Topic: MtGox really secure now (Read 4149 times)
The twat who was CEO of HB Garry, a federal security firm, and got hacked by Anonymous when he claimed he knew the "leaders" entities.
Quote
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/1040): Too many connections in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 25
Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26
Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26
Thanks for the informative error message mtgox, I'm sure displaying stack trace to random visitors is really secure
Quote
Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.
What do they care? They're making $30k/day... they don't need a real job
not. any. more.....
So bad. Why do people still use this site, are they stupid.
They want their money back. 
That doesn't mean they aren't stupid.
But many of them still want to use Mt.Gox in the future.
That doesn't mean they are stupid.
Just sayin'...
So bad. Why do people still use this site, are they stupid.
Amen, +1 
Quote
Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.
What do they care? They're making $30k/day... they don't need a real job
not. any. more.....
0.8.54 is the current "legacy stable" release of nginx. It contains 3 bug fixes, where only one might be security-related (segfault). So the MtGox web server is fine.
Printing out stack traces is bad. Let's hope they fixed the other things.
Printing out stack traces is bad. Let's hope they fixed the other things.
Quote
Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.
What do they care? They're making $30k/day... they don't need a real job
Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Got from support desk.Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!
Oh look look !!!
Quote
/joke
>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now
Good luck finding a real job in PHP/MySQL if you display stack trace to random visitor on a production site of any serious tech company.
Information leak is the first stage to being hacked.
Yes, that's just how security through obscurity works!
At least they use mysqli (which increases the chance that they used parametrized SQL).
Don't know if there are reported security issues with nginx 0.8.53.
Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Got from support desk.Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!
Oh look look !!!
Quote
/joke
>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now
Zendesk hosts the support desk by them selves. Mt. Gox simply CNAME "support.mtgox.com" to their servers.
No setting display_errors=Off is an amateur error that should never happen on a production site. Information leak is the first stage to being hacked.
Quote
Server: nginx/0.8.53
Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Got from support desk.Date: Tue, 21 Jun 2011 18:55:52 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 200 OK
Etag: "(snip)"
P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR"
X-Runtime: 12
Set-Cookie: _zendesk_session=(snip); path=/; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Encoding: gzip
200 OK
Oh wow, they do run nginx 0.8.53 while latest is 1.0.4 !! For sure, everybody's computer is infected by trojan software now !!!
Oh look look !!!
Quote
/joke
>copypasta of random "Too many connections" error and feeling 1337 about it
>not showing proper screenshot, unable to understand what problem is
>implying this actually is a vulnerability, server saying "whoops, can't handle this much shitload"
>instead of mail MagicalTux about it and appear stupid to one person -> post in Bitcoin forum and appear stupid to everybody else who actually work with PHP and MySQL
>be marked as troll, for now
OP just added 3 more days.
Good Job!
Good Job!
The great silent comedy continues...
The MTGox crisis in pictures...
http://www.youtube.com/watch?v=RWZD_bkNK-c
lets hope the ending is as good....
The MTGox crisis in pictures...
http://www.youtube.com/watch?v=RWZD_bkNK-c
lets hope the ending is as good....
Quote
I'm just waiting for hackers to release my proof information any time now
Quote
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/1040): Too many connections in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 25
Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26
Fatal error: Uncaught exception 'Exception' with message 'Too many connections' in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php:26 Stack trace: #0 /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php(73): DB\MySQL->_construct(Array) #1 /www/p/pl/platform-stable.dns.st/includes/DB.class.php(24): DB\MySQL::getInstance() #2 /www/p/pl/platform-stable.dns.st/includes/db_structure.php(3): DB::getInstance() #3 /www/p/pl/platform-stable.dns.st/includes/init.php(48): require_once('/www/p/pl/platf...') #4 /www/p/pl/platform-stable.dns.st/www/handlepage.php(3): require_once('/www/p/pl/platf...') #5 {main} thrown in /www/p/pl/platform-stable.dns.st/includes/DB/MySQL.class.php on line 26
Thanks for the informative error message mtgox, I'm sure displaying stack trace to random visitors is really secure
Jump to: