Hacked #362
Comments
|
Posting this here is not going to help. You responded to one of my threads in may, but as you could see there there are only people hanging around here with a big E-penis and high levels of testosterone telling how good they are. I already figured out what happened back then. Consider adding some contact options in your profile so one can safely contact you to help you out. |
|
appreciate the help but exposing email is not great idea for me creates hassle. Point me to your email on your profile and I will contact you.
|
|
You can find me @ moondex. |
|
Just stay tuned if you don't want to lose money. I'm not doing this out of idleness |
|
Well I have already lost my money on this. My fault for trusting the program. Further any update and change should include
|
|
Anyone knows how to disable the API . I suspect this is the way hackers got in to the system? |
|
Yes. |
|
please explain how do you turn off the API? |
|
The simplest way is just removing |
|
A better way would be to isolate the server and put a WAF in front, preventing SQL injections and other rogue stuff. They come free of charge these days. |
This method I tried already. It causes error when run. Note utilities.js in |
If you done please instruct how to do it? |
You can't ask me this. It should be part of your default skills as server administrator. I asked you to contact me but you want to communicate here, so here you go. Go google and study WAF ( web application firewall ). Try cloudflare ( includes WAF ) and put it in front of your server. Isolate your webserver with UFW ( again google to study how that works ) and only allow ssh from your ip only and cloudflare IP's for web traffic. Sorry to put it this way, but if you don't understand above you should not be running opentrade of any other application that requires security. |
Well thank you for your instruction. Yes you are right. I don't have formal training in this. What I have is self taught. I am not trying to get rich running the exchange platform. I running this on this side to support an altcoin block chain. I got hacked and lost some BTC but I even paid my users out of my own money. |
Did your opentrade server before the hack patched up all the commit history on api file? It is a bit concerning that a new hack happened on this software. Sounds like another SQL injection that a hacker created a fake balance in the account probably through SQL, then buy and sell and use exchange BTC to steal money. |
|
My read on the hack history from OP is that the hacker got hacked into order book first through SQL injection first. Then cancel the order, the obtain all the BTC from the cancelled orders. When withdraw and steal the BTC from the exchange. |
Which patch for API ?? I downloaded a latest code from this site under code menu on or about April 3, 2020. I was not aware of any patch or patch update to apply. Could you please clarify. |
Most Likely it is SQL injection. but how is it done? is it through the API functionality? I am restating the hack sequence based on what I could observe and find out again stated a little differently. Note the hack changed the minimum confirmation to withdrawal from the exchange wallet and minimum amount reserved for each wallet too: hacker waits for admin to sign on after creating account. Then some how uses API function or another vulnerability most likely to control the admin function. change min coins confirmation or reserve to lowest to allow quickly steal the BTC once it has control of it via exchange wallet buy small amount of alt coin cheap withdrawal the BTC quickly out of exchange before it can be stopped. |
There are many security updates commits after April 3, 2020. For example, this commit on May 27, 2020 specifically said to PREVENT SQL INJECTION: |
I am not convinced that the hacker had control on admin account. Most likely no. Admin has coupon feature that can create USD dollar out of thin air. SQL INJECTION hack can change the internal database. The minimum withdraw amount on BTC or altcoins are just record in database that SQL INJECTION can change on v1 api code without control of admin account. SQL INJECTION essentially can change a lot of things, but of course is limited to what it can change on v1 api loop hole. |
and others
There is serious problem here. I was very careful closed all open unused ports. I was hacked and hacker stole some BTC.
The hacker or hackers attacked by signing up and somehow took control of open orders. They bought some small amount of the alternative coins. They then cancelled all open orders. They placed really high buy price of the altcoin somehow accessing other users BTC wallet in the exchange. They changed the minimum wallet reserve fee for blockchain to very small amount and they changed the minimum blockchain for confirmation for the coin to be available to 1. They immediately transferred BTC out quickly.
The hackers sign up user id was never granted any administrative role.
They did all of this through a back door?. No other explanation.
All access to the Server was through secure trusted VPN on my site.
Wallet server was kept separate from Opentrade server.
I give up after year of problem solving getting it work with all the incomplete instructions . I got it to work then got hacked.
The text was updated successfully, but these errors were encountered: