Closed kingchenx closed 6 years ago
15abe54 removed the attack vector that I knew about, but I'm in the middle of an overall code audit on this repo, which may take a day or two. I'm planning to remove a bunch of code that isn't necessary for the core functionality of the bot and look carefully for anything else that looks suspicious. Once that is finished, I will update the README file with some information about the detected vulnerability and the performed audit.
Please consider decommissioning the old API keys you were using also, just in case.
In the mean time, it's not recommended to run the bot if the web UI is exposed to the public Internet without a password. (I'm continuing to run my own bot, FWIW.)
(BTW I suspect the repo was taken down by Github. They responded to me earlier today and said they're looking into my report of the vulnerability...)
Allright! Thank you for your hard work for the community! :) your the best! That was not a cool move from the original repo on a open source project.... :/
I have finished the audit to the best of my ability and haven't found any other issues. I've added a couple of security restrictions to the UI and have updated the README accordingly, please check it out.
Thank youu... you awesome :3
I am getting an error with Poloniex API 09:48:13: POLONIEX [ERROR] [POLONIEX] API error response: Invalid nonce parameter. Deleted and created new API keys, no success so far.
Hey :). Is the bot now save with the 15abe54 commit? Cant see what u talked because old repo down
8
//its the only way to write u @cryptoeax because i or all user have no access to write anything here issue/pull... ---> An owner of this repository has limited the ability to comment to users that are collaborators on this repository.
I get this infos with the edited code..
String(18) "768346381" 21:41:59: POLONIEX [ERROR] [POLONIEX] API error response: Invalid nonce parameter.