Topic: SCAMMER TradeFortress P-T'ed my site without permission, no damage afaik. CLOSED (Read 5398 times)

TF, you sound like a rapist trying to get into a victims house after having already raped the victim before, not gonna happen.

You show how much of a scumbag you are by attempting to extort more money having already scammed me for supposedly coding a complete site. And now you want more coin for making the site more secure after already fraudulently stolen more than enough coin to cover security updates (even though you are unwelcome from participating in the site at all, but you persist in harassing me about the site).
Attacking someone's site without permission and then trying to extort money from them is a real scumbag move, even though you're bullshitting and especially because you've already stolen enough to cover security fixes.
Fortunately, there's no evidence you have any current access to the admin panel or user accounts or you could verify it by posting some *recent* activity. Although the ethical thing to do is disclose the vulnerability, which you could even do publicly. But you're an unethical criminal who likes making easy coins by stealing them from me as you did with your fraudulent "I'm a web developer who can code a bitcoin accepting website" bullshit. Hard to imagine anyone can go through the whole history and take your side on this issue. . .
The code has been fixed and the site is secure, so Go Fuck Yourself.

TF: Stop writing "has been" as "has being"!
Erm.... TradeFortress, prove that you can hack in by, I don't know, changing the admin user's name?

tl;dr: MPT blundered by making statements that he now backtracks.

I'm happy to do this through an escrow.

BTW, your offer sounds just like the time:
A) you offered to pay for arbitration,
B) You NEVER filed the case, so I filed one with the option of splitting the fee
C) I paid half the fee after you refused to pay the full fee as you originally promised
D) You then REFUSED to pay even half the arbitration fee
E) Then you REFUSED to participate in arbitration blaming the arbitrator for taking to long

It's all in the forum records. . .

I have learned to give your promises the appropriate weight they deserve.

Maybe I didn't make it clear: I have no intention of ever doing any kind of business with you ever again.
The fact that the scumbag who scammed me out of 27 BTC is asking me to send coins to someone makes me sick.
You defrauded me out of 27 BTC, congrats, I'm not going to take any risk of legitimizing your theft.
I overlooked the fact that you illegally hacked into my site with a simple exploit, I even reduced your debt.
I also gave you the opportunity to come clean and reveal any information you have about site vulnerabilities for more debt reduction. You refused and that deal is now over so go fuck yourself you sorry scamming bastard.

You had written CLOSED in the subject. You should have sticked to it. You are ridiculing yourself, IMHO. And really... read your FAQ again.... WTF is this


Do you know the difference between a commercial website, a forum post, and a PM?
I would never trust your website after reading such things. Your attitude is childish.
You can call me names now and prove me right, or you could learn a lesson and make some progress...

I'll send 50 BTC to John. You send 10 BTC to John. I hack your site, I get your 10 BTC and my 50 BTC. I can't hack your site, you get my 50 BTC and your 10 BTC.

When are we doing this? I always love free money

So I can either lose 10 btc if you're right (which is less than a 1% possibility) or I can gain nothing if I'm right because it would go to charity (99%+ possibility). Even at those excellent odds it's a losing proposition.
Please STFU and stop harassing my baby with your BS claims.


Let's see, maybe because you're a thief and it's in your nature? That's why you defrauded the 27 bitcoins from me with the promise of a functional website (similar to the one I have now) which you could have easily hosted to show you actually did it, but can't because in reality you're incapable to code a bitcoin ecommerce website.

I got my money on Tradefortress!!!

First of all, I did not use a SQL injection, I used XSS. Get your facts right.

Do you want to escrow? I send 27 BTC to John. You send 10 BTC. If I break into your site again, I get your 10 BTC. If I fail to do so within a week (and the site has being up), you get 27 BTC.

Also, why the fuck would I steal your coins. I don't do that.

Eesh, for a professional account, you should probably lay off with those sort of attacks. By all means speak your mind, but just be a little more civil, yeah? You're making your business look bad.

Hey Dumbass,
 I already know you're a lying scammer, my memory isn't that bad. Go Fuck off, because we both know my site is rock-solid secure since I hardened it from when you used that simple sql exploit that my original programmer failed to account for. It's been fixed and YOU ARE IMPOTENT.
 You got in once, congrats. If you weren't lying out your assface, you could easily post some *recent* info from the admin panel, maybe a couple lines of the tests I've been running as admin since there's no sensitive info in that.
 Your fraud isn't going to work here. Fool me once, your a scamming scumbag and you're not going to fool me again.
 Even if you had admin access, you still couldn't touch the dozens of BTC being transacted daily as you pointed out earlier and your trolling is clearly the only tool you have to use against me.

LOL, your site still has a security vulnerability that lets me do anything as any user (including you). Waiting for your payments.

3 failed pentests make it impenetrable?

1. "Don't practice until you succeed, practice until you can't fail". I hate to burst your impenetrable bubble, but it only takes one person who knows something the others don't to exploit a site/server.

2. There's no such thing as impenetrable status. If you're smart, you'll stop taunting people to try and exploit your site.

3. You're naive enough to assume that you can keep a totally 100% hack-proof invulnerable site of awesomeness, but no-one else can? Even if there were no vulnerabilities found in your site now, what about tomorrow? Next week? New vulns are found every single day and made public, you can't be safe forever.

So just stop.

My site received P/T's from 3 different new accounts since I withdrew the offer.
Total vulnerabilities = 0
Site has been upgraded to IMPENETRABLE status.

OPs implementation of thread locking has a serious vulnerability. Here's a bounty of 15 OMG WTF BBQ for anyone fixing it to be called a scammer.

I hereby withdraw my offer for your P/T of my site, if you can prove to have conducted the P/T and produced the fixes and related work prior to now, I will credit your debt appropriately.

If anyone wants to assume TF debt, I am willing to assign it to an appropriate charity for collections.

Lol. So much for having this thread locked.

I'm replying to a CLOSED thread, I'm such a rebel.

> If it includes the fix, I could probably do $50-$100 which is well above the standard for hourly contract work.

Are you serious?

Btw, your site still has a serious security vulnerability. I'll happily disclose it to you for your sum of $1,000, prepaid to my address. Or escrow with John.

I don't owe you a single satoshi. I have never agreed to a refund for starters, so by that definition I don't owe you anything.

In real value terms, the interest rate would be something like -90% given the gains in BTC. So assuming I gave you a refund, it would be $300 + CPI or another independent assessment of inflation.