Search content
Sort by
Showing 4 of 4 results by bestdoggy11
Re: Primedice.com service resumed! World's largest dice site
Hey Mirco
How you doing bro. Something important, can you check your inbox
Thx
I think what is really scary about this incident is imagine what could of happebed if the hackers weren't lazy.
They would at an unsuspecting time ( when PD dev are sleeping ) commit the hack and make the phishing site look for authentic.
When someone tried to login, they would go to the real PD and perform a withdraw.
The way the registrar handled this situation was very dangerous. Hopefully many Bitcoin sites and services can learn from this incident.
In this case, Primedice can't be reached via IP: if they change the DNS, they can't find the authentic website.
Of course, your idea is valid and can be used in some websites.
Yes but this is not what happened is it?
Basically the registrar redirected the traffic to a different IP.
The old site was still accessible by the old IP.
The hacker would simply record the usernames and passwords and then go to the real Primedice website by the IP address.
Plus, it takes a few hours for DNS to update. It's not instant but bottle necked by the ISP
Well it would be hard to pull off we have 24/7 support which is also always monitoring the site so we would take quick actions at any time. They can always reach me if not all devs and admins.
Thats why having 24/7 support proved to be very important and useful and we are one of the few sites that have it.
Stunna will post more details on how it happened.
It was not even remotely our fault and you will know why soon.
I hope we handled it well in the best way possible for all of our users and even though this was not our fault all the transactions sent to the phishing address will be refunded.
Again thank you all for support on this and for helping us get that phishing waring so fast.
How you doing bro. Something important, can you check your inbox
Thx
Hey guys,
As many of you are probably already aware we are back up and running! Yeeey!
On your login you will be asked to reset your password, you can do that in one of two ways.
1. You can change password from any device that is still logged into your account.
2. You can contact our support team. ( Please note that support will be slower than usual due to huge amount of tickets we are getting at this moment.
Also for users safety all withdrawals are currently on manual.
As many of you are probably already aware we are back up and running! Yeeey!
On your login you will be asked to reset your password, you can do that in one of two ways.
1. You can change password from any device that is still logged into your account.
2. You can contact our support team. ( Please note that support will be slower than usual due to huge amount of tickets we are getting at this moment.
Also for users safety all withdrawals are currently on manual.
I think what is really scary about this incident is imagine what could of happebed if the hackers weren't lazy.
They would at an unsuspecting time ( when PD dev are sleeping ) commit the hack and make the phishing site look for authentic.
When someone tried to login, they would go to the real PD and perform a withdraw.
The way the registrar handled this situation was very dangerous. Hopefully many Bitcoin sites and services can learn from this incident.
In this case, Primedice can't be reached via IP: if they change the DNS, they can't find the authentic website.
Of course, your idea is valid and can be used in some websites.
Yes but this is not what happened is it?
Basically the registrar redirected the traffic to a different IP.
The old site was still accessible by the old IP.
The hacker would simply record the usernames and passwords and then go to the real Primedice website by the IP address.
Plus, it takes a few hours for DNS to update. It's not instant but bottle necked by the ISP
Well it would be hard to pull off we have 24/7 support which is also always monitoring the site so we would take quick actions at any time. They can always reach me if not all devs and admins.
Thats why having 24/7 support proved to be very important and useful and we are one of the few sites that have it.
Stunna will post more details on how it happened.
It was not even remotely our fault and you will know why soon.
I hope we handled it well in the best way possible for all of our users and even though this was not our fault all the transactions sent to the phishing address will be refunded.
Again thank you all for support on this and for helping us get that phishing waring so fast.
Re: Primedice domain access restored. Please stand-by for more details
No one is begging, since micro did mention he would be doing such for playrrs which he did and hats off to him, just asking that. There is no begging here and kindly folks leave your 2 cents to yourself. If micro does nor want to tip me since its just fair he tipped those effected then he will just say it himself, hey i cannot tip you.
Get onto a different topic.
Get onto a different topic.
Quote from: athena2007
link=topic=208986.msg31825994#msg31825994 date=1520487318
link=topic=208986.msg31825994#msg31825994 date=1520487318
Ty for update.micro please confirm and if you cud tip me too...
Ty
Gosh does the begging ever stop.. leave admin to fix more important issues at hand,,, get a grip.Ty
We're working on getting the site back live. In the end we got lucky the attacker chose to put up a basic phishing site instead of launching a more sophisticated attack.
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
We're working on getting the site back live. In the end we got lucky the attacker chose to put up a basic phishing site instead of launching a more sophisticated attack.
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
Players only lost 0.05 BTC as a result of this. If you made a deposit to the phishing site you must sign the address you sent from to claim a refund from us.
Here's what the attacker was able to do through his phishing site:
-Send Usernames/Passwords for users who logged in during the brief period of time it was up.
-Display an obviously erroneous deposit address offering a 10% deposit bonus.
What attacker wasn't able to do
-Grab user tokens/sessions (local storage isn't shared between http & https versions)
-Access our DB, accounts, balances
We're taking our time to complete investigation and put things back up in a secure way. Currently we are unable to transfer the domain out of our registrar due to issues with them but given the way the account was targeted it shouldn't be possible for the hacker to regain access anymore (more on this later).
Re: Do not log into Primedice.com ! Balances safe but domain registrar compromised.
Micro can check my balance with the same username on primedice, plus he would not deposit if it was 0 i wpuld think. And not like he will give 0.1 . Something to roll thrlugh which goes right back into the system anyway
C'mon man, stop trying to abuse this. You're clearly creating new accounts to get some tips. It's lame.
Hi
Can you please add some to my accnt my accnt bestdoggy1 has funds stuck on primedice for 2 days..
I registered at stake under same username as this "bestdoggy11"
Thx. A lot micro
Can you please add some to my accnt my accnt bestdoggy1 has funds stuck on primedice for 2 days..
I registered at stake under same username as this "bestdoggy11"
Thx. A lot micro
C'mon man, stop trying to abuse this. You're clearly creating new accounts to get some tips. It's lame.
Re: Do not log into Primedice.com ! Balances safe but domain registrar compromised.
Hi
Can you please add some to my accnt my accnt bestdoggy1 has funds stuck on primedice for 2 days..
I registered at stake under same username as this "bestdoggy11"
Thx. A lot micro
Stake.com is still intact you can send a support ticket on there and reference Primedice. Alternatively you can message the Primedice facebook page.
I will be providing a new email soon for support related matters.
I'm encouraging everyone to chill on the Stake.com chat for more rapid information while we wait for our registrar to sort this out.
You can email Primedice support on support@stake.com too.
Can you please add some to my accnt my accnt bestdoggy1 has funds stuck on primedice for 2 days..
I registered at stake under same username as this "bestdoggy11"
Thx. A lot micro
Hello I want to message you in private but i cannot
I tried to login to PD with my username and password, didn't work and told me to create a new account, tried to make one with one of my emails.
Changing passwords now however, will the hacker be able to see my withdrawl/deposit history on the account i tried to login to ?
Can the hacker see my IP address ?
thx.. i am worried
I tried to login to PD with my username and password, didn't work and told me to create a new account, tried to make one with one of my emails.
Changing passwords now however, will the hacker be able to see my withdrawl/deposit history on the account i tried to login to ?
Can the hacker see my IP address ?
thx.. i am worried
Stake.com is still intact you can send a support ticket on there and reference Primedice. Alternatively you can message the Primedice facebook page.
I will be providing a new email soon for support related matters.
I'm encouraging everyone to chill on the Stake.com chat for more rapid information while we wait for our registrar to sort this out.
You can email Primedice support on support@stake.com too.