DaDice.com - Next Gen Social Gambling Dice Experience | Progressive Jackpot - page 38.

nickaizoku

sr. member

Activity: 308

Merit: 250

❃ CyberNick ❃

Quote from: sana9821 on August 22, 2015, 06:38:32 AM

i hope the problems will be fixed as soon as possible, a lot of people are holding their bitcoins on this website and now they cant withdraw it even if they need it

Yea hopefully up soon.. kinda bored without it coz want to hunt jackpot and morever want to lvl up Cheesy

Havelivi

hero member

Activity: 896

Merit: 1000

Quote from: sana9821 on August 22, 2015, 06:38:32 AM

i hope the problems will be fixed as soon as possible, a lot of people are holding their bitcoins on this website and now they cant withdraw it even if they need it

Be patient dadice team is working hard to get fixed that issue, i also hopeful about this dadice will be back soon as it was almost to hit the 750th million roll with nice bounty.

sana9821

sr. member

Activity: 420

Merit: 250

i hope the problems will be fixed as soon as possible, a lot of people are holding their bitcoins on this website and now they cant withdraw it even if they need it

lottoitaliano

legendary

Activity: 1176

Merit: 1000

Quote from: Monopoly on August 21, 2015, 10:30:30 PM

I play dice regularly ! but for 3 days i hadn't this fun ....... Very boring site ...... i will withdrawal and playing on other sites ......

Yes, 3 day offline is a problem for btc deposited and can't withdraw.
For lucky , i withdraw every time win more of 0,1 and leave only a few mbtc for play another time

dadice

sr. member

Activity: 252

Merit: 250

DaDice Administration

Quote from: eightbits on August 21, 2015, 06:38:01 PM

Was there logins in the auth.log from an outsider using root or a bash_history showing someone was using the root account? It's a bad idea to have ssh access open to root accounts. You should use another account and SU. Also you should have hidden bastion server access and not allow any ssh from IP's other than two bastions (the other as a backup).

I ask because rarely does a hack happen with a root password. Typically it's poor code allow cross-site scripting, SQL injection etc. etc. If there is no proof of shell access search access logs for PUTS and POSTS to narrow it down. Or, check your database integrity to see if it was compromised.

Thanks for the info, I will forward it to the tech guys.

Monopoly

hero member

Activity: 546

Merit: 500

I play dice regularly ! but for 3 days i hadn't this fun ....... Very boring site ...... i will withdrawal and playing on other sites ......

ndnh

legendary

Activity: 1302

Merit: 1005

New Decentralized Nuclear Hobbit

May be DD should split 50:50 the 750 million roll bounty for 750 and 800 million? so that most can estimate when they should be online to make the 800 millionth roll even if they say miss the 750m ?

The prediction contest should go on as already decided by deducting the downtime.

Quote from: james.lent on August 21, 2015, 09:38:14 PM

Quote from: birdcat90 on August 21, 2015, 09:00:44 PM

i think for 750 m bounty will be postponed right?

because the date is skipped 2 or more days for recovering the site..hope all fund safe and dadice dev can secure the site..

shame on hacker..

Better hope then that it's really a hacker. Not the first time we've heard 'such issues' .

I don't remember any major downtime before. Huh

james.lent

hero member

Activity: 602

Merit: 501

Quote from: birdcat90 on August 21, 2015, 09:00:44 PM

i think for 750 m bounty will be postponed right?

because the date is skipped 2 or more days for recovering the site..hope all fund safe and dadice dev can secure the site..

shame on hacker..

Better hope then that it's really a hacker. Not the first time we've heard 'such issues' .

birdcat90

hero member

Activity: 602

Merit: 500

i think for 750 m bounty will be postponed right?

because the date is skipped 2 or more days for recovering the site..hope all fund safe and dadice dev can secure the site..

shame on hacker..

Hexcoin

hero member

Activity: 504

Merit: 500

Quote from: cazkooo on August 21, 2015, 11:37:31 AM

Just wondering will this downtime be reduced for the prediction game? this downtime isnt really itentional as something happens . Also is the first downtime happened because someone try to hack as well?

Quote from: dadice on August 19, 2015, 06:52:19 AM

No worries here. We will deduct the hours of downtime, to make it fair for our predictors. Same for the 750 millionth roll bounty reward.

eightbits

newbie

Activity: 14

Merit: 0

Was there logins in the auth.log from an outsider using root or a bash_history showing someone was using the root account? It's a bad idea to have ssh access open to root accounts. You should use another account and SU. Also you should have hidden bastion server access and not allow any ssh from IP's other than two bastions (the other as a backup).

I ask because rarely does a hack happen with a root password. Typically it's poor code allow cross-site scripting, SQL injection etc. etc. If there is no proof of shell access search access logs for PUTS and POSTS to narrow it down. Or, check your database integrity to see if it was compromised.

marioantonini

legendary

Activity: 2156

Merit: 1082

The most importante notice is all funds are safe Grin

Tomorrow is saturday, i hope site back online first to monday

cazkooo

legendary

Activity: 1540

Merit: 1013

Just wondering will this downtime be reduced for the prediction game? this downtime isnt really itentional as something happens . Also is the first downtime happened because someone try to hack as well?

dadice

sr. member

Activity: 252

Merit: 250

DaDice Administration

Quote from: Lutpin on August 21, 2015, 11:11:51 AM

Can you yet share information about how deep the attacker got access?
Can you confirm all funds are safe/will be returned to investors?
Thanks for the update though, looking foreward to the 750 Million once there are alle issues dealt with.
Greetings, Lutpin

We cannot share further information yet. No funds are missing.

Quote from: ACCTseller on August 21, 2015, 11:17:33 AM

If there is any significant evidence that your hosting provider is attempting to hack your site then the only prudent course of action would be to move to a different hosting provider. Period. To even consider anything other then this is just gross incompetence.

I wouldn't call it strong or significant evidence. But as a matter of fact only they and ourselves had access to the root password. Our password is pretty strong, so we can exclude a brute force attack. We have considered to move away, as I've mentioned earlier, but since we are pretty happy with them so far, we have decided to await the outcome of their investigation.

ACCTseller

hero member

Activity: 532

Merit: 500

no longer selling accounts

Quote from: dadice on August 21, 2015, 11:06:47 AM

2. There was a hacking attempt and the hacker edited the admin area authentication logic of the login script, in order to be able to bypass authentication requirements.

3. It seems to us, that this is clearly an inside job, as nobody else except our host has the main root password.

5. To fix this we have encoded all files on server and changed our root password, and informed our hosting provider if this happens one more time, we have to move away.

You are sure that your hosting provider is behind the hacking attempts but you are staying with your hosting provider?

If there is any significant evidence that your hosting provider is attempting to hack your site then the only prudent course of action would be to move to a different hosting provider. Period. To even consider anything other then this is just gross incompetence.

Lutpin

copper member

Activity: 1904

Merit: 1874

Goodbye, Z.

Quote from: dadice on August 21, 2015, 11:06:47 AM

Update regarding downtime:

After our second, at first unexplainable downtime, within two days, we'd like to share some findings with the community:

1. After accessing our server following the website went down yesterday evening, internal alarms were raised when the checksum of some critical files didn't add up.

-snip

We just cannot put the site back online until we are sure that this threat has been taken care of. This is in the interest of all our players and stakeholders.

Can you yet share information about how deep the attacker got access?
Can you confirm all funds are safe/will be returned to investors?
Thanks for the update though, looking foreward to the 750 Million once there are alle issues dealt with.
Greetings, Lutpin

dadice

sr. member

Activity: 252

Merit: 250

DaDice Administration

Update regarding downtime:

After our second, at first unexplainable downtime, within two days, we'd like to share some findings with the community:

1. After accessing our server following the website went down yesterday evening, internal alarms were raised when the checksum of some critical files didn't add up.

2. There was a hacking attempt and the hacker edited the admin area authentication logic of the login script, in order to be able to bypass authentication requirements.

3. It seems to us, that this is clearly an inside job, as nobody else except our host has the main root password.

4. We analyzed the logs and we were able to trace the hacking attempts, but we couldn't stop it from repeating.

5. To fix this we have encoded all files on server and changed our root password, and informed our hosting provider if this happens one more time, we have to move away.

6. We are now waiting for them to conclude their investigations.

We just cannot put the site back online until we are sure that this threat has been taken care of. This is in the interest of all our players and stakeholders.

fulgdenea

hero member

Activity: 700

Merit: 500

Quote from: kyxap on August 21, 2015, 08:59:04 AM

So dadice_dev can you answer when site will works?

As i think it will be up by tomorrow and op will announce when it be back online.

Quote from: ndnh on August 20, 2015, 09:53:48 PM

hmm, I got that too yesterday. Manual bets and autobet didn't work and that error kept showing up.

Site is down. Might take upto around 48 hours to fix. Sad