• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

SOLVED Give-Me-Coins: HACKED!

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
News on the site stated they expect payments to be reinstated once they fix the forms on various pages, which they expected to take a few hours (I read this a few hours ago).

It isn't a hard fix really - they just need to validate any input on form fields. There are well-known defined sanitize operations for handling form input safely. Using the right code to handle form input prevents SQL injection attacks - so you can input stuff intended to break the code and insert any SQL commands directly which allows these kinds of attacks. Not a hard fix, but there are a lot of input fields and they all have to be handled correctly - if coded poorly, form fields are vulnerable.

We had similar problems recently with attackers posting announcements in the forum... It took a while to figure out, but vbulletin found that the yahoo YUI tools used in parts of site functions had a vulnerability that enabled the attack. I only mention this here, because if the problem isn't well understood by give-me-coins, it could be something more complex than simply validating input on form fields and they may not correctly resolve the problem. The only way to be sure is exactly understanding how the changes were made, investigating those changes, and then making the right changes to prevent the same exploit in the future. Hopefully they get it right.
 
At my last post, payouts were supposed to be re-enabled - the message at the time stated it would take 3 hours, and I had read that in the morning yesterday.

At some point they updated that post, clarifying:
We will only enable payouts after we are sure everything is OK.
We hope to have them enabled in the next 24 hours, once we finish rewriting some of the code.
Click to expand...

So its 24 hours later than the first message, payouts still disabled. Fortunately it indicates they are being diligent even at the cost of their previous announcements.

EDIT: Also, the last difficulty change for LTC was -21%. The estimated next difficulty change is -16% but its 3 days off so that is likely to change a lot before difficulty actually adjusts. Even with the drop in value and in the LTC network hash rate, its more profitable now than the past couple weeks to mine LTC - just still less profitable than it is doing doge right now.
 
Last edited:
I.M.O.G. said:
At my last post, payouts were supposed to be re-enabled - the message at the time stated it would take 3 hours, and I had read that in the morning yesterday.

At some point they updated that post, clarifying:


So its 24 hours later than the first message, payouts still disabled. Fortunately it indicates they are being diligent even at the cost of their previous announcements.

EDIT: Also, the last difficulty change for LTC was -21%. The estimated next difficulty change is -16% but its 3 days off so that is likely to change a lot before difficulty actually adjusts. Even with the drop in value and in the LTC network hash rate, its more profitable now than the past couple weeks to mine LTC - just still less profitable than it is doing doge right now.
Click to expand...

Might switch from DGC to LTC then...
 
update:

Pool Payouts: Manual and Automatic

serrazserraz 1:59PM
Posts: 390

We have started to test some new code for auto and manual payouts which will add soem extra security. I will post some details below and update this thread with new information.

Some of the new security that ha been put in place are as follows:
From now on when a SQL injection attempt is detected rather then just dropping the query the system will auto lock (maybe delete) the account that its originating from. When this code was tested 2 accounts were locked instantly trying to Preform attacks.
This option may need some rethinking which is where we will ask you all at a later point. When a address is changed on any coin all payout addresses will be locked untill myself or khaos unlock them. This will stop help anything like this from happening again

I know you are all getting fustrated either waiting for your coins to get recredited or waiting to get your coins out of the pool but as you can see from my first point if we rush it and enable payouts and things go wrong then what is the point of making changed at all.
Click to expand...
 
update:

serraz Also some great news jsut tested new withdrawal and address update code on BTC as i had a blance there. Worked perfectly so we will start to move it to teh other coins.

FTC is being done right now once that is done and we confirm a large number went ok then we will enable it on LTC as i expect there will be a massive ammoutn of traffic
Click to expand...
 
Yeah, I thought they fixed the problem, but I still can't cashout my LTC.... might be a while...
 
I'm glad to see them taking their time and not rushing out some half-@$$ fix. Glad I'm mining there when people like that manage the place.
 
I just added my wallet address and setup autopayout at 0.1.
The previous balance of 0.02 litecoin was still there :)
 
If you haven't done so already, you should post in the thread noting you lost funds and the address it was sent to. They had asked people to do that.
 
Slightly off topic, but I actually requested a cash out to my cryptsy account the night before the hack went down, and they never showed up on the blockchain. Thusfar I am getting nowhere in solving this issue.
 
You must log in or register to reply here.

Similar threads

S
Newbie - CudaMiner not appearing to connect
Replies
3
Views
3K
stuza
S
P
SOLVED Give-Me-Coins not showing my stats
Replies
8
Views
939
Silver_Pharaoh
Silver_Pharaoh
ZL1
Best coin to mine !
26 27 28 29 30
Replies
591
Views
38K
ivanlabrie
ivanlabrie
Alaric
"Cortana, you're fired!"
36 37 38 39 40
Replies
786
Views
45K
petteyg359
petteyg359
ZL1
  • Sticky
Getting Started: What to mine, how to mine and where to mine (UPDATED 2021)
2 3 4
Replies
62
Views
23K
ZL1
ZL1
Back