Pages:
Author

Topic: ★FastBets.io - A New Way to Gamble ★ - page 34. (Read 58688 times)

full member
Activity: 288
Merit: 113
Web dev for hire
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.

good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners.

keep your chin up and keep doing what your doing, looking forward to the reopening!

Great point yoloer808. Will actually do that right now: I just signed our new hot wallet which currently holds 5.468 BTC.

Address: 1FCEXDW4Em8qVbfNbGcMttFxGmLty7amFG
Message: FastSlots Main Wallet - we will be back!
Signature: H0iDQlgfXCdtSvO8A8N3yim4/bl7gmxv4n5I/9ueC7ogQmC4B29GGPEGClW/E0j9WpLmed8PBY9BRBBoj6yJf4Y=

To verify just head over to https://brainwallet.github.io/#verify, click on Bitcoin-QT, and insert the above.

fantastic, this is exactly what I had in mind!

im hoping that you manage to open before the end of the weekend, cant gamble at work Cheesy .. but security is important, so reopen when you are confident Smiley
sr. member
Activity: 252
Merit: 250
That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.

It hasn't reopened yet and the site is still showing the same message as before.
Two days ago OP said the work would be done in a day or two, so it should be almost there.

Jup, I said we'll be back this weekend or beginning next week. Still think that this will happen.
Can't wait your website will reopened Smiley
and can't wait what will happen i hope you will give us new feature of gambling Smiley
hero member
Activity: 1008
Merit: 500
That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.

It hasn't reopened yet and the site is still showing the same message as before.
Two days ago OP said the work would be done in a day or two, so it should be almost there.

Jup, I said we'll be back this weekend or beginning next week. Still think that this will happen.
hero member
Activity: 882
Merit: 1000
Exhausted
That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.

It hasn't reopened yet and the site is still showing the same message as before.
Two days ago OP said the work would be done in a day or two, so it should be almost there.
legendary
Activity: 1050
Merit: 1000
That is great news to hear you are back and now open again for betting, will play there with some amount just waiting for it.
hero member
Activity: 1008
Merit: 500
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.

good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners.

keep your chin up and keep doing what your doing, looking forward to the reopening!

Great point yoloer808. Will actually do that right now: I just signed our new hot wallet which currently holds 5.468 BTC.

Address: 1FCEXDW4Em8qVbfNbGcMttFxGmLty7amFG
Message: FastSlots Main Wallet - we will be back!
Signature: H0iDQlgfXCdtSvO8A8N3yim4/bl7gmxv4n5I/9ueC7ogQmC4B29GGPEGClW/E0j9WpLmed8PBY9BRBBoj6yJf4Y=

To verify just head over to https://brainwallet.github.io/#verify, click on Bitcoin-QT, and insert the above.
full member
Activity: 288
Merit: 113
Web dev for hire
Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.

good to hear you are on track to reopen again. Just a word of advice: you've been hacked, people may be skeptical of your solvency / ability to pay out winnings and therefore be wary of depositing. It would be a good idea to sign a message with your wallet proving that you are in possession of a bankroll to actually pay out winners.

keep your chin up and keep doing what your doing, looking forward to the reopening!
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
Quote
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db.

I see. That is totally different level of problem Smiley Do you run your own server or do you have site hosted at third party provider?

We run our own server. I just noticed that you run http://crypto-games.net. It's a great site! Would love to exchange thought on security with you. Will send you a pm in a bit.

Sure, why not!
hero member
Activity: 1008
Merit: 500
Quote
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db.

I see. That is totally different level of problem Smiley Do you run your own server or do you have site hosted at third party provider?

We run our own server. I just noticed that you run http://crypto-games.net. It's a great site! Would love to exchange thought on security with you. Will send you a pm in a bit.
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
Quote
Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db.

I see. That is totally different level of problem Smiley Do you run your own server or do you have site hosted at third party provider?
hero member
Activity: 1008
Merit: 500
Did you check server seeds if they were the same on all bets? All random functions that run on today computers are calculated based on time. So if two procedures trigger random generator at the same time, you can get duplicate server seeds.... that could be potential risk. We solved it with table that stores all used server seeds, so they are always unique. Random generator just isn't good in this case.
Just idea, maybe it helps.

Hi joter85, thanks for your input. In the case of this hack this was not the case though. We have detailed logs that show that the server secret was different on each bet. But it is also apparent that the attacker could predict the next server secret, most likely because he had access to the db.

hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?

Basically the problem was about the security of our server and not a problem with our application code. We are currently setting the server back up with all sorts of security measures in place. We will test things thoroughly and will be back most likely in a day or two, but worst case at the beginning of next week. I really do not want to rush this just to get hacked again.

Sorry to hear about what happened to you guys.

Best of luck with everything!


Thanks mate :-)
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?

They surely won't start it until they have found security problem. And that is not so easy in online casino case.
hero member
Activity: 896
Merit: 1000
hello admin any time frame when you will get back online, it taking to much to get back the things right, any update about the current situation what is going on there?
sr. member
Activity: 395
Merit: 255
crypto.games: #1 Gambling Site
Did you check server seeds if they were the same on all bets? All random functions that run on today computers are calculated based on time. So if two procedures trigger random generator at the same time, you can get duplicate server seeds.... that could be potential risk. We solved it with table that stores all used server seeds, so they are always unique. Random generator just isn't good in this case.
Just idea, maybe it helps.
hero member
Activity: 722
Merit: 500
Sorry to hear about what happened to you guys.

Best of luck with everything!
hero member
Activity: 1008
Merit: 500
Sorry for my late reply. Was unsure how to answer your second question (see below)

such a pity that bitcoin is associated with these kind of people. I am really skeptical about introducing my friends to it because of all the scams..
I think you should not be. I think consumers are pretty safe these days (at least they are much more than a few years ago).

What annoys me most about this incident is that hackers keep the barrier to entry into the gambling world high. Operators need to waste a lot of time and money on security instead of implementing games. This is one of the reasons why building an online casino is hard. If opening an online casino was as easy as writing and online game I'd bet that gambling would be way more awesome (and way more fair for that matter).

If you have time, would you mind outlining how exactly he hacked you? (of course after you patch things up)... I think it could be an interesting read, as well as a warning for other sites...
I have though about your question for a bit but have not come to a final conclusion as to how much info to share. I do not want to put too many details out there that might put us in jeopardy in the future. I can however point to resources that people setting up bitcoin casinos might find useful. They are all related to server security as that is what we are focussed on atm.

There is a great article on how to get a baseline level of security for a web server. Everybody who want's to get into the bitcoin game as an operator should follow these instructions from day one:
https://www.linode.com/docs/security/securing-your-server

The rest of your security will depend on your application and your level of paranoia. The best in depth resource on server security that I could find on the web is the "Securing Debian Howto".
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

Will not share more info atm but might in the future. If anyone knows security related resources that will help us and other operators build more secure casinos, feel free to post them here.
full member
Activity: 288
Merit: 113
Web dev for hire
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...

Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!

Thanks mate appreciate your support.

Actually our system is pretty solid. We've had it tested by several talented hackers that could not break anything. However we did have a small vulnerability. With respect to security that's basically just as bad as having no security at all (at least it can cost the same amount of money...). Nonetheless this is a wakeup call for us to double down on security even more and to rethink all aspects of our system. Once we get this done, FastSlots will be even more secure.

It's still hard to estimate when exactly we will be back. I have the tendency to be too optimistic in my estimates, but I really hope it will not take more than a few days.

If anyone would like to withdraw just email me ([email protected]). My purchase of additional coins has now cleared so that I will be able to payout all deposits immediately.

such a pity that bitcoin is associated with these kind of people. I am really skeptical about introducing my friends to it because of all the scams..

If you have time, would you mind outlining how exactly he hacked you? (of course after you patch things up)... I think it could be an interesting read, as well as a warning for other sites...
hero member
Activity: 1008
Merit: 500
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...

Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!

Thanks mate appreciate your support.

Actually our system is pretty solid. We've had it tested by several talented hackers that could not break anything. However we did have a small vulnerability. With respect to security that's basically just as bad as having no security at all (at least it can cost the same amount of money...). Nonetheless this is a wakeup call for us to double down on security even more and to rethink all aspects of our system. Once we get this done, FastSlots will be even more secure.

It's still hard to estimate when exactly we will be back. I have the tendency to be too optimistic in my estimates, but I really hope it will not take more than a few days.

If anyone would like to withdraw just email me ([email protected]). My purchase of additional coins has now cleared so that I will be able to payout all deposits immediately.
full member
Activity: 288
Merit: 113
Web dev for hire
Holy s***, Im so sorry this happened man. I've been loosely following your site from the beginning and I thought it was pretty solid... I hope you indeed have enough money to continue running the site, I cant imagine losing 5 btc...

Im glad that you found the problem and are fixing it, hope to see the site up soon. Keep up the great work!
hero member
Activity: 1008
Merit: 500
Hi guys,

We finally know what happened during the hack and can now start fixing things. I cannot disclose many details, all I can say is that the attacker was able to predict server secrets which allowed him to rake in huge wins.

We have learned a lot from this incident and the result will be that FastSlots will be more secure than ever. We've worked with a group of trusted bitcointalk users to scrutinize FastSlots' security. The result is that we know much more precisely what our weak points are and are able to address these accordingly. We really like to think of FastSlots as an organism: every time we survive and attack that makes us stronger.

We will get back online in a few days. As mentioned previously, just send me an email ([email protected]) if you'd like to withdraw your balance. 

Henry
Pages:
Jump to: