Pages:
Author

Topic: About the recent server compromise - page 11. (Read 15388 times)

legendary
Activity: 3066
Merit: 1129
May 25, 2015, 10:41:16 AM
#48
Thanks for always keeping us protected, I love this forum.  Roll Eyes
legendary
Activity: 1078
Merit: 1014
May 25, 2015, 10:40:23 AM
#47
dont think im important enough on here to want to hack but changed pass anyway
legendary
Activity: 1036
Merit: 1001
/dev/null
May 25, 2015, 10:38:42 AM
#46
uhh already received spam also + many unsuccessful attempts to mail login:(

anyway, thanks for bring the forum up.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
May 25, 2015, 10:37:35 AM
#45
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa Cheesy

He doesn't need to make 2fa mandatory, just an option.


Received my first spam email last night.   Embarrassed

Welcome to hotmail, where spam emails are the only emails Cheesy
sr. member
Activity: 319
Merit: 251
May 25, 2015, 10:36:43 AM
#44
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa Cheesy

Sorry, I meant 2fa for server access.
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
May 25, 2015, 10:36:36 AM
#43
Thank you, theymos! Keep up the good work!

Anyone going after the hacker?

Would not 2fa protected this from occurring?

2FA will be in the new forum software but now, I think, implementing in current software will be good.
legendary
Activity: 2128
Merit: 1119
May 25, 2015, 10:36:05 AM
#42
Waiting for all of the sig spammers to make up for lost time!
Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
May 25, 2015, 10:34:48 AM
#41
Received my first spam email last night.   Embarrassed
newbie
Activity: 18
Merit: 0
May 25, 2015, 10:33:09 AM
#40
He might not want 2fa because it lowers conversion rate. Less people would use the forum and the forum's only strength is its community. BUT the forum would be still big enough after 2fa. It's a classic in the scene, so ppl will continue to use it. I would use it with 2fa Cheesy
hero member
Activity: 504
Merit: 500
May 25, 2015, 10:30:54 AM
#39
Thank you for keeping this site safe  Smiley
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site  Undecided

If they get an email/password combo figured out, they could have passed them self off as a well respected member and done deals where they get money and run. Or, just use the email/password to log into a bank account, or exchange account and withdraw the money. One of the main things is to use a unique password for each site. Lastpass.com is good for that, if anyone hasn't heard of them.
sr. member
Activity: 319
Merit: 251
May 25, 2015, 10:30:16 AM
#38
Would not 2fa protected this from occurring?
sr. member
Activity: 366
Merit: 250
May 25, 2015, 10:29:06 AM
#37
@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway

No, you should change it because it could be broken eventually especially if it was a weak password. I wouldn't take any chances.
hero member
Activity: 770
Merit: 500
May 25, 2015, 10:28:56 AM
#36
theymos, thank you for you hard work. Let's hope we will not have to deal this in the future.
hero member
Activity: 686
Merit: 500
May 25, 2015, 10:26:27 AM
#35
Why can't 1.5 million USD donated in bitcoin protect this forum from attack?
Is there any proof that the entire 1.5 million went into this forum & not into theymos' Carribean Island retirement pot?
Wallet transactions etc?

There is actually , here is his wallet as far as I know : https://blockchain.info/address/1M4yNbSCwSMFLF9BaLqzoo2to1WHtZrPke
Source is from here , those are people who are helding the money of the forum (which is not out yet ) : https://bitcointalksearch.org/topic/forum-funds-155000

@Theymos , thanks for your hard work .. a question tho ... if we don't change password and that password isn't the same as our email adresses then we should be good right ? just curious i will change my pass anyway
newbie
Activity: 12
Merit: 0
May 25, 2015, 10:26:12 AM
#34
What is theymos's GPG key? Is it published somewhere official? I received the signed email but I can't find a verified source with the key.
full member
Activity: 238
Merit: 100
May 25, 2015, 10:25:04 AM
#33
The tweet for those who didn't follow the link:
Quote
@bitcointalk Non-authoritative answer:
Name: http://bitcointalk.org
Address: 186.2.165.183 : this means attackers use DNS Poisoning ...
According to the OP, Theymos changed from his previous host NForce to another host because of suspicious activity. This would explain the IP change.

Edit: Found the quote:
Quote
To reduce downtime and avoid temporarily-broken features, I was originally going to stay in NFOrce's data center. However, some things made me suspicious and I moved everything elsewhere. That's where the extra day+ of downtime came from after a short period of uptime. No additional data was leaked.

that IP was in Russia, where BTC is illegal
http://en.wikipedia.org/wiki/Legality_of_bitcoin_by_country
strange choice of hoster IMHO.
hero member
Activity: 714
Merit: 528
May 25, 2015, 10:24:36 AM
#32
Thank you for keeping this site safe  Smiley
Maybe you could invest in some kind better security in the future? just in case something like this happening again
and im still trying to figure out what's the motive of the attacker to attack this site  Undecided
legendary
Activity: 1036
Merit: 1000
May 25, 2015, 10:24:24 AM
#31
I have changed my password and secret questions.Hopefully there will be no downtime,again.

@Theymos When will the new forum be launched?  Grin
legendary
Activity: 2632
Merit: 1094
May 25, 2015, 10:23:02 AM
#30
Thanks theymos for the hardwork. I changed my password but not my email ID as I'm not sure if I should do it as the pwd used on this forum wasn't used anywhere else fortunately. I've not received any phishing email except this one yesterday:


You are receiving this message because your email address is associated
with an account on bitcointalk.org.

-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlVhiGI..........................

I hope the above message is genuine.
legendary
Activity: 1540
Merit: 1000
May 25, 2015, 10:22:27 AM
#29
I realise this is a no brainer for a lot of people, but you should never link your financial accounts and website passwords with ones you use on social networks and forums like this one. The only thing these guys are going to get from me are a maybe a few passwords to my gaming stuff but that's it, I think because of how many times Bitcointalk keeps getting compromised it's probably wise to create a unique password just for this site as it's probably going to keep happening the more Bitcoin grows.

There are clearly people out there that think they'll be able to get some from Bitcointalk or maybe this is more malicious than that and they're deliberately trying to bring the site down, either way, there shouldn't be anything sensitive on here and if there is people should move it fast.
Pages:
Jump to: