hxtop



Offline



Activity: 1073

Merit: 500









Hero MemberActivity: 1073Merit: 500 China biggest bitcoin portal www.hxtop.com was hacked! September 23, 2012, 01:54:57 PM #1 BTC The china's largest and earliest bitcoin website information portal

hxtop.com website source code stolen or be deleted by the hacker

Virtual host provider said that virtual host was hacked,but a few days have not recovered.as the backup data above the same server too , so the recovery time is longer,Maybe a lot of data will be lost said the virtual host provider.

The recovery time of the website is not clearly determined, provided that the data is restored first.

The hxtop.com webmaster "swemp" has actively coordinate the handling of data recovery, and intends to replace it with a new web hosting space.

The bitcoin community development so far, security event incidents continue.

In order to better service the website viewers of hxtop.com We will try to resume as soon as possible.said the webmaster "swemp" if some idea please mailto:swemp@qq.com

The china's largest and earliest bitcoin website information portal http://www.hxtop.com as hackers through sql injection bug get the control of the virtual host(windows2003 system) hxtop.com unable to access normally now.hxtop.com website source code stolen or be deleted by the hackerVirtual host provider said that virtual host was hacked,but a few days have not recovered.as the backup data above the same server too , so the recovery time is longer,Maybe a lot of data will be lost said the virtual host provider.The recovery time of the website is not clearly determined, provided that the data is restored first.The hxtop.com webmaster "swemp" has actively coordinate the handling of data recovery, and intends to replace it with a new web hosting space.The bitcoin community development so far, security event incidents continue.In order to better service the website viewers of hxtop.com We will try to resume as soon as possible.said the webmaster "swemp" if some idea please mailto:swemp@qq.com

CIYAM



Offline



Activity: 1890

Merit: 1004





Ian Knowles - CIYAM Lead Developer







LegendaryActivity: 1890Merit: 1004Ian Knowles - CIYAM Lead Developer Re: China biggest bitcoin portal www.hxtop.com was hacked! September 23, 2012, 03:03:08 PM #3



The one weakness at this stage with the technology is that Google can't even search your site (all queries are through the main website URL).

If you are interested in having a website that is SQL injection proof and cannot have source code stolen then you might be interested in the technology that I've developed (all back end code is compiled C++, all queries are via an abstraction layer that ensures SQL injection is impossible and all URLs cannot be tampered with due to checksum protection).The oneat this stage with the technology is that Google can't even search your site (all queries are through the main website URL).



GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

hxtop



Offline



Activity: 1073

Merit: 500









Hero MemberActivity: 1073Merit: 500 Re: China biggest bitcoin portal www.hxtop.com was hacked! September 23, 2012, 03:15:57 PM #8 SQL injection get the db rights and then got the admin password of the host?

In china more and more website gus like to use the same Virtual host runing the website.

so the problem is each website code Not safe enough.

CIYAM



Offline



Activity: 1890

Merit: 1004





Ian Knowles - CIYAM Lead Developer







LegendaryActivity: 1890Merit: 1004Ian Knowles - CIYAM Lead Developer Re: China biggest bitcoin portal www.hxtop.com was hacked! September 23, 2012, 03:27:12 PM #14 Quote from: hxtop on September 23, 2012, 03:19:03 PM did you have any detail for me.thank you much



Sure - when you provide a password to "log in" then this is hashed along with a UUID to then encrypt an AJAX type request.



Your request will just look like rubbish to any MITM watcher and all content returned via the AJAX request (which is all the content and why Google can't see anything) is encrypted not with the same key but with another hash (determined client side from the original).



Due to the use of a UUID it is not possible to use a "replay" attack from watching the original login post (hope this makes sense).

Sure - when you provide a password to "log in" then this is hashed along with a UUID to then encrypt an AJAX type request.Your request will just look like rubbish to any MITM watcher and all content returned via the AJAX request (which isthe content and why Google can't see anything) is encrypted not with the same key but with another hash (determined client side from the original).Due to the use of a UUID it is not possible to use a "replay" attack from watching the original login post (hope this makes sense).



GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

Desolator



Offline



Activity: 392

Merit: 250









Sr. MemberActivity: 392Merit: 250 Re: China biggest bitcoin portal www.hxtop.com was hacked! September 23, 2012, 03:27:46 PM #15 There's a way I learned in programming class that's much better and leaves your site google index-able. It's called don't code it like a dumbass and don't leave it open to SQL injections. Handle all characters related to SQL statement strings and they'll never hit the database!



Also, don't use server 03 lol. Since this was china, I guarantee it was an illegal copy too so it was probably missing all service packs, lol.