Topic: About the recent server compromise - page 11. (Read 15325 times)
Thanks for always keeping us protected, I love this forum.
dont think im important enough on here to want to hack but changed pass anyway
uhh already received spam also + many unsuccessful attempts to mail login:(
anyway, thanks for bring the forum up.
anyway, thanks for bring the forum up.
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa 
He doesn't need to make 2fa mandatory, just an option.
Received my first spam email last night. 
Welcome to hotmail, where spam emails are the only emails
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa
Sorry, I meant 2fa for server access.
hero member
Activity: 560
Merit: 506
I prefer Zakir over Muhammed when mentioning me!
Thank you, theymos! Keep up the good work!
Anyone going after the hacker?
2FA will be in the new forum software but now, I think, implementing in current software will be good.
Anyone going after the hacker?
Would not 2fa protected this from occurring?
2FA will be in the new forum software but now, I think, implementing in current software will be good.
Waiting for all of the sig spammers to make up for lost time!
Received my first spam email last night.
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa
Thank you for keeping this site safe 
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site
If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them.
Would not 2fa protected this from occurring?
@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway
No, you should change it because it could be broken eventually especially if it was a weak password. I wouldn't take any chances.
theymos, thank you for you hard work. Let's hope we will not have to deal this in the future.
Why can't 1.5 million USD donated in bitcoin protect this forum from attack?
Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot?
Wallet transactions etc?
Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot?
Wallet transactions etc?
There is actually , here is his wallet as far as I know : https://blockchain.info/address/1M4yNbSCwSMFLF9BaLqzoo2to1WHtZrPke
Source is from here , those are people who are helding the money of the forum (which is not out yet ) : https://bitcointalksearch.org/topic/forum-funds-155000
@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway
What is theymos's GPG key? Is it published somewhere official? I received the signed email but I can't find a verified source with the key.
The tweet for those who didn't follow the link:
Edit: Found the quote:
Quote
@bitcointalk Non-authoritative answer:
Name: http://bitcointalk.org
Address: 186.2.165.183 : this means attackers use DNS Poisoning ...
According to the OP, Theymos changed from his previous host NForce to another host because of suspicious activity. This would explain the IP change.Name: http://bitcointalk.org
Address: 186.2.165.183 : this means attackers use DNS Poisoning ...
Edit: Found the quote:
Quote
To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.
that IP was in Russia, where BTC is illegal
http://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country
strange choice of hoster IMHO.
Thank you for keeping this site safe
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site
I have changed my password and secret questions.Hopefully there will be no downtime,again.
@Theymos When will the new forum be launched?
@Theymos When will the new forum be launched?
Thanks theymos for the hardwork. I changed my password but not my email ID as I'm not sure if I should do it as the pwd used on this forum wasn't used anywhere else fortunately. I've not received any phishing email except this one yesterday:
You are receiving this message because your email address is associated
with an account on bitcointalk.org.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGI..........................
I hope the above message is genuine.
You are receiving this message because your email address is associated
with an account on bitcointalk.org.
-----BEGIN PGP SIGNATURE-----
iF4EAREIAAYFAlVhiGI..........................
I hope the above message is genuine.
I realise this is a no brainer for a lot of people, but you should never link your financial accounts and website passwords with ones you use on social networks and forums like this one. The only thing these guys are going to get from me are a maybe a few passwords to my gaming stuff but that's it, I think because of how many times Bitcointalk keeps getting compromised it's probably wise to create a unique password just for this site as it's probably going to keep happening the more Bitcoin grows.
There are clearly people out there that think they'll be able to get some from Bitcointalk or maybe this is more malicious than that and they're deliberately trying to bring the site down, either way, there shouldn't be anything sensitive on here and if there is people should move it fast.
There are clearly people out there that think they'll be able to get some from Bitcointalk or maybe this is more malicious than that and they're deliberately trying to bring the site down, either way, there shouldn't be anything sensitive on here and if there is people should move it fast.
Jump to: