Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Investor-based games
Re: btc-arbs.com - Daily ROI (0.01-10%) Update: Registration issues + deposits
by
micers
on 17/04/2014, 05:35:22 UTC
Quote from: octopus1 on April 17, 2014, 04:58:22 AM
Quote from: micers on April 17, 2014, 04:32:33 AM
Quote from: daynomate on April 17, 2014, 04:21:35 AM
Quote from: micers on April 17, 2014, 04:14:24 AM
Quote from: octopus1 on April 17, 2014, 04:03:03 AM
Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.
You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.
(snip)....

Those are mostly mail related services.
You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

Now as far as exactly what each service is, I can detail them as well as you can.

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 20 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

Why do you assume that the web interface is on the same server as the arbitrage app? Or the database? or even the web app? I maintain deployment processes for the fortune 500 financial company I work for. Not saying we can't be hacked, but our security is among the best out there. Your diagnostics would show at least as many ports as you see here. However, if you broke in through them, you would get nothing of use. The public facing server is essentially a proxy. It filters and monitors requests, and asks other servers behind a firewall to deliver the content. No way you can tell that from the outside.

Beyond other firewalls, on other servers, are the logic, databases and applications. You are making assumptions that you have no way of proving, unless you have hacked through at least the world-facing layer. For all you can see from the outside, the public web address could contain essentially nothing.

Yes, I was mocking those saying the site was a scam. If it is a scam, why play the server up, server down game? A scammer would just shut it down without any games and take your money. T

The evidence posted on this thread shows nothing other than a dns problem followed by some server issues. It does not show a scam, or negligence, or incompetence. There is absolutely no way you can tell, unless you get on that server and poke around from the inside.

As for those worried about Maybe the alarmists are right, but they have yet to show any evidence of that on this thread.


I completely agree with the argument you have made.  Technically your analysis is flaweless. The most alarming thing for me is the lack of any other contact points between the staff of the site and the customers of the site.