Pages:
Author

Topic: http://ecrypto.net/ is down - No surprises - page 2. (Read 4690 times)

newbie
Activity: 32
Merit: 0
January 01, 2014, 09:51:34 AM
#42
Anyway I've send an email to him for my coins. I have nothing but hope Cheesy
hero member
Activity: 532
Merit: 500
January 01, 2014, 09:08:43 AM
#41

I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.

Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server.

There's no way to check for GET sanitation on the front end of the site that I'm aware of, as it happens on the server after it retrieves the input. An SQL query is just a string, like any data. If you're coding a website that processes financial transactions and don't know how to prevent SQL injection, then you shouldn't be coding financial websites period. I cannot express how basic knowledge that is in secure web development.

If this is what caused the hack, then I'm sorry, but I wouldn't put a single Dimecoin on Ecrypto.

Yes I am assuming the person who claimed there is no GET sanitisation injected into the sql to test his hypothesis, otherwise it would make no sense since there's literally a million ways to penetrate a server.

It is v basic php security which you'll learn in any beginner's book on php. This is why I posed OP the question, to ascertain how much of a php noob he is. Unfortunately the fact his site got hacked so damn quickly suggests in itself it was a basic security hole he left uncovered and not some sophisticated hack attempt.

Yes, either that, or crying "hacked". Plausible deniability; we have no real way of proving if the site ever got hacked at all. Only his word.
legendary
Activity: 1344
Merit: 1001
January 01, 2014, 09:04:34 AM
#40

I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.

Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server.

There's no way to check for GET sanitation on the front end of the site that I'm aware of, as it happens on the server after it retrieves the input. An SQL query is just a string, like any data. If you're coding a website that processes financial transactions and don't know how to prevent SQL injection, then you shouldn't be coding financial websites period. I cannot express how basic knowledge that is in secure web development.

If this is what caused the hack, then I'm sorry, but I wouldn't put a single Dimecoin on Ecrypto.

Yes I am assuming the person who claimed there is no GET sanitisation injected into the sql to test his hypothesis, otherwise it would make no sense since there's literally a million ways to penetrate a server.

It is v basic php security which you'll learn in any beginner's book on php. This is why I posed OP the question, to ascertain how much of a php noob he is. Unfortunately the fact his site got hacked so damn quickly suggests in itself it was a basic security hole he left uncovered and not some sophisticated hack attempt.
sr. member
Activity: 476
Merit: 250
I´ve got a picture! Haha!
January 01, 2014, 08:58:58 AM
#39
I'm still have 243 earth coin at there, how to retrieve back ? Any help ? Sad.

LOL
hero member
Activity: 532
Merit: 500
December 31, 2013, 07:36:26 PM
#38

I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.

Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server.

There's no way to check for GET sanitation on the front end of the site that I'm aware of, as it happens on the server after it retrieves the input. An SQL query is just a string, like any data. If you're coding a website that processes financial transactions and don't know how to prevent SQL injection, then you shouldn't be coding financial websites period. I cannot express how basic knowledge that is in secure web development.

If this is what caused the hack, then I'm sorry, but I wouldn't put a single Dimecoin on Ecrypto.
legendary
Activity: 1344
Merit: 1001
December 31, 2013, 07:31:17 PM
#37

I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.

Someone specifically said the GET variables were not being sanitised. I didn't check myself at the time. If that is the case then it's almost certainly how the hacker gained entrance so easily. A single un-escaped input gives the hacker complete control over the server.
hero member
Activity: 532
Merit: 500
December 31, 2013, 06:42:21 PM
#36
I'm still have 243 earth coin at there, how to retrieve back ? Any help ? Sad.

He says he'll be relaunching the site with better security and paying people anything that was taken with interest. That's what he's stated, anyway.
full member
Activity: 140
Merit: 100
December 31, 2013, 06:36:57 PM
#35
I'm still have 243 earth coin at there, how to retrieve back ? Any help ? Sad.
hero member
Activity: 532
Merit: 500
December 31, 2013, 06:31:36 PM
#34
Well, we've got a response. He's told us what's supposedly happened, so all we can do is wait to see if he keeps his word. As long as this is not somehow some way to placate people, and the site will be coming back, and people will be reimbursed, then that is something. I'm willing to give anyone the benefit of the doubt, but the wall of silence has been worrying a lot of people.

The cynic in me would say that it's strange how we've now heard an update now that all his personal details have been revealed, but hey, I'm just suspicious like that. Benefit of the doubt. Everybody should get it at least once.

Thanks for the update. The old posting pof dating profile trick usually works  Cheesy Tbh it looks like you're only updating because you're realised you can't just run away from this without consequences. Why has it taken you so many days to issue *any* kind of statement?

I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything.

Someone suggested you was not sanitising user input on your GET variables? Is this true? Because it would leave the doors to your database wide open for anyone to walk in via SQL injection.

I believe I mentioned SQL injection as a possibility in the original thread on ecrypto. It's basic security 101 for SQL and user input though.
legendary
Activity: 1344
Merit: 1001
December 31, 2013, 06:30:13 PM
#33
Thanks for the update. The old posting pof dating profile trick usually works  Cheesy Tbh it looks like you're only updating because you're realised you can't just run away from this without consequences. Why has it taken you so many days to issue *any* kind of statement?

I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything.

Someone suggested you was not sanitising user input on your GET variables? Is this true? Because it would leave the doors to your database wide open for anyone to walk in via SQL injection.
legendary
Activity: 1022
Merit: 1001
December 31, 2013, 06:26:04 PM
#32
full member
Activity: 126
Merit: 100
December 31, 2013, 06:11:48 PM
#31
UPDATE!!

Explanation for loss of service and plans for recovery and repayment.

From the day Ecrypto started operating it was under attack. Many attempts to penetrate the servers occured and attempts to hack my personal accounts were constant. Unfortunatly on the morning of December 28 the attacker was successful in gaining entry to the wallet servers. Things were operating normally when I noticed the wallet balance had gone to -11 BTC. A few minutes later the wallet servers stopped responding completly, and access to them through the command line became impossible. Digital Ocean began to investigate the problem and after some time sent this response.

Greetings,

I appreciate your patience. After loading your droplet's into a recovery environment, it appears that someone has compromised both of your droplet's, and stolen your bitcoin from the `W2` droplet. This is confirmed from the `.bash_history` file, which the attack did not effectively remove. In an attempt to cover their tracks, they attempted to wipe out your droplets filesystem with `rm -rf /`, but mistakenly left the `/root` folder, which left some of the data for the blocks you had found.

On the `W1` droplet, it is not apparent if there were any *coin's transferred, as the .bash_history folder over there was effectively wiped out prior to the `rm -rf /` on that droplet.

For your reference, both droplets remain in the recovery environment right now, and have the drives mounted. I've taken a few screenshots of the console and pulled of the transfer of your 11 bitcoin on blockchain.info to confirm the theft:
http://screencast.com/t/Ba7Mvgh6md0
http://screencast.com/t/1eKtogngnw
https://blockchain.info/address/19Xn6GPjMoj8FMLMWg77Wq7PNiFSUsZxSV

Given the nature of bitcoin, this theft is effectively irreversible. Unfortunately, even if the data of your droplet's did remain intact, the theft would remain irreversible.

I would certainly be quite suspicious of this compromise, as if these bitcoin were just transferred last night, it would seem someone associated with you, or the other party, is well aware of your two mining droplets, or may have had access to the droplet's prior.

Unfortunately, there is truly nothing more that we are able to do for you at this point.

Regards,
Russell Mitchell | Support Team

There is noone with access to the account information hare so clearly this was a pure hack. I made great efforts to make the servers impossible to hack, however the hacker simply walked right in and stole everything. The coins they did not steal, they deleted. Since the attack I have just been sick to my stomach. Ecrypto has taken 6 months of 16 hour days to build, and anyone suggesting this was a theft by me is a complete fool. The total stolen was only 11 BTC which is not a huge amount. If the hacker had waited, they would have been able to steal a significant amount more, but it is obviously just an impatient child. I am currently reworking the entire setup, making significant changes that will make it impossible to penetrate. The wallet servers will have NO communications with the website server at all, and gaining access to them should be impossible. The weak point will be the weak passwords that Digital Ocean automatically generates for servers, but since the wallet server will have no connection with the website, even finding the server will be nearly impossible. I will also change the location of the wallet server at least once a week, and transfer the majority of BTC and LTC in the wallets into cold storage for additional security.

So the next question is, when will you get the coins you lost back? We have backup images of the wallet balances at the time of the attack. When the site comes back up, 100% of fees collected by the site will go to pay back lost coins. Not only will you receive the coins you lost, you will receive a 50% bonus. So for every 2 coins you had at the time of the attack - you will receive 3 coins as repayment.

Unfortunatly this is the best I can do for now. I personally suffered a large loss as well which makes it impossible to repay the lost coins faster than the plan.

When will the service resume operations? I am thinking a month or so. I need to make the servers bulletproof, and that will take time. If you feel the need to rant or call me names you can email [email protected]. Reasonable emails will be responded to ASAP.
hero member
Activity: 532
Merit: 500
December 31, 2013, 04:09:22 PM
#30
This guy wasn't too smart, was he? There's going to be a lot of angry people who want answers.
member
Activity: 101
Merit: 10
December 31, 2013, 04:04:26 PM
#29
Updated
He removed his facebook face  , sure scam .
https://www.facebook.com/smagik

I will start a bounty to make him pay with his bl^^d    Wink
 
hero member
Activity: 672
Merit: 501
December 31, 2013, 02:42:30 PM
#28
Amazing he can get one localbitcoin just very recently yet can not update us here?

Ah well, lesson learned. I normally give people the benefit of the doubt, because most people are good people, but guys like this ruin it for the rest. Of course I used caution due to the site being new so I only lost around 1 mil lotto coins....days worth of mining then and was worth a lot more then than now but stilll...  Kinda wished once I saw the site having issues I would have pulled them if I could have.

Now every legit startup exchange is going to have a problem doing just that, starting up, due to assholes like this that burned many people and lost tons of money.
legendary
Activity: 1344
Merit: 1001
December 31, 2013, 02:30:56 PM
#27
This is his plenty of fish dating profile: http://www.pof.com/viewprofile.aspx?profile_id=25769873

I learned about Bruce that he is "a walking miracle - I am a 1 in 25 million survivor." Also, "there was a time in my life when I was a star athlete and an artist"



This appears to be his localbitcoins profile: https://localbitcoins.com/accounts/profile/smagik/ Last active 1 day ago. Verified phone number.


member
Activity: 101
Merit: 10
December 31, 2013, 01:41:17 PM
#26
I am in Canada I have no problem taking actions for people outside of Canada, PM me if you have any ideas

We need to hire some killer and let him pay by his blood ,silkroad2 coming service .
legendary
Activity: 1344
Merit: 1001
December 31, 2013, 01:27:16 PM
#25
If he had good intentions and was hacked he should release a statement.
member
Activity: 112
Merit: 10
December 31, 2013, 07:29:31 AM
#24
  Huh ahahahahah
newbie
Activity: 28
Merit: 0
December 31, 2013, 07:26:16 AM
#23
I am in Canada I have no problem taking actions for people outside of Canada, PM me if you have any ideas
Pages:
Jump to: