin

legendary

Activity: 1051

Merit: 1000

Rent Me!

Quote from: Crypto-Maniac on April 20, 2015, 06:38:43 AM

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET to $POST

I will clean up some of the security holes and submit pull requests if you would like me to?

mistercoin

legendary

Activity: 1051

Merit: 1000

Rent Me!

Amazing. I still have to crawl through the code to see if it truly is malware-free and not an attempt to harm, but if you honestly did release this Open source and clean to us, a lot of people could take a lesson from you as this is no small feat.

Thank you.

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

thx you R3wt for these words ....

its definly more easy to run scanner from Kali ,instead code from scratch this open source exchange

you cannot sweep the work just for some basic (important also) security breach

also as i said exploit need POC so please if you can report and show it would be a good contribution at least

you wont find LFi/RFi here , maybe an xss or sql injection as u find

as other members remind it is open source and i didnt recommend to anyone here or via PM to run the site straigh like this

it flow from sense that if you like to run an exchange you must pay a DEV and security guy (a real one..)

i would recommend to also change request $GET to $POST

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

Quote from: sgk on April 18, 2015, 03:10:18 AM

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

But it is open-source now, so these vulnerabilities will be easy to find and fix.

Yeah, but it still won't scale and its still succeptible to other vulnerabilities.

bitvestor

sr. member

Activity: 252

Merit: 250

This is great and its opensource, really appreciated and i feel bad that your original dream for this was kicked away because of laws and trust when you decide to sell and make profit for your time and effort..

For those asking about security and so on, its opensource now so get yourself to work if you actually need it..

okae

legendary

Activity: 1401

Merit: 1008

northern exposure

ty @crypto-maniac for this open source code, i really apreciate it, TY!!

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

Quote from: r3wt on April 17, 2015, 10:33:12 PM

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

But it is open-source now, so these vulnerabilities will be easy to find and fix.

r3wt

hero member

Activity: 686

Merit: 504

always the student, never the master.

multiple SQL injection vulnerabilities.

this is not anywhere close to professional.

Crypto-Maniac

newbie

Activity: 57

Merit: 0

little up

S4VV4S

hero member

Activity: 1582

Merit: 502

Quote from: Joint Force on April 04, 2015, 12:17:10 PM

I hope this forces exchanges to be better. I want people to demand more from exchanges. Exchanges should offer all the basic services like a block explorer. They should offer auto withdrawls to a pre-set address if a coin gets delisted. Coins should have at least 1 year when they get listed.

All if would take is someone to raise the bar and many coins would move their volume away from the exchanges they are currently on.

Stop demanding....

You have an open source exchange.
Fork it and do all these shit yourself.

And don't forget to give back to the community.....
That means release it as open source as well...

Apart from that @ OP
I did not check your source but thank you in advance for releasing this as open source Wink

Joint Force

hero member

Activity: 804

Merit: 500

DAO ↔ DApp

I hope this forces exchanges to be better. I want people to demand more from exchanges. Exchanges should offer all the basic services like a block explorer. They should offer auto withdrawls to a pre-set address if a coin gets delisted. Coins should have at least 1 year when they get listed.

All if would take is someone to raise the bar and many coins would move their volume away from the exchanges they are currently on.

banksycoin

full member

Activity: 224

Merit: 100

Amazing. Great work.

This is what open-source development is all about, this should help push cryptocurrency in new directions and new ways.

Congrats. Grin

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: Darkblock on April 03, 2015, 02:30:18 PM

@Crypto-Maniac: Thank you very much for making this opensource. Very interesting! btw - are you available for contract-work? And can you tell us something about your background in coding?? And also something about the trading engine coder? would be great.

PS. i am forking this now and will start a code-review shortly.
THANKS AGAIN FOR OPENSOURCING!

Merci beaucoup!

Hello Darkblock, thx you ,for be honest im busy with my offline job in Sophia Antipolis, and i do also internet marketing when i have time
im coding since fiew year and i just learned on the fly when building websites 12 years ago

the other coder is in Japan now and he's not available anymore,

just let me know what you need by PM and we will see

thx you

Darkblock

full member

Activity: 124

Merit: 100

photo taken by ESSA-7 satelite. 1968

@Crypto-Maniac: Thank you very much for making this opensource. Very interesting! btw - are you available for contract-work? And can you tell us something about your background in coding?? And also something about the trading engine coder? would be great.

PS. i am forking this now and will start a code-review shortly.
THANKS AGAIN FOR OPENSOURCING!

Merci beaucoup!

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: sgk on April 03, 2015, 11:32:09 AM

I feel both - good and bad that you had to release it for free.

You have done an outstanding job by creating such a high value project and then making it open source.
At the same time I feel bad for you; that French law did not allow you to monetise your hard work. I hope people using your code will donate generously to repay for your hard work.

Good job, mate!

thx you Sgk, yes in france they ask too much thing (also forex license or something) and other wall that i cannot break

i tried to sell it here https://bitcointalksearch.org/topic/sell-cryptsy-100-clone-php-830903

i know there is lot of scams but this was not Embarrassed

yes i hope i will have donation , we will see ...

sgk

legendary

Activity: 1470

Merit: 1002

!! HODL !!

I feel both - good and bad that you had to release it for free.

You have done an outstanding job by creating such a high value project and then making it open source.
At the same time I feel bad for you; that French law did not allow you to monetise your hard work. I hope people using your code will donate generously to repay for your hard work.

Good job, mate!

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: SarcasmMe on April 03, 2015, 11:20:32 AM

interest

but Huh

how much price to setup turn key to hosting + and this Script folder to cfg make configuration?

your time your energy
invest make in 30 minutes price = ? or?

Price please say?

Hello SarcamMe, it take quite sometime to make it live and running, wallet compilation and all other setting etc.. it is a huge work
the server cost around 100 dollars montly (96 Giga Ram) (for start) soyoustart.com
you can talk to me via PM

thx you

SarcasmMe

newbie

Activity: 28

Merit: 0

interest

but Huh

how much price to setup turn key to hosting + and this Script folder to cfg make configuration?

your time your energy
invest make in 30 minutes price = ? or?

Price please say?

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: freemind1 on April 03, 2015, 10:33:50 AM

Congratulations you for your work Crypto-Maniac. I really like you left, i see no difference with that of Cryptsy. There are so many stupid laws in the world...

thx you freemind1 , yes the law in france is too much and not only in this field....
this went a nightmare , i lost fiew month work with this stupid law ...

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: pozmu on April 03, 2015, 10:58:35 AM

Wow, thank you very much for your generosity and I'm sorry that you got scammed Cry

Let's just hope it won't lead to mass-creation of fake exchanges that will try to steal users coins Tongue

Oh, and one question, how powerful server does it need to perform? It probably does depend on number of supported coins/ transactions but please give an estimate.

Hello Pozmuk, the server dont need that much of CPU but need a lot of memory , also its depend the way you will compil your wallet and also other settings
but for run 50 wallet i used 32 Giga Ram but im sure i didnt tweak as much as i could the wallet and server so its gonna depend of your experience in this field

please consider to make a small donation if you use it , that will help me a lot

thx you

pozmu

hero member

Activity: 770

Merit: 504

(っ◔◡◔)っ🍪

Wow, thank you very much for your generosity and I'm sorry that you got scammed Cry

Let's just hope it won't lead to mass-creation of fake exchanges that will try to steal users coins Tongue

Oh, and one question, how powerful server does it need to perform? It probably does depend on number of supported coins/ transactions but please give an estimate.

freemind1

legendary

Activity: 1526

Merit: 1014

Congratulations you for your work Crypto-Maniac. I really like you left, i see no difference with that of Cryptsy. There are so many stupid laws in the world...

frankenmint

legendary

Activity: 1456

Merit: 1018

HoneybadgerOfMoney.com Weed4bitcoin.com

Quote from: Crypto-Maniac on April 03, 2015, 10:25:33 AM

Quote from: emrebey on April 03, 2015, 10:14:54 AM

adding a new folder for every supported coin is probably not good idea since it can be handled in a DRY (Don't repeat yourself) way. but still, nice to see it open source, thanks!

thx you for your comment everyone

you right but there is verification process before so it wont work

@AwesomeTRADER :for the pentest you free to run any exploit scanner , i cannot say you will not find any exploit , but sql is PDO prepared statement so i doubt any injection is possible here, but exploit need a POC not just a alarm (what common public exploit scanner does)

this project still have a lot of work anyway but it work pretty well for now and all aspect of cryptsy are covered (except node.js)

im in bitcoin from 2009 but i code little bit php and i had developer from a school in south of france to code the engine

Great Job by the way, forking it now.

@all: here's some relevant context as well

Crypto-Maniac

newbie

Activity: 57

Merit: 0

Quote from: emrebey on April 03, 2015, 10:14:54 AM

adding a new folder for every supported coin is probably not good idea since it can be handled in a DRY (Don't repeat yourself) way. but still, nice to see it open source, thanks!

thx you for your comment everyone

you right but there is verification process before so it wont work

@AwesomeTRADER :for the pentest you free to run any exploit scanner , i cannot say you will not find any exploit , but sql is PDO prepared statement so i doubt any injection is possible here, but exploit need a POC not just a alarm (what common public exploit scanner does), i let you do , im sure you must know better than me for SEC

this project still have a lot of work anyway but it work pretty well for now and all aspect of cryptsy are covered (except node.js)

im in bitcoin from 2009 but i code little bit php and i had developer from a school in south of france to code the engine

HYPERfuture

hero member

Activity: 686

Merit: 500

HYPER project manager and PR + GoldPieces [GP]

Wow that's an amazing project.

Following this to see where it goes and what security flaws people discover.

emrebey

sr. member

Activity: 476

Merit: 250

adding a new folder for every supported coin is probably not good idea since it can be handled in a DRY (Don't repeat yourself) way. but still, nice to see it open source, thanks!

AwesomeTRADER

full member

Activity: 238

Merit: 250

Ill need to penteat this before even trying to run an exchange. Just a small questiom, hoq come you are a relatively new member? You muat be quite experiences in crypto to develop this right?

Crypto-Maniac

newbie

Activity: 57

Merit: 0

removed

Topic: cryptsy (Read 32345 times)